Maintaining robust network defenses requires a proactive approach to keep pace with today's rapidly evolving network security threats. One crucial element of an effective network security strategy is penetration testing, or staged attacks in network ...
The basic outline of the system consists of using Bash scripts, metamail, grep, the Obtuse Systems' smtpd product, Samba and a command-line virus scanner. A flowchart-style diagram can be found in Figure 1. The Obtuse Systems' SMTP store and forward package . . .
A nice quick summary of what ports and services are by the folks at O'Reilly. "Each service is handled by a program called a "daemon." The daemon listens on, or is bound to, a specific port to receive incoming requests from . . .
Almost all of today's "stateful" web-based applications use session IDs to associate a group of online actions with a specific user. This has security implications because many state mechanisms that use session IDs also serve as authentication and authorization mechanisms -- . . .
RADIUS is a widely used protocol in network environments. It is commonly used for embedded network devices such as routers, modem servers, switches, etc. This analysis deals with some of the characteristics of the base RADIUS protocol and of the User-Password . . .
A honeynet is a very valuable tool for research, intelligence and education: by knowing the methods an intruder uses we can better detect break-ins in the future. Information gathered from honeynets casn be analysed to monitor attack trends. The information collected . . .
This SNAC Guide addresses security "best practices" from the National Security Agency's Systems and Network Attack Center. It includes information on security policies, passwords, host security, buffer overflows, rootkits, and more.
The Computer Emergency Response Team (Cert) co-ordination centre reported last week that the targets of denial of service (DoS) attacks are changing, and are becoming more sophisticated and damaging. According to Cert, early DoS attacks overloaded web servers with simple . . .
We all yearn for the more innocent time when the acronym DOS stood for your Disk Operating System, or even the Dept. of State for the better traveled. Today, however, it is a term that brings a chill to many technologists . . .
"We never gave security a thought," Brian Chee says, talking about what was probably the world's first wireless data network. Chee worked on Aloha Net, a new concept in communications developed by the University of Hawaii back in the late 60's. . . .
Bob Fleck, a security consultant at Cigital, working with Jordan Dimov, has discovered new class of wireless attacks that can be used to gain unauthorized access to normally-protected machines on a standard wire-based internal network. Wireless networks involve installation of . . .
A computer forensics expert and retired federal agent is trying to convince the U.S. government that Windows XP is a threat to national security and its distribution should be postponed.. . .
Security experts are raising alarms about a technique that computer hackers could use to penetrate a company's wired data networks from its wireless networks, Monday's Wall Street Journal reported. Wireless links are increasingly being used by companies to connect desktop and . . .
The Internet has been used tactically to help after cataclysmic events, but its best future preventive use may be as an educational tool. Given the many Internet security breaches that have occurred this past year, from Code Red to the . . .
Any good disaster plan must go well beyond bulletproofing IT and consider a variety of human factors, according to a panel of research analysts speaking Monday at the Gartner Symposium/ITxpo 2001 here. Specifically, Gartner analyst Roberta Witty emphasized that disaster planning . . .
Packet sniffers, sometimes referred to as protocol or network analyzers, are invaluable tools for network and systems administrators. With an abundance of commercial and free software products available, it may be difficult to choose a good product. This article describes Ethereal, . . .
Lately, the word "security" has been tossed around a lot in the news, IRC channels and elsewhere in the community. It seems that there's no end to viruses and script kiddies out there just waiting to get through the security on . . .
Denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks have been around for years, but with reports that 4,000 DoS attacks are launched each week, it's clear the problem isn't close to being resolved. In fact, in a recent poll of Information Security . . .
The complexity of the Internet is increasing more rapidly than our ability to secure it, according to Internet security expert Bruce Schneier. At the opening of the annual Information Security Solutions Europe (ISSE) conference in London on Wednesday, Schneier, who is . . .
Although there have been no reported cases of cyberterrorism or hacks of corporate or U.S. government sites, companies must remain vigilant in the coming days, say analysts from the research firm Gartner. Soon after last week's horrific terrorist attacks on U.S. . . .
Worms and viruses often target specific vulnerabilities in common software. But what if the terms were reversed? Rather than attacking the vulnerability of software for malicious purposes, what if the worm or virus actually attempted to secure the software by applying . . .