Orange County Computer Consultant

My photo
Orange County Computer Consultant helps small businesses with networking, installations and small business software.

Thursday, November 17, 2005

Ezine Expert Author

As Featured On Ezine Articles


I have been doing alot of writing lately on security topics you can check them out here:

ezinearticles.com/?expert=Benjamin_Hargis


Todays Security Alerts from CERT

US-CERT Technical Cyber Security AlertTA05-312A
Microsoft Windows Image Processing Vulnerabilities
US-CERT Technical Cyber Security AlertTA05-292A
Oracle Products Contain Multiple Vulnerabilities
US-CERT Technical Cyber Security AlertTA05-291A
Snort Back Orifice Preprocessor Buffer Overflow

On another note the German goverment is warning of new strains of Sobig a trojan thats turns PC into email spam bots. look for patches at Microsoft. www.microsoft.com

Wireless Security

Wireless networks using 802.11 have made it simple to connect multiple devices to your home network.This can also make your data availiable anywhere, even outside your home.To set this up all you need is a broadband connection connected to a wireless router or a WAP Wireless Access Point. Your home computers should have wireless access cards installed or if your using a laptop a PCMCIA wireless card. Intel Centrino is great for wireless, I personally use it. I like the fact that I did not have to purchase additional hardware.

When you set up your wireless router or WAP your signal is broadcast. This broadcast usually goes further than your home or business. People like to drive around finding unsecured wireless access points. This is known as Wardriving, some hackers even mark spots on the sidewalk to let other hackers know your home or business is offering free Internet service, or worse yet access to your data.This is not to scare you but make you aware.

Diasble broadcasting so people cannot you your wireless network.
Your routers come with pre-configured system ID's its called a SSID or Service Set Identifier, its very simple to locate this information on the Internet for default SSID's I recommend changing this to something hard to guess. Use alphanumeric's to make it even harder to guess.
Use encryption to protect your network. WEP or Wireless Encryption Protocol is not secure, I have cracked my own network with a Linux machine running Kismet. WEP's keylength is only 40 bits, once you collect enough data from packets its only a matter of time for a determined cracker.Instead use WPA which is WI-Fi protected access. This is more secure.

Configure your router to block incoming outgoing traffic you do not use. Consider blocking Port 23 Telnet and Even FTP.
Router manafacturers have default passwords which I find many home users do not change. CHANGE THEM!

Invest in a software firewall and keep your system up to date. In the month of October 2005 there have been several security flaws listed by Microsoft. Keep Informed.

Security Process

What is ARBIL?
Asset and Risk Based INFOSEC lifecycle.
To implement a comprehensive security plan in I.T. and strategies for risk management.

What is CIA?
Confidentiality, Integrity, and Availability
Confidentiality- making sure your data is available to only those allowed.
Integrity- making sure your data has not been altered in any way. Think bank transactions or chemical formulas.

Availability- making sure your data is available. Hackers often use denial of services attacks to bring down your servers or networks by overloading them with packets.
Hackers use attack trees to determine every possible entrance into your networks. This can be through modems connected to your network, routers, switches, and application vulnerabilities, almost anything connected to your internet.

Make it difficult to determine your OS, which hackers use for Banner Grabbing. This is a simple fix that many systems administrators leave.
Change your banner to display a security warning.

Many people have difficulty understanding security processes alone implementing solutions.

What is SMIRA? Simple methodology for INFOSEC based risk assessment.
Risk management is the practice and process of identifying threats and vulnerabilities to assets. This helps making the correct decisions to implement the necessary safeguards to help your organization carry out its mission.
Organizations should look at threats, vulnerabilities, assets and safeguards.
Risk Assessment

The goal is to have a list of your critical assets. Critical in understanding mission, objectives and operations and what if scenarios.
Then to implement safeguards to protect those assets.

Vulnerability Assessment

This is when you look for vulnerabilities in existing applications and determine there severity. The vulnerabilities will be rated. This includes physical security, web application reviews, policy and procedure reviews, host assessments and OS reviews, and vulnerability scans.

Threat Assessment

This is the process, of identifying existing and potential threats to assets and environments. This will also be based on severity.Where can threats come from? Disgruntled employees, script kiddies, hackers, crackers, foreign governments, and your competition. You can look for threat indicators in your server, logs, CCTV, intrusion detection systems like SNORT. http://www.snort.org

What can threats cause?
Loss of businessDeathFinancial lossCorruption of data.Inability to work, servers down or running slowly.Confidentiality issues.

What are assets?
User IT OperationsStaff Connectivity DocumentationSecurity SystemsThird partiesPaperFilesMedia, like disk, CD’s and USB drives.File, Web, EMAIL, Storage, Application serversAnything of value to the company.
Hackers like to get there hands on all information no matter how unimportant it may seem it can be used to filter out more information.

How do you protect yourself against threats and protect your assets?

Have policies and procedures in place.
Employee awareness of security issues.
Software security in place
Hardware security in place.
Physical security.
Environmental Security. I.e. water level sensors.
Communication security- to protect your phone lines, and PBX systems.
Personnel security.

There is a lot of software on the internet that allows even technically challenged people to run scans on your systems to try to crack them. Anybody that knows how to search Google can easily find such tools. The way the Internet is evolving and more and more people joining the Internet the security risks increase.

Attackers gain information on your systems by doing Domain Lookups with Whois. Port scans using many available tools to find out what you’re running and then do internet searches to find exploit code to crack your systems. Once they find out what applications you’re running it’s only a matter of time before they can crack your systems if you are not protected.
Attackers like to get information on your Domain Names, IP addresses, then they will scan your network looking for live hosts. This can be accomplished with tools like NMAP by Fyodor http://www.nmap.com . By using a tool like NMAP you can send UDP, ICMP, and TCP packets.
This is done to identify host by looking at responses. At this point attackers find out what applications are being used, or any information the host is willing to give out. The more services you have running the more opportunities for someone to remotely exploit your hosts. This can be very time consuming for the attacker. The goal is to find out what OS platforms are being run. Are they Unix, Microsoft Windows or Apple Mac OS? From here it easy much easier for someone to look for shellcode to use against your system.