Professional Documents
Culture Documents
Why It's Important: Abstract
Why It's Important: Abstract
Why It's Important: Abstract
For every consumer and business that is on the Internet, viruses, worms and
crackers are a few security threats. There are the obvious tools that aid
information security professionals against these problems such as anti-virus
software, firewalls and intrusion detection systems, but these systems can only
react to or prevent attacks-they cannot give us information about the attacker,
the tools used or even the methods employed. Given all of these security
questions, honeypots are a novel approach to network security and security
research alike.
This paper will first give an introduction to honeypots-the types and uses. We will
then look at the nuts and bolts of honeypots and how to put them together.
Finally we shall conclude by looking at what the future holds for the honeypots
and honeynets
Physical Security
The physical types of network security provide protection from fire, unauthorized
access, and/or natural disasters. Restrict physical access to systems, routers,
firewalls, etc. by combining the use of high quality locks with secondary
verification systems, such as biometric scanners. Security guards, video
monitoring and alarms are other ways to help keep areas secure. Password-
protect and monitor physical access to all systems. Invest in fire detection and
waterless fire suppression systems.
Perimeter Protection
Perimeter protection refers to the devices that separate your network from the
rest of the world. Firewalls are the most commonly implemented perimeter types
of network security devices. Application and appliance-based firewalls block
certain types of data from entering your network using standard and user-defined
filters. Many wireless routers include basic firewalls. Another important part of
perimeter security is the implementation of encryption and protocols to protect
the wireless network from unauthorized access.
Monitoring
Scanners, sniffers and analysis tools give the trained administrator insight
regarding system vulnerabilities. Many hackers use these tools to find
weaknesses in network security. Port scanners reveal open ports, which may
lead to the discovery of unnecessary or compromising services or applications.
Content filters prevent users from accessing websites that are inappropriate for a
work environment or contain malicious coding. Anti-virus and adware/malware
scanners protect data and equipment from unwanted applications. Monitoring
keeps those responsible for network security informed about the types of data
and network events that take place on the network. Baselines are established
over time during routine scanning and monitoring. Deviations from the baseline
are clues to new and possibly compromising events on the network.
SMS Phishing
SMiSHing is another term for SMS Phishing—a type of phishing attack that is
received through a mobile phone as an SMS message. The message may
contain a link to a website and ask customers to verify their accounts,
unsubscribe or subscribe to a service, or activate their memberships.
Some SMS-based phishing attacks do not contain website links in the message,
but do include a phone number for the recipient to call to activate or provide
information requested from automated prompts. The SMS phishing message
may also contain nothing but a text message, and the potential victim is
instructed to reply to the message with a yes or no text message in response.
Below are examples of SMiSHing attacks that I have received over the past few
weeks:
The above message is from a service number. If I respond to the message with a
"Yes", my account will be credited for the amount requested by the SMiSHer.
Here's another example of a fake service message via SMS that contains a link
to download a file which is infected:
Below is yet another example of SMiShing that I received. This one used a
company name "Power Root Sdn." (Sdn is an abbreviation for Sendirian Berhad,
which means "private business" in the Malaysian language) in the message. The
company Power Root may or may not exist, but the message announces that I
won 20K and should call the provided number to claim the prize.
People who respond to the message or call the provided number will be
prompted to provide their credit card number, mother's maiden name, birthday
and other personal information, allowing the phishers to gain access to their
accounts.
People who have not heard of SMiSHing might fall into the trap of revealing their
identity or giving out private information such as credit card numbers, social
security numbers, and other personal data. If the victim realizes that they are
being phished via SMS messages, they might blame the other victim—the
business or company being used by the fraudsters. The customers will become
unsatisfied because the company did not alert them of potential fraud or scam
messages using their business name. In some cases, the unsuspecting customer
might expect that something good actually happened, e.g. winning money from
the company that supposedly hosted a contest. They will try to claim the amount
they've won. The company will now have to deal with the customer and explain
their business is not associated with the fake SMS message.
To stop SMiShing from using your business or company name, you should start
creating security policies. An example policy to create and implement is to filter
messages sent and received by your company. There are security software
vendors that provide anti-spam and anti-phishing protections e.g. Trend Micro
and Symantec. If your business sends an automated message to customers, but
you are using managed security protection, then malware, security issues,
vulnerable platforms and applications will be prevented. And, if your business
system is free from any security issue, a fake SMS or phishing attempt will not be
sent by your automated service messaging system.
One such vulnerability is a weakness that allows a hacker to enter the system
and take it over remotely. Then all he or she has to do is prevent a legitimate
user from accessing or working on the system.
Another example is a "SYN Flood" attack, which prevents legitimate hosts from
connecting to the network. The attacker starts the process of establishing a
connection to the victim's machine; however, the ultimate connection is
incomplete, deliberately so. Then the victim's machine has reserved one of a
limited number of data structures required to complete the impending connection,
but it will never complete it. So the real connections are never complete, while
the victim is waiting for another, bogus, connection to complete.
Non-Renewable Resources
DoS attacks can also consume scarce, limited, or non-renewable resources. One
example of a denial of service attack comes with the destruction or alteration of
configuration information in the operating system. Such an attack may flood the
system so that it is incapable of performing the normal operations. The CPU may
be performing at the 100% level, which prevents other processes from running.
Another example is when programs are triggered to access more and more
memory, thereby filling up the available space in the system. Generating excess
mail messages may take up memory. This slows the system down, even to the
point that other programs can't run. Even after a re-boot the problem does not go
away. In such a case the DoS attack now comes with malware that has infected
the system.
Sources
For an article on legal cases involving hackers and cyber crime see: Busted
Hackers and Cyber Criminals - Interesting Cybercrime Cases
Operating System Attacks: http://www.irchelp.org/irchelp/nuke/
*For those people who are still uncertain why an intranet is important to business,
check out this article, "The Purpose of an Intranet."
1. Network security threats. Internal and external threats are common. Some
are deliberate threats while others are not. It's best to use a firewall and some
sort of security software like McAfee Network Threat Response.
5. Misuse of user privileges. Too often are users gaining unauthorized access
to systems from the Intranet. Businesses may want to use some type of intranet
monitoring software to see what their employees are doing on the intranet or on
their own PCs.
8. Usability problems. There are users who still improperly use the intranet.
They do not know how to search, retrieve, send or share data and information;
often, doing more harm than good on the private network. Some users may need
formal training.
9. Weak passwords. Users tend to use weak passwords, write down passwords,
never change them, or forget them. Network administrators must encourage
users to overcome these issues and have them use hard-to-guess passwords, as
well as not to share them, or write them down.
Intranet Tip: Set up firewall rules to allow only those messages that originate
from the internal server.
Advice: Any person granted access to an intranet should receive formal security
training first. Users need an IT security policy handy to know what to do when
there is a security violation, a security threat or attack, or learn how to resolve all
other intranet security issues such as those mentioned above.
Solution: Businesses can set up on their own intranet and choose a software
solution like Office Ability to overcome some of the common security issues like
usability problems, passwords, and encryption, or use HyperOffice, which is a
business that offers their own "Securely Hosted Intranet Software Solution" for
other businesses.
Conclusion
Untangle is a marvelous product. It does more in a single installation than any other product on the market,
commercial or otherwise. The incorporation of third party open source projects means that there is a diverse
body of support and updates for the product and a mass of humanity working on keeping the various
components current.
If you are a small to medium sized business looking for better protection of your network, use this product.
Buy the Professional Package. You will not regret it.
• Risk Assessment
• IT Security Audit
• Vulnerabilities in LAN & WAN architecture
• External access & e-business architecture
• Firewalls, routers, web servers, proxy servers, NT servers, Unix servers.