Linux Network Security - Page 31

Discover Network Security News

The Ultimate Net Monitoring Tool

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

The equipment that technician Mark Klein learned was installed in the National Security Agency's "secret room" inside AT&T's San Francisco switching office isn't some sinister Big Brother box designed solely to help governments eavesdrop on citizens' internet communications. Rather, it's a powerful commercial network-analysis product with all sorts of valuable uses for network operators. It just happens to be capable of doing things that make it one of the best internet spy tools around.

Brittany Day
May 17, 2006

The Changing Face of Network Security Threats

Network administrators face many threats from both inside and outside the walls of their infrastructure. This paper discusses the risks that everyone faces along with ways to mitigate the exposure and resulting damage from such an attack. It will also focus on new devices being produced to provide increased security. Despite their slipping market share in router sales to Juniper, Cisco remains the largest provider of Routers, which are used to provide the backbone for the majority of companies today [10]. Because of the large role Cisco routers play in the infrastructure of the internet and the nature of the protocols these routers use; it has placed a large target on them from hackers wanting to exploit these vulnerabilities.

Benjamin D. Thomas
May 17, 2006

Password Hell (Part 2): Companies Must Get It Right...Now

Failure to properly instil a culture of effective password management in a company could land its directors in jail, while wading through alternatives to "fatally flawed" passwords is a process mired in "fear, uncertainty and doubt" according to experts on all sides of the debate. The only given is that the need to get it right is now more pressing than ever, according to one top lawyer. David Naylor, partner at law firm Field Fisher Waterhouse, said companies need to ensure they have strict policies in place regarding password management and said best practice would be to incorporate these as requirements in the company's contractual arrangements with employees and third-parties with access to the company systems.

Brittany Day
May 16, 2006

Password Hell (Part 1): The IT Chief's Nightmare

The perennial problem of password management is still proving a major headache for end users and the problems are only getting more complex - especially as companies start to weigh up the pros and cons of updating systems to work with newer forms of authentication. Phil Young, head of IT operations, Amtrak Express Parcels, told silicon.com password management remains a "nightmare" issue for many businesses. And he said it's "a very big issue and becoming bigger by the year", branding human-error activities such as writing down passwords as "a recipe for disaster".

Brittany Day
May 16, 2006

Highly Critical RealVNC Flaw Fixed

A "highly critical" flaw in RealVNC's virtual network computing software could allow malicious hackers to access a remote system without a password, according to a published advisory. RealVNC, the Cambridge, U.K.-based company that invented the open-source software, has acknowledged the flaw and posted patches for all affected versions.

Brittany Day
May 15, 2006

Webroot Uncovers Thousands of Stolen Identities

Spyware researchers at Webroot Software. have uncovered a stash of tens of thousands of stolen identities from 125 countries that they believe were collected by a new variant of a Trojan horse program the company is calling Trojan-Phisher-Rebery. The FBI is investigating the stolen information, which was discovered on a password-protected FTP (File Transfer Protocol) server in the U.S. and is believed to be connected to a Trojan horse that is installed from the Web site teens7(dot)com. The information, organized by country, includes names, phone numbers, social security numbers, and user log-ins and passwords for tens of thousands of Web sites, according to information provided to InfoWorld by Webroot.

Brittany Day
May 10, 2006

Bot Software Looks To Improve Peerage

The worm, dubbed Nugache and classified also as bot software, attempts to infect systems through e-mail, America Online's instant messaging network, and network shares on vulnerable computers. Once it compromises a computer, the program uses a seed list of 22 different Internet addresses to establish connections to other victims' computers in a peer-to-peer network. The program appears to encrypt--or at least obfuscate--the data it sends to other servers, possibly making it harder for intrusion detection systems (IDSs) to detect the program, according to an analysis posted to a security mailing list by university network administrator Brian Eckman. "The 'bot'--for lack of a better term--does not use DNS (the domain name system) to find any (command and control network); it also does not use any human readable string in its communication," Eckman, a security analyst at the University of Minnesota, wrote in his analysis. "Therefore, many IDS measures will not help you detect infected hosts on your network."

Brittany Day
May 04, 2006

An Overview of Remote Access Technologies

The Remote Authentication Dial-In User Service (RADIUS) provides authentication to clients that connect to a remote access server by using a SLIP or PPP dialup connection and an authentication protocol such as PAP, CHAP, or EAP. It allows a Network Access Server (NAS), which can be a remote access server, router, or wireless access point for example, to delegate the task of authenticating clients to a centralized RADIUS server. When a user dials in to a remote access server, the remote access server acts as a RADIUS client and forwards the access request to the RADIUS server.

Benjamin D. Thomas
May 04, 2006

Vulnerability Issues in Implementations of the DNS Protocol

The vulnerabilities described in this advisory affect implementations of the Domain Name System (DNS) protocol. Many vendors include support for this protocol in their products and may be impacted to varying degrees, if at all. If exploited, these vulnerabilities could cause a variety of outcomes including, for example, a Denial-of-Service (DoS) condition. In most cases, they can expose memory corruption, stack corruption or other types of fatal error conditions. Some of these conditions may expose the protocol to typical buffer overflow exploits, allowing arbitrary code to execute or the system to be modified.

Benjamin D. Thomas
May 03, 2006

DNS cache poisoning again!

For background you may wish to review this report and this issue about BIND 4 or 8 not being suitable as forwarders. Next, a request. PLEASE review your dns servers logs and cache for 65.23.154.2 If you find it listed as authoritative for .com please send us an email with a dump of the dns cache. Directions for dumping, cleaning and protecting your cache are available in the write-up above.

Benjamin D. Thomas
May 03, 2006

Can You Spoof IP Packets?

Spoofed IP packets are still believed to be a significant problem for the Internet. But are they? The Spoofer Project is attempting to measure the problem. Apparently, 80% of the IP addresses measured no longer support spoofing! Their methodology is simple: have users download a client which attempts to spoof packets to the monitor. Using these packets, they can determine the filter rules.

Benjamin D. Thomas
May 03, 2006

As the Bot Turns

The below was sent to us as well as some of the ISACs around the net tonight. As there is quite a bit of information being conveyed by the author, I am going to leave the majority of the advisory as originally written. I will note that this started with a click happy user on AIM to the best of our knowledge. A bot was seen spreading via AOL Instant Messenger (AIM) earlier today that appears to be using "encrypted"[1] peer-to-peer (P2P - possibly Waste?) as the Command and Control (C&C) mechanism. The bots communicate with each other via port 8/TCP.

Benjamin D. Thomas
May 01, 2006

A Survey of DNS Security: Most Vulnerable and Valuable Assets

We collected 593160 unique webserver names from the Yahoo! and DMOZ.org web directories. Since the names were extracted from web directories instead of being generated automatically, they have been filtered through a preliminary level of human scrutiny. Though it is clear that the level of scrutiny is not extremely high (i.e. there are some spam hostnames in the survey), we believe that these names are representative of the sites people actually care about. We then queried the legacy DNS for these names and recorded the chain of nameservers that are involved in their resolution. We thus obtained a snapshot of the dependencies in the DNS system. A total of 166771 nameservers were discovered in this process. The survey was performed on July 22, 2004.

Benjamin D. Thomas
Apr 27, 2006

DNS Amplification Attacks

This paper outlines a Distributed Denial of Service (DDoS) attack which abuses open recursive Domain Name System (DNS) name servers using spoofed UDP packets. Our study is based on packet captures and logs from attacks reported to have a volume of 2.8Gbps. We study this data in order to further understand the basics of the reported recursive name server amplification attacks which are also known as DNS amplification or DNS reflector attacks. One of the networks under attack, Sharktech, indicated some attacks have reached as high as 10Gbps and used as many as 140,000 exploited name servers. In addition to the increase in the response packet size, the large UDP packets create IP protocol fragments. Several other responses also contribute to the overall effectiveness of these attacks.

Benjamin D. Thomas
Apr 20, 2006

Top 15 Security/Hacking Tools & Utilities

Nmap ("Network Mapper") is a free open source utility for network exploration or security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. Nmap runs on most types of computers and both console and graphical versions are available. Nmap is free and open source.

Benjamin D. Thomas
Apr 18, 2006

"IM me" a strike order

Flexible military communications have always been of great importance, and flexibility here stands for securely communicating over insecure channels -- IP based communications. While you might have not heard of Bantu before, to me their real-time network for interagency communication sounds more like a security through obscurity approach -- temporary gain and possible long term disaster.

Benjamin D. Thomas
Apr 17, 2006

Disturbing developments in DDoS attacks

Traditional DDoS of course is when an attacker uses thousands of centrally controlled zombie machines to direct millions of packets at a single destination. Most web servers shrivel up and die when subjected to that much attention. According to Barrett even the upstream infrastructure cannot withstand some of these attacks. The firewalls, routers, sometimes even the ISP go off line. A recent new technique is for the zombies to all perform DNS look-ups causing a failure of the DNS server for the target to die, effectively taking down a site without even hitting it directly.

Benjamin D. Thomas
Apr 14, 2006

Build Effective Security Awareness Program

You've developed a world class security program. Your technology-based defenses are cutting edge. Your security team is well trained and ready to handle anything that comes its way. So you’re done, right? Not quite. One of the most important pieces of an effective information asset defense is missing – employee awareness.

Anthony Pell
Apr 14, 2006

The Enemy Inside

For many years external security threats received more attention than internal security threats, but the focus has changed. While viruses, worms, Trojans and DoS are serious, attacks perpetrated by people with trusted insider status—employees, ex-employees, contractors and business partners—pose a far greater threat to organizations in terms of potential cost per occurrence and total potential cost than attacks mounted from outside. The reason insider attacks "hurt" disproportionately is that insiders can and will take advantage of two important rights: trust and physical access.

Benjamin D. Thomas
Apr 13, 2006

Hacking Network Printers

Hack a printer you say, what kind of toner have you been smoking, Irongeek? Well, I'm here to tell you, there’s more that can be done with a printer to compromise network security than one might realize. In the olden days a printer may not have been much of a concern other than the threat from folks dumpster diving for hard copies of the documents that were printed from it, but many modern printers come network aware with embedded Operating Systems, storage and full IP stacks. This article will attempt to point out some of the more interesting things that can be done with a network based printer to make it reveal information about its users, owners and the network it's part of.

Benjamin D. Thomas
Apr 11, 2006

Linux Network Security - Page 31

Harnessing Proxies for Enhanced Threat Intelligence: A Guide with Open Source Tools

Understanding HTTP Proxy Servers: A Vital Linux Network Security Tool

Exploring Vulnerability Scanners: Tools & Strategies for a Secure Network