Linux Network Security - Page 27

Discover Network Security News

Small Business Primer on Network Security Threats

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Over the last ten years, our world has become interconnected in ways not previously imaginable. Today, for instance, people in Spain, the US, and Brazil can find out simultaneously that soccer-star David Beckham has switched teams. Small companies can now affordably be spread across the globe, and big companies can now have inter-office collaboration on a daily basis. But all of that interconnectedness relies in large part on our ability to protect the networks that create those connections. Unfortunately, and despite the best efforts of network security managers, the last five years have seen hackers and criminals become increasingly effective at compromising these networks, as they have quickly developed new and ever more malicious threats to network security.

Brittany Day
Jan 18, 2007

Ajax Sniffer - Prrof of concept

The original idea was discussed by Stefano Di Paola in his paper Subverting Ajax. I have simply created a working proof of concept of ajax based sniffer. I have taken the same files as I demonstrated in ajax worm PoC.

Benjamin D. Thomas
Jan 18, 2007

The Mighty Sniffer

One of the most important tools in a security professional's arsenal is the mighty 'sniffer'. Its power is never underestimated, never undervalued. A sniffer is many things to many people. In the right hands it is invaluable, allowing for the analysis of complex traffic passing over the network, in the wrong hands it can be a destructive force, allowing for the capture of confidential or sensitive data as it flows on the wire.

Anthony Pell
Jan 09, 2007

Voice Over IP Under Threat

There has recently been considerable alarm about the possibility of a malicious code spreading via Skype. Skype is a system that allows voice communication over established Internet connections, in an environment very similar to that of telephone calls. It even allows calls to be made to telephones from a computer, with lower tariffs than that of a normal call. The real problem that a malicious code for Voice over IP (VoIP) would suppose is that it opens a whole new field for hackers to create new types of malware. Initially, one might think of malicious code that uses VoIP in order to propagate, as was the case with the Trojan mentioned at the beginning. In reality, this represents nothing more than finding a new communication channel.

Brittany Day
Jan 08, 2007

Changing Your MAC Address In Window XP/Vista, Linux And Mac OS X

First let me explain a few things about MAC addresses. MAC stands for Media Access Control and in a sense the MAC address is a computer

Brittany Day
Jan 07, 2007

Securing a Converged Network

Network security has traditionally been viewed in business as more of a cost than a benefit. But the latest trends are towards converged networks where voice, video and data are sent over the same network infrastructure. This change presents new challenges for network professionals and network security is playing a bigger role than ever. Traditional voice only networks are circuit-switched and virtually secure. Sure they can be listened in on, but physical access is required which makes it much more difficult.

Brittany Day
Jan 04, 2007

CSI: TCP/IP

Located on the less fashionable north end of the Las Vegas strip, the Riviera Hotel and Casino has seen better days. Even the girls in posters for the hotel's topless revue could use a makeover. But hey, it's cheap. Which is why 6,000 hackers have descended upon it for DefCon, billed as the "largest underground hacking event in the world." So while the hotel is no doubt happy for the business, it's also

Benjamin D. Thomas
Jan 03, 2007

Sniffing On Ethernet Undetected

All you need is a MAC and a dev and you can sniff without sending packets. So I have been in some tight spots where I had to sniff a password or two off the wire, or sniff some packets off the wire undetected and based on the packets content do something. So I tried a few things and this is what worked.

Anthony Pell
Jan 02, 2007

VOIP More Vulnerable

If you're talking over your IP network right now, then voice-over-IP should be at the top of your security priorities for next year. Securing enterprise IP voice hasn't been on most organizations' radar screens, mostly because VOIP so far hasn't been a popular target of attackers or bug hunters, nor have many organizations torn out their traditional voice systems altogether, anyway. But security experts say it's time to make VOIP security a priority.

Brittany Day
Dec 24, 2006

DNS Security and Threat Mitigation

The Internet is a seemingly limitless source of information. It provides the power of collective knowledge and information to a vast array of users who access innumerable resources for countless reasons. These resources are typically accessed by using a human readable name designed to be easily remembered, thus increasing the usability of the resource. These human readable names, as the very term implies, are for the sake of the human users. Network devices, however, find each other by using a number, referred to as IP (Internet Protocol) addresses. The Domain Name System is the service that maps the human readable names to device specific IP addresses creating the user friendly nature of networked systems.

Benjamin D. Thomas
Dec 01, 2006

Me code write good

Viruses and worms pose some of the most formidable threats in the modern computer security land-scape. With some virus writers on the bleeding edge of technology, making use of 0-day exploits and innovative techniques to circumvent system security features. However, for every Blaster, there

Brittany Day
Nov 21, 2006

Using Nepenthes Honeypots to Detect Common Malware

In the past few years, a number of serious flaws in Windows have been exposed, including MS03-026 [ref 1], the flaw that Blaster [ref 2] used to spread in 2003, right up to the recent Mocbot/Wargbot worm [ref 3] which exploited MS06-040 [ref 4] from August 2006. The number of distinct pieces of malware exploiting these flaws has rapidly increased over the same time period. There are several variants of most worms and many more than that of most of the bot families, such as Agobot, Phatbot, Sdbot, and so on. As is now well-known, bots are collections of compromised "zombie" computers used together in a botnet network for nefarious purposes. In the paper, they give detection rates for newly capture malware range between 73% and 84% across four different antivirus engines. Clearly, relying on antivirus software is not going to work for everyone, all the time. In this paper we describe how a particular low-interaction honeypot, Nepenthes [ref 6], can be used to quickly alert an administrator to a network compromise. It captures malware and can assist in containing and removing the infection.

Brittany Day
Nov 20, 2006

Packet Challenge: Fragments and a Blast from the Past

This time around, packets from one of my own DNS servers. If you would like to follow along, you can find the full unobfuscated packet trace here. (quick update... turns out that the router and DNS queries involved are part of www.nlnetlabs.nl, a network research labs that does experiment with DNS servers... so maybe this is all some side effect of an experiment they are running. Thanks to Don for pointing this out to me. After visiting their website, I did see a number of similar ICMP admin prohibited packets with flipped fragmentation bytes, but the embeded packet's source port was 80!

Benjamin D. Thomas
Nov 14, 2006

IPv6 Security Issues

For more than three decades now, the Internet

Brittany Day
Nov 12, 2006

Why One Virus Engine Is Not Enough

It is a well known fact that viruses, trojan horses, worms, spam, and other forms of malware present a real threat to all modern-day organizations and affect productivity and business operations negatively. According to the 2006 FBI Crime and Security Survey, 97% of organizations have anti-virus software installed, yet 65% have been affected by a virus attack at least once during the previous 12 months. Network World cited studies that placed the cost of fighting Blaster, SoBig.F, Sober and other email viruses at $3.5 billion for US companies alone. Similarly a 2006 study by the British government found that 43% of companies in the United Kingdom were infected by viruses during 2005.

Brittany Day
Nov 11, 2006

How Much Can A LAN Switch Protect Your Network?

Call it NAC (Cisco

Brittany Day
Nov 08, 2006

WAN Acceleration: Best Practices for Preserving Security

As more and more enterprises undergo server centralization projects, new products will be introduced to improve network and application performance. By following basic security precautions, enterprises can ensure that these performance improvements do not come at the expense of data security.

Anthony Pell
Nov 06, 2006

Backdoors and Holes in Network Perimeters

The Supervisory Control and Data Acquisition (SCADA) system of a natural gas utility was compromised resulting in a reduction of operation. The breach was discovered when operator interfaces became unresponsive and the system was no longer acquiring data. As a result, the system was disconnected from the network and a combination of manual operation overrides and limited fail-over to a backup server went into effect until the environment could be restored. Technicians troubleshooting the incident identified the deletion of several core application files on the primary control server as the source of the problem.

Benjamin D. Thomas
Oct 31, 2006

The Changing Faces of Internet Security Threats

Increasingly, organizations are developing comprehensive security strategies and implementing a variety of online and on-demand security applications and services across the entire range of their IT operations. The need for fast, efficient and unobtrusive protection has led some security systems developers to become managed security service providers (MSSPs). In addition to delivering patches and system updates via automatic or on-demand downloads, MSSPs are broadening the range of security management services they provide.

Benjamin D. Thomas
Oct 23, 2006

Sniffin

This time we will install a network protocol analyzer to watch the traffic on our LAN from initiating and connecting a SIP call. The Wireshark open source project was formerly known as Ethereal. I used to work for a great company called Cybera as a programmer, and I was always fascinated by networking. I

Benjamin D. Thomas
Oct 20, 2006

Linux Network Security - Page 27

Harnessing Proxies for Enhanced Threat Intelligence: A Guide with Open Source Tools

Understanding HTTP Proxy Servers: A Vital Linux Network Security Tool

Exploring Vulnerability Scanners: Tools & Strategies for a Secure Network