Networking Security Blog

IT Security Services.....Security Audit

2009-04-17T10:46:00.001-07:00

IT Security Services.....Security Audit

Security Audit

Its a fact that organisations change and continually update their environments, technologies and personnel. Network Secure audits ensure that your network and information systems remain private and secure by seeking out any security flaws that can be created in the rush to stay up to date. The audit can cover:

Network Architecture
Internetworking
Firewalls
Operating Systems
Software
Databases

IT Security Services.....Risk Assessment

2009-04-17T10:45:00.000-07:00

IT Security Services.....Risk Assessment

Risk Assessment

At the heart of risk management is the evaluation of the potential impact of threats on the ability of a company to continue providing products or services to its customers and business partners. Our service utilises risk assessment methodologies to drive decision making processes around security and associated technology. This allows for consistent and effective us of decision support data, as well as the removal of technical bias from what are essentially business decisions.

IT Security Services.....Remote Management

2009-04-17T10:43:00.000-07:00

IT Security Services.....Remote Management

Remote Management

Our remote management is the flexible solution to your IT needs, enabling your organisation to match its computer resource needs to changing business requirements. Network Secure offers an efficient management service that can free up your existing IT staff to focus on pertinent tasks without being held back by routine maintenance.

IT Security Services.....Managed Firewalls

2009-04-13T00:49:00.000-07:00

IT Security Services.....Managed Firewalls

Network Secure in association with its select partners provides specialist IT security services in the areas of:

Managed Firewalls

Specifically geared for companies who have already made a significant investment in the purchase of security firewall products (Checkpoint, Netscreen, Cisco, Astaro), and would prefer to out source the task of upgrades, administration and log file analysis.

IT Security Services.....Security Audit

2009-04-13T00:46:00.000-07:00

IT Security Services.....Security Audit

Security Audit

Network Architecture
Internetworking
Firewalls
Operating Systems
Software
Databases

Top Network Security Tools...6

2009-03-28T16:19:00.000-07:00

Hping2 : A network probing utility like ping on steroids

This handy little utility assembles and sends custom ICMP, UDP, or TCP packets and then displays any replies. It was inspired by the ping command, but offers far more control over the probes sent. It also has a handy traceroute mode and supports IP fragmentation. This tool is particularly useful when trying to traceroute/ping/probe hosts behind a firewall that blocks attempts using the standard utilities. This often allows you to map out firewall rulesets. It is also great for learning more about TCP/IP and experimenting with IP protocols.

Top Network Security Tools...5

2009-03-28T16:18:00.001-07:00

Metasploit Framework : Hack the Planet

Metasploit took the security world by storm when it was released in 2004. No other new tool even broke into the top 15 of this list, yet Metasploit comes in at #5, ahead of many well-loved tools that have been developed for more than a decade. It is an advanced open-source platform for developing, testing, and using exploit code. The extensible model through which payloads, encoders, no-op generators, and exploits can be integrated has made it possible to use the Metasploit Framework as an outlet for cutting-edge exploitation research. It ships with hundreds of exploits, as you can see in their online exploit building demo. This makes writing your own exploits easier, and it certainly beats scouring the darkest corners of the Internet for illicit shellcode of dubious quality. Similar professional exploitation tools, such as Core Impact and Canvas already existed for wealthy users on all sides of the ethical spectrum. Metasploit simply brought this capability to the masses.

Top Network Security Tools...4

2009-03-28T16:15:00.000-07:00

Netcat : The network Swiss army knife

This simple utility reads and writes data across TCP or UDP network connections. It is designed to be a reliable back-end tool that can be used directly or easily driven by other programs and scripts. At the same time, it is a feature-rich network debugging and exploration tool, since it can create almost any kind of connection you would need, including port binding to accept incoming connections. The original Netcat was released by Hobbit in 1995, but it hasn't been maintained despite its immense popularity. It can sometimes even be hard to find nc110.tgz. The flexibility and usefulness of this tool have prompted people to write numerous other Netcat implementations - often with modern features not found in the original. One of the most interesting is Socat, which extends Netcat to support many other socket types, SSL encryption, SOCKS proxies, and more. It even made this list on its own merits. There is also Chris Gibson's Ncat, which offers even more features while remaining portable and compact. Other takes on Netcat include OpenBSD's nc, Cryptcat, Netcat6, PNetcat, SBD, and so-called GNU Netcat.

Top Network Security Tools...3

2009-03-28T16:13:00.000-07:00

Snort : Everyone's favorite open source IDS

This lightweight network intrusion detection and prevention system excels at traffic analysis and packet logging on IP networks. Through protocol analysis, content searching, and various pre-processors, Snort detects thousands of worms, vulnerability exploit attempts, port scans, and other suspicious behavior. Snort uses a flexible rule-based language to describe traffic that it should collect or pass, and a modular detection engine. Also check out the free Basic Analysis and Security Engine (BASE), a web interface for analyzing Snort alerts.

Top Network Security Tools...2

2009-03-28T16:01:00.000-07:00

Top Network Security Tools...2

Wireshark : Sniffing the glue that holds the Internet together

Wireshark (known as Ethereal until a trademark dispute in Summer 2006) is a fantastic open source network protocol analyzer for Unix and Windows. It allows you to examine data from a live network or from a capture file on disk. You can interactively browse the capture data, delving down into just the level of packet detail you need. Wireshark has several powerful features, including a rich display filter language and the ability to view the reconstructed stream of a TCP session. It also supports hundreds of protocols and media types. A tcpdump-like console version named tethereal is included. One word of caution is that Ethereal has suffered from dozens of remotely exploitable security holes, so stay up-to-date and be wary of running it on untrusted or hostile networks (such as security conferences).

VPN Setup & Configurations .... What is VPN?

2009-03-26T13:29:00.000-07:00

VPN Setup & Configurations .... What is VPN?

VPN (Virtual Private Network) uses public network such as internet to provide the remote offices the secure access to their organization’s network. VPN is an alternative to the expensive system of the leased lines that are owned and used by an organization. VPN maintains the privacy and security by the security procedures and tunneling protocols such as PPTP (Point to point tunneling protocol), IPSec, L2TP, L2TPv3, L2F and MPLS (Multi Protocol Label Switching).

A VPN network can send voice, data, and video over secure and encrypted private channels in the public network. There are many VPN client programs that are configure in such a way that all the IP traffic must pass the VPN tunnels before reaching the destination.

VPN Features

2009-03-26T13:28:00.002-07:00

VPN Features

A VPN connection can provide the following features.

• Global Networking
• Broadband Network Compatibility System
• Secure Communication
• Cost Effective solution for the corporate offices.
• Reduced Operational cost
• Faster Return on investment

Configuring VPN in Windows XP Professional

2009-03-26T13:28:00.001-07:00

Configuring VPN in Windows XP Professional

For configuring the VPN connection, you need to have a static IP address of the remote computer of your company and the host name. You can configure the VPN connection in Windows XP Professional by the following method.

1. Click Start > Control Panel > Click Network and Internet connection > Click Network Connections.
2. Here you need to create new connection and click next
3. Here click “Connect to network at my work place” click next.
4. Click “Virtual Private Network” and click next.

5. Here type the meaningful name for your company or any other network connection and click next.
6. Here click “Do not dial the initial connection and click next.
7. Here type the hostname and the IP address of the computer to which you want to connect.
8. Press next and then press finish.

Installing VPN in Windows 2000 Professional

2009-03-26T13:24:00.000-07:00

Installing VPN in Windows 2000 Professional

Make sure that you are connected to the internet and you are also connected to the LAN.
1. Start > Administrative Tools > Routing and Remote Access
2. Click the server name in the tree and on the action menu click Configure and Enable Routing and Remote Access and click next.
3. Click Virtual Private Network (VPN Server) in the common configurations and click next.
4. In the remote client protocols, make sure that the TCP/IP is included in the list. Click yes to all available protocols and click next.
5. Select the Internet connection that will connect to the internet in the internet connection box and click next.
6. In the IP address management box select automatically to assign the IP addresses through the DHCP server.
7. In the “Managing Multiple Remote Access Server select this option “No, I don’t want to setup this server to use Radius Server Now. Click Next > Click Finish.
8. Now right click on the Ports node and click properties now click WAN mini port (PPTP) and then click configure.
9. Type the maximum number of the allowed simultaneous PPTP VPN connections to this server.

Configuring VPN Server in Windows 2000

2009-03-26T13:23:00.000-07:00

Configuring VPN Server in Windows 2000

You can configure the VPN server further by the following methods.

1. Start > Admin Tools > Routing and Remote Access.
2. Right click the server name and then properties.
3. Select “Enable this computer as a router” on the general tab.
4. Here you have the choice to select Local Area Routing or LAN or Demand Dial Routing click ok and close all the dialog boxes.

VPN Setup & Configurations .... Configuring VPN Connection in the Client Computer

2009-03-26T13:17:00.000-07:00

VPN Setup & Configurations .... Configuring VPN Connection in the Client Computer

Configuring VPN Connection in the Client Computer

1. Start > Settings > Network and dialup connection
2. Make new connection
3. Click next and then click connect to a private network through Internet
a. Click Automatically Dial this initial connection and select your dial up internet connection from the list.
b. If you use cable modem then select “Do not dial this initial connection”.
4. Click next
5. Here type the host name and the IP address of the remote computer to which you want to connect.
6. Type the descriptive name of the connection and click next.

Top Network Security Risks

2009-03-19T13:35:00.000-07:00

Top Network Security Risks

1. Un-patched servers

Server systems used within the corporate network, both ones exposed to the internet, and internal servers that have no direct connection to the internet represent a potential major security risk.

While most IT departments would claim that they are diligent about applying patches as soon as they are available, this risk has to be taken very seriously as even large companies (Microsoft for example) have failed to patch all servers in a timely manner, leading to disruption of internal network traffic by Worms like Code Red and its variants. (Particularly at risk are internal servers that may be neglected because they don’t connect directly to the internet)

2. Un-patched client software

Many common and freely available internet client applications, in particular Internet Explorer, Outlook Express, and Outlook contain security vulnerabilities that may be exploited by a large number of variations on Worm or Viral code. Many of the variations will slip past anti-virus software for several days before anti-virus software makers add their signatures to their software.

Many of these threats can be negated by making sure that all web browsing and e-mail software is regularly updated with all available security patches.

In the particular case of e-mail attachments, the single most dangerous and common security threat today, Using Microsoft Outlook 2000 patched to at least service release 2 and having the extended attachment security option installed completely blocks all executable content in email attachments. Microsoft Office XP includes the dangerous attachment blocking automatically.

It should be noted that no version of Microsoft’s free Outlook Express offers effective blocking of dangerous attachments and users of Outlook Express should therefore have an up to date anti-virus utility installed on their system in addition to training on what attachments are safe to open.

3. Insecure peer to peer file sharing

Individual user’s computers often have file and printer sharing turned on, allowing files to be copied directly between computers within an office. While this is very convenient and often essential to workgroup productivity, care must be taken when deciding what folders to share.

Workstation computer operating systems generally offer much less security than server operating systems. Network aware worms and viruses may take advantage of unprotected shared folders to spread from machine within a LAN. To prevent the possible spread of viruses between computers the root folder, program folders, and operating system folders should never be shared.

Only folders containing data files should be shared, and confidential data that must be shared should be stored on a server where more security is available.

4. Insecure passwords

When possible, any resources shared on a network should be protected by allowing access only with a valid user name and password combination. Passwords should be difficult to guess, and not shared or left in plain sight (i.e. stuck to the monitor.)

A strong password policy allows access to resources to be restricted as needed, to working hours, and an individual’s access to confidential data can be disabled immediately upon termination.

What is Network

2009-03-19T13:33:00.000-07:00

What is Network

A network'' has been defined as `any set of interlinking lines resembling a net, a network of roads || an interconnected system, a network of alliances.'' This definition suits our purpose well: a computer network is simply a system of interconnected computers. How they're connected is irrelevant, and as we'll soon see, there are a number of ways to do this.

The ISO/OSI Reference Model

The International Standards Organization (ISO) Open Systems Interconnect (OSI) Reference Model defines seven layers of communications types, and the interfaces among them. (See Figure) Each layer depends on the services provided by the layer below it, all the way down to the physical network hardware, such as the computer's network interface card, and the wires that connect the cards together.

An easy way to look at this is to compare this model with something we use daily: the telephone. In order for you and I to talk when we're out of earshot, we need a device like a telephone. (In the ISO/OSI model, this is at the application layer.) The telephones, of course, are useless unless they have the ability to translate the sound into electronic pulses that can be transferred over wire and back again. (These functions are provided in layers below the application layer.) Finally, we get down to the physical connection: both must be plugged into an outlet that is connected to a switch that's part of the telephone system's network of switches.

If I place a call to you, I pick up the receiver, and dial your number. This number specifies which central office to which to send my request, and then which phone from that central office to ring. Once you answer the phone, we begin talking, and our session has begun. Conceptually, computer networks function exactly the same way.

It isn't important for you to memorize the ISO/OSI Reference Model's layers; but it's useful to know that they exist, and that each layer cannot work without the services provided by the layer below it.

Secure Home PCs & Network

2009-03-19T13:32:00.000-07:00

Five Steps to Secure Your Home PCs & Network

PC makers should at least provide a short, animated tutorial or video that explains these five essential steps to securing a home PC and network:

1. Install a NAT router. Inexpensive, and easy to configure, a NAT (Network Address Translation) router is your first line of defense on the Internet. While the Windows firewall is on by default these days, if your PC is plugged directly into your broadband router, you’re visible to everyone on the ‘Net. The router takes this live Internet address and translates it to a private address that is invisible to anyone on the outside.

2. Change the router default password. All routers come pre-configured with a default login and password. These are well known and lists are posted on the Web. Here’s an example of one that’s searchable by router model: http://www.routerpasswords.com/. While an attacker normally can’t get to this from the outside, if you somehow get infected with remote control malware, an attacker can get to it from your computer. He can change the settings to send you virtually anywhere he wants you to go. Not good.

3. Install and/or update a security suite. Most PCs these days come bundled with either anti-virus or a full security suite like McAfee Internet Security, Norton Internet Security or the like. My favorite is ESET Smart Security; unfortunately, this isn’t one that you’ll see bundled with a new PC. Make sure the software is up to date and make sure it will update itself automatically.

4. Turn on Automatic Updates. You should have done this when you set up the computer, but if you haven’t, do it now by following these instructions.

5. Learn about and follow safe computing practices. All of the security devices and software in the world won’t help you if you click on pop-ups, open every email you get, click on random links, and generally practice unsafe surfing. Unfortunately, this is the one of the main reasons why the criminals continue to succeed. Take some time to learn how to be safe on the ‘Net by taking advantage of these free resources:

Firewalls

2009-03-19T13:31:00.000-07:00

Firewalls

As we've seen in our discussion of the Internet and similar networks, connecting an organization to the Internet provides a two-way flow of traffic. This is clearly undesirable in many organizations, as proprietary information is often displayed freely within a corporate intranet (that is, a TCP/IP network, modeled after the Internet that only works within the organization).

In order to provide some level of separation between an organization's intranet and the Internet, firewalls have been employed. A firewall is simply a group of components that collectively form a barrier between two networks.

A number of terms specific to firewalls and networking are going to be used throughout this section, so let's introduce them all together.

Bastion host.: A general-purpose computer used to control access between the internal (private) network (intranet) and the Internet (or any other untrusted network). Typically, these are hosts running a flavor of the Unix operating system that has been customized in order to reduce its functionality to only what is necessary in order to support its functions. Many of the general-purpose features have been turned off, and in many cases, completely removed, in order to improve the security of the machine.
Router.: A special purpose computer for connecting networks together. Routers also handle certain functions, such as routing , or managing the traffic on the networks they connect.
Access Control List (ACL).: Many routers now have the ability to selectively perform their duties, based on a number of facts about a packet that comes to it. This includes things like origination address, destination address, destination service port, and so on. These can be employed to limit the sorts of packets that are allowed to come in and go out of a given network.
Demilitarized Zone (DMZ).: The DMZ is a critical part of a firewall: it is a network that is neither part of the untrusted network, nor part of the trusted network. But, this is a network that connects the untrusted to the trusted. The importance of a DMZ is tremendous: someone who breaks into your network from the Internet should have to get through several layers in order to successfully do so. Those layers are provided by various components within the DMZ.
Proxy.: This is the process of having one host act in behalf of another. A host that has the ability to fetch documents from the Internet might be configured as a proxy server , and host on the intranet might be configured to be proxy clients . In this situation, when a host on the intranet wishes to fetch the web page, for example, the browser will make a connection to the proxy server, and request the given URL. The proxy server will fetch the document, and return the result to the client. In this way, all hosts on the intranet are able to access resources on the Internet without having the ability to direct talk to the Internet.

Top Network Security Tools

2009-03-19T13:29:00.000-07:00

Premier UNIX vulnerability assessment tool

Nessus was a popular free and open source vulnerability scanner until they closed the source code in 2005 and removed the free "registered feed" version in 2008. A limited â€œHome Feedâ€ is still available, though it is only licensed for home network use. Some people avoid paying by violating the â€œHome Feedâ€ license, or by avoiding feeds entirely and using just the plugins included with each release. But for most users, the cost has increased from free to $1200/year. Despite this, Nessus is still the best UNIX vulnerability scanner available and among the best to run on Windows. Nessus is constantly updated, with more than 20,000 plugins. Key features include remote and local (authenticated) security checks, a client/server architecture with a GTK graphical interface, and an embedded scripting language for writing your own plugins or understanding the existing ones.