The Network Security. Org

Network Access Protection (NAP) is a new platform to perform computer health policy validation, ensure ongoing compliance with health policies, and optionally restrict the access of computers that do not comply with system health requirements until their health state can be corrected. Network Access Protection includes a client and server architecture. Administrators can configure DHCP Enforcement, VPN Enforcement, 802.1X Enforcement, IPsec Enforcement, or all four, depending on their network needs.

Denial of service (DoS) attacks are network attacks that are aimed at making a computer or a particular service on a computer unavailable to network users. Denial of service attacks can be difficult to defend against. To help prevent denial of service attacks, you can use one or both of the following methods...

Windows XP (either Professional or Home Edition) allows you to establish a wireless network connection to WiFi network routers and access points automatically. This feature helps you to make wireless Internet / WiFi network connections more easily with laptop computers and is highly recommended for those who roam between multiple locations.

Computer security "agents" must master the same tools used by the hackers they seek, and many of these programs are available to download for free. The man-in-the middle attack, (also known as the monkey-in-the middle) is a useful method of scanning network data and extracting what is known as interesting data, (passwords, e-mail, data files). Listed below you will find 10 programs used to assault and defend networks around the world.

If you operate any server that's connected to the internet there will be dozens to hundreds of break-in attempts every single day. There's no way to avoid this if your server is available to the public. The more software on your server the more chance one of the attempts will be successful.

Scores of crackers are running automated programs scanning millions of servers every day checking for a certain version of a certain software program which they know to be vulnerable. When they find a server that matches their criteria it's kept in a list for later use or an immediate attempt is made to gain access to the server.

My friend Philip is an expert at community activism and is a cracker-jack financial advisor as well. One thing he is not, however - and he would be the first to admit this - is a knowledgeable computer user. Oh sure, he can send emails and cruise the Web, and use Word and Excel, but he doesn't really grok his computer. And one thing he especially doesn't know much about is security. He knows there are bad guys out there, and he knows that he should try to practice safe computing, but he just doesn't know how.

Your job, as a forensic investigator, is to do your best to comb through the sources of evidence -- disc drives, log files, boxes of removable media, whatever -- and do two things: make sure you preserve as much of this data in its original form, and to try to re-construct the events that occurred during a criminal act and produce a meaningful starting point for police and prosecutors to do their jobs.

Michael Gregg explores the ways in which your network infrastructure can expose your organization to undue risk, how gaps in security can be plugged and methods that can be used to get maximum security from a limited budget.

Windows Server 2003 makes it easier to obtain IP addressing information. Previously, to find out the IP address for a Windows NT or Windows 2000 system, you had to use the IPConfig command-line tool. While this method worked, you had to sift through a lot of information if there were multiple network adapters.

Organizations of all sizes are compelled to do what they can to keep unwanted software from proliferating on their networks. Instant messenger and file-sharing programs pose two of the thorniest risks: The former can be a security hazard, and the latter is a bandwidth hog. Sometimes what makes the situation difficult to deal with is not that programs like IM and P2P are hard to block or keep from being installed, but that some organizations actually need them to be present in certain controlled ways.

Today, many companies are replacing traditional telecommunications services with Voice over Internet Protocol (VoIP), using their own IP network infrastructure to slash phone bills and increase productivity. However, IP telephony terminals, call servers, proxies and gateways create new attack targets, and converged voice/data networks can fall victim to new exploits.

These days, the vast majority of administrators go to great lengths to protect the files on their network. Typically, elaborate firewalls are used to keep outsiders away from file servers. The files residing on those servers often lie behind an intricate permissions scheme and are often encrypted. Complex auditing mechanisms might even monitor access to files. The point is that in this day and age, most administrators take security very seriously.

A customer asked that we check out his intranet site, which was used by the company's employees and customers. This was part of a larger security review, and though we'd not actually used SQL injection to penetrate a network before, we were pretty familiar with the general concepts. We were completely successful in this engagement, and wanted to recount the steps taken as an illustration.

In this article we?ll dive into the Windows 2003 Registry and take a quick look at what it is, how you can configure it remotely and how to backup and restore it. This document is intended to be a reference that will help you to understand the core of Microsoft?s later generation operating system.

Arguably one of the best network intrusion-detection systems (NIDS) is the free and open source Snort package. It has a large and active community, and is backed by the commercial company SourceFire, making Snort a strong contender in the NIDS market. The package itself is free. All that's required is some hardware to run it on and the time to install, configure and maintain it. Snort runs on any modern operating system (including Windows and Linux), but some consider it to be complicated to operate. The goal of this guide is to take some of the mystery out of Snort.

Invalid or corrupt device drivers can wreck havoc on a server, rendering the system unbootable in some cases. In this article, I will show you some techniques for recovering from even the worst device driver mishaps in a variety of Windows operating systems. The scary part is that most administrators are under a huge amount of pressure to keep their servers up to date with the latest patches and drivers. With such frequent updating, it only stands to reason that sooner or later the odds of an administrator downloading a buggy, corrupt, or simply incorrect device driver at some point in time are pretty good.

What's the point of guarding your perimeter if you allow anyone with the right antenna to intercept communications and access your data? Luckily, securing your wireless network is easier than you might think. So how do you keep a wireless network safe? First, decide whether you can afford a centrally managed solution. These systems deploy a centralized switch and podlike access points around the office. All updates, security settings, and access rules are configured on the switch. The pods either receive the configuration for local processing or merely pass any requests back to the switch for processing.

In this article we?ll dive into the Windows 2003 Registry and take a quick look at what it is, how you can configure it remotely and how to backup and restore it. This document is intended to be a reference that will help you to understand the core of Microsoft?s later generation operating system.

Although wireless networks have rapidly gained popularity because of the flexibility that they give to users, they have created some interesting security challenges for network administrators. What these security challenges all boil down to is that it is dangerous to allow users to connect to your corporate network over the airwaves. After all, how can you really tell for sure whether the person accessing the network is one of your users, or a hacker who's sitting in a van in the parking lot?

If an illegal hacker wants to do something to your system, such as plant a virus, a Trojan horse program or spyware, he has to gain access to the system's root directory and the unlimited power that goes with that access. Once established as root, the intruder can modify system commands to hide his tracks from the systems administrator and preserve his root access. The easiest way to do this is via a rootkit.

So let me guess - you're reading this article because your computer is running slow, you've got pop-up ads, or you're receiving errors you haven't seen before. Perhaps your web browser is littered with toolbars and your homepage has been hijacked. If your PC is showing any of these symptoms it's probably infected with spyware, malware, or adware. All of these programs are different from viruses (which usually cause your PC not to function) and from each other, but they all do pretty much the same thing.

Fortunately, the fix is relatively easy and once you understand the technique it takes around 15-30 minutes to complete the process. This process is designed for Windows XP and 2000 but works well on Windows ME and 98 machines as well.

Two critical security considerations that are closely related to one another are ignored all too often: integrity auditing and recovery. This document is an overview of good security integrity auditing and recovery practices using a Linux operating system.

Computer and network security involves several important elements. A system administrator must choose secure software, install and configure security systems like firewalls, and keep up with vulnerability patching, among other tasks. Two critical security considerations that are closely related to one another are ignored all too often: integrity auditing and recovery.

If you're just getting started in the networking field, you've got a lot to learn, and with the rate of changes in networking technology, you can expect to always have a lot to learn, but here are ten essential topics that you should concentrate on (and if you are not just getting started, here are some things to review)


1. The OSI model: Memorize it. It's almost a clich, but understanding it is critical....

Computer technology has changed quite a bit over the past 20 years. People who would normally never touch a computer now utilize such a device almost every day to get their work done. They use email and surf the web regularly. These folks all need to take computer security seriously.

Recently, I've been watching users and how they interact with their computers, and I've been asking them questions about their computer usage. I asked them about their knowledge of the subject in general, and specifically I asked them about security. Very few of them really knew much about computing in general and practically none of them knew anything about security. 20 years ago this may not have been as much of a problem, but in today's world of online banking and identity theft, this can be a huge problem.

Like much in life, there are levels of routing and switching that can be accomplished with minimal effort to establish simple connectivity, and then there are more advanced levels, achieved through careful tuning and consideration that result in a work of art. If designing optimized networks is something you aspire to, then one of the most important things you can do is put some thought into how you want traffic to flow through the network. To do that, consider some of these questions, which you can use as part of a checklist when you design a network.....

One of the most important abilities a network administrator can have is the know-how to get information out of his network devices so he can find out what's going on with the network. In most networks, the staple of information gathering has been the "show" commands. Here are my top ten commands to know and love....

Two years after Bill Gates' famous statement about solving email in two years, has the problem been solved? The short answer is that Microsoft says yes, based on its definition of the word, while others say no. For more, see todays Software Notebook. At the bottom is a SoundOff forum where several readers have offered their opinions.

The people who drive your business rely on Active Directory every minute of every day. So when it comes to ensuring that your directory is secure, reliable and compliant, it's your job to be prepared.

Arm yourself with "The Definitive Guide to Active Directory Disaster Recovery," a comprehensive guide designed to help you recover and restore everything from users and GPOs to domains and entire forests - including their pre-defined attributes. It's packed with more than 60 pages of real-life disaster scenarios, plus tips and techniques to help you plan for and recover from directory disruptions.

As an introduction this chapter is aimed at readers who are familiar with the Web, HTTP, and Apache, but are not security experts. It is not intended to be a definitive guide to the SSL protocol, nor does it discuss specific techniques for managing certificates in an organization, or the important legal issues of patents and import and export restrictions. Rather, it is intended to provide a common background to mod_ssl users by pulling together various concepts, definitions, and examples as a starting point for further exploration.

Thousands of different home network layouts exist. Fortunately, most are small variations on a basic set of common designs. This gallery contains network diagrams for each of the common designs of wireless, wired and hybrid home networks. Each network diagram includes a description of the pros and cons of that particular layout as well as tips for building it.

There is a ton of detailed information available on the Web, and even on this site, to teach you various aspects of computer and network security. For many people, the level of detail is often way more than they were interested in. Many users simply want the quick and simple "how-to" without all of the "what's" and "why's" that go with it. Here are some computer security Quick Tips that will help you secure your computer and only provide the information you need to get the job done.

As society and technology change, it's becoming common for homes to have more than one computer. When an existing computer is a few years old, parents will often take advantage of today's lower prices, purchase a new computer, and pass the old one down to the kids.

Suddenly, there's a need for a home network, so all computers in the house can share an files, printers and an Internet connection.

We should all by now know that Wi-Fi is by default inherently insecure it?s tantamount to dangling a network cable out of your window with a prominent ?Help Yourself? label attached to it. The earliest attempt at Wi-Fi security, WEP (wired equivalent protocol), proved deeply flawed and very easy to hack. WPA (wireless protected access) and in particular WPA2 (which features near-unbreakable AES encryption) has gone a long way to rectifying this glaring defect.

Even so, many wireless networks remain unprotected. Here are some dos and don'ts.

With up to 100 new malware threats being discovered per day, antivirus software is, for many home computer users, the primary method for protecting their computer from threats.

Many computers come with some sort of antivirus software, often a trial version, installed. Unfortunately, many users fail to properly configure the antivirus software or keep it up to date, and many may let the antivirus software expire without even realizing their computer is no longer protected against current malware threats.

An oft-asked question in networking classes is "why can't we just put everyone on the same subnet and stop worrying about routing?" The reason is very simple. Every time someone needs to talk, be it to a router or another host, they have to send an ARP request. Also, there are broadcast packets that aren't necessarily limited to ARP, which everyone hears. When there are only 255 devices on a /24 subnet, the amount of broadcast packets is fairly limited. It is important to keep this number low, because every time a packet destined for a specific host or a broadcast address is seen, the host must handle the packet.

A hardware interrupt is created, and the kernel of the operating system must read enough of the packet to determine whether or not it cares about it.

Networks don't work without addresses: Whenever you are sending something, you need to specify where it should go and where it came from. To be an effective network engineer or administrator, you need to understand IP addresses backward and forward: you need to be able to think on your feet.

If something breaks, likely as not some address assignment has been screwed up. And spotting the problem quickly is likely to be the difference between being the hero, or the guy who "takes a long time to fix the problem." Before covering subnetting in the next Networking 101 installment, we'd like to thoroughly explore IP addresses in their primal form. This is crucial to understanding subnets.

The internet is an amazing place that allows each and every one of us easy access to a wide variety of resources. Unfortunately, there is an increasing amount of viruses, worms, spyware and spam that can easily infect your computer. Your computer in fact may already be infected and you may not even know it. If your computer is unusually slow or crashes periodically, it may be infected. In fact, if you do not address the problem with this computer it may in fact infect other computers on your network.

The result of a virus or worm attack can include an inability to access the internet, missing icons on your desktop, missing files and many other potential problems. There are ways, however, that you can fight back. Of course before making any changes to your computer, it is always a good idea to make a backup.

Windows XP comes with its own software firewall to enable you to control what information travels between your PCs and the Internet, but you can also control what enters and exits your PCs by using IPsec filtering rules to filter particular protocol and port combinations for both inbound and outbound network traffic.

IPsec filtering rules are implemented by creating and assigning an IPsec policy to your computer, but first you need to create and define your filtering rules, which control which protocols, ports and IP addresses are allowed or blocked. This is done by running the IP Security and Policy Management Snap-In in a Microsoft Management Console (MMC) and selecting the local computer.

With the release of Windows XP, Microsoft tried to make configuring and connecting to wireless networks easy for everyone. They partially succeeded. The Wireless Zero Configuration service is the "brains" behind managing wireless connections with Windows. Unfortunately, WZC does not always make sane decisions, which can cause sensations of frustration and annoyance, not to mention itching and burning.

A network router is a small plastic and metal box that allows you build a home network simply. The home router serves as the core or "centerpiece" device of the network to which computers, printers and other devices can be connected. Networking with a router helps you to (for example):

* share files between computers
* share an Internet connection between computers
* share a printer
* connect your game console or other home entertainment equipment to the Internet

First, there was WAP, then WEP, then WPA and now WPA2. But despite how you sound, if you are looking to secure an enterprise WLAN, many industry experts say WPA2 is your best bet. ''WPA2 provides an enterprise-class security solution for user authentication and encryption,'' says Michael Disabato, senior analyst at the Burton Group.

Understanding wireless security requires a bit of a trip down memory lane to see how the protocols have evolved over the years.

Computer networks continue to face the problem of being to useful for their own good. Users are finding increasing uses for computer networks, continuing to make increasing requests for information, files or execution of different applications (which continue to become bigger and more resource intensive themselves). As more capabilities are developed, the networks invariably contain more data, new parts or both.

But this can all lead to a network that becomes too bogged down under its own weight to be very useful. With that in mind, a couple of technology experts offer their top 10 suggestions for juicing up your network, Joshua Feinberg, co-founder of Computer Consulting 101, West Palm Beach, Fla., which provides business development for network consultants and computer consultants for small companies, recommends.......

Corporate networks have not only grown in size over the years, but they have also grown in complexity. Over the years, new services have been implemented to satisfy the growing demand for easy to use programs. This driving force to meet end user satisfaction goes on relentlessly and has accounted for much of today?s innovations.

This document lists the majority of services available for any distribution of Linux. The list includes a description of each service's purpose, and a comment regarding whether it is a required service. This listing is not specifically directed at desktop or a server installation; it includes the services for both types.

Like a lot of people who have worked in the business, I find myself in conversations about computer security with people who are having problems or know people who have problems. I wrote this to save me from explaining the same thing over and over again to different people, and to save them the trouble of having to make notes as we talked. It was meant to be something you could give to a 'naive user' and have them be able to read and follow it more or less unaided, and while not being a complete guide, at least be something that made them more secure than before they got it.

This article examines how to configure and troubleshoot Windows Firewall using the Netsh command-line utility. The procedures covered apply to both the Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1 operating system platforms.

I?ve always had a liking for homes built of brick. Besides having a kind of ?Lord of the Manor? appeal, they also look solidly built compared to many of today?s wood-framed plastic-siding homes. Brick also gives an added sense of security since, who?s going to smash through a brick wall to break into your house?

In today's world of disappearing network perimeters and high stakes cyber crime, no threat looms larger than that of the Insider.

In this IT Briefing, you will learn:

* The top internally focused security threats
* The key components of a defense-in-depth protection against the Insider Threat
* The benefits of comprehensive encryption architecture in providing durable protection.

Hopefully, you have heard of some of these or maybe even all, but if not then let me introduce you to ten tools that every admin should have. In no particular order?

1. VMWare / Virtual PC / Virtual Server

Virtualization products are great because they allow you to test everything you want/need without having to destroy your machine or sit with a half dozen computers around you all day long. They may keep you warm, but you could go deaf while you slowly go bankrupt paying for all the electricity.....

Microsoft?s Encrypting File System (EFS), used to encrypt data on Windows 2000, XP and Server 2003 computers, relies on a public key certificate. If you don?t have a public key infrastructure, EFS can use a self-signed certificate. This is the default for using EFS on a standalone or workgroup computer. Implementing EFS within a domain with a PKI presents more complexity. In this article, we'll look at how to manage and use EFS in a Windows 2000 or Server 2003 domain.

Internet emails are designed to carry the IP address of the computer from which the email was sent. This IP address is stored in an email header delivered to the recipient along with the message. Email headers can be thought of like envelopes for postal mail. They contain the electronic equivalent of addressing and postmarks that reflect the routing of mail from source to destination.

Finding IP Addresses in Email Headers

Many people have never seen an email header, because modern email clients by default often hide the headers from view. However, headers are always delivered along with the message contents. Most email clients provide an option to enable display of these headers if desired.