The Network Security. Org

Doing business in today's world seems to create an ongoing need to set up a new Web server. For everything from development to marketing to training to ecommerce, the desire to load up static pages or networked applications is endless. But how can you be sure that the path you go down will lead you to a secure Web server that's less likely to be compromised by malicious outsiders or rogue insiders?

To run a Web site, your Web server must at least have port 80 open to process HTTP requests for Web pages. Unfortunately, attackers can modify or manipulate these requests to cause the server problems or to trick it into revealing valuable information. By using an HTTP request, an attacker has a legitimate path to your Web server and therefore can easily bypass firewalls and other security measures to initiate an attack.

Learn how to build your own gateway firewall using FreeBSD and old PC parts. The firewall will consist of the PF firewall, Snort IDS, various IPS applications, Squid proxy, and some intuitive web interfaces for auditing. The cost of this project should be between free and $200 depending on your resourcefulness. I built mine for free using spare parts that were stockpiled in personal storage and parts that the USMC was throwing away, but you can build one from used and/or new parts for dirt cheap.

To study the proceedings and attacks from hackers, Honeypots are used. The idea thereby is, to put one or more special servers in a network . An aggressor; who cannot differentiate between genuine server/services and honeypots; sooner or later will be taken up the services offered by a Honeypot by his search for a safety gap. All his activities on the honeypot are loged thereby.

Messaging security manufacturer, CipherTrust, has launched a free online service to alert organisations about potential phishing scams. PhishRegistry.org hosts a repository of known phishing scams and alerts registered users to sites that may threaten customer data or financial operations.

"When email first emerged in the business market it was a wonderful tool," said CipherTrust regional sales manager, Bob Jones. "Unfortunately it's been exploited over the years by spam and now phishing."

Hackers have released new, more efficient malware that exploits an unpatched vulnerability in Internet Explorer.

Hackers have posted a new version of malicious software that will make it easier for them to exploit an unpatched vulnerability in Microsoft Corp.'s Internet Explorer (IE) browser. Based on a critical bug disclosed on March 22, the software was posted by hackers Friday to the Milw0rm.com web site.

It does not require much intelligence to hack into an account. This was the message from independent cyber consultant Anup Girdhar at a seminar on the ethics of hacking. The event was organised by the department of computer science of Birla Institute of Technology, Mesra, today. Girdhar, who runs an independent cyber consultancy in Delhi and is a member of the National Anti Hacking Group, said people were careless when it came to using PIN and email passwords.

At the tail end of 2005, a computer hacker calling himself "the Persian Fox" began attacking hundreds of U.S. websites, including scores run by animation companies.

"You keep abusing, Islam's almighty Prophet with disgusting and disgraceful cartoons using excuses of freedom of speech" reads the onscreen message (including the misplaced comma) that replaced the sites' regular content.

The threat of malicious software can easily be considered as the greatest threat to Internet security. Earlier, viruses were, more or less, the only form of malware. Nowadays, the threat has grown to include network-aware worms, trojans, DDoS agents, IRC Controlled bots, spyware, and so on. The infection vectors have also changed and grown and malicious agents now use techniques like email harvesting, browser exploits, operating system vulnerabilities, and P2P networks to spread.

When users browse to a Web site that begins with HTTPS, they expect that connection to be secure via Secure Sockets Layer (SSL), a protocol for transmitting secure documents via the Internet. The majority of Web sites use this protocol to obtain sensitive data (e.g., shopping cart data and credit card numbers from customers).

Hackers have struck DNS servers at Network Solutions with a denial of service attack, resulting in a brief performance degradation for customers. The attack, which took place on Monday, is the second DDoS attack on a domain name registrar within a couple of days, following an attack on German company Joker.com.

The attacks were targeted at the Network Solution's WorldNIC name servers and resulted in a service degradation for about 25 minutes before the server was restored to normal, a spokeswoman for the company said.

Domain-name registrar Joker.com acknowledged this weekend that distributed denial of service attacks had caused numerous problems for customers that use its domain name service (DNS) servers to advertise the Internet addresses of their domains.

"Joker.com currently experiences massive distributed denial of service attacks against nameservers," the company said in a statement posted to its Web site.

A hacker found a way into the server that houses a database of more than 570,000 members of eight state retirement systems, a state official reported Friday.

The GBI is investigating, but it's unclear whether any information including names, Social Security numbers or bank account data was compromised during the mid February incident, said Joyce Goldberg, communications director for the Georgia Technology Authority.

EBay and Sunbelt Software have partnered up to shut down a Russian website that was illegally selling customer account information. Sunbelt Software, based in Clearwater Florida, found the website and told eBay, who in turn, worked with Russian authorities to shut down the site. The site offered login and password information for a low as $5 dollars each.

There is a lot that we can say about finding virtual hosts from a given IP address. Sometimes this task is straightforward, other times a bit of thinking is required. However, in general it is not a mission impossible.

During the last few years, domain name databases have emerged like mushrooms after a rainy day. This has certainly increased the awareness among security professionals about the possibility of using virtual hosts as backdoors when testing the security of a given organization. In reality, a good attacker will try to break into your organization by knocking on the not so obvious doors.

Microsoft has announced that it may release an early patch for the three bugs currently plaguing its Internet Explorer browser. The company said that its team of security developers is working on a fix, and that it will release a patch before the next scheduled update on 11 April if the "limited" attacks became widespread.

IBM introduced a new intrusion detection technology dubbed Billy Goat that claims to be highly effective in battling worm viruses and other types of malicious IT threats, and in eliminating false security alarms.

As hinted at last month, Microsoft has launched a public bug database for Internet Explorer 7, as well as subsequent releases of the browser. The site will not be used to track bugs in Internet Explorer 6 and earlier releases.

A sub site of Microsoft?s Microsoft Connect site, which it uses to manage its various public beta programs, the Internet Explorer Feedback site has launched with just the bug database, but Microsoft has pledged to extend the site with a regular blog.

I've had numerous members here email me about writing an article on setting up a secure, inexpensive, home VPN solution that they could use to share files between their home and office computers while they were at work. After speaking with many different people on the subject, I decided that most of them were running Windows XP for their operating systems and Linksys brand routers. That being said the following article is based on the above specifications and will involve no extra cost in setting up the VPN connection.

Most Web browsers offer the option of controlling a wide variety of potential security issues and annoyances, yet each browser takes a different approach to handling these issues. Let's take a look at the method that Microsoft's Internet Explorer (IE) uses to provide a secure browser experience.

Security flaws in half of U.K. retailers' websites leave them open to attack, new research found.

The vulnerability centres on the "forgotten password" feature on the login pages that email shoppers their passwords. According to penetration testing company SecureTest, many of these websites can be subjected to a "brute force" or enumeration attack. It found that of the 107 retailers' sites visited, 54 of the sites, 50.5 per cent, could be vulnerable to this type of attack.

File and disk encryption needs to be simple and easy if it's going to be used. This article looks at Apple's FileVault and takes a sneak peak at what's coming in Windows Vista.

A few weeks ago there was a knock at my door, and my new MacBook Pro laptop had arrived. I was very excited, because it's one of the first of the new Intel-based dual core systems available. Yes, it's fast....

This paper describes a simple honeypot using PHP and emulating several vulnerabilities in Mambo and Awstats. We show the mechanism used to 'compromise' the server and to download further malware. This honeypot is 'fail safe' in that when left unattended, the default action is to do nothing though if the operator is present, exploitation attempts can be investigated. IP addresses and other details have been obfuscated in this version.

The Internet would grind to a halt would not be possible without a Domain Name System (DNS). As you?ll see in this paper, the proper operation of DNS is fundamental to the maintenance and distribution of the addresses for the vast number of nodes around the globe. So it would be too much to hope for crackers (malicious hackers) to ignore DNS as they continuously look for new ways to circumvent your security.

Microsoft on Monday unveiled a global initiative to crack down on cybercriminals who engage in phishing. The company will set in motion more than 100 legal actions against phishers in Europe, the Middle East, and Africa (EMEA) by the end of June, according to a release.

Phishing attacks use spam to entice Internet users to visit what appear to be legitimate ecommerce Web sites but are in fact phony sites controlled by cybercriminals.

Are rootkits really as evil as they have been portrayed? Probably not, if you take into consideration the circumstances in which they are used. What is a rootkit anyway? It is defined as a set of software tools used by a third party to gain access to a computer system, and then maintain unknown presence in the system by hiding running processes, files, or data.

Coming up with the optimal Internet Explorer security settings is tricky business. On one hand, you want to set security tightly enough that your network won't become infected with spyware should your users accidentally stumble upon a malicious Web site. On the other hand, the more that you tighten security, the better the chances that some Web sites will not display properly.

Unfortunately, Microsoft has not published any documents (that I could find) related to optimal Internet Explorer security settings. Therefore, the settings that I am going to show you are my own recommendations and may not be appropriate for all organizations.

It looks like yet another route is getting hit by cybercriminals, this time in the form of botnets raiding instant messaging clients for personal information tied to Online Shoppers and PayPal.

Acting on an anonymous tip, researchers have uncovered two "botnet" networks that collectively represent up to 150,000 compromised computers...

The latest survey from the DTI into the IT security of UK businesses has revealed that firms could be making themselves more vulnerable by using software-based two factor authentication rather than hardware tokens. Software tokens, where a small file is placed on a user's computer, have been adopted by many firms as a relatively cheap way of increasing security. Telecoms and technology companies are the highest adopters.

Apache is an open-source HTTP server implementation. It is the most popular web server on the Internet. The December 2005 Web Server Survey conducted by Netcraft [1] shows that about 70% of the web sites on Internet are using Apache.

1. Apache server performance

Apache server performance can be improved by adding additional hardware resources such as RAM, faster CPU etc. But, most of the time, the same result can be achieved by custom configuration of the server....

Within the past two years, Oracle, IBM and Microsoft have all released freely available versions of their flagship database servers, a move that would have been unheard of just a few years ago. While their respective representatives would argue the move was made in order to better accommodate the needs of all users, it's fairly clear that continued pressure from open source alternatives such as MySQL and PostgreSQL have caused these database juggernauts to rethink their strategies within this increasingly competitive market.

The allure of Internet phone calling is understandable dirt cheap calls to anywhere in the world, sound quality that's at times superior to the traditional landline and the ability to take your phone number with you when you travel.

But, buyer beware. These calls are just like any other form of digital communication, like email, which can be hacked, spammed and saved on servers.

A group of students at Rome Catholic School are learning how to become the future defenders of cyberspace through a pilot program that officials say is the first of its kind in the country. The program teaches students about data protection, computer network protocols and vulnerabilities, security, firewalls and forensics, data hiding, and infrastructure and wireless security.

Terrorist organizations and other national enemies have launched bogus Web sites that mask their covert information or provide misleading information to users they identify as federal employees or agents, according to Lance Cottrell, founder and chief scientist at Anonymizer of San Diego.

The criminal and terrorist organizations also increasingly are blocking all traffic from North America or from Internet Protocol addresses that point back to users who rely on the English language, Cotrell told an educational seminar in Washington...

This webcast outlines best practice web security to protect users, client devices, and core Internet facing applications. It recommends installing a web security appliance behind a perimeter firewall to accelerate access to frequently requested web content while blocking access to inappropriate, fraudulent, and malware infected sites.

Proxy jails exist all throughout corporate networks. They serve two primary goals: to cache data (thus reducing bandwidth) and to protect the computers inside the local network from threats outside. Often you will have restricted access to only HTTP, and maybe HTTPS and FTP if you're lucky...This document details several tools you can use to bypass your firewall to do pretty much whatever you need. Not only will it describe how to get out of a firewall, but how to get back in (assuming you have inside access in the first place).

Web surfers can now get a little free advice on the trustworthiness of the sites they visit, thanks to a new browser plug-in released Wednesday by Boston's SiteAdvisor Inc.

The SiteAdvisor software, which works with both Internet Explorer and Firefox browsers, draws on information compiled from millions of automated Web site visits to let users know whether these sites are likely to yield annoyances such as spam, spyware or computer viruses.

Based on the many responses we got regarding the 'Packetslinger' diary, here a few notes on how to setup a penetration/cracking exercise. As a remark: Laws change from area to area. Whatever you do, check your local laws and regulations. Corporate policies, university ethics guidelines and ISP contracts may have to be consulted.

The web is the new attack vector for spyware, viruses, worms and other malware. Email traffic was yesterday's attack vector, but today web traffic is wide open to attacks by spyware and other malware. Users need only browse a web page or open a web email to trigger web-based spyware and worms. This web threat is expected to increase in sophistication, frequency, and severity because the development of spyware and other sophisticated malware is being fueled by criminal money. Web-based malware is a major challenge that requires a new security solution.

Fortunately, web security technology is moving beyond traditional approaches to new gateway-level scanning of all web traffic in real time.

Because of the proliferation of Web-based threats, you can no longer rely on basic firewalls as you sole network protection. Most firewall rules are based on the IP address and network port but they don't inspect the actual network traffic content.

One effective defense to employee attacks is to deploy a content-aware, perimeter-based network security device that inspects and blocks Web requests based on URL destination.

Also known as dictionary attacks, which uses a list of known passwords, a program will connect to a remote SSH server and attempt to login using common user name/password combinations. Recently there has been surge of these attack attempts noticed by server administrators. This paper will attempt to briefly discuss these attacks, how they work, where they come from and most importantly, possible ways to stop them. This article is targeted towards the novice and intermediate.

I've recently had the opportunity to listen in on a couple of debates regarding firewalls and their utility, as well as their future in the corporate and educational environment.

Now there are two kinds of firewalls ? there is hardware which is most frequently network based, and software firewalls which are generally deployed on local hosts. Network-based firewalls can be considered perimeter or enterprise firewalls since they sit at the gateway to the Internet and inspect packets before allowing ingress or egress. But you know all this already (or you've been pretending that you do).

An article on "Security Problems in the TCP/IP Protocol Suite" by S.M.Bellovin in 1989 initially explored IP Spoofing attacks . He described how Robert Morris, creator of the now infamous Internet Worm, figured out how TCP created sequence numbers and forged a TCP packet sequence.

This TCP packet included the destination address of his victim and using as IP spoofing attack Morris was able to obtain root access to his targeted system without a User ID or password.

The cloak-and-dagger capers of computer no-goodniks may seem like prime page-turning material, but most books on the subject have all the sex appeal of a VCR manual. The typical tome on digital security is a dreary assemblage of techno-jargon, geared toward the small clique that gets its hardcore jollies from Perl programming. Most laymen are asleep by Page 10, or at least yearning for their dog-eared copy of "Hannibal."

Asynchronous JavaScript and XML, the collection of programming technologies that promises to deliver online content to users without reloading an entire Web page, is back in the news. But this time, the news isn't good.

Forum Systems' VulCon XML security-alert service recently warned that AJAX could expose browsers to potential security problems. Because AJAX takes advantage of JavaScript to parse and execute commands on server data--and because those functions are visible right in the source of the page--there's real danger that client systems could come under attack.

Given the remarkable popularity of PHP for developing dynamic Web sites, as well as the ever-increasing need for security on those same sites, one would think that there would be great demand for ? and comparable supply of ? books that explain how to create secure sites using PHP. However, such is not the case, and even the most extensive general purpose PHP books may only devote a single chapter to this critical topic, if that much. Essential PHP Security, written by PHP expert Chris Shiflett, aims to fill the gap.

Web developers cannot have failed to notice the excitement surrounding "AJAX" or Asynchronous JavaScript And XML. The ability to create intelligent web sites such as Google Suggest or compelling web-based applications such as Gmail is thanks in no small part to this technology. There is, however, a darker side and accompanying the growth in AJAX applications we have noticed an equally significant growth in security flaws, with the potential to turn AJAX enabled sites into a time bomb.