The Network Security. Org

Doing business in today's world seems to create an ongoing need to set up a new Web server. For everything from development to marketing to training to ecommerce, the desire to load up static pages or networked applications is endless. But how can you be sure that the path you go down will lead you to a secure Web server that's less likely to be compromised by malicious outsiders or rogue insiders?

To run a Web site, your Web server must at least have port 80 open to process HTTP requests for Web pages. Unfortunately, attackers can modify or manipulate these requests to cause the server problems or to trick it into revealing valuable information. By using an HTTP request, an attacker has a legitimate path to your Web server and therefore can easily bypass firewalls and other security measures to initiate an attack.

Are you feeling insecure lately? No, not about yourself but about your organization's competitive position in the marketplace? What about its ability to meet client and business partner obligations? Or, it's ability to stay out of the court system and on the good side of your industry's regulators? Well, if your organization is like most, it's got problems, big problems when it comes to protecting one of its most valuable assets: electronic information. Arguably, electronic information is second in value just behind your organization?s employee capital.

I recently got to write a fun piece for InfoWorld called "Stupid user tricks" about protecting your network from human error. Researching the article revealed to me how many variables folks tend to miss when running a network, as well as when planning to protect and recover that network.

I suppose some of the errors I encountered while researching the article are more surprising to us consultant types because we live and breathe best practices. We live it, we breathe it, we get to install and bill for it, and then we get to walk away and do it all someplace else. Day to day systems administrators live and breathe a just get it done philosophy, and they can't walk away.

In almost every corporate computer network today there are proxies to be found. This is pretty much a standard computer security practice. The confusion starts when people start talking about all the various proxy types. Within the confines of this article all of the various proxy types will be discussed.

In this article we'll continue where we left off in Part 1 and discuss how to actually backup and restore data using the Backup utility that comes with Windows 2003, as well as take a look at disaster recovery.

If you missed the first part of this article series please read Windows 2003: Data Backup and Recovery (Part 1) A General Overview.

There are many threats that today's growing small businesses need to be concerned with. Paramount among these concerns are content related and physical access threats. Content related threats generally refer to access of content from the Internet by internal users of the network in violation of company policies. But a new type of content related threat is an infected file that combines several stand alone viruses or attack methods in one package.

Authenticating users who log onto your network by account name and password only is the simplest and cheapest (and thus still the most popular) means of authentication. However, companies are recognizing the weaknesses of this method. Passwords can be guessed or cracked using dictionary attacks or more sophisticated methods such as rainbow tables, or users can be coerced, charmed or tricked into revealing their passwords to others. These latter techniques, called social engineering, have become a growing problem for companies of all sizes.

A Virtual Private Network (VPN) is like a large sign, saying "Sensitive Data Here." Hackers know that when they've found a VPN, they've hit the jackpot, because it means somebody is trying to secure something confidential. Therefore, like any other gateway, your VPN needs to go through a thorough penetration test to check for vulnerabilities. It's easy to overlook VPNs when pen testing your network, as it's often assumed that they're the most secure part of it. But, they're not and they're a magnet for hackers.

Let's play pretend.

Pretend you've got a malicious insider on your network with a bone to pick. We'll call him Eddie. Perhaps Eddie is a consultant or even a salesperson. He might even come in during off hours to work his "security" shift. Regardless of what he does, he knows it is pretty simple to connect to someone's network and do just about anything he wants. Why? Default Windows settings, that's why.

Eddie doesn't know about the wonders of Group Policy Object (GPO) in Windows 2000 and later.

When it comes down to it, a security manager's job is about protecting information assets. But no matter what kind of business you're in, if you can't find all the data, you can't protect it.

Users put data where they need it, and they don't think about who has to know what they're up to in order to protect the data. The problem for security staffs is identifying where all the data is and making sure the proper controls are in place to protect the information.

Linux and open source developers are working to make Linux security tools developed by the National Security Agency more accessible and usable by regular system administrators and application developers.

Software developers and users discussed how Security Enhanced Linux (SE Linux) is evolving, and the benefits and potential pitfalls it could introduce when deployed in an enterprise data center. This discussion took place in a panel on SE Linux at the LinuxWorld Expo this week.

The development and adoption of removable USB mass storage is truly remarkable. Never before has it been so easy to move gigabytes of information around on a portable device that is small enough to clip onto a key chain. These devices have large capacities and they can copy data at lightning speed.

It?s hard to buy a USB flash drive these days with less than 128MB of storage and some devices can achieve data rates greater than 20MB per second. The technology is so convenient and powerful that we wonder how we could have lived without it.

Trouble receiving mail? Installing a new mail server? Need to make sure all your email servers are accessible?

Experienced network managers have long plodded through DNS queries, making sure that MX records matched A records which matched IP addresses. Then they checked SMTP ports to make sure the servers were open for business...

Security and storage are starting to converge as businesses look to new ways to protect their data, according to research firm IDC.

Charles Kolodgy, research director for secure content and threat management products at IDC, said that as the value of corporate data has risen, improved security of information and information systems has jumped to fourth place in a long list of the most urgent IT improvements, an IDC survey shows.

Server isolation builds on the concept of domain isolation, which I described in last month's column. While domain isolation ensures that computers in your Active Directory domains can only communicate with each other, server isolation protects specific servers by tightly controlling which client computers can communicate with them. One nice feature of server isolation is that you can start small and learn how to leverage the IP Security (IPsec) capabilities of Windows to protect your most important servers. During this process you can then build the base for planning towards more comprehensive domain isolation.

This is the first in a series of articles on understanding and developing signatures for network intrusion detection systems. In this article we will discuss the basics of network IDS signatures and then take a closer look at signatures that focus on IP, TCP, UDP and ICMP header values. Such signatures ignore packet payloads and instead look for certain header field values or combinations of values. By learning about network IDS signatures, you?ll have more knowledge of how intrusion detection systems operate, and you?ll have a better foundation to write your own IDS signatures.

Some of the more interesting things that information security people do are working out how to protect a company. Most of the tradition goes to watching IDS systems, participating in projects, doing your best to secure borders and entry points, and some even get to do web application or application security.

Most security people do their best to contribute to the companies that they work for, and given the fluid structure of the internet, the demands for staying on top of the game, as well as the personal commitment, that in its own right says a lot about those information security people who really feel what they do is beneficial.

Password and account lockout settings are designed to protect accounts and data in your organization by mitigating the threat of brute force guessing of account passwords. Settings in the Account Lockout and Password Policy nodes of the Default Domain policy settings enable account lockout and control how account lockout operates.

It does not require much intelligence to hack into an account. This was the message from independent cyber consultant Anup Girdhar at a seminar on the ethics of hacking. The event was organised by the department of computer science of Birla Institute of Technology, Mesra, today. Girdhar, who runs an independent cyber consultancy in Delhi and is a member of the National Anti Hacking Group, said people were careless when it came to using PIN and email passwords.

Mobile sales teams, remote workers, telecommuters, strategic partners and other trusted users all need timely, secure access to specific data on your corporate network. Yet some remote access systems rely on little more than usernames and passwords and lack robust authentication and encryption components.

RecreateDefPol.exe is a tool developed for the restoration of the Default Domain and Default Domain Controllers policy files, in case of accidental deletion. This tool is for use exclusively on Windows 2000 Server, Advanced Server, and DataCenter Server. Do not use this tool on Windows Server 2003; use Dcgpofix.exe instead (included in Windows Server 2003).

Stopping modern attacks requires a modern approach to threat management. There is a growing mismatch between the level of protection your security measures are providing and the level needed to adequately protect your network. This white paper offers threat management solutions that are part of a multi tier suite of multifunction security products. This solution delivers maximum protection for your company by enabling pervasive coverage of your organization's IT environment with an optimal blend of reactive, proactive, and even predictive countermeasures.

In our buzzword filled industry, wrapping your arms around wireless attacks and their potential business impacts can be tough. This tip tries to bring order to this chaos by providing a reference list of attacks against 802.11 and 802.1X, categorized by type of threat, and mapped to associated hacker methods and tools.

According to the 2005 WLAN State of the Market survey, two out of three companies have now deployed business class 802.11 (WiFi) wireless LANs. But, despite recent technology advances, security continues to be cited as the number one challenge.

Without adequate safeguards, wireless can open corporate networks to new attacks, from war driving and password cracking to rogues and Evil Twins.

Although group policies are an extremely powerful security mechanism, it can be a bit tricky to deploy them in an effective manner. That's because the effective group policy is made up of multiple and sometimes contradictory group policy elements that are applied to the user object and / or to the computer that the user is working from. It is therefore critically important that you manage your group policy objects in a way that will allow you to keep them well organized so that you can always figure out which policy elements apply in a given situation.

What are Windows administrators getting in terms of changes to Group Policy with Vista?
Danny Kim: [Microsoft] didn't do much with the infrastructure; they ran out of time. But there are a lot of new settings. XP SP2 has between 1,200 and 1,500 settings. In Vista, there are about 3,000. There has been a soft mandate within Microsoft that all product groups should Group Policy-enable their products. And about 80% of the new settings are security related.

Whether your company runs or bans WiFi, your offices have probably been visited by unauthorized "rogue" access points or stations. Most WLAN owners cite rogue elimination as a top priority. Detecting rogues is fairly easy, but eliminating them can be surprisingly tough. This tip describes a methodical rogue hunting process and tools that can help.

Running Skype on a business network can cause big-time security woes, say a pair of French researchers. At this month's BlackHat Europe security conference, they released a 98-page paper that warned, among other things, that with Skype it is "impossible to scan for trojan/backdoor/malware."

This All in One Guide is a collection of resources to help you secure your email systems regardless of where you are in the learning or buying process. If you're new to securing email, we recommend you start at the beginning with our Security School covering fundamental issues. If you're shopping for technology, skip ahead to the sections on evaluating your options, product reviews and engaging vendors.

If you're currently managing email security technology, check out the section on post implementation issues. In each section, we'll logically guide you through our resources to maximize your learning experience.

Attacks on wireless networks and breaches of "no-wireless" policies are a quick and easy way for hackers to steal data and enter your network. These attacks can compromise your organization's data privacy, network integrity and regulatory compliance. Organizations need to plan for, monitor, and mitigate potential wireless threats.

One of the biggest complaints I hear about security is the associated operational overhead. IT personnel are constantly adjusting multiple technologies in an effort to provide access to the good guys while locking out the bad guys.

If you want to see a metric of this behavior in action, look no further than your network Access Control List (ACL) rules. ACLs in large organizations have several characteristics...

In the first segment of this five-part webcast series, expert Lee Benjamin discusses several essential email security elements that you should already have incorporated into your Exchange Server organization:

* Documentation of your environment
* Antivirus protection
* Patch management
* Attack surface reduction
* Exchange Best Practices Analyzer (ExBPA)

I've had numerous members here email me about writing an article on setting up a secure, inexpensive, home VPN solution that they could use to share files between their home and office computers while they were at work. After speaking with many different people on the subject, I decided that most of them were running Windows XP for their operating systems and Linksys brand routers. That being said the following article is based on the above specifications and will involve no extra cost in setting up the VPN connection.

Since domain controllers control the keys to the kingdom (or domain as it is called), they are essential to protect. Without protection of the domain controllers, there is nothing that an intruder or attacker could not access with regard to your Active Directory enterprise. There are some easy methods and configurations that you can take advantage of to improve the security of your domain controllers with not much effort. Taking these actions will increase the overall security of your domain controllers, Active Directory network, and enterprise as a whole.

Security researchers have unearthed a flaw in Sendmail, the popular email server package that's widely used by ISPs. A security bug involving improper handling of asynchronous signal data by Sendmail when receiving and processing mail might be used to corrupt stack memory. By sending specially malformed data at controlled time intervals hackers might be able to take advantage of the flaw to compromise vulnerable systems.

Over the years I have cringed at the thought that rogue elements could overwrite system binaries, bypassing Windows File Protection with use of tools like SysInternal's handle.exe. I always wondered WHY they didn't have tighter ACLs on the files, and today Raymond explains why.

Apparently they tried that. And it didn't work well. Software installers had a nasty problem in which they didn't like being told they can't overwrite a file, and would fail miserably.

Threats from outside the network perimeter, such as from spam or viruses, have long been recognised as major security issues. But the growing use of mass storage devices (such as iPods and USB drives) in the office means that vast quantities of data can be copied and stolen from inside corporate networks more quickly and easily than ever before.

Network managers need to start thinking very carefully about implementing voice over IP (VoIP) security to maintain LAN performance, avoid denial of service (DoS) attacks on IP phones and software platforms, and stop hackers listening in to private conversations.

Perhaps someday Microsoft's Vista or subsequent OSs will prove sufficiently secure that malware no longer is a threat. But until then, enterprises will have to build network and perimeter security that treats their own PCs as potentially hostile to deal with the threat from within.

This article examines the enhanced features for event log monitoring in Windows Vista and walks the reader through configuring and using these features to better troubleshoot system problems.

One of the key tools for troubleshooting issues with Windows computers is Event Viewer. Using this console, you can view events recorded in the Application, System, and Security logs and use this information to try and resolve problems with your computer.

Hackers are starting to look at mobile devices as a launch pad to spring attacks on personal computers and workstations, and eventually, corporate networks. This has put the spotlight on wireless technology such as Bluetooth, which can potentially provide hackers with easy access to mobile devices.

How many ways are there to expose sensitive personal data? One company misplaces a backup tape; another puts customers' Social Security numbers onto mailing labels for anyone to see. Others lose laptops, inadvertently post private information online, or leave documents exposed to prying eyes. The possibilities are endless as we're learning with every new revelation of a data breach or hack or inexcusable lapse in secure business practices.

The protocol level security of the SSL VPN is roughly the same as Remote Desktop's security. Both are susceptible to the same kinds of man in the middle eavesdropping attacks, and the same downloadable tool kits are capable of compromising both connections.

The most secure choice is the one you can best monitor and manage over time.

Encrypted filesystems may be overkill for family photos or your r?sum?, but they make sense for network accessible servers that hold sensitive business documents, databases that contain credit card information, offline backups, and laptops. EncFS and LoopAES, which are both released under the GNU General Public License (GPL), are two approaches to encrypting Linux filesystems. I'll compare the two and then look at other alternatives.

These days, each of us has a growing awareness of the risks involved in protecting IT based resources from identity theft, malicious outside attacks, or generally inappropriate use. We are also seeing government and industry regulators issue strict mandates requiring companies to take significant steps to strengthen defenses against these misuses. As a result, many corporations are implementing multi factor authentication policies that are much stronger than the password schemes that had been so commonplace in the past.

Old and unpatched Outlook clients can pose a serious security risk to your network. Further, older versions of Outlook don't have the newer features that significantly improve network communications, and may place an additional load on an already strained network. In both Exchange 2000 SP1+ and Exchange 2003, you can selectively disable specific versions of Outlook from connecting to your Exchange servers by making modifications to the registry on your Exchange servers.

The loss of data can bring an enterprise down be it for a few hours, days, or even weeks. For smaller businesses, data loss can be devastating. For home users, it can be heart breaking and utterly annoying. Whatever brings about data loss is bound to cause an organization to suffer not only from the loss of the data itself but from loss in employee productivity during the time it takes to restore information from a backup set.

Having said this, it becomes clear that backup is, without a doubt, one of the most significant aspects of a business continuity plan.

Data is often the most important asset a company owns. Protecting this data used to mean costly network reconfigurations that resulted in lost performance and increased latency. With new technology, it is now possible to protect every piece of data as it travels over the network, all in just 15 minutes. Using an appliance based approach, it is possible to protect data without changing existing routers, switches, or making other changes to the network.

Within Windows you might want to track who is performing specific tasks. This might be to meet a regulatory compliance, or to just track when users perform tasks on desktops and servers. The benefits of deploying auditing settings to all computers include better control of the environment, audit trails for security reasons, and tracking of events for forensics. The big question boils down to how should these settings be deployed correctly, efficiently, and with assurance that the settings will be persistent?