The Network Security. Org

Legal pressures, not to mention your moral obligation to assist unwitting victims, means that you should never delay when disclosing IT security incidents. In November 2005 a laptop belonging to an employee of the Boeing Corporation was stolen. Among the information on the machine was personal financial data about 161,000 current and former employees of the aerospace giant.

Whether it is through manual poking and prodding or the use of security testing tools, malicious attackers employ a variety of tricks to break into SQL Server systems, both inside and outside your firewall. It stands to reason then, if the hackers are doing it, you need to carry the same attacks to test the security strength of your systems. Here are 10 hacker tricks to gain access and violate systems running SQL Server.

Spyware is a new and increasing threat to organizations. It is important to understand this threat from a real world perspective in order to develop anti spyware best practices and requirements. Best practices begin with a layered defense at the gateway and desktop levels.

I love those "security mistakes" papers (I've written a few myself) and here is a fun one specifically on Unix. "The four most common Unix security mistakes" by Paul Murphy covers "four worst security strategies affecting Unix deployment in business and government."

For any business operating online, nothing is more important than security. The best products or services, the most responsive customer service, the most effective marketing -- all are compromised if a business is left open to crippling viruses or to hackers looking to steal customer or business information.

But many small-business owners don't have the resources -- or the knowledge -- to get the kind of protection they need these days. "They know their business, but they don't know much about security," says Fred Rica, a partner at PricewaterhouseCoopers, where he focuses on Internet security. "That creates vulnerability, and hackers look for that type of access."

The vast majority of administrators go to great lengths to protect the files on their network. Typically, elaborate firewalls are used to keep outsiders away from file servers. The files residing on those servers often lie behind an intricate permissions scheme and are often encrypted.

Complex auditing mechanisms might even monitor access to files. The point is that most administrators take security very seriously. What you might not realize is that all of this security can be easily undone through the simple action of a user accessing a file through legitimate means. In this article, I will show you how this is possible and what you can do to fight back.

As you know, the Microsoft Management Console (MMC) tool provides you with a shell into which you can insert various tools called snap-ins. I've always been a big proponent of using the MMC tool to create customized consoles for various tasks. However, I've always despised Windows XP's console creation process, which is a very convoluted operation that I think could have been designed much better.

With Windows Vista, Microsoft is introducing a new version of the MMC tool interface, which at this point is simply being called MMC 3.0.

Even if you have sophisticated prevention measures in place, intrusions can happen. In this module, we describe practices to be implemented independent of the size, type, or severity of an intrusion or of the methods used to gain access. The key event is that an intruder has gained access to your systems or data.

You need a strategy for handling intrusions effectively that includes preparation, detection, and response. The practices in this module identify steps you must take to respond to and recover from a detected intrusion.

Web-borne threats are increasingly fast, sophisticated, and criminal in their intent. This paper outlines best-practice defense-in-depth web security policy to protect users, client devices, and core Internet-facing applications. It recommends installing Network Engines NS Series Security Appliances behind a perimeter firewall to provide the application-layer protection of Microsoft Internet Security and Acceleration (ISA) Server 2004 integrated with comprehensive web security provided by the Websense Web Security Suite. The solution provides multiple layers of security, including protection from threats contained in Instant Messages, streaming media, and P2P file-sharing.

MOST OF the time when we talk about privacy, we talk about the trade-offs that have to be made between privacy and convenience, or the trade-offs between security and privacy. It's inconvenient for me, for example, that my British cable company is so unable to trust me after I've given them my name, address, phone number, and password that they won't reveal to me my account number so I can pay my bill online.

Testing new applications for security weaknesses is a process that is often performed from the outside-in. Security administrators and/or Q/A teams receive applications that are already in their near-final form for testing, and they proceed to bombard them with various forms of hack attempts--either manually or systematically via specialized tools--in order to determine their vulnerabilities. Or, even worse, the product could be released with no such security testing done at all; relegating the vulnerability testing of the application to the actual attackers waiting to exploit their weaknesses.

With Service Pack 2, Microsoft tightened most of the default settings in Windows XP so that out of the box, you're not left insecure. But that doesn't mean there's not more tweaking to do. Check out the following five most infamous default settings and see if they apply to your Windows XP deployment. This article assumes that you're running Windows XP Service Pack 2. If you're not running that, please upgrade as soon as possible.

In my previous article An Inside Look at IPSec in Vista, I discussed how IPSec has been moving steadily from the WAN to the LAN as it finds application for securing internal traffic on corporate networks. I also described new features of IPSec in the upcoming Windows Vista and Longhorn Server platforms and how these enhancements are going to make it easier to use IPSec to secure the internal network. Many of these enhancements are founded upon the Next Generation TCP/IP stack, which is the completely re-architected TCP/IP protocol stack in Vista and Longhorn. This article continues by examining changes to IPv6 in these platforms and how these changes enhance the manageability, usability, and security of Windows-based networks.

In the weeks running up to Valentine?s Day, many phishing e-mails will do the rounds that promote love or dating opportunities. Organised criminals use this method to lure users to visit specifically designed and prepared websites, which are used to infect the victim?s PC with worms, viruses and Trojans. This allows the criminal gang to gain control of systems or access confidential information such as usernames, passwords, or bank account information and credit card numbers.

This brief write-up describes an attack that exploits an inherent flaw of the client-side trust model in the context of cyber-squatting and domain hijacking, or in general, in the context of obtaining temporary ownership of a domain (or major parts of it, e.g. defacing the main page). Put simply, the idea explored is to force long term caching of malicious pages in order for them to still be in effect even when the domain returns to its rightful owner. Various attack vectors are discussed, as well as possible protection techniques.

While previous works hinted at the possibility of such attack, it is worthwhile to discuss this attack in depth and to refute the common misconception that cyber-squatting, domain hijacking and similar attacks do not have long lasting effect.

Having a Web application firewall in place can mean the difference between scrambling to fix a vulnerability taking an application offline and paying emergency overtime fees for developers and QA staff or having the breathing room to repair the vulnerability on your own schedule.

The area that should be of most concern is user education. Unless you have an automated method in place to keep everything updated, you will need to enlist the users help in making sure that all of the Windows updates are installed on a regular basis. If you are also using the Microsoft Office Suite of applications, there are updates that need to be applied here as well. Fortunately, recent changes to the way that Microsoft's Windows Update site works has helped streamline this process so that both Windows and Office updates are downloaded at the same time.

Phishing: Organized Crime for the 21st Century: Phishing is on the rise, and you'll never know you've been victimized until it's far too late. Quickly becoming the most common Internet fraud, phishing is a scam in which personal or private information is extracted by a scammer by posing as a party authorized to receive it, and has become a phenomenal threat to the sanctity of online business.

This document explores the scope of the phishing problem and describes the process by which the information harvested in phishing attacks is passed from one cybercriminal to the next, creating new victims every step of the way.

The recent spate of reported data breaches in which confidential data, such as medical or financial information, is either stolen or just simply revealed by mistake, shows the many ways things go terribly wrong.

Take the unfortunate case of the Boston Globe, which had to acknowledge it had printed sensitive data about 240,000 subscribers by mistake on the back of 9,000 routing slips used to label bundles of newspaper.

With the increased number of cyber attacks and the overall complexity of enterprise networks today, IT professionals are challenged with the daunting task of protecting networks from known and unknown malicious activity. While traditional security solutions and services are being deployed to protect the network, devices continue to fall victim to attacks.

Many organizations are looking outside the "security application box" to other solutions that can more effectively secure, manage and maintain critical devices throughout the network. One particular application category IT professionals are turning to is Network Configuration Management.

While wireless technology can be more convenient for end users, bringing the technology into a facility can pose challenges for facility executives. Building material selection, for example, can inhibit the transmission of wireless signals. Access points are often installed in difficult-to-reach places to prevent tampering. Avoiding five common mistakes can help a wireless installation proceed smoothly, regardless of project size.

How well do your network defenses block unknown types of attacks or catch stealthy attacks in progress? For combating previously discovered attacks and exploits at the network level, companies employ firewalls and intrusion prevention and detection systems (IPS/IDS). Such tools, however, won?t stop previously unseen types of attacks, (including new viruses, worms, and exploits of not-yet-disclosed vulnerabilities) or catch many attacks already in progress.

The extensive proliferation of covert and malicious spyware is posing an increasingly significant threat for internet users, a comprehensive new study by University of Washington computer scientists warned today.

The research sampled more than 20 million internet addresses, looking for the programs that covertly enter the computers of unwitting web surfers to perform tasks ranging from spamming advertising products to gathering personal information, redirecting web browsers or even using a victim's modem to call expensive toll numbers.

There is a spate of papers and tools on using Modeling and Simulation (M&S) for testing Denial of Service- (DoS), virus and worm (Propagation, attacks) against computer networks, but this is not a whole story, there is not any explicit M&S tool for testing computer/network security and network attack modeling. In the other words, it seems that Computer Simulation was studied and investigated in many areas but the field of Computer Security has not produced significant research results in this area to date!

Windows domains rely on policy-based security mechanisms, but Windows security policy deployment can be confusing to the uninitiated. What's the difference between the local security policy, domain security policy and domain controller security policies? When and how do you use each? How do you use site GPOs and OU GPOs for best security, and how do they all interact together? What security policy tools are included with the operating system and how is each used? This article will provide an overview of the roles of Server 2003 security policies and how to use them to secure your systems and network.

Packet filters firewall are going to be deployed more and more for the sense of security the word "firewall" has got on not-technical people. Available as commercial software, embedded device or inside opensource OS they work at level 3. The support for level 4 isn't complete: they filter ports numbers, TCP flags, seq numbers, defragmentation, but ...

There are several approaches to securing an enterprise. Each comprises a portion of any company?s security plan. Vulnerability management, Risk Management, Survivability and Accountability or chain of responsibility all play key roles with each having two key components internal risk and external risk.

Employee sabotage is actually a greater threat to organisations than external attacks. While security it permeates every aspect of a business, in order to be effective it must be addressed in every portion of the enterprise.

By far, the hardest security hole to plug in the Windows enterprise is the one that comes from within and by that we mean the downloading of unauthorized intellectual property onto removable end point devices. Many administrators don't realize they can use Windows features in Group Policy and Active Directory to lock down hardware, and, indeed, the technology to do so has been around for some time.

When it came time to circle the wagons, horse-blanket maker WeatherBeeta decided to call in the experts to protect its perimeter. Australian owned WeatherBeeta specialises in clothing to protect horses from the elements, both as a wholesaler and as the name behind the Horseland retail franchise.

Security was a top priority when the company ditched an expensive frame relay network connecting its headquarters in Australia with operations in New Zealand, the US and Britain.

Companies have always had to deal with different types of risk, be it financial, legal, the success of a new product launch or a merger, or the threat of natural disasters. These risks are traditionally treated as silos. The CFO is responsible for understanding and making decisions pertaining to financial risk. The IT department is responsible for the risk of loosing data processing capabilities. Legal council is responsible for understanding and managing the company's legal issues. And so on.

But this fragmented approach to risk is becoming more dangerous as companies face risks that threaten the company's overall existence. These risks come in the form of noncompliance with government regulations, increasing information security threats, terrorist activities and natural disasters. It is important now more than ever, for companies to develop and maintain a holistic risk management program that coordinates these silos because they all have the same overall goal ? to protect the company and its assets.

So, you're thinking about testing your own Windows systems for security vulnerabilities? Doing so is actually pretty interesting work that is, if you have the right tools. Well, instead of wading through all the muck and mire trying to find good security tools let me help point you in the right direction. For starters, as it relates to Windows based computers, there are six general types of security testing tools.

Phishing is an automated form of identity theft, targeted primarily at the casual email user. This paper details the technical aspects of typical phishing campaigns, focusing on the tactics, methodology, and unique features of the phishing email and the phishing Web site. It outlines how automated, inline network-based solutions, built on existing intrusion prevention technology, can be leveraged to assist network defenders in protecting their constituencies from online fraud.

There has never been a greater need for integrated threat management solutions. With 20 years experience defending against threats, Sophos has an intimate knowledge of, and expertise in, protecting organizations against all types of malicious content. Whether it's spyware, viruses, Trojans, phishing or spam, Sophos's consolidated solutions protect your business at the gateway and endpoint.

The wonderful thing about the Web is that you can find anything there, whether it's true or not. Case in point: The legend that in 1984, AT&T "decided not to invest in cellular telephony, believing that the market wouldn't support more than a million cellular handsets by 2000." That's repeated in an opinion column on computerworld.com today.

This document describes the compromise of a Debian Linux server on an internal network. We look at how the incident first came to light, the response procedures and an analysis of the actions of the attacker. This leads us to some recommendations on how to secure systems against this kind of exploitation in future. None of this is particularly new or surprising, but hopefully will serve as a welcome reminder, or as useful material when trying to justify particular security policies.

As you consider how to best use VoIP on your network, there are five important concepts you should keep in mind, according to Jon Arnold, who operates J. Arnold &Associates, a Toronto, Ontario-based VoIP analyst firm.

1. The VoIP-enabled network includes voice and data

"With VoIP, you have to get away from the idea that voice is one thing and data is another," Arnold says. "With VoIP, voice is just another application. The concept of a converged network is a complex beast."

WiFi networks use short-range radio frequencies to communicate between devices, eliminating the necessity for running cable. While operating without wires is an advantage, users and IT personnel need to be aware that WiFi networks do not recognize walls as barriers. The challenge is that WiFi networks extend outside of approved areas, leaving users with leaky WiFi and in the position where someone else's WiFi network may be present and beckoning.

If Yoda were here, he would surely sense a disturbance in the "Force". It seems as though the highly popular Google corporation has lately been making some questionable business decisions that have caught the attention of many privacy groups and security advocates. I'll just touch upon the recent happenings in the news, and you can make your own decisions on Google's behavior.

TCT is a collection of programs by Dan Farmer and Wietse Venema for a post-mortem analysis of a UNIX system after break-in. Notable TCT components are the grave-robber tool that captures information, the ils and mactime tools that display access patterns of files dead or alive, the unrm and lazarus tools that recover deleted files, and the findkey tool that recovers cryptographic keys from a running process or from files.

I have spoken at length before about the TCP/IP protocol suite and its dozens of protocols. When people refer to the TCP/IP protocol suite they are referring to all layers of the OSI Reference model. With that in hand we most certainly have dozens of various protocols that come to mind.

The vast bulk of these dozens of protocols reside at the application layer. Many of these application layer protocols have any number of vulnerabilities associated with them.

With custom base station software, an attacker may cause clients within wireless radio range to associate to the attacker's wireless network without user interaction or notification. This will occur even if the user has never connected to a wireless network before or they have an empty Preferred/Trusted Networks List. We describe these vulnerabilities as well as their implementation and impact.

When your computer hardware appears to power up okay, but the Windows XP operating system won't boot properly, you have to begin a troubleshooting expedition that includes getting into the operating system, determining the problem, and then fixing it. To help you get started on this expedition, here are 10 things you can do when Windows XP won't boot.

Last time because it never hurts to review the basics every now and then David Davis offered a list of five things every administrator needs to know about Cisco networking. This time, he adds five more things to the list. No matter how long you've been working on networks, it never hurts to review the basics every now and then even seasoned administrators sometimes need a refresher.

Thanks to the Computer Security Institute (CSI), we have some pretty good answers to that question.

Please read below for highlights from the 2005 CSI/FBI Computer Crime and Security Survey, based on responses from 700 U.S. corporations, government agencies, financial and medical institutions, and universities. This is our 10th annual survey in the information security field and, after reading it, we urge you to report to us any and all computer intrusions your company may experience.

Mention "browser," and almost certainly Internet Explorer and Firefox will be up for discussion, and with good reason. Together, those two browsers have about 95 percent of the market, with Internet Explorer accounting for the lion's share of that, according to December stats compiled by Web-based applications vendor Net Applications.

But they're not the only browsers around. There are plenty of others, including those aimed at mobile users. Each commands just a miniscule portion of the Internet audience, but some deserve many more eyeballs thanks to innovative features or for other reasons.

About three years ago, the concept of "Cross Site Tracing" [1] was introduced to the web application security community. In essence, the classic XST is about amplifying an existing XSS vulnerability such that HttpOnly cookies and HTTP authentication credentials can be compromised. This is done using a client side XmlHttpRequest object that sends a TRACE request back to the server, receives the request echoed back by the server's TRACE function, and extracts the information from the echoed back request.

The recommendation in [1] is to turn off TRACE support in the web server, which indeed takes care of the attack as described.

Are you running Windows NT or 2000 somewhere on your network? I'll bet you are. In fact, many organizations are still running Windows NT and 2000 on core production workstations and servers in some fashion critical Web, file, and database servers included. This is all fine and good I still run Windows 2000 on my network but we've got to be very careful not to let our guard down when it comes to keeping these older operating systems protected from old and new threats and vulnerabilities.

Many administrators tend to ignore the recommendation that WSUS be configured to use SSL encryption if the WSUS server is only servicing clients within the perimeter network. However, if SSL encryption is not used, a hacker could potentially steal the WSUS server?s identity and use the spoofed server to send malicious versions of patches to your clients. If you don?t like the idea of having a bunch of infected clients on your network, then check out this article on how to encrypt WSUS transactions.

Are your servers secure? In a word, No. No machine connected to the internet is 100% secure. This doesn't mean that you are helpless. You can take measures to avoid hacks, but you cannot avoid them completely. This is like a house when the windows and doors are open then the probability of a thief coming in is high, but if the doors and windows are closed and locked the probability of being robbed is less, but still not nil.

In response to my popular "The six dumbest ways to secure a Wireless LAN", Timothy wrote a letter to me asking if there was any legitimate deterrence value against the casual hacker to some of the common myths in securing a Wireless LAN such as "SSID suppression", "DHCP restrictions", and "MAC filtering".