2. Guidelines For Secure Network Administration – part 1

Installing networks and making sure they’re able to communicate and talk to each other is the end of it for a network administrator. There are some guidelines that many admins neglect, which exposes the network and makes them vulnerable to attacks. In this section I’ll try to cover some of these guidelines. These guideline can be used as a general security guidelines and not just network security.

Rule-based Management

Firewalls, proxies, routers, IDPSs (IDS/IPS), antivirus, and more are example of rule-based security devices. Rule-based managements is a method of controlling the network activity via the use of rule-based devices. Each rule can either be explicit allow or deny. Continue reading 2. Guidelines For Secure Network Administration – part 1

Advertisement

1. Network Security – part 2

1.1.        Security functions of network devices – Continued

VPN Concentrator

VPN (Virtual Private Network) will be discussed in the future as a chapter of its own due to its importance in the network security world.

VPN concentrators are sometimes known by many other names such as VPN servers, VPN firewalls, VPN RAS (VPN Remote Access Servers), VPN Proxies, etc.

VPN concentrators allows for high availability, high scalability and performance for VPN connections. They’re hardware appliances designed to facilitate a large number of multiple simultaneous VPN connections, usually hundreds or even in some implementations thousands of simultaneous VPN connections. Continue reading 1. Network Security – part 2

1. Network Security – Part 1

1.1.        Security functions of network devices

Firewalls

Firewalls are security devices designed to control traffic and protect networks from each other they’re usually applied to protect high trust networks from low trust ones or to stop networks part of the same organisation but from different departments. They can be either hardware or software.

There are four different types of firewalls:

Packet filter Firewalls – uses the packet header to do basic traffic filtering usually based of the source and destination address, port numbers and protocols. They operate in the network and transport layers of the OSI model. Continue reading 1. Network Security – Part 1

Uses of free Unix-based Security Tools to Develope Secure Systems – Part 4

4.    ENUMERATION

“Enumeration can best be defined as the process of counting. From a security standpoint, it’s the process the attacker follows before an attack. The attacker is attempting to count or identify systems and understand their role or purpose.

This may mean the identification of open ports, applications, vulnerable services, DNS or NetBIOS names, and IP addresses before an attack.”

Michael Gregg (2008, p 149)

This means at this stage it’s only a matter of time before the attacker compromises a system on the network.

The main aim of this stage is to find:

• User accounts for password guessing.
• system groups and roles
• Poorly Continue reading Uses of free Unix-based Security Tools to Develope Secure Systems – Part 4

Uses of free Unix-based Security Tools to Develope Secure Systems – Part 3

3.    SCANNING

At this stage an attacker would’ve got a list of IP ranges, DNS servers, Mail servers, employee names and phone numbers. All this would be used by attackers to probe our network to see which systems are alive and the services running on them.

There are many tools and techniques available to accomplish this.

Ping sweeps basically a method used to find out which of a range of IP addresses are a live and reachable from the internet.

Fping can be used on large networks, it doesn’t wait for a reply before trying the next IP, it sends many requests in parallel.

root@bt:#fping -a -f ipadd.txt

-a – shows systems that are alive.

-d – resolves hostnames.

-f – read from file.

-h – help.

Nmap is another tool that can be used for ping sweeps.

root@bt:#nmap –sP 192.168.1.0/24

There are other methods that can be used if ICMP is blocked but they are not as accurate as Continue reading Uses of free Unix-based Security Tools to Develope Secure Systems – Part 3

Uses of free Unix-based Security Tools to Develope Secure Systems – Part 2

2.    FOOT PRINTING

The aim of foot printing is to gather as much information as possible about the organisation and its network. One would ask why would I need to perform such step when I have all the information about my network?

Joel Scambray, Stuart McClure and George Kurtz (2009, page 10), answers this question:

“Foot printing is necessary for one basic reason: it gives you a picture of what the hacker sees. And if you know what the hacker sees, you know what potential security exposures you have in your environment. And when you know what exposures you have, you know how to prevent exploitation.

Hackers are very good at one thing: getting inside your head, and you don’t even know it. They are systematic and methodical in gathering all pieces of information related to the technologies used in your environment. Without a sound methodology for performing this type of reconnaissance yourself, you are likely to miss key pieces of information related to a specific technology or organization—but trust me, the hacker won’t.”

…….

“Foot printing is one of the most important steps and it must be performed accurately and in a controlled fashion.” Continue reading Uses of free Unix-based Security Tools to Develope Secure Systems – Part 2

Uses of free Unix-based Security Tools to Develope Secure Systems – Part 1

1.    INTRODUCTION

In today’s world it is very rare to find a business or an organisation that is not reliant on a computer network of some sort, whether it is a hospital, a school, large bookstore, small shop or even a home business. This sets a challenge for IT professionals around the world, especially with the increased number of network attacks that are happening every day. The challenge is how to keep these networks secure?

What is network security?

Network security to IT professionals doesn’t mean that a network is 100% secure because that is impossible unless you completely disconnect your network from the outside world and even that doesn’t protect the network from internal attacks or the physical theft of the computer and the data inside it. The only way to have 100% security is to power off all computers and for businesses these days that isn’t an effective decision. Continue reading Uses of free Unix-based Security Tools to Develope Secure Systems – Part 1

Secure Messaging Applications

Discussing End-To-End Encryption Protocols used by messaging applications such as WhatsApp

Due to the highly interconnected world we live in today and the increased dependency on technology in almost every aspect of our lives, the rise of crimes for which technology added another vector that not only makes our lives easier, it has also been utilized by criminals in many ways including the ease of communication. At the same time governments are forced and on occasions takes advantage of this to tap into every aspect of our privacy.

This paper investigates several secure messaging applications and how end-to-end encryption used to secure our communications, not only in transit but also from the moment we initiate this communication from our handset or computer. 

Continue reading Secure Messaging Applications

Reverse Engineering Malware – Foundations – Part 2

Instructions

• Instructions are the building blocks of assembly programs.
• In x86 assembly Instructions has two components: Mnemonic and operands.
• Mnemonic is a word that identifies the instruction to execute, such as mov, which moves data.
• Operand, used to identify the information used by the instruction, such as registers or data:
  • Mnemonics have 0, 1, or more operands (arguments).
  • Operands can be:
    • A register
    • A memory location
    • An immediate value (e.g, 0x6453).

Mnemonic	Destination Operand	Source Operand
mov	ecx	0x42

Continue reading Reverse Engineering Malware – Foundations – Part 2

Reverse Engineering Malware – Foundations – Part 1

Disassembly

Before we dive into the code analysis and how we can utilize it to serve our purpose of getting a good understanding of the malware and its characteristics, let’s take a basic look into the architecture of a computer and we’ll start this by discussing the levels of abstraction.

Levels of Abstraction

• A computer architecture can be represented as several levels of abstraction.
• A windows Operating system can be installed on many different types of hardware because the hardware is abstracted (separated) from the operating system.
• Malware authors create programs at high level language and use uses compilers to generate machine code to be executed by the CPU.
• Malware analysts and reverse engineers work at the low-level language level.
• Disassemblers are used to generate assembly code that we can read and analyse.
• Computer systems are described with the following six different levels of abstraction, higher levels are placed near the end.
• The lower you get the less portable the level will be across a computer systems.

Continue reading Reverse Engineering Malware – Foundations – Part 1