Internet Security Technologies : Firewall

A firewall is an application that allows the user to control and filter packets flowing in and out of the network. Firewalls effectively block probes like ping, operating system fingerprinting, port scans and other types of intrusions. Many companies offer free firewall for personal use only.

A firewall may be software or hardware. A firewall is at the entry point of the network it protects. The most basic firewall performs packet filtering. In packet filtering, the firewall is the first program that receives and handles incoming network traffic and the last to handle outgoing traffic. The policy of filtering the packets may be based on allowing or disallowing packets based on:

• source IP address
• destination port
• protocol

Circuit Relay or Circuit Level Gateway provides additional security. This operates on the Transport Layer. This firewall also determines whether the connection between both ends is valid according to a set of configurable rules. It then opens a session and permits traffic from the allowed source for a limited time period.

Application level gateway acts as a proxy for applications. It performs all data exchanges with the remote system on behalf of the applications. It also allows or disallows network traffic according to specific rules. This is the most secure type of firewall.

Source

Posted in Info, Network Security, Web Security Comments Off

SSL (Secure Socket Layer) :

Netscape Communications Corporation developed SSL for providing security and privacy over the Internet. The protocol supports server and client authentication. Since the protocol is application-independent, it allows other protocols like HTTP, FTP, and Telnet to be transparently layered on it. An Secure Socket Layer (SSL)-enhanced browser encrypts the data sent from the browser to the server. SSL uses encryption and certificates to authenticate websites and web users.

Ssh (Secure Shell) :

Ssh is a program used to:
1. log into another computer over the network
2. execute commands in a remote system
3. move files from one system to another

Ssh provides:
1. strong authentication and secure communication over unsecured channels
2. secure connections and secure forwarding of arbitrary TCP connections
3. provides encrypted communication
4. Ssh is proposed as an alternative to the traditional BSD ‘r’ commands-rlogin, rsh, and rcp. It replaces Telnet. The free version of the SSH protocol suite can be downloaded from http://www.openssh.com/.

Source

Posted in Info, Network Security, Web Security Comments Off

Internet Security Technologies : Encryption

Encryption is the process of rendering data unreadable for snoopers. The designated receiver must have the correct key to decrypt the data. Hackers can intercept data over the network by eavesdropping, tampering, or impersonation. The strength of the encryption depends on the key length.

An encryption system can be of two types: public or private. In public key encryption, a pair of keys called the public key and the private key is used. The public key can be given to anyone and the sender uses it to encrypt the message. The receiver then uses his private key to decrypt the message. The private key is obviously not revealed. In private key encryption, the same key is used to encrypt and decrypt the data. The private key must be sent to the receiver through a secure connection.

Source

Posted in Info, Network Security, Prevention, Web Security Comments Off

SharePoint Server 2010, without doubt, is a bunch of exciting features and options, some of which were not available in Microsoft SharePoint Server 2007. And one of the features that really enthuses me in SharePoint 2010 is the Logging Database feature. Logging Database, named as WSS_Logging, helps aggregate logging data or information from the server farm into one central location. SharePoint aggregates all of the raw logging data accumulated in the text files under the 14 hive and imports it into this wonderful logging database. This is the only database in SharePoint that Microsoft will be happy to let the developers directly read, query and build reports against it. For someone who spends time in front of customers helping them to maintain a healthy and stable farm, logging database will be a constructive app in SharePoint 2010 and SharePoint Foundation.

The logging database by default contains the following information from all servers within the farm and it is fully supported to query this database directly.

• ULS Logs
• Event Logs
• Selected Performance Monitor Counters:
o % Processor Time
o Memory Available Megabytes
o Avg. Disk Queue Length
o Process Private Bytes (OWSTIMER and all instances of w3wp)
• Blocking SQL Queries
• SQL DMV Queries
• Feature Usage
• A host of information on search crawling and querying
• Inventory of all site collections
• Timer job usage

The Logging Database in SharePoint Server is one of the many new concepts that will make the life of many SharePoint administrators quite a bit more enjoyable. So catch up on this soon! There is a lot of juice in the SharePoint family of products including Server 2010, SharePoint Foundation, SharePoint Server 2007, and associated free SharePoint templates!

Posted in Business, Computers And Technology, Internet And Businesses Online, Network Security, Web Security No Comments »

Maybe you asked yourself a few times already, “What is the most secure internet browser? Firefox? IE? Safari? Opera?” and the list goes on of popular internet browsers. A lot of us spends a lot of your time surfing the internet, everyone of us should make sure that we use the most secure internet browser to make sure that our private information are safe. According to Symantec, the least secure browser is Mozilla Firefox, which got 122 reported vulnerabilities for the past year. This is quite alarming because I use Firefox a lot. On the other hand, Opera is the most secure internet browser which got 19 reported vulnerabilities last year.

via Softpedia
Image source: www.pegysus.com

Posted in Threats, Web Security Comments Off

5. Swedish Urology Group — Urine Trouble!
Victims: “Hundreds”
Class Action Outrage Scale: 1 out of 10 lawyers

Doctors lost three hard drives containing patients’ personal information, and we mean personal!

4. The Nature Conservancy — Think of It as Recycled Data
Victims: 14,000
Class Action Outrage Scale: 9 out of 10 lawyers

Someone at the Conservancy was thinking locally but acting globally by apparently visiting a website of questionable provenance. The site was poisoned with malware. Soon, malicious hackers were clear-cutting names, home addresses, birthdates, Social Security numbers of employees and their dependents, and, yes, direct deposit bank account numbers. Let’s hope there’s been a climate change in the group’s security department.

3. TSA, Part II – Still Doing DHS Proud!
Victims: 100,000
Class Action Outrage Scale: 3 out of 10 lawyers

Thieves stole a computer hard drive with the names, Social Security numbers, dates of birth and bank account and routing information of current and former employees, including federal air marshals. Don’t worry, though. How easy could it be to pose as an air marshal with only that information?

2. Her Majesty’s Revenue and Customs — One Regrets the Error
Victims: 25 million
Class Action Outrage Scale: 10 out of 10 lawyers

Two CDs containing personal data on about 7 million families went missing in the mail, and the HMRC chancellor resigned. Frankly, we included it just so we could quote sentences like: “The chancellor seeks the advice of the Serious Organised Crime Agency,” and “Mr Cable said he sincerely hoped the discs would not fall into the hands of ‘the criminal fraternity,’” and “Police have visited London rubbish tips in their hunt for missing computer discs.” Makes the worst breach in Britain’s history sound kind of lovely.

1. TJX — ’Sorry About That. Here’s a Gift Card. Come Back Soon for our Sale!’
Victims: Millions of bargain shoppers worldwide
Class Action Outrage Scale: 8 out of 10 lawyers

No breach got more ink this year than TJX’s, which involved some, OK, tens of millions, OK, 50 million, all right all right around 100 million credit and debit card records. Priceless moments included TJX’s defense in press accounts that “our security was comparable to many other major retailers” and the portion of TJX’s proposed settlement with consumers in which the company would hold a three-day “Customer Appreciation Sale” and give some customers $30 store vouchers. (Sorry about the e. coli in the meat in our store; here’s a gift card to buy more meat in our store). After consumer advocates raised a stink, the vouchers were changed to $15 checks. Sad as the whole episode was for consumers, TJX’s stock has remained healthy. Don’t you just love a bargain?

via [CSOOnline]

Posted in Hacks, Info, Network Security, Threats, Web Security Comments Off

If you have a MySpace or Facebook account, then you better be on the look out for apps or widgets that may have trojan viruses running in the background. According to researchers at Finjan, cyberattackers are now going to these social networking sites such to get more victims.

“Attacks will become more sophisticated by combining several services in order to heighten infection ratios and decrease the detection rate, while providing more robust and scalable attack frameworks,” Yuval Ben-Itzhak, chief technology officer, Finjan, said in a news release. “The focus will be on trojan technology as it enables maximum flexibility in terms of command and control. This adds another potentially malicious element to the ‘legitimate’ web traffic that needs to be examined by security solutions.”

In short, before installing the app or widget that your friend sent you, confirm if it came from them. If it didn’t, kindly delete it immediately. If it did come from them, research on the app or widget from previous users.
Source

Posted in Threats, Web Security Comments Off

Distributed Denial of Service (DDoS) Attack

How is a DDoS executed against a website?

A website DDoS is executed by flooding one or more of the site’s web servers with so many requests that it becomes unavailable for normal use. If an innocent user makes normal page requests during a DDoS attack, the requests may fail completely, or the pages may download so slowly as to make the website unusable. DDoS attacks typically take advantage of several computers which simultaneously launch hundreds of thousands of requests at the target website. In order not to be traced, the perpetrators will break into unsecured computers on the internet, hide rogue DDoS programs on them, and then use them as unwitting accomplices to anonymously launch the attack.

Is there a quick and easy way to secure against a DDoS attack?

No. From a simplistic perspective, the best solution is to secure computers from being hijacked and used as attack platforms. This cuts the problem off before it can ever manifest. Thus many experts suggest that we “pull together as a community” to secure our internet computers from becoming unwitting accomplices to such malicious intruders. Unfortunately, for every business that has the knowledge, budget, and inclination to make such changes, there are many more which lack such resources.

Plus, the attackers are most likely going to use non-commercial computers as attack platforms, because they are usually easier to break into. University systems are a favorite, because they are often understaffed or the systems are set to minimum security levels to allow students to explore the systems as part of their education. Further, this is not just a national problem. Any internet server in the world could be used as an attack platform.

Still, the simplest and most effective solution for preventing DDoS is through a global cooperative effort to secure the internet. The first step in the process, therefore, is concerned with scanning your internet computers to make sure they are not being used as unwitting DDoS attack platforms. This is not just good internet citizenry, however, because this also serves to document and verify that your internet computers are not suspect when DDoS attacks occur.

Source

Posted in Info, Prevention, Tips, Web Security Comments Off

YOUR IP ADDRESS IS PUBLIC

Accessing the Internet is a security risk.

When you are connected to the Internet, an IP address is used to identify your PC. If you don’t protect yourself, this IP address can be used to access your computer from the outside world.

A fixed IP address is a larger security risk.

If you’re using a modem with a dial-up connection, you will get a new IP address every time you connect to Internet, but if you have a fixed Internet connection (cable, ADSL, fixed line), your IP address will never change.

If you have a fixed IP address, you give potential Internet crackers all the time they need to search for entrances to your computer, and to store and share (with other crackers) information they might find about your unprotected private data.

Your Network Shares

Personal computers are often connected to a shared network. Personal computers in large companies are connected to large corporate networks. Personal computers in small companies are connected to a small local network, and computers in private homes often share a network between family members.

Most often networks are used to share resources like printers, files and disk storage.

When you are connected to the Internet, your shared resources can be accessed by the rest of the world.

Source

Posted in Info, Web Security Comments Off

1. Place your web server(s) in a DMZ. Set your firewall to drop connections to your web server on all ports but http (port 80) or https (port 443).
2. Remove all unneeded services from your web server, keeping FTP (but only if you need it) and a secure login capability such as secure shell. An unneeded service can become an avenue of attack.
3. Disallow all remote administration unless it is done using a one-time password or an encrypted link.
4. Limit the number of persons having administrator or root level access.
5. Log all user activity and maintain those logs either in an encrypted form on the web server or store them on a separate machine on your Intranet.
6. Monitor system logs regularly for any suspicious activity. Install some trap macros to watch for attacks on the server (such as the PHF attack). Create macros that run every hour or so that would check the integrity of password and other critical files. When the macros detect a change, they should send an e-mail to the system manager.
7. Remove ALL unnecessary files such as phf from the scripts directory /cgi-bin.
8. Remove the “default” document trees that are shipped with Web servers such as IIS and ExAir.
9. Apply all relevant security patches as soon as they are announced.
10. If you must use a GUI interface at the console, remove the commands that automatically start the window manager from the .RC startup directories and then create a startup command for the window manager. You can then use the window manager when you need to work on the system, but shut it down when you are done. Do not leave the window manager running for any extended length of time.
11. If the machine must be administered remotely, require that a secure capability such as secure shell is used to make a secure connection. Do not allow telnet or non-anonymous ftp (those requiring a username and password) connections to this machine from any untrusted site. It would also be good to limit these connections only to a minimum number of secure machines and have those machines reside within your Intranet.
12. Run the web server in a chroot-ed part of the directory tree so it cannot access the real system files.
13. Run the anonymous FTP server (if you need it) in a chroot-ed part of the directory tree that is different from the web server’s tree.
14. Do all updates from your Intranet. Maintain your web page originals on a server on your Intranet and make all changes and updates here; then “push” these updates to the public server through an SSL connection. If you do this on a hourly basis, you can avoid having a corrupted server exposed for a long period of time.
15. Scan your web server periodically with tools like ISS or nmap to look for vulnerabilities.
16. Have intrusion detection software monitor the connections to the server. Set the detector to alarm on known exploits and suspicious activities and to capture these sessions for review. This information can help you recover from an intrusion and strengthen your defenses.

Source

Posted in Prevention, Tips, Web Security Comments Off