The Little Geeni

Did you now that your company’s computer network is facing security threats everyday?  Hackers will attempt to infiltrate your network to steal information or disrupt your operation. Pranksters will try to access your wireless network to get free Internet access while spammers will flood your mail servers.  On top of these, there are the usual worms, viruses, and Trojans that will surely harm your entire network and damage your files.  To protect your network from these daily threats, you need to deploy the Protector UTM Anti Spam appliance and Penetrator vulnerability scanning appliance.  These are your best defenses against all network security threats.

The Protector UTM Anti Spam appliance is a very effective tool against the onslaught of spam, unwanted, and redirected mails.  This hardware is equipped with the latest anti spam technology that can block unwanted mails without filtering legitimate electronic communications.  So even if you do not have a mail server administrator, your corporate email system will still operate at optimum levels.  However, the Protector UTM Anti Spam appliance is not only effective against spam.  It also has the capability to act as an anti-intrusion device that can block viruses, Trojans, and all forms of malicious wares.  With just a single UTM appliance, your network will get multiple protection systems and effectively prevent external attacks and threats.  

In the past, the only solution of companies to protect their networks is to deploy a firewall and implement several adhoc security systems.  In most instances, a firewall is not enough to prevent attacks.  And if you deploy different security systems, you will be forced to deal with several vendors.  This will complicate your network security management and would be costlier also.  That is why you will enjoy superior benefits from an all-in-one Protector UTM Anti Spam appliance.  All major security issues can be handled by a UTM appliance that is why your network will be protected at all times.  

To further fortify network security, the Penetrator vulnerability scanning appliance should also be installed.  Although a UTM device has anti intrusion capability, it is not designed to perform network security audits.  This security audit can only be performed by the Penetrator vulnerability scanning appliance.  This type of appliance is your best defense against hackers.  The vulnerability scanning appliance will identify exposed and weak areas of your network that can be exploited by hackers.  The Penetrator testing appliance can perform automated scanning so you can ensure that all the weaknesses and vulnerabilities of your network can be addressed immediately.  The pen testing appliance can provide vulnerability assessments, reports, and solutions.  

So if you want to fully protect your network from external threats and hacks, then you have to seriously consider deploying UTM and vulnerability scanning devices.  These two security systems work in tandem with each other.  The UTM protects your network systems from spam and viruses while the vulnerability scanner will enable you to prevent illegal hacks.  With these security systems in place, you will be able to keep your network safer and protected.  

Computer Security Appliance, Control, Fortify, Network, Penetrator, Scanning, Vulnerability

Network Security has become increasingly important as companies both large and small are attacked by cyber criminals.  This article will provide you information about network auditing and how you can use it to protect your business.  Whether you’re a business owner, an executive, or an IT manager, the following information will be beneficial to you.

An average network security breach can cost a company between $90 and $305 per lost record, according to a new study from Forrester Research.  By monitoring your network, you can significantly reduce operating expenses and improve overall company productivity.

Are you prepared to suffer those losses?  Could your business survive a network attack that could shut down your entire operation for several days?  A recent survey by McAfee revealed that 26% of businesses require an entire week to get their company back up and running smoothly after a cyber attack.  Can your business afford a 7-day vacation?  The loss of revenue, resources and productivity associated with an attack may just be enough to put your company in the red and in today’s economy, not many businesses can suffer any more losses.

Network auditing solutions work to help you prevent, detect and solve security threats 24/7 – around the clock, all year long.  They can:

– Detect and solve network security problems
– Help you leverage investments in security
– Free up time for IT staff
– Secure laptop computers outside the office
– Generate auditing reports on demand

To deal with network security threats effectively, IT administrators need immediate access to just the right data and problem-solving advice.  The more you know your network, the more you can guarantee uptime and optimal performance.  With network auditing solutions, you can defend and regain control of your applications, minimizing the loss of money and productivity.

Network auditing solutions can monitor every computer in your network, looking for malware and threats, missing critical updates and patches, suspicious traffic and non-compliance with best practices. The instant it detects a problem, it gives you personal, step-by-step advice on how to solve it.
Network auditing provides a complete solution for detecting and eliminating vulnerabilities, including the following areas:

Unapproved Software: Ensures that all software applications installed on your computer networks are approved by your company’s security policy.

Suspicious Traffic: Detects abnormal traffic on your network that could indicate an attempt to access or manipulate your computers.

Intrusion Vulnerability: Identifies open ports or other undesired access points that could put your network at risk of intrusion.

Malware Protection: Protects your network with antivirus and other network auditing software; ensures installation, updates and proper function on all networks.

Updates & Patches: Assures all critical security updates and patches are installed, with Microsoft’s minimum protection.

Security Practices: Ensures all your computers are configured and used in accordance with best practices for network security.

Network Auditing Agents: Monitors your network security status and lets you know how to solve any problems it detects.

Virtual Auditing Assistant: Provides 24/7 security for your entire network at a fraction of the cost of human domain experts.

Computer Security Attacks, Auditing, Business, Cyber, From, Network, Protects

Overview

The network planning and design methodology describes a process with 9 specific steps and a sequence for those activities. As mentioned it is an engineering life cycle that supports technical initiatives such as Windows  migration, IP telephony and wireless design to name a few examples. The methodology begins with examining company business requirements. It is absolutely essential that you understand the company business model, business drivers and how they are growing from a business perspective. That will build the foundation for a design proposal that serves the business, technical and operational requirements of the company.

STEP 1: Business Requirements

Any design project starts with an understanding of what the company does and what they need to accomplish from a business perspective. This begins with an understanding of their business model, which really describes how their company works from an operational and business perspective to generate revenues and reduce costs. Many vendors today have conducted their own return on investment (ROI) studies for new implementations such as Unified Communications and Telephony. It is an effective sales tool that illustrates the cost benefits compared with investment over a specified period of time.

This is a list of some typical business drivers:

 • Reduce Operating Costs
 • Generate Revenue
 • Client Satisfaction
 • Employee Productivity

This is a list of some typical project business requirements:

 • Budget Constraints
 • Office Consolidations
 • Company Mergers and Acquisitions
 • Business Partner Connectivity
 • Telecommuter Remote Access  
 • Implement New Offices and Employees
 • New Data Center Applications
 • Reduce Network Outage Costs
 • Cost Effective Network Management
 • Vendor Contracts

STEP 2: Design Requirements

Now that you understand the basic business requirements of the company, you can determine the standard and specific design requirements. The design requirements process is focused on defining requirements from a technical perspective. Those requirements along with the business requirements will build the framework that is used to define infrastructure, security and management. Design requirements are defined as standard and miscellaneous. The standard design requirements are generic and represent those considered with many design projects. Miscellaneous requirements are those that aren’t defined with any of the standard requirements.

Standard Design Requirements

 • Performance
    
 • Availability

 • Scalability

 • Standards Compatibility

 • Rapid Deployment

STEP 3: Network Assessment

A network assessment is conducted after we have finished the business and design requirements of the company. A network assessment provides a quick snapshot of the current network with an examination of the infrastructure, performance, availability, management and security. That information is utilized for making effective strategy recommendations and design proposals to the client concerning specific information systems modifications. The network assessment model has 3 sequential activities, which are assessment, analysis and recommendations. The current network is examined using five primary surveys: infrastructure, performance, availability, management and security. When the surveys are completed, the information collected is then reviewed for trends, problems and issues that are negatively affecting the network.

STEP 4: Infrastructure Selection

After doing an network assessment we are ready to start selecting specific infrastructure components for the network design. This phase starts building the infrastructure with a specific sequence that promotes effective equipment selection and design. It is important that you consider business requirements, design requirements and the network assessment when building your infrastructure.

The following numbered list describes the specific infrastructure components and their particular sequence.

 1. Enterprise WAN Topology
 2. Campus Topology
 3. Traffic Model
 4. Equipment Selection
 5. Circuits
 6. Routing Protocol Design
 7. Addressing
 8. Naming Conventions
 9. IOS Services
10. Domain Name Services
11. DHCP Services

STEP 5: Security Strategy

We must now define a security strategy for securing the infrastructure. The need for enterprise network security shouldn’t be ignored with the proliferation of the Internet. Companies are continuing to leverage the public infrastructure for connecting national and international offices, business partners and new company acquisitions. The security requirements and network assessment recommendations should drive the selection of security equipment, protocols and processes. It identifies what assets must be protected, what users are allowed access and how those assets will be secured.

STEP 6: Network Management Strategy
 
This section will define a network management strategy for managing all equipment defined from infrastructure and security. It is necessary to define how the equipment is going to be monitored and determine if the current management strategy is adequate or if new applications, equipment, protocols and processes must be identified. Management components are then integrated with infrastructure and security to finish building the proposed design. These primary elements comprise any well-defined management strategy and should be considered when developing your strategy. 

 • 7 Management Groups
 • SNMP Applications
 • Monitored Devices and Events

STEP 7: Proof of Concept  

All infrastructure, security and management components must now be tested with a proof of concept plan. It is important to test the current design, configuration and IOS versions in a non-production environment or on the production network with limited disruption. Implementation of newer network modules at a router, for instance, could require that you change the current IOS version that is implemented. Making those changes could affect WAN or campus modules already installed at production routers. That is the real value of doing a proof of concept and certifying that the new equipment and IOS versions integrate with each device as well as the network. The following list describes the advantages of doing a proof of concept with your network design.  The proof of concept test results should be examined and used to modify current infrastructure, security and management specifications before generating a design proposal. The proof of concept model suggested here involves prototype design, equipment provisioning, defining tests, building equipment scripts and examining test results.  

 1. Prototype Design

 2. Provision Equipment

 3. Define Tests

 4. Build Equipment Scripts

 5. Review Test Results

STEP 8: Design Proposal/Review 

With the proof of concept finished, you are now ready to build a design proposal for the design review meeting. Your intended audience could be the Director, CIO, CTO, Senior Network Engineer, Consultant or anyone that is approving a budget for the project. It is important to present your ideas with clarity and professionalism. If a presentation is required, power point slides work well and could be used to support concepts from the design proposal document. The focus is on what comprises a standard design proposal and the sequence for presenting that information.

The working design proposal is presented to the client after addressing any concerns from proof of concept assurance testing. The design review is an opportunity for you to present your design proposal to the client and discuss any issues. It is an opportunity for the client to identify concerns they have and for the design engineer to clarify issues. The focus is to agree on any modifications, if required, and make changes to the infrastructure, security and management before implementation starts. Business and design requirements can change from when the project started which sometimes will necessitate changes to infrastructure, security and management specifications. Any changes should then go through proof of concept testing again before final changes to the design proposal.

STEP 9: Implementation

The final step will have us defining an implementation process for the specified design. This describes a suggested implementation methodology of the proposed design, which should have minimal disruption to the production network. As well it should be efficient and as cost effective as possible. As with previous methodologies there is a sequence that should be utilized as well.

Once the implementation is finished, there is monitoring of the network for any problems. Design and configuration modifications are then made to address any problems or concerns.

Network Planning and Design Guide is available at amazon.com and eBookmall.com

Shaun Hummel is an author of various technical books and has a web site focused on information technology job search solutions and certifications.

http://www.networkjobsolutions.com

Computer Security Design, effective, Network, Planning, Process

NETWORK SECURITY

Using

HONEYPOTS AND CRYPTOGRAPHY

Abstract

For every consumer and business that is on the Internet, viruses, worms and crackers are a few security threats. There are the obvious tools that aid information security professionals against these problems such as anti-virus software, firewalls and intrusion detection systems, but these systems can only react to or prevent attacks-they cannot give us information about the attacker, the tools used or even the methods employed. Given all of these security questions, honeypots are a novel approach to network security and security research alike.

A honeypot is used in the area of computer and Internet security. It is a resource, which is intended to be attacked and compromised to gain more information about the attacker and the used tools. It can also be deployed to attract and divert an attacker from their real targets. One goal of this paper is to show the possibilities of honeypots and their use in a research as well as productive environment.

Compared to an intrusion detection system, honeypots have the big advantage that they do not generate false alerts as each observed traffic is suspicious, because no productive components are running on the system. This fact enables the system to log every byte that flows through the network to and from the honeypot, and to correlate this data with other sources to draw a picture of an attack and the attacker.

This paper will first give an introduction to honeypots-the types and uses. We will then look at the nuts and bolts of honeypots and how to put them together. With a more advanced idea of how honeypots work, we will then look at the possible legal ramifications for those who deploy them. Finally we shall conclude by looking at what the futureholds for the honeypots and honeynets.

1. INTRODUCTION

Global communication is getting more important every day. At the same time, computer crimes are increasing.

Countermeasures are developed to detect or prevent attacks – most of these measures are based on known facts, known attack patterns. As in the military, it is important to know, who your enemy is, what kind of strategy he uses, what tools he utilizes and what he is aiming for. Gathering this kind of information is not easy but important. By knowing attack strategies, countermeasures can be improved and vulnerabilities can be fixed. To gather as much information as possible is one main goal of a honeypot.

Generally, such information gathering should be done silently, without alarming an attacker. All the gathered information leads to an advantage on the defending side and can therefore be used on productive systems to prevent attacks.

WHAT IS A HONEYPOT?

A honeypot is primarily an instrument for information gathering and learning. A honeypot is an information system resource whose value lies in the unauthorized zed or illicit use of that resource. More generally a honeypot is a trap set to deflect or detect attempts at unauthorized use of information systems. Essentially; honeypots are resources that allow anyone or anything to access it and al production value. More often than not, a honeypot is more importantly, honeypots do not have any resimply an unprotected, unpatched, unused workstation on a network being closely watched by administrators.

Its primary purpose is not to be an ambush for the blackhat community to catch them in action and to press charges against them. The focus lies on a silent collection of as much information as possible about their attack patterns, used programs, purpose of attack and the blackhat community itself. All this information is used to learn more about the blackhat proceedings and motives, as well as their technical knowledge and abilities. This is just a primary purpose of a honeypot. There are a lot other possibilities for a honeypot – divert hackers from productive systems or catch a hacker while conducting an attack are just two possible examples.

WHAT IS A HONEYNET?

Two or more honeypots on a network form a honeynet. Typically, a honeynet is used for monitoring and/or more diverse network in which one honeypot may not be sufficient. Honeynets (and honeypots) are usually implemented as parts of larger network intrusion-detection systems. Honeynet is a network of production systems.  Honeynets represent the extreme of research honeypots. Their primary value lies in research, gaining information on threats that exist in the Internet community today.

The two main reasons why honeypots are deployed are:

1. To learn how intruders probe and attempt to gain access to your systems and gain insight into attack methodologies to better protect real production systems.

2. To gather forensic information required to aid in the apprehension or prosecution of intruders.

TYPES OF HONEYPOTS:

Honeypots came in two flavors:

Low-interaction
High-interaction.

Interaction measures the amount of activity that an intruder may have with honeypot.In addition, honeypots can be used to combat spam.

Spammers are constantly searching for sites with vulnerable open relays to forward spam on the other networks. Honeypots can be set up as open proxies or

relays to allow spammers to use their sites .This in turn allows for identification of spammers.

We will break honeypots into two broad categories, as defined by Snort ,two types of honeypots are:

Production  honeypots
Research honeypots

The purpose of a production honeypot is to help mitigate risk in an organization. The honeypot adds value to the security measures of an organization. Think of them as ‘law enforcement’, their job is to detect and deal with bad guys. Traditionally, commercial organizations use production honeypots to help protect their networks. The second category, research, is honeypots designed to gain information on the blackhat community. These honeypots do not add direct value to a specific organization. Instead they are used to research the threats organizations face, and how to better protect against those threats.

HONEYPOT ARCHITECTURE:

1. Structure of a LOW-INTERACTION HONEYPOT (GEN-I):-

A typical low-interaction honeypot is also known as GEN-I honeypot. This is a simple system which is very effective against automated attacks or beginner level attacks.

Honeyd is one such GEN-I honeypot which emulates services and their responses for typical network functions from a single machine, while at the same time making the intruder believe that there are numerous different operating systems .It also allows the simulation of virtual network topologies using a routing mechanism that mimics various network parameters such as delay, latency and ICMP error messages.

The primary architecture consists of a routing mechanism, a personality engine, a packet dispatcher and the service simulators. The most important of these is the personality engine, which gives services a different ‘avatar’ for every operating system that they emulate.

DRAWBACKS:

1. This architecture provides a restricted framework within which emulation is carried out. Due to the limited number of services and functionality that it emulates, it is very easy to fingerprint.

2. A flawed implementation (a behavior not shown by a real service) can also render             itself to alerting the attacker.

3. It has constrained applications in research, since every service which is to be studied   will have to be re-built for the honeypot.

2. Structure of a HIGH INTERACTION HONEYPOT (GEN-II):-

A typical high-interaction honeypot consists of the following elements: resource of interest, data control, data capture and external logs

(“known your enemy: Learning with Vmware, Honeynet project”); these are also known as GEN-II honeypots and started development in 2002.They provide better data capture and control mechanisms. This makes them more   complex to deploy and maintain in comparison to low-interaction    honeypots.

High interaction honeypots are very useful in their ability to identify vulnerable services and applications for a particular target operating system. Since the honeypots have full      fledged operating systems, attackers attempt various attacks providing administrators with very detailed information on attackers and their methodologies. This is essential for researchers to identify new and unknown attack, by studying patterns generated by these honeypots

DRAWBACKS:

However, GEN-II honeypots do have their drawbacks as well.

1. To simulate an entire network, with routers and gateways, would require an extensive computing infrastructure, since each virtual element would have to be installed in it entirely. In addition this setup is comprehensive: the attacker can know that the network he is on is not the real one. This is one primary drawback of GEN-II.

2. The number of honeypots in the network is limited.

3. The risk associated with GEN-II honeypots is higher because they can be used easily as launch pads for attacks.

COMPARISON:

Feature Gen-I Gen-II Number of virtual systems/ services that can be deployed Large Small Data Control Limited Extensive Level of Interaction Low High Ability to discover new attcks Low High Risk Low High

BUILDING A HONEYPOT:

To build a honeypot, a set of Virtual Machines are created. They are then setup on a private network with the host operating system. To facilitate data control, a stateful firewall such as IP Tables can be used to log connections. This firewall would typically be configured in Layer 2 bridging mode, rendering it transparent to the attacker.

The final step is data capture, for which tools such as Sebek and Term Log can be used. Once data has been captured, analysis on the data can be performed using tools such as Honey Inspector, PrivMsg and SleuthKit.

Honeypot technology under development will eventually allow for a large scale honeypot deployment that redirects suspected attack traffic to honeypot. In the figure an external attacker:

1. Penetrates DMZ and scans the network IP address

2. The redirection appliance

3. Monitors all unused addresses, and  uses Layer 2 VPN technology to enable firewall

4. To redirect the intruder to honeypot

5. Which may have honeypot computers mirroring all types of real network devices.

6. Scanning the network for vulnerable systems is redirected

7. By the honeypot appliance when he probes unused IP addresses

RESEARCH USING HONEYPOTS:

Honeypots are also used for research purposes to gain extensive information on threats, information few other technologies are capable of gathering. One of the greatest problems security professionals face is lack of information or intelligence on cyber threats. How can your organization defend itself against an enemy when you do not know who the enemy is? Research honeypots address this problem by collecting information on threats. Organizations can then use this information for a variety of purposes including analyzing trends, identifying new methods or tools, identifying the attackers and their communities, ensuring early warning and prediction or understanding   attackers motivation.

ADVANTAGES OF HONEYPOTS:

1. They collect small amounts of information that have great value.  This captured information provides an in-depth look at attacks that very few other technologies offer.

2. Honeypots are designed to capture any activity and can work in encrypted networks.

3. They can lure the intruders very easily.

4. Honeypots are relatively simple to create and maintain.

DISADVANTAGES OF HONEYPOTS:

1. Honeypots add complexity to the network. Increased complexity may lead to increased exposure to exploitation.

2. There is also a level of risk to consider, since a honeypot may be comprised and used as a platform to attack another network. However this risk can be mitigated by controlling the level of interaction that attackers have with the honeypot.

3. It is an expensive resource for some corporations. Since building honeypots requires that you have at least a whole system dedicated to it and this may be expensive.

LEGAL ISSUES PERTAINING HONEYPOTS:

Most of the research found in this area concluded that there are three major legal spectrums concerning honeypots:

Entrapment,
Liability
Privacy.

1. ENTRAPMENT:

Entrapment is when somebody induces the criminal to do something he was not otherwise supposed to do.Honeypots should generally be used as defensive detection tools, not an offensive approach to luring intruders.

2. PRIVACY:

The second major concern is what information is being tracked: operational data and transactional data. Operational data includes things like addresses of user, header information etc while transactional data includes key strokes, pages visited, information downloaded, chat records, e-mails etc. Operational data is safe to track without threats of security concern because IDS system routers and firewalls already track it. The major concern is transactional data. The more contents a honeypot tracks, more privacy concerns get generated.

3. LIABILITY:

Is the owner of the honeypot liable for any damage done by that honeypot? They will be safe as long as honeypots are used for directly securing the network.

SOME COMMERCIAL HONEYPOTS AND HELPFUL SOFTWARE:

1. CYBERCOP STING BY NETWORK ASSOCIATES:

This product is designed to run on Windows NT and is able to emulate several different systems including LINUX, SOLARIS, CISCO IOS and NT. It is made to appeal to hackers for looking as if it has several well-known vulnerabilities.

2. BACK OFFICER FRIENDLY BY NFR:

This product is designed to emulate a Back Orifice server. BOF (as it is commonly called) is a very simple but highly useful honeypot developed by Marcus Ranum and crew at NFR. It is an excellent example of a low interaction honeypot. . It is a great way to introduce a beginner to the concepts and value of honeypots. BOF is a program that runs on most Windows based operating system. All it can do is emulate some basic services, such as http, ftp, telnet, mail, or BackOrrifice.

3. TRIPWIRE BY TRIPWIRE:

This product is for use on NT and UNIX machines and is designed to compare binaries, and inform the server operator, which has been altered. This helps to protect machines from would be hackers and is an excellent way to determine if a system has been compromised.

4. SPECTER:

Specter is a commercial product and low interaction production honeypot. It is similar to BOF, but it can emulate a far greater range of services and a wide variety of operating systems. Similar to BOF, it is easy to implement and low risk. Specter works by installing on a Windows system. The risk is reduced as there is no real operating system for the attacker to interact with. Specters value lies in detection. It can quickly and easily determine who is looking for what. As a honeypot, it reduces both

false positives and false negatives, simplifying the detection process, supporting a variety of alerting and logging mechanisms. One of the unique features of Specter is that it also allows for information gathering, or the automated ability to gather more information about the attacker

5. MANTRAP:

Mantrap is a commercial honeypot. Instead of emulating services, Mantrap creates up to four sub-systems, often called ‘jails’. These ‘jails’ are logically discrete operating systems separated from a master operating system. Security administrators can modify these jails just as they normally would with any operating system, to include installing applications of their choice, such as an Oracle database or Apache web server, thus making the honeypot far more flexible. The attacker has a full operating system to interact with, and a variety of applications to attack. All of this activity is then captured and recorded. Currently, Mantrap only exists on Solaris operating system.

RELATED WORK:

Much work has been performed using the concept of honeypots i.e., an illicit resource to which any and all traffic or access is deemed to be suspect.

1. TARPITS:

One of the easiest ways to identify vulnerable systems is by using a tool called a scanner or a spider .This brute forces attacks on a whole range of IP addresses, attempting to find vulnerable hosts. This is where a tarpit comes handy. A tarpit blocks a scanner by responding to its first TCP setup message, but ignoring the rest .This simple approach causes the scanner to allocate buffers, start timers and retry, since it believes it has found a valid host .This process repeats until the scanner exhausts its memory and CPU resources and crashes or slows down to an almost unproductive speed.

2. HONEY TOKENS:

It is a data entity whose value lies in the inherent use of data. Honey tokens are entities such as false medical records, incorrect credit card numbers and invalid social security numbers. The very act of accessing these numbers, even by legitimate entities is suspect. This concept is especially useful in preventing larger classes of attacks.

FUTURE WORK:

Honeypots are a new field in the sector of network security. Currently there is a lot of ongoing research and discussions all around the world. Several companies have already launched commercial products. A comparison of available products showed that there are some usable low- to high-involvement honeypots on the market. In the sector of research honeypots, self-made solutions have to be developed as only these solutions can provide a certain amount of freedom and flexibility which is needed to cover a wide range of possible attacks and attackers. Each research honeypot normally has its own goals or different emphasis on the subject. Developing a self-made solution needs a good technical understanding as well as a time intensive development phase.

There is an inherent scope for the research community to be misled by script kiddies, while sophisticated attackers plan more devastating attacks on computer systems across the globe. Although fingerprinting a honeypot is easier said than done, most attackers worth their salt would stay away from any computer system that they deem to be monitoring their activities. Thus in reality, for honeypots to be truly effective, they require to be residing very close to a legitimate resource, probably even on the same network.

This would definitely serve as a precursor to any attacks on the production system making honeypots a true window to the future.

CONCLUSION:

Honeypots are positioned to become a key tool to defend the corporate enterprise from hacker attacks it’s a way to spy on your enemy; it might even be a form of camouflage. Hackers could be fooled into thinking they’ve accessed a corporate network, when actually they’re just banging around in a honeypot — while the real network remains safe and sound.

Honeypots have gained a significant place in the overall intrusion protection strategy of the enterprise. Security experts do not recommend that these systems replace existing intrusion detection security technologies; they see honeypots as complementary technology to network- and host-based intrusion protection.

The advantages that honeypots bring to intrusion protection strategies are hard to ignore. In time, as security managers understand the benefits, honeypots will become an essential ingredient in an enterprise-level security operation.

We do believe that although honeypots have legal issues now, they do provide beneficial information regarding the security of a network .It is important that new legal policies be formulated to foster and support research in this area. This will help to solve the current challenges and make it possible to use honeypots for the benefit of the broader internet community.

Computer Security Cryptography, Honeypots, Network, Secutity, Using

Filtrona Extrusion implemented a network redesign and network security solutions to guarantee uninterrupted business processes at sites across the United States and Mexico.
“Outsourcing seems like a sexy alternative for a lot of problems, but turning the management of your mission-critical infrastructure over to a third party is pretty scary,” says Jeff White, corporate director of IT for Filtrona Extrusion. When Jeff White joined Filtrona Extrusion as corporate IT director, the company was operating a single threaded network with mixed traffic mission-critical and non-mission critical traffic running side-by-side, with no way to separate or prioritize the two. In addition, the company experienced network performance problems and increasing amounts of downtime at its facility in Mexico. Because its manufacturing facilities run 24/7 and do not always have on-site technical resources available when there is a problem, the company needed a better solution.
“You just never know when things are going to happen, from a backhoe digging up a fiber cable or a more significant outage, and these situations were shutting down an entire facility,” says White. “Because the network is critical to all areas of our business, we needed to implement a fully redundant network to reconcile problems automatically and ensure we could remain up and running, no matter what the situation.”
Filtrona Extrusion is one of the largest manufacturers of extruded plastic profiles, sheets and specialty tubes in the United States. The company manufactures more than 40,000 different products for medical, merchandising, aviation, transportation, traffic, lighting, fencing and custom plastic industries. Its products range from catheter tubes, traffic posts and cones, plastic sheeting for fluorescent lights, air-conditioning ducts in commercial jets, and outdoor furniture.
All of Filtrona Extrusion’s business and manufacturing processes rely heavily on its managed network services. The company’s most critical business application is an enterprise resource-planning (ERP) system that runs on a centralized server in the corporate headquarters in Atlanta, with a standby server replicated in real time and located at a manufacturing facility in Tacoma, Wash. The ERP system manages sales, manufacturing, purchasing, shipping and receiving, accounting, and quality information for all locations, including additional manufacturing facilities in Illinois, Massachusetts, Pennsylvania, South Carolina and Monterrey, Mexico.
White uses a custom simple network-management protocol system to pull data off the routers directly in order to monitor the circuits and overall network performance.
Since plastic is a commodity product, Filtrona Extrusion must maintain complete visibility of its inventory at all times to ensure purchasing decisions can be made at the most advantageous price. Losing sight of inventory levels for as little as a few hours can prevent the company from taking advantage of spot-buy opportunities or force it to use a more-expensive, higher-grade of plastic than is required to fulfill an order for a customer. Moreover, if the ERP system is down, the company is unable to record quality data during the manufacturing process. Without the quality data, there is no way to certify that the product meets the requirements specified by the customer, and without the certifications, the product cannot ship.
“Our whole planning system depends on inventory,” says White. “Without it, we don’t know what materials to buy or how much to purchase for existing orders, which creates some very significant business issues that can cost the company tens of millions of dollars.”
White’s first step after joining the company was to evaluate the effectiveness of his outsourced providers. He needed to understand what the current providers had done, and what they could do moving forward to help him meet the company’s strategic objectives.

Computer Security Bulletproof, Network

Hardware is the term given to the computer machinery and the various individual pieces of the computer. It refers to the physical devices of the computer system. The same hardware can be loaded with different software to make a computer system perform different types of jobs to produce useful outputs. 

In a computer system hardware and software must work together .If you find some problem with the computer components you look for hardware solutions. There are many companies who take annual maintenance charges from the customer and provide complete software and hardware solutions to them. They have their own trained engineers in both the fields (hardware or software) that find the problem and give solution for it. 

Many online websites and PC manufacturing companies are providing hardware solutions in there questionnaire and support their customers by sending representative to monitor the problem of your hardware and give the solution of the same. 

In order to understand the work of network installation service, we should know about computer networking. A computer network is a network of geographically distributed multiple computers connected to each other in a manner to enable meaningful transmission and exchange of information among them. 

The network installation service refers to the way in which the nodes of the network are linked together. The network installation services determine the data paths, which may be used between any pair of nodes in the network. There are several organizations such as banks, insurance companies, hospitals, railways etc. that need on-line processing of large number of transactions and require many computer system to communicate and interact with each other on the same network. In such a computing environment the role of network installation services is vital. 

There are several types of physical channels through which the data can be transmitted from one point to another. Most common data transmission medium are wire pairs, coaxial cable, microwave system, communication satellite and optic fibres.

 
Network security and support services design and maintain numerous services through which you can protect your PCs from viruses by getting firewalls installed in them, reporting spam etc. 

The network security and support services give you assistance in maintaining the various networks and give solution for any troubleshooting situation in the network.

Computer Security Computer, Fundamentals, Network, Services, Simply, Speaking, Support

May 4, 2007 (Nsasoft) — Nsasoft announced today the release of Nsauditor Network Security Auditor 1.5.10, the latest version of its award-winning software for network auditing and monitoring, an excellent integrated solution for auditing all types of computer assets in the corporate networks. Nsauditor significantly reduces the total cost of network management in enterprise environments by enabling IT personnel to audit and monitor network computers for possible vulnerabilities. It is a Windows based multi-purpose software designed to monitor network sessions, scan networks and hosts for vulnerabilities, and to provide security alerts. The software monitors active internet connections and allows to stop internet threats, terminate and block unwanted network connections with incrusted fireawall system.

With Nsauditor Network Administrators are able to gather a wide range of information from all the computers in the network without installing server-side applications on these computers and create a report of potential problems that were found. It is a complete utilities package that includes more than 45 network tools and gives you the possibility to get information about operating systems, service packs, hotfixes, installed software and running processes on remote PCs.

The tools are wide-ranging, from a basic portscanner to more complex MS RPC named pipes and SunRPC service scanners, and a set of related utilities and reporting options. Nsauditor includes scanning tools that examine Microsoft SQL servers for exposed services and vulnerabilities, and SNMP auditor which discovers and walks through available SNMP nodes on the network. The software includes event monitor that examines the local Windows logs and triggers when a specific event ID is detected. The trigger can send email to an admin, send a Windows network message, play a sound file or even speak a custom message with a text-to-speech tool.

Nsauditor “Adware Scanner” tool scans network computers for common Adware traces and gives you a quick look at the Adware, malware and spyware installed on network computers.It allows to monitor and kill processes on local or network computers using “Network Process Monitor” tool and remotely shutdown or restart workstations using “Remote Shutdown” tool.

Nsauditor “Network Hotfix Scanner” is a advanced hotfix check utility that scans network computers for missing hotfixes and patches, and helps you download and install them. Network Hotfix Scanner gives you a quick look at the hotfixes and patches installed or missed on any remote computer in your corporate network, it tells you by colored icons specific security bulletin rating ( critical, important, moderate ), title, description and bulletin URL.

In summary, Nsauditor Network Security Auditor is a very complete network tools package for a surprisingly low price.

Application Info: http://www.nsauditor.com/network_security/network_security_auditor.html

Application Screenshot: http://www.nsauditor.com/images/screens/nm1.jpg

Download URL: http://www.nsauditor.com/downloads/nsauditor_setup.exe

Computer Security Auditing, Monitoring, Network, Software

Providing security against email related threats has become a burden for most IT professionals in 2006. According to a recent study by Postini, spam and email viruses now make up to 80% of all emails sent out as compared to 50% in 2000. As a result, IT professionals now face a tougher challenge in providing network security for this amount of spam. IT professionals also have the disadvantage of defending against new forms of email threats such as spam zombies, directory harvest attacks, mass mailing trojans, as well as the latest email virus.

In this article, I have listed the seven most effective spam fighting tips for organizations with in-house mail servers. These seven tips are proven techniques I have used for my customers, partners and associates who wish to tighten their perimeter (network) security.

Firewall:
A firewall is your first line of defense against hackers, crackers, and spammers. Without a firewall, your network is a disaster waiting to happen and could give any novice hacker free reign over your network. If your organization has multiple Internet users, this tool is essential for securing your network.

Block Port 25:
On your firewall, allow outbound traffic on TCP port 25 for all mail servers. Block traffic on outbound TCP port 25 for all other computers and servers. On the Internet, TCP port 25 is used for email traffic through SMTP (Simple Mail Transport Protocol). Blocking this port is a good security practice and prevents mass mailing worms and spam zombies from sending mail from your users’ computers.

Managed Email Filtering:
Consider using a managed filtering solution such as Postini, Brightmail, or SpamSoap. Managed Email Filtering services quarantine spam, viruses, and email threats before reaching the email servers on your network. In comparison to desktop filters and server appliances, managed filtering services provide superior perimeter (network) protection by preventing delivery of spam and viruses to your network and servers.

Check Relay Setting:
A mail server’s relay setting controls which computers and servers are able to send SMTP email on your organization’s behalf. Check your settings and limit the IP address range to email users on your local network. Some mail servers have settings to limit email relay through authentication. If authentication-based relay is available, setup and configure it too. NOTE: If the relay is not set properly, spammers will be able to send email from your mail server. This exploit is commonly known as an “Open Relay” or a “Spam Relay.” Use the Open Relay test at http://www.abuse.net/relay.htm to check if spammers can relay mail from your server.

Black Lists:
Setup your mail server(s) with a black list. A black list (black hole list) is a database or listing of known spam sources. Most modern email servers can be configured to query inbound email against online blacklists. Messages originating from these sources can then be blocked. I recommend configuring your email server with SpamHaus blacklist. Spamhaus.org is an excellent free service to use. Some other good blacklists are DBSL and SpamCop.

Reverse DNS:
Reverse DNS (rDNS) associates an IP Address with a Domain Name. Most mail servers, as an anti-spam feature, often use a reverse DNS lookup to compare an email address domain name with its IP address. If the IP address found from the rDNS lookup does not match the domain name, it is probably spam. If you haven’t done so, setup and configure reverse DNS records on your DNS server.

Anti-Virus Scan:
There are many tools that provide adequate anti-virus protection for desktops at the workplace. Most anti-virus software is good at detecting viral threats that proliferate email spam such as mass mailing worms, trojans, and directory harvesters. Large organizations might want to use enterprise anti-spam software with management and monitoring tools that will allow tracking of network virus outbreaks.

Recommended Links:
- http://www.spam-x.com [Postini service - managed filtering, 1 to 500 users]
- http://www.postini.com [Postini service - managed filtering, 500+ users]
- http://www.spamhaus.org [Blacklist]
- http://www.dbsl.org [Blacklist]
- http://www.spamcop.net [Blacklist]
- http://www.abuse.net/relay.htm [Open relay test]
- http://www.dnsreport.com [DNS report/open relay test]
- http://www.dnsstuff.com [Spam database lookup and open relay test]
- http://www.cnn.com/2004/TECH/ptech/02/17/spam.zombies.ap [Spam Zombie Article]

Email viruses and related threats delivered through spam have cost businesses billions of dollars in expenses and lost productivity. Each spam email sent or received from your domain costs your organization money and bandwidth. By implementing these seven tips, your organization can reduce spam and recover costs.

This article: © Copyright 2006 Todd Green and free for republishing.

Computer Security email, From, Network, organization´s, securing, Seven, spam, Tips, viruses

It’s strange how the network security policies in place at a company can actually damage, rather than enhance their security. Security measures which are too stringent can lead to employees going around security for convenience’s sake. Employees can actually create security vulnerabilities which your IT department may not be able to protect against; because they may be unaware that they exist!

Not long ago, I spoke with the business director of a large company (I’ll call her Susan). Her company’s IT department requires employee passwords for their network be at least eight characters in length and be comprised of a random mix of letters, symbols and numbers. She also must change her passwords every sixty days. While Susan goes along with the security policies put in place by her IT department, if you were to walk into her office, she has her logon password written right there on her desk – “Password: 1jy^hndT”.

The work environment in many companies these days involves understaffing, tight deadlines and long workdays. When you add yet another complication into the lives of already overworked employees, it is only natural that they choose convenience over security. You see everyone doing this; from the CEO on down to the temps. While it sounds like a good idea to have employees remember complex passwords, what happens in practice is that it slows things down and leads to security being circumvented.

The real problem isn’t the security policy; it’s actually a very sound one – it’s the way that it is implemented which makes it a problem. IT departments are prone to ignoring the human factor when they design security policies. Most people can’t remember two complex passwords; and many can’t even remember one! By making employees change their passwords every two to three months, they further complicate the situation and practically force employees to engage in insecure practices in order to get their work done while still complying with corporate security policies.

This gives management a false sense of security when it comes to network security, since they don’t even know where to look for potential problems. Let’s say that someone copies down Susan’s password and logs in as her – the network monitoring software simply accepts as fact that she is working at 3 am. These security systems will not be able to prevent these attacks until the damage has already been done.

Password security which does not offer convenient implementation is not something which comes without a cost. Resetting passwords can take anywhere from 20% to 50 % of an IT departments time – this translates into about $70/incident. This time and money could be better used by your IT department. There are other costs; lost productivity when employees are unable to access the network.

A rule of thumb to keep in mind is that the greater the level of password security without a convenient management system in place, the more often you’ll need to do password resets. Smartcard security tokens offer a solution which balances productivity, security and technical support.

Smartcard based security tokens allow employees to manage network and computer security themselves without compromising the security of your corporate network. They do this by:

1. Offering double, two factor authentication – the user has the card (something they have) and the PIN (something they know). The computer has the card (something it has) and stored complex passwords (something it knows).

2. Being portable to other machines.

3. Having no information is stored on the computer for prying eyes to find and use.

4. Convenience – the user only needs one password.

5. Employees always have possession of their passwords.

6. Token data is securely stored and protected in the event that the token is stolen or lost.

7. The token can store passwords for many accounts.

Smartcard based security tokens prevent data thieves from merely looking over someone’s shoulder to learn passwords or look for notes taped to desks or inside drawers bearing this information. If each account is set with its own unique password, even if a data thief somehow gets one password, all other accounts are still protected. Smartcard based security tokens allow employees to stay within IT security policies and keep corporate networks better protected while offering the convenience employees want and need. This can make even the most careless employee a security conscious one.

Computer Security Breaches, Cause, Data, Network, Policies, Security

Today it is almost inconceivable for a business not to have computers, whether it is a construction company or a high technology firm. When a business has more than one computer, they are almost always connected together in a local area network. These networks may be more or less advanced and therefore more or less costly.

Companies invest so much (in terms of both money and time) in a local area networks because there are many advantages that a local area network brings to a business and how it is administered.

Some businesses use a local area network in such a way they are highly dependent on it always working. If the company’s network fails, then you may see all the employees chatting away in the corridors because they can’t do their work. This means big losses for the company and causes stresses on the employees. All companies must consider their local area networks a vital asset and downtime must be avoided. This imposes huge demands on the network staff to keep such networks running almost 100% of the time.

The advantages of Computer Network Management

One of the main advantages of installing and maintaining LANs is the opportunity they create for better communication and cooperation between employees and customers.

Security considerations: Local Area Network security can be both a help and hindrance. Comprehensive security is beneficial because it provides a central and safe strategy for data access and disaster recovery. All information is protected by the design and implementation of the network security solution. On the other hand, interconnecting computers in local area networks creates a security risk, since doing so makes it technically possible for intruders to access many machines on the network at once.

Cost considerations: Installing a local area network is a relatively expensive project. Servers, cabling, switches, routers and software can all be expensive and should never be purchased without expert advice. Keeping the network operating and secure also requires a lot of resources and can be costly.

Surprisingly, a local area network can bring a number of cost savings. Sharing resources avoids the need to purchase equipment for each individual. Even more important is the security that a local area network can provide. Data loss could cost a business a great deal of money and in some cases, cause the business to shutdown altogether. Computer Network Management should require a consistent routine for data backups with regular checkups of data quality – a practice that will save a company huge sums in the event of a mishap.

Computer Network Management: preliminary analysis phases

The first phase of computer network management is to determine the source of the problem (a preliminary study that looks into several options of differing scope may be useful here) and defining it in a specification of requirements. Examples of what should be evaluated are different network operating systems, mail systems, and other applications. The choice of hardware components should also be evaluated. This phase is generally aimed at establishing what the system should do, not how it should do it.

Computer Network Management: design phase

The purpose of design phase is to determine how the requirements of the specification are to be met. The current approach to large, complex projects is to break them down into smaller, more manageable subprojects.

Computer Network Management: implementation phase

This phase involves the physical installation of the local area network. Cables are run, software is installed, and computers and other hardware are put in place.

Computer Network Management: integration and system testing phase

In this phase, commissioning of the network begins, and routines are adapted to users and the operating personnel. The system must be tested, both to ensure that the network meets the requirements set out in the specification and that it is stable enough to perform the central function it has in the organization.

Computer Network Management: operation and maintenance

Local area networks have complex operating routines. This is because there may be serious consequences when faults occur or unauthorized persons gain access to the system. Many companies have employees devoted solely to take care of running and maintaining computer networks. These system administrators may deal with network issues such as performance, reliability and security of both hardware and software.

Computer Network Management: tools

Although an organization may have computer administrators on site, they must also monitor the network more than eight hours a day. In fact, some of the worst trouble that arises with networks can happen during the night hours when nobody is using the network. With the right computer network management tools, your organization can receive the security of knowing that problems will be foreseen, prevented, and taken care of – and that your network administrator can be notified at a moment’s notice, should anything go exceptionally wrong.

Computer Security Computer, Management, Network