Dec 17 2012

5 Essentials changes to harden Network Infrastructure

Category: Network securityDISC @ 4:09 pm

First principle to understand vulnerability assessment, one can’t exploit the vulnerability if a threat does not exist. So by default the services (ports) which are not required in a system (server) will present an unnecessary threat to be exploited if specific vulnerability exists in a system.

These unnecessary and unattended services are also the prime target of an attacker which they will find in reconnaissance session and ultimately exploit these vulnerabilities to get into a system. Modern networks should be resilient enough to handle the availability and bandwidth of traffic but also the daily barrage of attacks. Information security is a necessary evil to stay in business (cost of doing business) today. Compliance and regulatory fines aside, InfoSec is treated as business enabler in today’s business suite.

Below are five services which must be disabled unless there is a business reason. If you do have to enable one of these services then utilize compensatory controls to minimize the given risk to acceptable level.

1. Finger – the finger is TCP Unix service (port 79) which is utilized to determine who was logged on to system. After that all you have to find what is their password to get into the system and there are plenty of brute force applications out there to do that for you. Same service can be provided from other lookup secure services (like whois) which may minimize the risk in your environment. So make sure this service is disabled on all devices.

2. Telnet – is used for remote device management to get into system, no wonder a gold mine for a hacker. Like FTP, Telnet communicate in clear text, so it is insecure protocol. So it should be replaced with other secure services like SSH (port 22).

3. HTTP – is the most common user friendly web interface today. Because of its commonality the hackers have discovered several methods of exploiting HTTP service. Beside that HTTP is a clear text protocol as well which provides an extra advantage to a hacker. So it should be replaced with other secure services like Https (port 443).

4. NTP – Network Time protocol utilize to synchronize all the time clocks with a remote time server which also use to keep all the logs in sync for forensic or incident handling. If NTP is not required on a system it should be disabled.

5. ICMP – is data link layer protocol which provides information about neighboring network devices. ICMP flood, also known as Ping flood or Smurf attack, is type of Denial of Service attack that sends large amounts of (or just over-sized) ICMP packets to a machine in order to attempt to crash the TCP/IP stack on the machine and cause it to stop responding to TCP/IP requests. Some time it necessary to enable this protocol when troubleshooting, so only enable when necessary otherwise keep it disable.

Please feel free to comment and add more services which you think should be added to this list

Related Topics

Hardening Linux

Hardening Windows Systems

Tags: Denial-of-service attack, HTTP, HTTP Secure, Hypertext Transfer Protocol, Information Security, Internet Control Message Protocol, Network Time Protocol, Smurf attack


Jan 22 2010

How to manage risk in the cloud

Category: Cloud computingDISC @ 3:06 am

What is Cloud Computing and does it provide more protection to your business?

  • Pre-order the Softcover;

  • Pre-order the eBook.
  • Cloud Computing will bring many benefits to organisations, some of which include reducing operating costs, reducing power consumption and freeing you up to focus on your core business.
    The concept of shifting computing to a shared service provider is not new. What may be new is that the cost of Cloud Computing is falling so dramatically that considering outsourcing to the Cloud is no longer rare, and it is now accessible enough that any individual or organisation can use it to their advantage.

    Above the Clouds: Managing Risk in the World of Cloud Computing
    For Cloud Computing to be a viable option, you need to be confident that your business information will be secure and that the service you offer to your customers will still be reliable. So if you want to adopt a Cloud Computing strategy, you need to make sure you carry out due diligence on the service provider before you entrust this firm with your vital data. However, the author challenges the assumption that Cloud Computing will offer less protection to your data than relying on an in-house server. Buy Now!>

    Cloud Computing not only allows you to make economies of scale; it can also offer you the increased security that comes from sharing the resource. The author argues that moving over to Cloud Computing can actually help to defend your organisation from threats such as denial of service attacks, viruses and worms.

    Cloud service providers will tell you that Cloud Computing is bound to be better, faster and cheaper. The reality is that before switching over to Cloud Computing, you need to think carefully about whether it will really work for your business. This book shows you what you need to do to ensure that with Cloud Computing you will continue to give the standard of service your customers require. It also offers you some valuable tips on how to choose your provider of Cloud services.

    Published date: 9th February 2010.

    Pre-order this book using Voucher Code: “cloud2010” to save 10%!

  • Pre-order the Softcover;

  • Pre-order the eBook.
  • Tags: Business, cloud, Cloud computing, cloud computing benefits, cloud computing concerns, cloud computing risks, cloud computing security, cloud security, cloud services, cloudcomputing, Computer Science, Denial-of-service attack, Distributed Computing, due diligence, Economy of scale, Outsourcing, Security


    Dec 28 2009

    Hackers’ attacks rise in volume, sophistication

    Category: Information SecurityDISC @ 6:41 pm

    digital-hijack


    Year in review for online security attacks – 2009 is going to be known as a year of change in tactics of exploitation, rather than creating more new tools in hacker’s community. They are utilizing social media as a tool to exploit and using built-in trust in social media to their advantage. That’s why stealing social media accounts are considered as a treasure trove in hacker’s community to spread malwares (rogue anti-virus) which helps them to steal personal and private information. This perhaps was another reason why social media community was busy in 2009 changing their security and privacy policy on a frequent basis. Do you think, as social media grow, so does the threat to personal and private information?.


    At the same time 2009 comes to an end with a bang with an appointment of Howard Schmidt by Obama’s administration as a cybersecurity coordinator. A great choice indeed but why it took them a whole year to make this important decision. This indecision will cost them, no matter how you look at it. Now hopefully the current administration is going to keep the politics aside and take his recommendations seriously to make up for the lost time.

    Alejandro MartĂ­nez-Cabrera, SF Chronicle

    Security experts describe the typical hacker of 2009 as more sophisticated, prolific and craftier than ever. If anything, criminals will be remembered by the sheer number of attacks they unleashed upon the Web.

    While the year didn’t see many technological leaps in the techniques hackers employ, they continued to expand their reach to every corner of the Internet by leveraging social media, infiltrating trusted Web sites, and crafting more convincing and tailored scams.

    Although there were a handful of firsts – like the first iPhone worm – most attacks in 2009 were near-identical to tactics used in prior years, changing only in the victims they targeted and their level of sophistication.

    One of the most preoccupying trends was personalized attacks designed to steal small and medium business owners’ online banking credentials. The scheme was particularly damaging because banks take less responsibility for the monetary losses of businesses than of individual consumers in identity theft cases.

    In October, the FBI estimated small and medium businesses have lost at least $40 million to cyber-crime since 2004.

    Attacks continued to plague larger organizations. The Wall Street Journal reported on Tuesday that the FBI was investigating the online theft of tens of millions of dollars from Citigroup, which has denied the incident.

    Alan Paller, director of research at the SANS Institute, said criminals shifted the focus of their tactics from developing attack techniques to improving the social engineering of their scams.

    “It’s not the tools but the skills. That’s a new idea,” he said.

    One example is rogue antivirus schemes, which often trick computer users with a fake infection. Criminals then obtain their victims’ credit card information as they pay for a false product, all the while installing the very malicious software they were seeking to repel.

    Even though these scams have been around for several years, they have become more a popular tactic among criminals because they pressure potential victims into making on-the-spot decisions.

    “People have been told to look out for viruses and want to do the right thing. There’s security awareness now, but the criminals are taking advantage of their limited knowledge,” said Mike Dausin, a researcher with network security firm TippingPoint’s DVLabs.

    Chester Wisniewski, senior adviser for software security firm Sophos, said social networks also continued to be an important target for attackers. Despite Facebook and Twitter’s efforts to beef up their security, it has become a common tactic for scammers to hijack Facebook accounts and post malicious links on the walls of the victim’s friends or distribute harmful content through tweets.

    “We haven’t had this before – a place where all kinds of people go and dump their information, which makes it very valuable for criminals,” Wisniewski said. “It’s kind of a gold mine for identity thieves to get on people’s Facebook account.”

    Using PDFs
    Another common ploy was malicious software that piggybacked on common third-party applications like Adobe PDFs and Flash animations.

    Although Adobe scrambled this year to improve its software update procedures and roll out patches more frequently, criminals have increasingly exploited the coding flaws in Adobe products in particular because of their ubiquity and the abundance of vulnerable old code, said Roel Schouwenberg, senior virus analyst at Kaspersky Lab.

    By using ad networks or taking advantage of exploitable Web programming errors to insert malicious content, criminals cemented their presence in legitimate Web sites and made 2009, according to anti-malware firm Dasient, the year of the “drive-by download,” in which users only have to visit a compromised Web site to become infected.

    An October report from the San Jose company estimated that 640,000 legitimate Web sites became infected in the third quarter of 2009, compared with 120,000 infected sites during the same period of 2008.

    Damaging reputations
    The trend was not only a security threat for consumers, but also stood to damage the reputation and traffic of the victimized Web sites. In September, a fake antivirus pop-up made its way into the New York Times’ Web site by infiltrating the company’s ad network.

    Researchers also noted a high volume of attacks disguised as content related to popular news items – anything from Michael Jackson to the swine flu – to coax Web users into downloading malicious content. This closing year also saw a handful of notorious politically motivated online attacks, and the issue of national cybersecurity continued to gain prominence.

    On Dec. 18, Twitter’s home page was defaced by hackers calling themselves the “Iranian Cyber Army,” although authorities said there was no evidence they were in fact connected to Iran. An August attack on a Georgian blogger also indirectly affected the popular microblogging site and brought it down for several hours.

    In July, several U.S. and South Korean government Web sites went offline after being hit by a denial-of-service attack that South Korea has attributed to a North Korean ministry. U.S. defense officials revealed in April that hackers have stolen thousands of files on one of the military’s most advanced fighter aircrafts.

    “Now it’s in the agenda of every government to pay attention to the cyberworld,” Schouwenberg said.

    Security coordinator
    On Tuesday, the White House announced the appointment of Howard A. Schmidt as the Obama administration’s new cybersecurity coordinator. Schmidt occupied a similar post under the Bush administration.

    Even though crime continued to evolve into a more organized and compartmentalized operation this year, experts believe a new White House administration conscientious of threats and partnerships between law enforcement agencies and security firms offer encouraging signs for next year.

    An example is the Conficker Work Group, an international industry coalition that joined to mitigate the spread of the Conficker worm. The group also collaborates with law enforcement agencies by providing them with forensic information.

    “It’s the first time I’ve seen such partnership between countries. Typically it’s the Wild West and nobody is in charge of anything. Now it’s clear there’s a lot more international collaboration,” Dausin said.

    Tags: antivirus, cybersecurity coordinator, Denial-of-service attack, facebook, hacker, howard schmidt, Identity Theft, iPhone, Law enforcement agency, Malware, Michael Jackson, South Korea, Twitter