Archive for the ‘Security Tips’ Category

How to protect your network from cyber-attacks

July 15, 2009

By Tim Cronin

There are three measures network administrators can take to avoid the types of network attacks that plagued US and South Korean websites including www.whitehouse.gov, NASDAQ, NYSE, Yahoo!’s financial page and the Washington Post. The three areas to focus on are network based mitigation, host based mitigation and proactive measures.

Network based mitigation:

  • Install IDS/IPS with the ability to track floods (such as SYN, ICMP etc.)
  • Install a firewall that has the ability to drop packets rather than have them reach the internal server. The nature of a web server is such that you will allow HTTP to the server from the Internet.  You will need to monitor your server to know where to block traffic.
  • Have contact numbers for your ISP’s Emergency Management Team (or Response team, or the team that is able to respond to such an event).  You will need to contact them in order to prevent the attack from reaching your network’s perimeter in the first place.

Host based mitigation:

  • Ensure that HTTP open sessions time out at a reasonable time.  When under attack, you will want to reduce this number.
  • Ensure that TCP also time out at a reasonable time.
  • Install a host-based firewall to prevent HTTP threads from spawning for attack packets

Proactive measures:

  • For those with the knowhow, it would be possible to “fight back” with programs that can neutralize the threat. This method is used mostly by networks that are under constant attack such as government sites.

Choose the battlefield

July 13, 2009

By: Tim Cronin

PC World’s Jaikumar Vijayan recently reported on the attacks against US government public information infrastructure.  In the article, Karen Evans, a Bush administration Information Systems executive outlined what she thought should be fast-tracked.  It includes using TICs (Trusted Internet Connections) for all public infrastructures.  This would include making sure that the internet connections for public access are consolidated and then served by only trusted parties.  In my calculations, this has many benefits with only one glaring weakness.

What happened?

A single quote of the story stuck out.  “the most important lesson learned is that many federal agency security people did not know which network service provider connected their Web sites to the Internet,” said Alan Paller, director of research the SANS Institute. “So they could not get the network service provider to filter traffic.” That quote takes my breath away.  If this is accurate, then the preparedness of network security for the government’s infrastructure is simply not up to par.  There is not much else that can be said.  What are we as a community to do?

Choose the battlefield. 

Often used as a text of inspiration to security professionals is Sun Tzu’s “The Art of War”.  There are two quotes that are relevant to this discussion.  “…And therefore those skilled in war bring the enemy to the field of battle and are not brought there by him.”  And “The art of war teaches us to rely not on the likelihood of the enemy’s not coming, but on our own readiness to receive him; not on the chance of his not attacking, but rather on the fact that we have made our position unassailable.”  The lessons of Sun Tzu show that we want to essentially choose the battlefield and lay in wait for an attack.  We want to be wise about our battlefield and prepared for the enemy.  Using the TIC approach is similar to how the Spartans chose the battlefield for the battle of Thermopylae.  They chose a small gorge that a small force could successfully defend and then they put up the biggest fight in history.  This is the idea behind the TIC.  Secure the path to the prize.  When you secure the only way to get to the servers, you secure the servers.  At the moment, the servers are too distributed to mount an effective defense.

Weakness?

The only glaring weakness that I can calculate is that this can easily turn into a bureaucratic nightmare resulting in weak TICs.  Weak TICs will result in a much wider path to the prize (what if the gorge at Thermopylae was twice as wide?). 

 TICs will have to comply with some standard.  Not only that, but likely the TIC will have to be the lowest bidder on the project.  So what are the standards?  Will they be robust enough?  Will the lowest bidder do just enough to get the grant?  Will the lowest bidder have qualified personnel?  Will there be a process that the TIC and government will need to follow that essentially slows response time?  All these are questions that should be answered among many more.

Tips for securing your Wi-Fi Connection

July 6, 2009

By Tim Cronin

 

Recently, NPR’s “All Tech Considered” posted a very good and concise article on securing WiFi technology.  I would just like to add a few key points for those that concern themselves with network security.

 

First, when using a VPN on an un-trusted hotspot, make sure that it is a “full tunnel” VPN.  Split tunnels work well for connecting with trusted networks (like your home network).  Unfortunately, if you are on an un-trusted hotspot, then there is no guarantee that there is security on that hotspot and an attacker can use your PC to get access to your internal network. 

 

Second, I would just like to point out that “Secure your home network” Is a huge point.  Don’t just take advantage of encryption, MAC filtering and other ubiquitous measures.  Also, reduce the size of your network to the minimum that is necessary for the amount of expected systems.  And change the default network.  Choose something not common.  These steps may not be effective alone, but can certainly add to an overall secure environment. 

 

SIDENOTE: MAC filtering and other security features have been shown to be inadequate when a skilled attacker targets your network.  There is still not reason *not* to use them.  The key is to make your network harder to get into than the ones around you, make it difficult enough so that the attacker loses interest or make it harder than his skill level to crack.  An attacker will likely take the path of least resistance, after all. If your network proves to be difficult to hack, the hacker will move on.

 

Third, disable your wireless antenna when not in use.  Most laptops have a button or switch that disables the antenna so that it’s easy to see that it is disabled.  This is especially true on airplanes.  There are many people that find it fun to browse others’ PCs while on board a plane.

 

Fourth, if you connect to an access point that you don’t intend to connect with often, delete it from your automatic wireless network list.  This was shown to be a very large hole by HD Moore (with his “Evil eeePC”).  Instructions here: http://technet.microsoft.com/en-us/library/cc778180(WS.10).aspx

 

Last, never assume that you aren’t compromised.  The chance always exists.  Monitor your systems regularly for irregularities.