Network Security Basics As we wrote in our Computer Security article, there are many possible points of entry into your network that intruders can exploit to gain access to your files and data. A graphic example of how many of your computer's resources are exposed over the internet is demonstrated at the Shields Up website at grc.com. Remember that SMB is not that secure, so if you want to protect yourself against unwanted hacking, you should do at least one but possibly all of:
For users who want a "quick fix," we've had good results from the latest version of Symantec's Norton Internet Security. This program, with the proper configuration, closed all ports and locked down all resources on our test machine, according to the port scanning tests at www.grc.com. IIS Server Security A good and fairly exhaustive list of security checks for anyone running IIS can be found at http://technet.microsoft.com/en-us/library/dd450371.aspx
Apache Server Security A detailed description of a sophisticated Apache server attack scenario can be found at http://www.apache.org/info/20010519-hack.html
Other network security issues and solutions of note: 08/15/01 Noted at SecurityFocus.com: Microsoft releases patch-scanner -- Application identifies all unpatched Win-NT, 2K, IIS, and SQL installations on a local network.
08/08/01 The Networking section at Accelerate Your Mac has information on how to set up a router to stop the Code Red Worm. This tip is useful for DSL users with a Cisco Modem/Router, as these units can be seriously affected by Code Red and similar worms.
07/25/01 Once touted as an operating system "designed from the ground up" for security, BSD has been afflicted by a number of serious security breaches recently. The latest affects those who use Telnet to upload files. InternetNews.com has details....
07/23/01 A weakness in SSH Secure Shell software, version 3.0.0, released June 21, can let an attacker gain control over some Unix or Linux computers. Versions of Linux that are vulnerable include those from Red Hat, Caldera International, SuSE and Debian. Fortunately, the flaw affects only users of two-character passwords and thus is not likely to affect many systems. News.com has details....
07/18/01 A worm known as Code Red is the topic of our latest security warning. The threat, believed to have originated in China, attacks unpatched servers running Microsoft's Internet Information Server. The self-spreading code methodically seeks out ranges of IP addresses, 100 at a time, to inspect servers. If a vulnerability is found, it defaces web pages hosted on the server with the message "Welcome to http://www.worm.com! Hacked by Chinese!" The worm behaves in such a way, experts warn, that it could be used to collect information about vulnerable servers for later attack. Code Red has already attacked almost 12,000 servers -- and there could be millions more at risk. News.com has details....
07/08/01 InternetNews.com warns of a security issue affecting Windows 2000. Microsoft has released a patch for an SMTP flaw that could allow a malicious user to authenticate to the service using improper credentials for e-mail relaying. The SMTP service is installed by default as part of Windows 2000 server products, and can be optionally installed on Windows 2000 Professional.
07/07/01 "Hackers are developing techniques quicker than the agency can keep up," says the CIA top technology adviser. The government admits it's not quick enough to respond to hackers trying to infiltrate its systems. Read more....
07/05/01 -- A hacking script posted by a Japanese cracker going by the nickname of "HighSpeed Junkie" takes advantage of the security flaw noted by Microsoft on June 18. Unpatched servers are at risk of attacks with "the ability to take any desired action on the server, including changing Web pages, reformatting the hard drive or adding new users to the local administrators group." Yikes. The risk is believed to have increased since the code was published to the Win2KSecAdvice mailing list on June 27, and has since been seen on at least one underground hacking site. A strongly worded Microsoft Security Advisory provides information on what the estimated 6 million IIS server operators can do to fix the problem. See News.com for details.
05/06/01 -- It is possible to remote control PCs with the well known Sub7 Server, a remote administration tool/Trojan for Windows. There's also a Sub7 Mac Edition. See SecureMac for details.
03/10/01 -- In an unprecedented move, the FBI has released comprehensive details of what is being called the largest ever hack attack. The attacks, which originated in Russia and the Ukraine, are believed to have been orchestrated by the so-called Russian Mafia. At least 40 companies were affected and an estimated 1,000,000 accounts, including credit cards, user IDs and passwords, and personal data, were stolen. A press release at www.fbi.gov has details. Ars-Technica.com has additional commentary.
02/28/01 -- Microsoft Exec Details Hack Attack- Human Error to Blame, notes ActiveWin.com
02/15/01 -- The web servers of HP, Compaq, AltaVista and Intel sites were all hacked recently -- and each had one thing in common--the operating system in each case was Windows NT and the Web server IIS/4.0. There's gotta be a lesson in there somewhere.
01/17/01 -- "Ramen" noodles through Red Hat security holes - this worm seeks out and attacks Linux-based servers, replacing web server pages with hacker messages.
07/29/00 -- As noted in our Firewalls feature, there is more to developing a comprehensive security policy than setting up passwords and antivirus programs. Dolfin.com provides Internet security consulting services and can professionally install and configure corporate firewalls (a good first step) at prices typically ranging from $2,000 to $25,000.
07/29/00 -- If you're not yet running a personal firewall such as Norton Internet Security of BlackICE Defender, you might consider at least looking at the Shields Up section at GRC.com, to find out how much of your personal information is at risk.
07/05/00 -- CNN has posted a feature how to protect your network.
06/12/00 -- Symantec has announced Norton Internet Security 2000. The new tool defends against hackers, protects privacy and eliminates dangerous viruses. A Family Edition of the software adds powerful parental control and Web filtering capabilities.
06/12/00 -- Our Virus Alert Bulletins page debunks the alleged Serbian.Trojan threat that at least one network security technologies company apparently used as a PR ploy, stating that the program was poised to set off a massive, remotely launched distributed denial-of-service attack.
06/08/00 - Microsoft on June 6th announced Internet Security and Acceleration Server, an enhanced version of the product formerly known as Proxy Server. The new product, due later in 2000, provides enterprises with protection against a number of Net threats, including the so-called "Ping of Death" and various denial-of-service attacks. It includes caching, intrusion detection and firewall capabilities. A beta versions of the new server is available for free on Microsoft's Web site at www.microsoft.com/ISAServer.
05/26/00 - Business Week notes "The Breach That's Shocking the Firewall Industry," as Network Associates' vaunted Gauntlet firewall system crumbles during an outside engineer's routine audit. Our Firewalls feature has details.
02/10/00 - Web watchers on Feb. 9th, 2000 were wondering if attacks against Yahoo, Buy.com, eBay, Amazon.com and CNN were just the start of an organized campaign against ecommerce websites by hacker groups. Each of the sites had been hit in recent days by denial of service attacks, but, as Ars Technica notes, it's the distributed nature of the attacks that has security experts puzzled as to who's behind it and what their motivation might be. A CERT advisory notes that all systems connected to the Internet can be affected by denial-of-service attacks and tools for creating such attacks are readily available in the hacker community.
11/15/99 - Windows NT Service Pack 6 update carries bug, reports News.com. The bug prevents users from accessing Lotus Notes without administrator rights -- potentially crippling Lotus Notes unless companies compromise network security. Microsoft released a "hot fix" patch for the bug on Nov. 16th. Infoworld has details....
For Further Reading:
Post new comment