Security Enabled Network

I came across an interesting article today that touches on the topic of security, so I’d thought I’d write about it briefly. Christopher Boydon over at SpywareGuide.com found a phishing utility called Apheve up for download on Cnet.com. It allows phishers to disguise the program as an instant messaging program like Yahoo IM, Skype, or Live Messenger. The unexpecting victim then goes to log into this fake program and receives an error. After the victim has left, the phisher goes back to that computer and is able to retrieve the username and password the victim attempted to login with.

What is shocking is how this program is freely available for download on Cnet.com and probably a host of other websites. Somehow this program has squeeked through the filters. It has no other purpose other than to steal passwords. The creator of the program has also posted up youtube videos with tutorials on “How to hack Msn, Skype or Yahoo with Apheve 1.1″. I think it is pretty clear about the nature of the program.

This is just one more reason why you really need to be careful about what you access if you are using an internet cafe computer or a computer other than your personal one. You can never be too safe.

I have been doing a lot of reading lately about the history of security research and the issue of full disclosure. It is a huge debate issue and it was something that before I started getting into security, I was completely unaware of. It isn’t something that hits the news often and when a vulnerability makes the news, the background issue about the disclosure of it is usually so controversial that nobody touches on it in the mainstream.

So what is it exactly? Well it is in regard to when a security vulnerability is discovered, the debate revolves around whether or not knowledge of that vulnerability should be open to the public. Some people say that making sensitive information like that public only put the customers and general public more at risk by releasing that information out into the wrong untrusted hands. Others say that untrusted individuals already had that information and that releasing it to the public will help speed up the process of getting a proper fix for the vulnerability out to the people that need it.

No matter where you stand on the issue, both sides seem to agree that one of the greatest issues is communication. There are generally two parties involved with the issue. One being the vendors that make the software at risk, the others being the security researchers that initially discovered the vulnerability. These parties must communicate in such a way that is in the public’s best interest. However, poor communication between the two can deteriorate relations and can lead to the disclosure of sensitive vulnerability information. Vendors typically claim that they are not given enough time to get a fix properly release. The security researches sometimes claim that waiting too long to get a patch to the general public is putting the public at an increased risk with each day that goes without a proper patch.

There have been many disclosure policies that have been developed over the last decade that are aimed at helping develop proper communication between all parties involved such as RFP, OIS, and ZDI. Many of these are just guidelines and are there just out of general respect for both sides. Neither side, however, is obligated to follow those guidelines. They do help give each side of the fence a certain set of expectations. If one side is following a specific policy and staying within the guidelines set, then the other side will know what to expect. It also helps open lines of communication that may not have been there before the policies were put in place. Many times, when a security researcher discovered a flaw in a piece of software, they’d have no idea where to turn to to get the flaw fixed.

After reading more and more about the history of this issue, when I see events that happen, like the DNS vulnerability that Dan Kaminsky and the associated vendors handled, it really amazes me how well everyone involved were able to communicate and help get the issue resolved. Without open lines of communication from both sides, we just won’t be prepared enough to handle wide spead isssues properly when they arise.

I have written many times before about the importance of end-to-end security across all types of networks. With the state of security today, protecting your data at all points on the network is crucial. Well Fortinet recently just introduced a new vulnerability management solution for medium to large corporate businesses. It is called the FortiScan-1000B. It helps businesses maintain security across their network by integrating all the crucial points in a network security policy. It integrates the following features: industry and federal compliance, endpoint vulnerability management, network-level vulnerability management, and patch management and remediation.

In 2008 Fortinet purchased the security company named Secure Elements. They’ve used the assets from this purchase to leverage technology in the new FortiScan-1000B. It uses the software solution from Secure Elements as the basis for its new solution. It also uses the vulnerability scanning feature from its own FortiAnalyzer solution. These features help security administrators stay compliant with SOX, PCI-DSS, GLBA, HIPAA, etc.

You can read more about this new device at FortiNet’s website.

There has been a lot of buzz lately about the Conficker worm that has been circulating and has now infected nearly 12 million Windows computers worldwide. But, not all the news regarding the Conficker worm is doom and gloom. Experts in the field have discovered a security flaw in the virus that will allow security administrators to isolated infected computers.

When the Conficker worm infects a computer, it applies its own version of the Microsoft patch that was released last October that fixes this vulnerability so that when the computer is scanned for patches, the vulnerability goes undetected. However, security researcher Dan Kaminsky said a research group found that it was far easier to distinguish a computer patched with the Conficker worm from a computer patched with Microsoft’s patch due to a flaw in the Conficker code.

From this, they have been able to create scanning tools that can help distinguish whether or not specific computers are infected with the Conficker worm or not because of the the Conficker flaw they found.

The problem with this type of resolution though is it could possibly give some criminals an opening into the botnet to create new worms that will allow them to take control of sections of the botnet.

Such an “anti-worm” might well be more destructive than the Conficker worm itself, Kaminsky said. “You would have to build something that is as virulent as the current worm, and be willing to become the kind of monster you’re trying to fight,” Kaminsky said. “No one can play counter-worm very well.”

If one good thing has come out of the Conficker flaw it is the discovery that it highlights weaknesses that can be found in almost all third-party security patches. Usually the security industry would release seperate security patches and scanners pertaining to a particular virus or worm to provide protection until a complete update is able to be released. But, those updates are generally produced by people who do not have access to the source code, thus not providing a 100% guarantee on patch success or not. The Conficker flaw has shown that systems really can’t be purged until they have a full cleaning with an updated scanning software made from the source code.

I wanted to quickly post on a topic I was reading about this morning. There were several posts I came across that I found important to take note on. They are about a growing trend in attacks in 2009. Infrastructure attacks have been on the rise since January and it is a large concern for many because of the way that most professionals handle their core infrastructure.

In a recent post by Dan Kaminsky he talks about the growing trend of infrastructure attacks in 2009. He mentions the need for better security across the infrastructure. Network devices need to be easier to update. Current generation appliances require cumbersome update processes that often result in needing schedule outage periods. Not to mention the fact that there is always a risk of bricking the hardware during a firmware upgrade. There is a growing need for an automatic update process much like the kind desktops use in order to stay current with the trends of infrastructure attacks.

Infrastructure attacks like the one that Ryan Naraine talked about in his blog post. There is a psyb0t worm that affects embedded Linux devices like ADSL modems and the like. This means there are hundreds of thousands of home routers that are vulnerable and there is an estimated 100,000 already infected.

With the growing trend of infrastructure attacks this year I suspect there will be a new trend to combat it. People will begin to re-evaluate how they handle their infrastructure. We may start to see network appliance manufactures implement auto-update features for their devices. We’ll just have to wait and see.

If you work with computers, then chances are you’ve heard of or had to deal with the malware programs called Antivirus2009 and Antivirus360. This rogue AV software has been tricking users into believing they have viruses on their computers and claiming that the rogue AV software can remove the viruses for them. But, the software is not a real AV program. Instead it installs its own malware and trojan viruses on the computer and never touches any viruses that may have been on the computer to begin with.

Brian Krebs of the Washington Post reported a week ago about an affiliate program called Traffic Converter. This affiliate program pays people who help distribute the rogue AV software. This is part of the reason why this program has been able to spread so rampantly. Many of these affiliates have been making tens of thousands of dollars a month scamming people who pay for this rogue antivirus software.

Both Mastercard and VISA made actual onsite visits to the merchant company after the Washington Post report ran. Since then, the affiliate accounts have been frozen and messages on the Traffic Converter website have stated so.

It is very rare to see such a case where two credit giants come together to help shutdown a company that distributes rogue antivirus software. It is good to see happen. But, it also goes as a reminder that there are many more affiliate programs out there that have payouts just as high. Keep your computer safe by avoiding the installation of these rogue AV programs. If a website says that it scanned your computer and found viruses, it is probably a fake and you should never install software unless your are absolutely positive of its origin.

One security measure that is often overlooked on networks is routing security. Even on closed networks, routing security is important and many times IT professionals overlook securing their routing protocols. Most of the time they feel that because the routing protocols can’t be compromised from outside the network, then they disregard the fact that they can be just as easily compromised from inside the network if not easier. Routing security can be just as important in your security policy as anything else.

Many large networks with multiple internal subnets use routing protocols across the infrastructure to automate route path discovery. These routers rely on sending their routing tables and route information to each other to allow for proper network convergence. Setting up route protocols on the network passes this information across the network to allow other routers to receive the information. Some protocols broadcast this traffic across the network for anyone to hear. By default, routers configured with routing protocols such as RIP, OSPF, or EIGRP will automatically update their routing tables regardless of where the routing updates have come from. This means that anyone who knows what they are doing can easily forge route update packets and send them across the network to place their own routes into routers on the corporate infrastructure.

This is why routing security is important. Imagine allowing an attacker to update the routes on your network to pass all traffic destined for one IP address to another network completely. This allows for easy hijacking of a complete network or to completely shutdown the network with a denial of service attack.

With proper routing security you can help control this problem on the network. For one, most current generation routing protocols allow for authentication to take place. For example, with EIGRP you can create an authentication key and use that key to authenticate routers on the network. When a router receives routes with the proper authentication key, only then will it allow the routes to update the routing table. If the router receives routes that do not have the right authentication key, it just ignores them.

It is also important to note that if you are using a routing protocol on your network, ensure that you are using a current generation protocol and not an obsolete protocol like RIP. Most of the newer protocols like EIGRP will only send routing table information when routes on the network change. This helps alleviate the issue of sending route information across the network for anyone to grab with a sniffer. Another method to help prevent that is to create a distribution list so that the routes only get sent to specific routers in a unicast fashion.

Routing security, while often overlooked, should be an important part of your network security policy. A little common sense and some basic knowledge on routing protocols can really help you secure your route infrastructure to prevent attacks from inside the network from occurring.

Social networks today, such as Facebook, MySpace, and LinkedIn, have been growing at a tremendous rate. It has recently become the target of IT professionals as a security threats on company networks. Not only is it seen as a contributor to productivity loss, but it is also a security threat for data loss and data compromise. It is a great tool for hackers to use to gain entry to corporate networks where these social networks are used. These networks have built up trust with their users and these users take them into the corporate networks with that same level of trust. So those applications that can pose a security risk at home will pose an even greater threat in the office.

So IT professionals are taking a much deeper look into social network security and their corporate networks. They are finding that not only does the issue come from the 20-somethings in their network, but a growing population of older individuals are venturing into social networking. The problem is that many of the older individuals may not be as savvy as the younger generation when it comes to network security common sense.

An ethical hacking firm, Netragard, claims that they can gain access to any data at any corporate network very quickly. They claim to be able to do this through social networking sites. They offer their services for a fee to prove this claim and offer ways to help improve social network security and how to curb its threat on your corporate environment. Regardless at legitimate their claim may be, it is still an alarming statement that should be taken seriously.

Social network sites are great for helping people with similiar backgrounds meet and stay in touch. The problem for corporate users is that inside large enterprises where no one person knows everyone in the company, it is easy for someone with a fake ID to establish trust with individuals in a company due to the basic fact that they claim to be a colleague. From there it is a simple matter of setting up a phishing scheme. The problem with this form of attack is that there is no evidence of a breach and not log of what data was even stolen.

With these new methods of data breach that social network security brings to the table, it is imperative to take a new approach to network security than was taken in the past. IT professionals can no longer look at networks in a segregated way. There is no longer a boundary between the corporate network and the internet. They must be treated as one and have a policy that encompasses them both. Also, when introducing new technology into a network environment, you must look at where that technology stands from a security stand point and in what ways it increases your security risks. Create a security policy that includes social network sites. Prevent the access to these sites from inside the corporate network and also have a company policy about what employees are allowed to say about the company whether they are currently on duty or not. Finally, be sure to run penetration tests from both inside and outside the network and be sure that the tests included some form of social engineering. Hackers don’t have any boundaries, so chances are that if a tool that follows rules is able to break into your network, it will be even easier for a hacker to do so.

Part of anyone’s network security fears has to do with losing data due to deletion. Whether those deleted files are gone because of a malicious act or some accidental mistake, it is bound to happen. Or there is the simple fear of losing data due to a crashed hard drive. It all happens and you just need to be prepared for it.

I have done quite a lot of file restoration in my day. I’ve seen numerous hard drive crashes, but I’ve also had to deal with needing to recover files after a hard drive has been reformatted with Windows reinstalled on it. It is not an easy task, let me tell you. When you need to restore deleted files that were on a hard drive, those files aren’t necessarily gone for good. There are many ways you can restore them. When you tell a file to delete on your computer, technically your computer never actually erases or deletes those files. It only marks that space on the hard drive where the file existed as available. The computer then knows that it can then writes files to that location again at a later date.

When you go to reformat a hard drive, the computer goes through a process of “zeroing out” all the sectors on the hard drive. When this is done, it becomes much harder to restore files. Most software is unable to restore deleted files after that. Fortunately when I’ve had to restore deleted files, I have come across a handy piece of software that I’ve been using. It is called, quite simply, Restore Deleted Files. This piece of software allows you to do so much more that more other software programs that allow you to restore deleted files. With this software, you can restore deleted files from the recycle bin, recover your files after a hard drive crash, and even restore a hard drive after it has been reformatted with Windows reinstalled on top of it!! Not only can you restore a reformatted hard drive, which most software fails at, but it can go a step further and restore deleted files after you went ahead and reinstalled Windows!

This is a very easy software program to use. I highly recommend it even if you don’t have to restore anything at the moment. You will never know when you might need it. It has saved me numerous times. Be sure to check out this awesome piece of software called Restore Deleted Files. You can download it right from the website.

Download it now!

More and more people and businesses are taking their work and information with them on the road and being mobile. The use of wireless technologies such as WLANs and wireless 3G cellular networks is everywhere. It is estimated that about 90% of laptops in use today are capable of Wi-Fi usage.

The increase is wireless usage and demand has not been met however with an increase in security. Outdated security policies and protocols are in use in today’s wireless networks. New attacks are emerging, but most of the security measures taken are more of a reactive approach versus being proactive and releasing new security protocols to prevent these types of attacks.

Most companies that utilize WLANs in their infrastructure fail to realize that a security policy overlaid with security measures is needed to protect the network. Many companies simply implement WEP for security and then forget about their wireless security needs. Most security threats today come from inside the network. So a security policy must stress the importance of security over wireless technology to their employees. Security training should take place and it should give the employees a basic understanding of what is at stake and the realistic threat that a wireless network can pose if not secured properly. Then the system administrators can concentrate on updating their infrastructure to meet today’s wireless security demands.