Click the banner for the site map of NoticeBored.com, the information security awareness service

Internet & Web security

Know Your Enemy: Learning About Security Threats by the Honeynet Project (~US$33 from Amazon) is a technical guide to configuring and using honeypot systems to analyze hacker exploits and malware in the wild. Read our book review.

Lance Spitzner’s previous book Honeypots: Tracking Hackers (also ~US$33 from Amazon) is another gripping read for technical folks involved in defending networks against hacker attacks.

Vulnerabilities in Not-So Embedded Systems described the hack of a Xerox mulitfunction device (copy-scan -print). The machine has an embedded AMD CPU running Linux and Apache with the Xerox applications layered on top. Accessing the device remotely thanks to its web and telnet interfaces, the hacker exploited vulnerabilities in parameter handling by the applications to compromise the root account. To the presenter, this was a bit of a lark. He clearly enjoyed explaining how to hack the machine and, for example, photocopy and scan a stray paper clip and set it up as a default printing template. For Xerox, however, the presentation and exploit represents a security incident that forced them to roll out urgent security fixes to their understandably rather irate customers.

Defense Intelligence Systems Agency (DISA) occasionally conducts network penetration tests against US military networks and publishes interesting statistics such as the proportion of attacks that go unnoticed and unreported, presumably to shame the network/system administrators into improving their security responses. Given that their targets are (or at least should be) highly security conscious, the figures are a salutary lesson for all of us since the implication is that, if the vast majority of network intrusion attempts are not recognized as such, then how many successful intrusions are also being missed?

James Madison University has some good advice for students on Internet security, especially their RUNSAFE initiative and a general page with news of current security issues such as phishing.

The Internet, and hence modern civilization as it has come to be, is essentially founded on Transmission Control Protocol/Internetworking Protocol (TCP/IP). TCP/IP is a suite of communications protocols that works over almost any communications medium, including bongo drums. Does this prove that the roots of modern civilization are in the jungle? Maybe not ... but it sure is a fun way to learn about TCP/IP.

A US-CERT Cyber Security Tip covers browser security settings - fine if your users understand the issue and can alter the settings.

The WWW security FAQ addresses the sorts of web security queries typically raised by clued-up technically -minded end-users and novice sysadmins. It is useful albeit a few years old (a few years = one Internet eternity).

Stay Safe Online publishes advice for home users about computer security including, of course, Internet security aspects.

CERT published a good overview of Internet security in a 1997 paper. It is interesting though rather sad to note that the risks they identified in ’97 are still with us, plus more besides.

Firewalls

The Sam Spade and Geek Tools websites have extremely useful technical tools for analyzing IP addresses. Useful to find out who has put suspicious entries in your firewall logs (you do analyze your logs regularly, don’t you?).

Discover step-by-step how to analyze Cisco network/firewall logs using Kiwi Syslog and Sawmill (both free or low-cost products).

A CERT CyberSecurity Tip on firewalls starts from ground zero: what is a firewall and why would I want one?

If you’re trying to shut off unnecessary ports at the firewall, take a look at this useful table listing most well known TCP/IP ports.

DataSafe is evidently no conventional firewall but an “Extrusion Prevention System”, no less. It inspects network traffic and applies filtering rules in real time, rather like a firewall, but it’s focus is on preventing the unauthorized export of critical or sensitive information such as personal information, credit card data, health care records, intellectual property and classified information, rather like a content inspection firewall. [Nothing to do with extruded aluminum then!].

A US-CERT Cyber Security Tip briefly explains firewalls without delving into the technology. This is A Good Thing for security awareness materials intended for non-technical audiences.

Other network security links

Russ McRee’s Toolsmith columns (originally published in the ISSA Journal) are well worth a read if network security is your day-job.

CERT is overflowing with sound network security advice to home PC users. Security standards are being developed in this area.

A number of sites offer to port-scan your system using your IP address. This one is typical - it probes TCP and UDP ports, identifying likely vulnerabilities. Because of the sensitivity and the volume of network traffic and security log entries a port scan can create, you should probably not try this from a PC inside the corporate firewall without authority from management ... but on the other hand, it might be worth finding out whether the network defenses actually work! As with all pen testing, though, a report saying ‘everything was OK’ does NOT necessarily mean your system is secure, merely that the scanning tools and techniques they used did not find any glaring vulnerabilities.

QualysGuard is a suite of tools to identify and remedy system security vulnerabilities on networked systems. Tools like this make the job of tracking and checking IT assets for compliance much less tedious, and hence more likely to be done properly.

Internet & Web security

Firewalls

Other network security links

Related NoticeBored links collections