Posted by arlene

Before looking at these it is worth saying that much can be done about system security which does not involve high-tech methods and tools. The fact that users often choose passwords which are easy to crack, for example passwords which are their family’s names or which are so short they can be cracked by a simple brute force attack. This problem can be partly solved by having passwords dispensed by the system administrator who would choose random sequences of letters and digits which, while being difficult to crack, would also be relatively memorable — passwords such as Icee6Tepigkun.

Logging Tools

These are software tools which monitor the use of a computer or part of a computer and which log events that occur to a secure file or to some write-only medium such as a CD. Typical events that such tools monitor are a user logging in, transferring a Web page or trying to read a file.

There are a number of secure commercial logging tools which will, for example, check for unusual events such as:

• A user logging on at an unusual time: for example, a user logging on after midnight when they usually log on during the working day.
• A user logging on briefly and then logging out and then repeating this process a number of times. The user could be attempting to gather information for an IP spoofing attempt.
• A user mistyping a password a number of times — certainly more times than would be expected if the user was a poor typist. Often this occurs when someone is trying to guess a password.

A good system administrator will install a third-party logging tool and produce daily reports of its results and should also arrange that immediate exception reporting occurs: that a very serious event such as the modification of a sensitive file such as a password file is immediately reported.

Virus Scanners

These are software tools which look for unusual changes in the files stored in a computer and also look for file characteristics which are associated with known viruses. Many of the tools allow the user to download a database of current virus signatures; often these databases are only a matter of hours out of date so they will catch most viruses.

Network Topology Techniques

One major way of guarding against a number of forms of attack is to design the topology of your network in such a way that it is difficult for intrusion to occur. For example, it can be virtually impossible for a sniffer to be placed in a network if it is highly compartmentalised. One of the most effective ways of using network topology is by implementing a firewall.

A firewall is an extra layer of protection placed around a network or around a particular application. A firewall placed around a network will usually employ a router which can be programmed to deny access to a network, for example it can be programmed to deny access to any packets of data which have been sent to a particular dedicated port.

The given exampleshows one very popular configuration which is used to protect a Web server and the internal computers connected to it from being compromised; it is known as a screened host firewall. The configuration is intended to protect a Web server which dispenses pages to the public from being compromised and perhaps acting as a starting point for a more serious intrusion which affects other computers in the internal network. The configuration involves a programmable router which is able to monitor, re-route and reject packets of data and a Web server known as a bastion host or a proxy server. The bastion host acts as a temporary store or ‘cache’ of pages which have been dispensed by a real Web server which resides within a closednetwork.

When a packet of data is processed by the firewall router it will determine what to allow through to the internal network that it protects. Often the data allowed through will be a very small subset of the data which could be sent to it: for example, it might only allow through data which represents e-mails. If the router detects data which is intended for the Web server it will forward the data to the bastion host. Any other data is rejected.

When the bastion host receives data which accesses Web services it will satisfy that service. It will first check that the pages required by the request are contained in its cache of pages; if so, then it will send the pages to the computer that requested them. If the pages are not contained in the cache then it will request the real Web server, which resides within the firewall, to send it the pages so that it can satisfy the request.

The use of a bastion host secures Web services because any intruder has to compromise this computer before they can enter the network in which the real server resides. For example, a malicious attack on the bastion host which attempted to delete Web pages would only delete the temporary cached pages.

An even stronger use of a firewall is to employ two layers of protection: a router which is open to the Internet and a further router which guards the internal network.

In between these two routers there would be further bastion servers which offer services that outside users may need to access, services such as a mail service or an ftp service which enables customers to download company samples or brochures; again these bastion servers would communicate with the real servers which are located in an internal network. This form of organisation is known as a screened subnet; the area in which the public services are located is often known as a demilitarised zone.

Security Checking Software

Already I have discussed a number of software tools and utilities which can be used to probe a network for weaknesses in the context of the dangers they pose to networks; however, in the hands of a skilful security administrator such tools can greatly reduce the probability of a network being compromised by an intruder. By running scanner and password cracker software regularly a security administrator is able to notify potential problems that could occur, associated with (amongst others):

• Denial of service attacks.
• Abuses involving mailing utilities such as sendmail.

• Attempts to crash a server by violating the rules of TCP/IP.
• Vulnerabilities associated with the File Transfer Protocol.
• Vulnerabilities associated with any naming services.
• Badly constructed passwords.

The ability of an intruder to take over the identity of a trusted user such as a system administrator.

Possibly related posts: (automatically generated)
Recommended! Internet Security Techniques and Software Tools

• Digital Technology Application and Home Security
• Network Access Control Databases
• Security Facilities in Java
• Privacy, Security, and Email Marketing Data
• Website Hosting Sever, some Pitfalls you need to avoid part 2
• Improving Security
• Wired Protected Access (WPA), WPA2, and 802.11i
• Will Intrusion Detection Be Enough?
• Basic Ethics of Online Marketing Part 4
• Inexpensive Firewalls for SOHO Environments