Subscribe by Email

Saturday, November 30, 2013

Security - What are the principal ways to secure a wireless network?

Securing a wireless network is as important as securing wired networks, and in many cases even more since it can be easier to tap into a wireless network. One or the other time all of us might have used a WiFi network which might be unsecure (highly unsecure, or may have recent holes that are not yet patched). But this would not do much harm if you are just honestly looking for connecting to the internet. If you own an unsecure wireless network, you should know that everyone is not honest as you are. Attackers with bad intentions can know what activities are taking place in your network and how your network resources can be exploited.  This problem can be fixed by following some basic principles of securing your wireless network:
- WEP and WPA encryption: Encryption is the first line of defense that you can call up for the security of your network. The data that your PC transmits to the wireless router is encoded. But usually what happens is that in most of the routers this option is disabled. You first need to check if it is enabled or not. If you keep it disabled, it will expose your network to several vulnerabilities. You should keep the encryption in enable mode and use the strongest form that is supported by your computer. WPA2 is more sophisticated when compared to WPA. WEP can be easily cracked and so it has been replaced by the most recent version of WPA i.e., the WPA2. One thing to be taken care of is that all the devices should have either WEP or WPA if you are using either of them. These two protocols cannot be mixed and used. The WEP uses the same key every time but this is not the case with the WPA. Here the keys keep on changing dynamically. This makes it almost impossible to hack. The encryption key must have a strong password like a combination of numbers and letters of more than 14 characters. If your computer has an old router that supports only WEP, use the 128-bit WEP key as it is the safest. But you should continuously keep checking for a firmware update at the manufacturer’s website. This update will provide WPA support to WEP. If no update is available, you can replace the old routers and the adapters with their new models that provide support for WPA. It’s better to go with hybrid version of the routers that support both WPA and WPA2. This will provide stronger encryption at the same time while maintaining compatibility with the other adapters.
It should be made sure that the default network name as well as the password have been changed. Doing so will make it difficult for the hackers to break int o the system and change its configuration. Even if you do have a firewall in the router, additional security measures have to be taken. The firewall does not lets the hackers break in to the system. But it does not stop people that lie in to the geographical range of wi-fi from accessing the network. There are readily available tools that can be used for sniffing the traffic through your wireless networks. To supplement the security, the software firewall should also be installed on the computer. Public hotspots are typically very unsecure.  If there are no precautions it should be assumed internet traffic whether incoming or outgoing is visible to the attackers. Before connecting to the network always make sure that is a legitimate one, make sure that the firewall is enabled. And keep the file sharing option to off. You can check whether you have selected the appropriate security options in the firewall settings. These are some tips to increase your security level when dealing with WiFi.

Thursday, November 28, 2013

Security - What are some of the different ranges of wireless security measures?

When you get to be serious about wireless security, there are several mechanisms / measures that you can take, here are some details of the problem and solutions:
First – generation wireless networking has made it hard to decide whether or not you should deploy a wireless local area network (WLAN) even though there are many shortcomings such as rampant threats, vulnerabilities of the protocol and so on. Sometimes you might feel like banning the WLAN neglecting its advantages in business due to a fear of rogue AP (access points) cropping up. In either of the cases it’s a no- win situation. However, over a period of time, wireless protocols have been revised with some improvements that have made them more secure. Given the various threats (some of which can be innovative), wireless security has to be taken seriously like other types of network threats.
A WLAN security suite should be installed for providing security. The Wireless security can be more enhanced if we have a proper knowledge about how to correctly integrate wireless devices with wired networks, upgrading the existing security tools and after a due selection of the appropriate security technologies. We should be sure that security solutions for virtual private networks are based on the present generation of the encryption and authentication protocols. Because threats can come in new and improved methods, on a continuous basis, you need to keep monitoring the health of your network for keeping it secure. Attackers are always waiting for seeing an unprotected WLAN and then invading and turning it.
It is quite easy to record wireless traffic and eventually break in, getting such valuable info such as proprietary information, login details, server addresses and so on (nowadays, stealing credit card details seems to have become a business for the attackers). In addition to stealing information, the attackers can also take control of networks and use them for transmitting spams, steal bandwidth, or use this network as a Launchpad for attacking other networks. The traffic can be recorded and modified, and the consequences can be legal or financial.
A business can be disrupted even by an attacker with low technology skills with packaged scripts that make it easy to attack networks and hunt for weak points (for example, a known security hole has not be fixed and the script uses that hole to get inside and eventually gain access). The attacker can flood your internet uplinks, wired networks and access points with wireless packets. You should known from what you are defending your systems and why protecting different possible points of entry. If you don’t know this, then you don't really have a chance, at sometime or the other, you will have your network without protection, and all the security measures are in vain.
The identification of assets and the impact of the loss is critical for security analysis. If you are using connection methods such as DSL, dial up or wireless, the access requirements should be defined by your security policy. If your system follows a remote access policy for the telecommuters, it should be expanded to incorporate wireless. If there is no such policy, one should be created. The scenarios unique to the wireless network must be included. The rules of wireless network are different for the employees and office visitors. The public areas have jacks that are typically associated with some known addresses and are sometimes disabled. But the PDAs and the laptops can be easily connected to the wireless stations and access points in the nearby location. This serves as both opportunity and a threat.
For guests the peer-to-peer networking should be prohibited and sessions should be permitted through certain access points with limited bandwidth and duration. After the identification of the assets, enumeration of the risks should be done. The last step is the quantifying of the risks. In security it is always important to weigh the risk against the cost. Once you have got this right, the other WLAN alternatives can be considered. Before setting up the access points, you should take a survey of the WLAN using a discovery tool. Some set up wizards have made it possible for the employees to deploy rogue access points through which the corporate’s info and assets can be exposed to the outside world. It can also introduce disturbance in to the WLAN. These rogue apps must be eliminated. With such surveys, you can also find workstations that are not authorized to access the internet. 

Wednesday, November 27, 2013

How are Smart cards, USB tokens, and software tokens used for security?

In this article we discuss about how smart cards, USB tokens and other software tokens are used for implementing security.

Smart card: This is a type of ICC (integrated circuit card) incorporated in to a pocket-sized card along with other embedded circuits. They are made up of plastic (usually polyvinyl chloride). These are used for the purpose of authentication, identification, and application processing and data storage.  These cards serve as a strong means for authentication within large organizations for SSO i.e., single sign-on. These are also used as ATM cards, SIM in mobile phones, fuel cards, pre-payment cards, access control cards and high-security identification cards, phone payment cards, public transport payment cards and so on. Sometimes they are also used as electronic wallets i.e., funds can be loaded in to it for paying when needed to merchants, retailers, vending machines, parking meters and so on. It does not require establishing a connection to the bank. The card can also be used by someone who is not its owner. This exchange of money is protected by the cryptographic protocols. Some cards such as the German Geldkarte are used for age verification. Some commonly known cards are:
- Visa
- MasterCard
- American express
- Discover

Security token or USB token: This is a physical device used for the user authorization by the security system so that there is no difficulty in authentication process. These devices verify the identity of the user electronically. These normally replace the passwords (or can be used along with the password) and use a key for gaining access. These tokens might be used for storing for cryptographic keys which include biometric data, digital signature etc. some come with tamper resistant packaging, while others have a small keypad for entering the PIN. Some tokens have a USB connector and so called a USB token. Some come with a wireless Bluetooth interface. With such interfaces the generated key number sequence can be transferred to the system. A token can stored 4 types of passwords:
- Static password token
- Synchronous dynamic password token
- Asynchronous password token
- Challenge response token

Tokens consist of chips whose functions can be very simple or at the same time to very complex. They use multiple authentication methods in the latter case. Simple tokens do not need to be connected to the system.

Software tokens: This is a two-factor authentication security device used for the authorization of the computer services. These tokens are stored in the electronic devices such as mobile phone, PDAs, PC, laptop etc. this is totally opposite of the hardware tokens that are stored on some hardware device dedicated to it. Both these types of tokens are quite vulnerable to man-in-the-middle attacks or other phishing attacks. However these tokens do have some benefits over the smart cards and USB tokens. Firstly you don’t require carrying them nor do they run on batteries that might run out. They are less expensive when compared to the hardware tokens. These tokens have two primary architectures namely the public-key cryptography and the shared secret. In the second architecture type the configuration file is given to each end-user by the administrator containing the user ID, PIN and the secret key. This type is open to many kinds of vulnerabilities. Attackers can compromise the stolen file. On top of this, these configuration files are subject to offline attacks and these are also difficult to be distributed. The latest software tokens use the public-key cryptography architecture to overcome most of the drawbacks of the shared secret architecture. 

Tuesday, November 26, 2013

Security - What is meant by a spoofing attack?

A spoofing attack can be described as a situation in which a program is successfully masqueraded by another person or program in the area of network security. This is done by falsification of inbound data through which the masquerading program gains an advantage, of the illegitimate kind. A number of TCP/ IP protocols do not have mechanisms for the source and destination authentication of the messages. This makes them too much vulnerable to the spoofing attacks. Thus some extra precautions have to be taken by the applications for verification of the sending and receiving host identity. A source IP address is forged using which IP packets are created. This is done for impersonation of identity of some other computer system and to conceal the sender’s identity. Thus, IP protocol is the basic one that is used for sending data across the networks. Each packet consists of numerical addresses. The header field of the packet is usually forged so that it appears as if it is from someone else.
The man-in-the-middle attacks against the network’s hosts are often carried out with the help of two types of spoofing namely ARP spoofing and the IP spoofing.
The implementation of firewalls having capability of inspecting the packets deeply can prevent the spoofing attacks from taking advantage of the TCP/ IP protocols. This can also be done by taking measures for the verification of the message sender and the recipient’s identity. There are sites which are pay sites and they can be accessed only through a certain log-in page that is approved by them. This enforcement is made by referrer header checking in the HTTP request. This is so because the referrer header can be changed by the unauthorized users to gain access to the site content. This is called referrer spoofing.
Sometimes the copyright holders also use spoofing for inserting un-listenable and distorted versions of works on networks where file is shared. This is termed as poisoning the file – sharing networks. Another type of spoofing attack is the caller ID spoofing. Caller ID info is often provided by the public telephone networks including the name and number of the caller. VoIP (voice over IP) is one such technology in which the caller ID info can be forged by the callers so as to present names and numbers that are false. This false information is then forwarded by the gateways that connect public networks and allow spoofing.
It is also possible that the origination of the spoofed call might be some other country. In that case the laws in the country of the recipient might not be applicable to the caller. This has also limited the effectiveness of the laws against the caller ID spoofing. This results in a lot of scams. Another type is email spoofing or email address spoofing. The information of the sender that you see in the emails can be easily spoofed. Spammers use this technique quite often for hiding their information. This creates problems such as spam backscatter, misdirected bounces and so on.
A GPS receiver can be deceived by GPS spoofing attacks. In this the counterfeit GPS signals are broadcasted that have been structured to appear same as the normal GPS signals. This can also be done with original signals and rebroadcasting them at some other point. Because of the receiver will estimate its position wrongly. One variant of GPS spoofing attack is the carry off attack. This attack involves synchronization and broadcasting of the signals and genuine signals together. This gradually increases the power of the counterfeit signals which causes them to drift away from the genuine signals.

Monday, November 25, 2013

Security - What is meant by smurf attack?

A type of denial-of-service attack is the smurf attack. This attack involves broadcasting a large number of ICMP (internet control message protocol) packets to a computer network with the spoofed IP address of the victim through an IP broadcast address. Most of the devices online on that network respond to this broadcast by replying to the IP address of the source. Now, since the number of devices connected to the network and replying to this broadcast is very large, the system of the victim will get flooded with incoming traffic. This results in a slow down of the victim’s system and it becomes impossible to work on it. The attack was named after the name of the program’s source code called the ‘smurf.c’ which was released by TFreak in the year of 1997. At that time a lot of IP networks were vulnerable to this attack. But today most networks are immune to such attacks and very few are still vulnerable to it.
Now let us talk about the mitigation of these attacks. It can be fixed in two steps as mentioned below:
- The individual routers and hosts should be configured so that they do not respond to such broadcasts and the ICMP requests.
- Routers should be configured to not forward the packets to the destination address. The 1999 standards configured the routers for default forwarding of such packets. In the same year, these standards were changed.

Another solution to this problem is the network ingress filtering. This sort of filtering is implemented for rejecting those ICMP packets based up on the source address that has been forged. An example of router configuration that won’t allow packet forwarding in cisco routers is:
Router (config – if) # no ip directed – broadcast

Even though this example prevents a network from participating in the smurf attack, it does not prevent it from becoming its target. There are computer networks that lend themselves to be used in the attacks. Such networks are termed as the smurf amplifiers. They tend to worsen the smurf attack since their configuration is such that a lot of replies to the ICMP addresses will be generated from them at the spoofed IP address or the victim computer.

A variation of the smurf attack is the ‘fraggle attack’. In this attack a large UDP traffic along with the victim’s IP address is sent to an IP broadcast address by the attack at ports 7 and 19 i.e., echo and chargen respectively. The way of working of this attack is quite similar to the original smurf attack. All the devices on the network will send the traffic to the victim address causing the same kind of flooding as in the case of smurf attacks. The source code for this attack was also released by TFreak called the fraggle.c.
Smurf attacks are a way of exploiting the IP broadcast addressing for creating a denial – of – service attack. The affected networks becomes inoperable. ICMP is usually used by network administrators for exchanging info about the network state. During the attack, these messages are used to ping the devices on the network to see if they are in a functional state. If a device is functional it returns a response to this message. When there are a large number of pings as well as replies to them, a large traffic is created which renders the network unusable. Since the IP broadcast addressing is seldom used it can be disabled at the network routers. This is a suggestion given by CERT for coping with the problem of smurf attacks. 

Thursday, November 21, 2013

Security: What is meant by heap overflow?

There are two types of overflows in computer programming, namely buffer overflow and heap overflow. In this post, our focus is on the second one i.e., the heap overflow. This is nothing but a variant of the buffer overflow, and this type of overflow occurs in the data area of the heap. The manner in which these overflows can be exploited is quite different from the exploitation methods of the stack – based overflows. The allocation of the heap memory takes place dynamically during the execution time of the application. It usually stores the program data. Specific ways are used for corrupting the data during exploitation. This results in the program overwriting the internal structures like the pointers in linked lists.
There is a technique called the canonical heap overflow technique that can be used for overwriting the malloc Meta data which is dynamic memory allocation linkage. The pointer exchange resulting because of this overwriting is used for overwriting the pointer of a program function. As an example for this, consider two Linux buffers allocated adjacent to each other on the data area of heap. When the data is written across the boundary of the first one, it causes the Meta data in the second to be overwritten. Here the in – use bit of the second buffer can be set to 0 and the length can be set to a negative value that is small enough to copy the null bytes. When the free() is called by the program with the first buffer, it will try to merge the two buffers as one. The buffer that will be freed will then hold the pointers BK and FD in 8 bytes. The FD contains the BK and can be used in pointer overwriting. But there are several reasons as to why this is not possible.
Below mentioned are the heap overflow consequences:
- Accidental overflow can cause the data to corrupt or the program to behave in an unexpected way. This can be caused by any process that uses the memory area that is affected from the overflow problem.
- The operating systems that have no protection for memory can be affected by any process.
- A deliberate exploitation of the overflow can cause the alteration of the data and the way a program using that data executes. An example is of the Microsoft JPEG GDI+ vulnerability MS04 – 028. Heap overflows are often used by the iOS jail breaking for gaining code to utilize it for the kernel exploitation.

There are three ways in windows and linux following which can prevent the occurrence of the heap overflows. The other operating systems do not provide all these three. These ways are:
- Preventing the payload execution by means of code and data separation with hardware features.
- Introducing randomization so that there is no fixed offset for the heap.
- Introducing sanity checks in the heap manager.

The GNU libc from version 2.3.6 and onwards comes with built – in protection for the heap overflows. It also has capability of detecting the overflows. For example, when the unlink function is called, it checks for the consistency of the pointer. However these protections hold good only for the old – mannered exploitations and so are not perfect for the modern operating systems. Linux includes support for the NX – bit and ASLR since 2004. The Microsoft OS comes with protection against heap overflows in windows XP, server 2003 and service packs. The later OS include the following:
- Heap entry meta data randomization
- Removal of the data structures that are commonly targeted.
- Randomized heap base address
- Algorithm variation etc. 

Wednesday, November 20, 2013

Security - What is meant by buffer overflow?

You might have heard of some hacks happening from time to time that are caused due to buffer overflow. Buffer overflow is also known as buffer overrun in computer security and programming terminology. It can be considered as an anomaly where the boundary of the buffer is overrun by the program while writing the data to it. When this happens, the adjacent memory is written by the program. Buffer overrun is a special case in which the memory safety rules are violated. Some inputs have been designed for executing the code or changing the way the program works. These inputs can trigger the buffer overflows. This can cause the program to behave in an erratic manner such as causing memory access errors, giving incorrect outputs, causing crash, breaches in the security system. Therefore these are considered to be a source of a number of software vulnerabilities which can be exploited very badly. C and C++ are the most common programming languages that suffer from buffer overflow problems. This is so because these languages do not come with in– built protection against overwriting of data or accessing it in some other part of memory.
These languages don’t have an automatic check on the data that is written in to some array which is more like the in – built type of buffer which lies within the array boundaries. Buffer overflows can be prevented by implementing the bound checks. When the data is written to the buffer, it may also corrupt the data stored in the adjacent memory address destinations because of lack of insufficient checking of boundaries. This can cause a buffer overflow. It may also occur while data is being copied from one buffer to another one without checking whether the data will fit in to it or not. Techniques are available for exploiting the buffer overflow vulnerability. These techniques are different for different architectures, memory region and operating systems. For example, there is a lot of difference between the exploitation on call stack and the exploitation on heap. The below mentioned protective counter measures can be taken:
- Choice of programming language: The language being used does have a profound impact on the buffer overflow occurrence. As mentioned above C and C++ have no built – in protection against this problem but their libraries do provide a number of ways for safe buffering of data and techniques to avoid them. There are languages that provide runtime checking as well as compile time checking, which checks for the possibilities when the program might overwrite the data. Examples are Eiffel, Ada, and Smalltalk etc.
- Use of safe libraries: It is necessary to avoid buffer overflows in order to maintain the degree of correctness of the code. Therefore, standard library functions that are not bound checked should be avoided. There are certain abstract data type libraries that are well tested and centralized enough for performing the buffer management automatically.
- Buffer overflow protection: This mechanism checks for the alteration of the stack when the function returns. If some modification has been made, the program makes an exit with a segmentation fault. Examples of such systems are the stackguard, libsafe, propolice and so on.
- Pointer protection: Buffer overflow involves manipulation of the pointers along with their stored addresses. A compiler extension called the point guard was developed for preventing the attackers from manipulating the pointers and the addresses stored in them reliably. However this extension was not released commercially. A similar version of it was implemented in the Microsoft window’s OS.
- Executable space protection: This method prevents the code execution on heap or stack as an approach to buffer overflow protection. The buffer overflows can be used by the attackers for insert random code in to the program memory. When the executable space protection is in place, the execution of the program will be halted by an exception. 

Tuesday, November 19, 2013

What are the different types of attacks that network face?

With a lack of security measures and checks in the right place, we put our data to risk of various types of attacks, with many of these attacks of the level that there could be significant data loss, as well as the data could be stolen (and when this data is something sensitive such as credit card numbers or social security numbers, then it is a very serious matter).
Attacks are of two types namely active attacks and passive attacks. The active attacks involve altering the information with an intention of destroying or corrupting the network and the data. If you do not have a security plan in place your network and data are vulnerable to these types of attacks. In this article we discuss about few of such attacks:
- Eavesdropping: Generally most of the network communications occur in a format that is very unsecure (i.e., clear text). This gives a chance to the attacker to gain access to all the available data paths in that network for interpreting or listening to the traffic. Eavesdropping on someone’s communication is referred to as snooping or sniffing. The eavesdropper gets a great chance for monitoring the whole network which has become a great cause of concern for the administrator of an enterprise. There are services that are based on cryptography and can prevent this type of attack. With a lack of strong encryption data can be read or traversed by the eavesdropper.
- Data modification: After the data has been read by the attacker or eavesdropper, altering this data is his/ her next step. Without coming to the knowledge of the receiver and the sender, the data in the packet can be modified by the attacker. Even if confidentiality is not required in all the communications, it is a must that any of the messages should not get modified in the transition.
- IP address spoofing (identity spoofing): The computer’s IP address is used by most of the operating systems and the network for identifying whether an entry is valid or not. In some cases, a false assumption of the IP address is possible. This is called identity spoofing. Some special programs might be used by the attacker for constructing the IP packets that might seem to come from the systems that are inside the intranet of the corporate. After the attacker gains the access to a network having a valid IP address, he/ she might reroute, delete or modify the data.
- Attacks based up on passwords: Password based access control is a common denominator of many network security plans and operating systems. By this we mean that your user ID and password determine your access rights. However, it is possible that protection to this identity information is not provided by older applications as they might be validated when passed through the network. This might give a chance to the eavesdropper who poses as an authorized user for gaining access to the data. Whenever a valid user account is found by the attacker, he/ she gets the exact rights which are possessed by the real user. Now suppose if the user is admin of the network, then attacker gets the same rights as the admin and can create accounts for subsequent use. After gaining access to an account, the attacker can get lists of the authorized users and network info. He can make changes in the configurations, routing tables and access controls of the networks and servers.
- Denial – of – service attack: This attack prevents a valid user from using the network or the computer. By means of this attack the attention of the staff can be diverted from the internal information systems so that they don’t get to know about the intrusion. In the meantime attacker can make more attacks. Invalid data can be sent to the network services or applications. He can even overload the whole network so that it shut down.

Thursday, November 14, 2013

How is security management done in medium sized businesses?

There are a number of security risks that affect businesses, whether these businesses be small, medium or large. Something common to handling such risks and preventing these risks from causing major loss to the businesses is through the design of proper risk management principles. These are handled through several stages - Firstly the risks have to be identified along with the causes for these risks; Secondly the consequences of the risks coming true are identified (and this could even mean going to the worst case scenario); thirdly, the impact of the risks on security is determined and the risks are prioritized based upon this assessment.
There are two types of security threats namely external security threats and the internal security threats.

External security threats include:
- Attacks from competitors who want access to intellectual property or want to determine other secrets of the organization
- Hackers who want to get into the company and can then cause huge amount of damages
- In today's world, risks include external worms or other attackers from getting access to the internal infrastructure of the organization.

The internal threats include:
- Employees trying to get access to areas of the organization that they should not have access to.
- Usage of buggy software or those that contain trojans by employees, that increases the risk to the infrastructure of the company.
- Data being lost to hard disk crashes or the like.
- Securing data transfers such as is being increasingly used for cloud based transactions.

Now let us see how security management is done in the medium businesses. The medium sized businesses can use the following:
- A unified threat management system can be designed & implemented with an expert in charge.
- A strong firewall can be used.
- For the purpose of authentication, strong passwords can be used. These passwords should be changed on a monthly or bi – weekly basis as required.
- A robust password must be used for a wireless connection.
- An optional network analyzer or network monitoring software can be used.
- A virtual private network or VPN can be used for maintaining communication between the satellite offices and the main office. There are many advantages of using a VPN. The expenses of leased data lines are reduced. Also it provides a very secure network for communication. It very well imitates the private line that has been leased. What makes this network private is that the encryption of the links. This makes it very convenient to use. This is a very good choice for medium sized businesses who need such connectivity and want security.
- Clear employee guidelines should be followed for accessing the non – work related websites, internet, and sending and receiving info.
- All the accounts must be monitored for accountability so as to monitor the individuals logging on to the intranet of the company.
- A back up policy should be created for recovering the data in case the hardware or software fails or a security breach occurs that affects the data in a wrong way.

Saturday, November 9, 2013

How is security management done in large businesses?

Security management is very much required, in fact essential, if you are doing a large scale business or responsible for the security. In this article we discuss about some steps that can be considered for increasing the security (and you might have issues with some of the steps, or perform some additional steps):
- There might be a lot of unwanted people from whom you wish to keep your network and database safe. For this purpose a strong network guard must be used with an equally strong firewall and proxy.
- Here the basic anti – virus software would not work. You have to go for strong antivirus packages. There are separate internet security software packages also.
- Stronger passwords can be used for authentication purpose and it should be changed on a bi – weekly or a weekly basis if a wireless connection is being used. The password must be robust and follow the protocols to prevent the password from being guessed.
- A network analyzer can be created for the purpose of monitoring the network. It can be used as and when required.
- There are certain physical security precautions that can be exercised for the employees.
a) Physical security management techniques can be implemented such as the closed circuit television for the zones that are restricted with security viewing these videos.
b) The perimeter of the company can be marked by security fencing backed up closed circuit television cameras.
c) The security rooms and the server rooms are fire – sensitive and so they should be equipped with fire extinguishers.
d) Physical security can be maximized with the security guards who have been given specific protocols to follow.
Some of the above points hold good for large govt. institutions and schools too. School networks can put up a firewall and proxy that is adjustable for restricting outsiders from accessing the database. Schools too need to use strong internet security software packages, also because students tend me to be the most curious and prone to using software that may have viruses or worms. Librarians, administrators, and teachers should constantly supervise the network to provide guarantee protection against security threats. An internet usage policy that is easy to understand, accept and enforce for differentiating between the personally owned and school owned devices. for the institutes that provide higher education must implement the FERPA compliance. Large govt. agencies should also use stronger firewalls and proxy for keeping the intruders at bay. Strong encryption must be done for safe–guarding the communication. The wireless connection must be authorized in whitelist. Others should be blocked. All of the networking hardware must be deployed in secure zones. A private network should be created up on which all the hosts should reside after which they won’t be visible to the outsiders. Security management procedures that are used by various organizations include risk analysis, risk assessment, classification of information, and categorization of assets, and rating the vulnerabilities of the system. These measures are followed for the implementation of the effective controls. The principles of the risk management are followed for managing the security threats. The types of the security threats can be classified in to two broad categories namely the external security threats and the internal security threats.
Avoiding the possibility of creating any opportunity for attackers is the best thing to do in the first place. The effectiveness of the controls that are used for controlling these threats is assessed. The consequences of the risks are also assessed. The risks have to be prioritized as per the impact they can have on the security system. 

Security management practices followed in home and small businesses

As there are different kinds of networks and different scales, there are different types of security management for them. In this article we shall talk about how security management is done in the home and small businesses. Given that the complexity is lower in these cases, only basic security is required for a small office or at home. When you compare this with higher scales, where a lot of effort and maintenance is required for the large businesses and large institutions. In the home and small businesses, regularly used hardware and software is used (and not the sophisticated ones when compared to the sophisticated hardware and software that is used for the prevention of spamming, hacking and other kinds of malicious attacks in larger installations). Here we list some basic points for security management at home and small office:
- A basic firewall can be installed or even a unified threat management system can be used.
- A basic antivirus software will do the task if you are working in the windows environment (as long as regular data patches and software updates are installed).
- Other software that can be installed for security include anti – spyware programs. A number of anti – virus and anti – spyware software are available in the market.
- If you are using a wireless connection, you must take care to secure your system with a robust password. A number of security methods are supported by the wireless devices, so try to use the strongest of those methods such as the AES, WPA2. A wide range of devices are supported by the TKIP. But they can only be used in the cases where there is no compliance with the AES.
- While using wireless networks, the default SSID name of the network must be changed. Another security measure that can be taken is to disable the SSID broadcast as this is not required for the home use. This can be easily bypassed by the use of modern technology and if the attacker has some knowledge regarding how the wireless traffic can be detected.
- You can enable the MAC address filtering for keeping track of all the MAC devices that are on that network connected to your router. Even though strictly this is not a security feature, it does can be used for limiting and monitoring the DHCP address pool for the attackers by both AP association and exclusion. However, it does make for more settings to be done by the home or small business, which can start to become complex.
- Static IP addresses can be assigned to the devices connected to the network. This is done for complementing the other security features and to make the AP less desirable to the attackers.
- The ICMP ping on the router must be disabled.
- You can even review the logs of the router and the firewall for the identification of any abnormal traffic or connection if any is there.
- Passwords must be set for all the accounts (and not common passwords such as pass1234, etc; make these hard to guess with a combination of upper and lower case letters, number and special characters). You can set these up randomly - for example, one of my passwords is 5Gtf$&^hsTF23%3G. Such random passwords cannot be guessed and more sophisticated techniques would need to be used to break such passwords (and don't use the same passwords for multiple services).
- If you are using a windows operating system, you can create multiple accounts for the family members to limit all the activities.
- Children of the family must be given lessons about the information security.

Security management is about identifying the important assets of the user that of course includes the information assets and checking whether the policies protecting these assets are implemented properly. It is also about protecting these assets from loss. It identifies the critical assets and focuses on protecting them first. The potential threats to the system are assessed. Then measures are taken for eliminating or minimizing these threats. The security risks are managed by the virtue of the risk management principles. It involves identification of the risks, assessment of the effectiveness of the control strategies, determination of the consequences. The risks are identified by means of the impact they can have. The identified risks are classified and appropriate response is selected for each. 

Friday, November 8, 2013

Quick detail of some network security tools

Every web application and site can face pretty intense security threats such as cross site scripting, account hacking and so on, with new ones emerging on a regular basis. The load on the security providing vendors is increasing day by day for building products that offer more security while being able to respond quickly to new threats. As we develop new security measures and tools, the attackers also develop new methods for hampering the security. Some of the network security tools have to be paid for while others are open source tools (that can help you a lot and are effective). To a great extent these tools perform the task exactly as you like it but sometimes their settings have to be customized as per the security needs of the structure of the network. Some examples of the open source tools are Ettercap, nikto, Nessus etc. discussed below:
1. Wireshark: This is a multi – platform network protocol analyzer which is available as an open source tool. Using it the data can be examined from a file captured on the disk or from a live network. The data can be browsed and the exact details can be obtained. It comes with very useful features such as filter language with a rich display, and a view of the reconstructed TCP session stream. It also comes with support for a number of media types and protocols.
2. Metasploit: This one is also an open source tool but with advanced features for development, and testing of the exploit code. Metaspoilt framework is now being used as an exploitation research outlet because of the extensible models which is used for integrating the encoders, exploits, payloads and no – op generators. This tool makes it easy for you to write your own exploits. An official java based GUI is now included with the framework.
3. Nessus: This tool provides excellent capabilities for scanning the potential vulnerabilities of the unix systems. Initially it was an open source tool till 2008. It now comes for a good price and is still ahead of many of its competitor. A licensed version is also available for use in the home network. The tool boasts of having a whopping 46000 plugins. Some features are embedded scripting language that allows you to write your own plugins, client – server architecture having a web – based interface, local as well as remote security checks.
4. Aircrack: This is a tool suite developed especially for the 802.11 a/b/g WEP and WPA cracking. This tool makes use of the well-known cracking algorithms for recovering the wireless keys. This it does only after the encrypted packets have been gathered. Some of the tools in this suite are airodump, aircrack, airdecap, aireplay and so on.
5. Snort: This tool has proved very good in detecting and preventing network intrusions. This is a very effective tool for analysis of traffic and packet logging on the networks. The tool has capability of detecting 1000s of worms by means of content searching, protocol analysis, pre – processors and so on. It is also capable of port scanning, vulnerability exploit attempts etc. it is based up on a rule – based language which is quite flexibility.
6. Cain and Abel: This is a tool that has been developed for handling the windows – only password recovery and for handling various other tasks as well. It is capable of performing the following functions:
- Recovery of the password by sniffing the network.
- Cracking the passwords that are encrypted by means dictionary.
- Cryptanalysis and brute – force attacks.
- Recording the VoIP conversations
- Revealing the password boxes.
- Decoding the scrambled passwords.
- Analyzation of the routing protocols.
The tool comes with proper documentation.

There are others as well, this is a quick summary of some of them. If you use others or have some feedback, do let me know via comments.

Facebook activity