Linux Network Security - Page 33

Discover Network Security News

Dial 'D' for DoS; VoIP's hidden security threat

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Communication technology experts have released a report highlighting inherent security issues with VoIP applications such as Skype and Vonage that could give online criminals an opportunity to operate undetected.

Benjamin D. Thomas
Jan 31, 2006

Put Up A Strong Defense

Most security breaches by insiders are unintentional. They come from employees who make ill-advised or uninformed choices regarding storage of their passwords, the Web sites they visit, and the E-mails they send. The Computing Technology Industry Association's annual survey on IT Security and the Workforce trends, to be published in March, indicates that nearly 80% of corporate security breaches are caused by computer-user error.

Benjamin D. Thomas
Jan 23, 2006

Cisco squashes VoIP, router bugs

Flaws in Cisco Systems software for routers and IP telephony could be a conduit for attacks on enterprise networks, the company has warned. On Wednesday, it released two security alerts along with fixes for Cisco CallManager, which runs Internet-based phone calling. Two flaws exist in the software: One could allow an attacker to paralyze a Cisco IP telephony installation, the other could allow someone with read-only access to the system to gain full privileges, according to the alerts.

Brittany Day
Jan 19, 2006

Hackers are ready for IPv6—are you?

One of the arguments for moving to version 6 of the Internet Protocols is that it will offer more security. This may well be true in the long run. But for the time being, IPv6 is likely to introduce more complexity and create more problems than it solves. “The hackers currently have the lead

Benjamin D. Thomas
Jan 10, 2006

A better VNC with FreeNX for remote desktop control

VNC is well-known for allowing the remote control of another desktop machine via your own computer. For instance, using VNC you can easily control your home PC from work, and vice versa. The problem with VNC is that it's not overly secure and it can be quite slow, particularly if you have a lot of fancy graphics or backgrounds on the remote computer. Other solutions also exist for remote control of a GUI, such as running X over ssh, proprietary tools like Apple's Remote Desktop, etc., but they all tend to have the same drawbacks; they are either insecure or tend to be slow.

Benjamin D. Thomas
Jan 09, 2006

Cisco vulnerability posted to Internet

One day after a security researcher and organizers of the Black Hat USA conference agreed not to post details of vulnerabilities in Cisco 's router software, the information has been published on the Internet.On Friday, the Web site Cryptome.org posted what appear to be slides written to accompany a presentation given by former Internet Security Systems Inc. (ISS) researcher Michael Lynn, at the Black Hat conference in Las Vegas.

Benjamin D. Thomas
Dec 29, 2005

Bandwidth monitoring with iptables

Linux has a number of useful bandwidth monitoring and management programs. A quick search on Freshmeat.net for bandwidth returns a number of applications. However, if all you need is a basic overview of your total bandwidth usage, iptables is all you really need -- and it's already installed if you're using a Linux distribution based on the 2.4.x or 2.6.x kernels. Most of the time we use iptables to set up a firewall on a machine, but iptables also provides packet and byte counters. Every time an iptables rule is matched by incoming or outgoing data streams, the software tracks the number of packets and the amount of data that passes through the rules.

Benjamin D. Thomas
Dec 27, 2005

Ping: ICMP vs. ARP

Today almost every organization employs firewalls for enhanced security. Firewalls can be set up in such a way that Internet Control Message Protocol (ICMP) requests are blocked, which means that traditional pings do not work. Setting a firewall to block ICMP requests is based on the theory that if a would-be hacker cannot "see" the target, he may not attack the host.

Brittany Day
Dec 22, 2005

Security Expert Finds Port Scans Not Tied To Hack Attacks

Port scanning, the practice of sniffing for computers with unprotected and open ports, isn't much of a harbinger of an attack, a University of Maryland researcher said Monday. Michel Cukier, an assistant professor at the College Park, Maryland-based school, said that contrary to common thought, few port scans actually result in an attack. In fact, only about five percent of attacks are preceded by port scans alone.

Brittany Day
Dec 13, 2005

Inexpensive Cisco Network Log Analysis

This document is intended to explain why network logging and log analysis is important, and provide instructions for people who want to do this on their Cisco equipment (especially the PIX firewall) without spending a lot of money. Although you may not get all of the spiffy features that you will find in high-end offerings from companies like Cisco, NetIQ, Symantec and others, you can get a very good security bang for the buck with simple and inexpensive systems. Although this document is specifically intended for logging on a Cisco PIX, pretty much the same commands should work for other devices such as routers. You will see different screens, and Sawmill may detect them differently, but it is essentially the same process.

Benjamin D. Thomas
Dec 12, 2005

CLI Magic: More on SSH

We've covered SSH before in CLI Magic, but this week let's look at some additional SSH features that new users might not be aware of. For the purpose of this article, we'll be looking specifically at OpenSSH, but many of these features apply to other SSH variants as well. SSH is the best way to establish a secure connection to a remote networked machine. Whether you want to transfer files, encrypt traffic, or just log in to a remote machine, SSH is the way to go.

Benjamin D. Thomas
Dec 06, 2005

The Five Security 'Musts' You Can't Ignore

First, you have to learn what sort of protection against intruders exists on your network, both at the site of your ISP and at your own site. Then learn what sort of connections you have to the outside world. Of course, this will include your DSL or cable connection, but it may also include dial-up access available to individual computers. Even if it’s just your home office, knowing that someone can dial out to the Internet over a phone line bypassing your firewall is important when you’re fighting against worms, viruses and intruders.

Benjamin D. Thomas
Dec 05, 2005

Why Duplicate Packets May Appear on SPAN Ports

I noticed a post to snort-users today asking if Snort had a problem with duplicate packets: "We have a range of switches being used within our network for port monitoring, and a couple have had to be set up in such a way that you can end up seeing each packet TWICE on the snort interface. I've been told by our network engineers that this has to be the case in order for the IDS to see the networks it needs to on one card." I think I know why this is happening. I cover this issue in day one of my Network Security Operations course.

Benjamin D. Thomas
Dec 01, 2005

SSL VPNs: Remote Access for the Masses

Secure Sockets Layer (SSL) for remote access is based on a simple concept: use the encryption and authentication capabilities built into every Web browser to provide secure remote access to corporate applications. By combining SSL-enabled Web brow- sers with a secure gateway to terminate connections and provide policy enforcement and access control, so-called SSL VPNs provide access to Web-based, legacy client/server, and terminal applications from anywhere-home PCs, hotel business centers, Internet cafes, or a business partner's LAN-without an IPSec VPN client. It's one of those ideas that make you say "Why didn't I think of that?"

Benjamin D. Thomas
Nov 28, 2005

Making your security fit

There is no doubt that network security keeps IT directors awake at night. And it doesn't look like restful slumber is getting any closer. When the British Computer Society surveyed IT directors in May, it found security was the main concern for 61% of respondents.

Benjamin D. Thomas
Nov 24, 2005

Security: Freedom to enter but no right to roam

When you add the responsibility for information and security in an organisation that ranges across Europe, life becomes even more complex. You also need to accommodate differences in mindset about legislative severity, and differences in national character. Within countries, many of the challenges remain the same for CIOs, wherever they are based. They must try to operate a security model that has changed from a "fortress" - where everything was kept out - to an "airport" style security. Now everyone is rushing around in different directions aiming for different destinations, and their credentials to "fly" or interact with the company need to be checked.

Benjamin D. Thomas
Nov 24, 2005

DCHP, shared feeds and lots of service management

DHCP is now a key potential point of failure for many organisations, said Nominum as it introduced version 2 of its high-availability Dynamic Configuration Server (DCS), which it claimed can provide over 2,400 DHCP leases per second, 59 times more than a widely used open source equivalent. DHCP, or Dynamic Host Configuration Protocol, is the scheme that automatically assigns IP addresses within a network.

Benjamin D. Thomas
Nov 23, 2005

NAC Will Fill a Big IT Security Gap

When Zotob and other worms attacked a Windows vulnerability in August, some (yeah, that's me) were surprised that large companies were affected. After all, even a simple firewall should have blocked the attack. The problem was that many large corporate networks aren't as controlled as you'd think.

Brittany Day
Nov 18, 2005

Network monitors head for the high ground

The lure of open source is strong, and it's starting to be felt by the traditional network monitoring and analysis companies - but they are finding ways to fight back, according to Janice Spampinato, VP international at WildPackets. "Packet analysis tools are very much a commodity now," she says. "Ethereal and the like has taken the legs off the portable market, so thank goodness we decided to go for the distributed market."

Benjamin D. Thomas
Nov 18, 2005

Internet security: Cisco flaws

Finnish researches today announced a high-risk vulnerability in a security protocol that serves an important role in key exchanges in IPsec VPNs. The severity of the flaw depends on different vendors, some of whom report it exists in their products and others who for now maintain their offerings are unaffected. But its impact could be great, given those vendors include heavyweights Cisco Systems, 3Com, Juniper Networks, Microsoft and IBM.

Benjamin D. Thomas
Nov 15, 2005

Linux Network Security - Page 33

Linux Pentesting Distros: An Essential Tool for Strengthening Network Security

Enhancing Network Security with Linux Proxy Servers

OPNsense 24.7 'Thriving Tiger': Elevating Open-Source Network Security and Performance