All posts by Steve

Wireless Security Overview

Wireless data communications has become a tremendous success. The protocol used by most wireless computers is the 802.11 standard. But how secure is wireless data communications? Here is a short overview covering the basics about wireless security.

The 802.11 protocol from IEEE (Institute of Electrical and Electronics Engineers) defines a number of standards for link-layer protocols. The most popular of the 802.11 standards are the 802.11b and 802.11g. If your computer is using WiFi, you are most likely to use the 802.11 protocol.

Wireless data communications creates additional security issues. If your computer is connected to the network with a cable, someone who wants to eavesdrop on the traffic would have to get access to the cable and find a way of undetected eavesdropping on the traffic. It is not impossible but requires a lot of resources and technical skills. Wireless networks on the other hand, have no such security. The packets are broadcasted and can be received by anyone in the neighborhood. Of course, the individual packets have to be interpreted and put together in the right order. Not easy to do but you can download programs that do such things for you from the Internet.

So how can you protect yourself in a wireless world? Fortunately, the 802.11 include some security features, helping you to protect yourself. All wireless traffic can be encrypted. This is very important, since the data is broadcasted and can be received by anyone within the broadcast range. It is not even necessary to be logged onto the specific WiFi network. Thus, always encrypt the wireless traffic, otherwise you have no security what so ever.

Note that many WiFi hotspots don’t use encryption. You may want to be very careful in such places. Don’t log on to any sites that don’t use SSL, which will give reasonable protection. For sites using SSL, make sure to check that the certificate is valid. If the certificate is not valid, it could be a Man-in-the-middle attack. An SSL connection is encrypted by the end-devices and can not easily be decrypted by outsiders.

If you connect to a VPN, using unencrypted wireless networks is not a big security issue. The VPN software will encrypt the traffic. Note that today it is even possible to eavesdrop on unencrypted wireless traffic using just a smartphone, no computer is needed.

The two main encryption standards are WEP, Wired Equivalency Protocol, and WPA, Wi-Fi Protected Access. WEP is an old protocol and not very secure with today’s standards. Although very few people are capable of personally cracking WEP, it is possible to download programs that will do it for you. WPA is much more secure but also it has a couple of shortcomings.

The basic version of WPA encryption makes it possible for anyone who is logged onto the WiFi network to read the traffic of others logged on to the same network. And finding out the password of the network is seldom very difficult for someone who knows what he is doing. The more secure versions of WPA require an authentication server. It is a very sound investment for companies but not for home networks.

Note that the feature of not broadcasting the SSID does not significantly increase the security of your WiFi network. It is easy to discover the SSID even if it is not broadcasted. You can find plenty of tools on the Internet which discover the SSIDs of all WiFi networks in the neighborhood, regardless if the SSID is hidden or not. Additionally, hiding the SSID may cause problems for legitimate users.

All in all, WiFi has a number of security issues but as long as you are aware of the problems you can use WiFi without worrying too much about the security issues. Just make sure that you are using strong encryption, for example SSL or VPN, when you are accessing sensitive data.

Firewall Overview

What is a firewall? This is a common question. In IT, a firewall is used to keep unauthorized users away from a computer or a network. A firewall can be hardware-based, that is a physical box with software, or software based, which runs on a normal computer. Here is a short firewall overview.

The success of the Internet created the need for firewalls. A computer which is connected to the Internet is very likely to get attacked. The Morris Worm, released in November 1988, was the first large scale attack on the Internet. It was not malicious but infected thousands of computers. The main reason was that most system administrators had not expected to be attacked and had not secured their systems. The problems caused by the very simple Morris Worm changed Internet security. One of the main solutions for preventing attacks became the firewall.

The early firewalls were mainly using basic packet filtering, making it possible to specify allowed traffic and rejecting or silently dropping all other traffic. Packet filtering is easy to implement but it does not work well in a dynamic environment like the Internet. Another early feature of many firewalls was NAT, Network Address Translation, hiding the internal structure of the network behind the firewall. NAT also makes it possible to use private IP addresses (RFC 1918) on a network. This makes it possible to hide a whole network, using private IP addresses, behind one single public IP address. This both preserves IP addresses and increases the security of the private network.

Nowadays, you have a lot of firewalls to choose from. The high-end solutions are very expensive, aimed at large organizations which need to protect themselves against a number of threats. For a home network connected to the Internet with a broadband connection, a combined wireless hub/router/firewall is a cheap way of protecting your computers at home. Strictly speaking, such devices are no real firewalls but they can protect you against most threats. You should still run anti-virus software on your computers, even if they are protected by a firewall.

Windows operating system has firewall software as well. The software has been included since Windows XP. The early versions were very basic and often created problems. But the Windows Firewall software has been improved and provides a reasonable level of security. But it is highly recommended that you pay for anti-virus software which also protects your computer from external threats. They are much better than Windows Firewall software. Note that most of them will disable the Windows Firewall software.

When it comes to security, it is generally best to go for the popular solutions. Most of the security flaws have been detected and fixed. Firewalls that are not used much may not have as many known security flaws as the popular firewalls but that does not mean that they are better or more secure. On the contrary, firewalls that are not widely used could have some serious security holes but they have not been detected because very few uses the product. You don’t want to be the first one to detect a security flaw in your firewall.

The modern firewalls are very efficient, most IT security issues are generally created by insiders. Internal threats are nowadays much more serious than threats from the outside. Firewalls are used to protect the organization from threats from the outside world, not against attacks from the inside. Here you can learn how you can protect yourself against attacks from the inside. Today, the biggest threat from the outside for many organizations are distributed denial-of-service attacks. This is not really a security problem but it makes difficult for clients to reach the computers of the organization. Few firewalls are designed to handle such attacks. Fortunately, large scale distributed denial-of-service attacks are rare and only a problem for some well-known organizations.

Linux Server Security

Linux has managed to become accepted in the commercial world. Although Windows is more used, Linux servers are used almost everywhere nowadays. That Linux servers have become popular also means that some people are looking into how to break into Linux servers. Here is a short overview about Linux server security.

The difference between Windows and Linux is huge. Windows is controlled by Microsoft and you only get OCO (Object Code Only). If you are not happy with something in the Windows operating system, you have to wait until Microsoft does something about it. Linux on the other hand is open source, at least in theory, you can get the source code. Of course, most Linux users will not be better off with the source code but that means that more than one company can improve the system. Of course, the access to the source code could, at least in theory, help the bad guys to find security flaws in the system.

So how do you make a Linux server secure? All servers connected to a network face two different kinds of risks, attacks from the outside and unauthorized access from logged in users. When it is comes to security, the weakest link determines your level of security, so you need to pay attention to all levels.

It is also very important that the server location is secure. If people can just walk up to the computer and boot it from their own external device, the Linux security features can’t help you. You need to make sure that the server is in a secure room and that the BIOS and boot loader are password protected. Also make sure that backups are kept in a secure place. If people can walk out with a backup of your data, they don’t need to waste their time on trying to break into your Linux system.

First, you should always protect the servers on your network with one or more firewalls. Firewalls are very good at keeping the bad guys out. But in today’s rough world, you don’t want to rely on firewalls alone. You need to harden your Linux systems as well.

The best practice of how to harden Linux changes all the time, check the Internet or your Linux vendor for the latest recommendations. But in essence, you want to disable all services that are not absolutely necessary. You should also only allow encrypted communications, such as ssh. But beware that ssh, like all networking protocols, is a potential security risk.

New security holes are detected all time, and generally patches are quickly released fixing them. This means that you must update your operating system and applications regularly. Unfortunately, the root account is all powerful so make sure that it is very secure. Basic hardening includes not allowing root logins over the network.

Auditing has never been a strong feature of Linux but when rightly configured auditd can be used for all necessary auditing. You also have a number of other solutions for keeping track of what has changed on your Linux systems.

Like all other operating systems, you have a big problem if a Linux system has been compromised. The only secure solution is to re-install the system from scratch. This is very time-consuming and disruptive for the users. And if you have a number of servers that are configured in the same way with the same users, you have to re-install several servers.

If you know when the system was compromised, you can use backups to get the system to a point before the attack. But this can often be as time consuming as installing the system from scratch. And it does not really make sense to restore the system before you have worked out how the system was compromised. If you don’t close the security hole, the restored system may get attacked again and you are back to square one.

Windows Server Security

Protecting a server is very important, servers are central resources which often contain sensitive data. But at the same time as the server must be secure, the outside world must be able to access the server. A server which is not connected to the outside world is of course very safe but virtually useless. Server security very much boils down to finding a compromise between security and access. Here is a short overview of Windows server security.

Computer security is a fast moving field, new security holes are detected all the time and need to be patched. This means that one of the main principles of server security is to regularly update the Windows operating system on your servers.

The Windows operating system may look like it is full of security flaws. New security patches are released all the time. But Windows is not significantly worse than most other operating systems. It is just that Windows is the most popular operating system so it makes sense for attackers to target Windows rather than some obscure system which is not much used. To some extent, the large number of security fixes for Windows makes it a relatively safe system. This of course under the assumption that you have installed all security patches.

Server security can be divided into two main categories, internal security and external security. Internal security means that the system does not allow authorized users to do more than they are allowed to. External security means that you keep unauthorized users out of the system. With the help of firewalls it has become relatively easy to prevent the bad guys from accessing your servers. Often it is actually the authorized users that create the serious security breaches.

Firewalls are very good but don’t solve all your security concerns about unauthorized access, you also have to make sure that your server is secure. This means that all services that are not necessary should be disabled. This limits the number of potential security flaws. You should also make sure that the authorized users use non-obvious passwords and change them regularly. Secured servers are difficult to break into, due to this social engineering has been a popular way of finding an easy way in. Getting the login details of an authorized user has one huge advantage, there is no security to break.

The server administrators typically know how to protect the administrator accounts. But it is tougher to control all user accounts on a large server. The best solution is to make sure that each and every user only has the rights and privileges they need in order to do their work. Any extra privileges can be used by attackers who have managed to get hold of a user account or by a disgruntled employee to steal data or to damage the server.

Fortunately, Windows have improved a lot when it comes to auditing and user access control. In the early versions of Windows, it was difficult to assign specific rights to different users and auditing was far from sophisticated. But with each new Windows versions, things have improved. It has also become much easier to control large number of Windows servers.

Even the best secured systems can be compromised, or at least suspected of have been compromised, so it is very important to be able to track what an attacker has done or tried to do. For this you need a good auditing system and also a snapshot of the system so that you can compare if any configuration changes have been done. The bad news is that if you don’t really know what an attacker has done, the only safe option is to reinstall the system from scratch. Needless to say, this is very time-consuming and will affect the users.

Computer and Network Security Jobs

You want a safe and well-paid job? You want new challenges at work? If you answered yes to at least one of the questions, then IT security may be the right market for you. Computer and network security jobs are hot, IT security has become very important for a lot of organizations. And it does not look like things will change in the near future.

The fast growth of IT security has created a lack of IT security experts. Although computer and network security jobs have been affected by the slower economy it is still relatively easy to get a job within IT security. True, the supply is getting closer to matching the demand, especially at the lower levels but IT security is still one of the safest job markets. Compared with most other IT professionals, security experts have had much less problems finding jobs.

Most IT security jobs don’t belong to the best paid IT jobs but compared with most jobs outside IT, the jobs are well paid. And as mentioned, computer and network security experts are seldom laid off. Many organizations are still increasing their IT security department, while many other IT departments are shrinking. Thus, IT security professionals have one of the best job markets within IT. It is also quite possible that IT security jobs will become better paid over the next couple years while many other IT jobs will not become significantly better paid in the near future.

But how do you get started in IT security? If you already have a number of years of computer and network security experience, finding a new job is relatively easy. But how does one get into IT security in the first place? That’s not an easy question to answer, it really depends on a lot of things. But if you are already working in IT, start focus on security issues. In today’s world, virtually everything has security implications. And many organizations don’t have enough security experts, volunteers are often welcome. Once you have some security experience, you can try to get a security certification. IT certifications are not has hot as some people think but many of them still add some value to your CV.

But if you don’t have any IT security experience at all, an IT security certification is unlikely to help you. It may even be counter-productive, in worst case it can highlight your lack of relevant work experience. After all, employers may like certified people but they hire people with relevant work experience. Fortunately, it is fairly cheap to learn about network security. Plenty of information is already available on the Internet. One of the best ways is to try to get started doing something security related in an organization. It is unlikely to be well paid. Junior-level IT security jobs are actually generally relatively poorly paid. But once you are an IT security expert, the money becomes much better.

Another advantage of IT security jobs is that the job market is international. In most cases, the security problems are the same all over the world. And there is a lack of IT security experts almost everywhere. This means that it is relatively easy to get a fairly well paid security job in many places, assuming that you have suitable work experience. Some security jobs requires a security clearance, which can be impossible to get as a foreigner. But far from all IT security jobs require a security clearance and many other IT jobs also require a security clearance. Therefore, you are not much worse off as a security expert than most other IT professionals. Given the good job market for IT security professionals, you are probably better off than most other IT experts.

Network Security

Network security has become a hot topic. While protecting your small home network is relatively straight-forward, keeping large networks safe is a completely different story. Firewalls can handle most of the attacks that come from the outside world but you also need to be able to handle attacks coming from the inside. Here is a short network security overview, explaining the basics.

Computer networks have become vital parts of many companies, any disruption can quickly become expensive. Redundancy solves most hardware issues but attacks can not be solved with just redundancy. Network security must take care of attacks, protecting from attacks both from the outside and as well as from the inside.

Firewalls are good protecting against intruders trying to get into the network. But protecting against coordinated denial of service attacks is much more difficult. The Internet protocols were developed without much concern about security. After all, the research networks were quite friendly places. Today’s Internet is a completely different beast. Security has been added but a lot of problems are caused by the fact that most TCP/IP protocols in general expect the participants to be nice guys who don’t try to exploit the lack of security. Here you have more information about firewalls

But for many organizations, firewalls are a good solution against outside threats. Apart from relatively few high-profile organizations, coordinated Denial-Of-Service attacks are seldom a problem. Firewalls are good at protecting networks, gone are the days when outsiders could easily discover the main servers in a network and try to break into them using basic brute-force attacks.

VPN, Virtual Private Network, can be used to give authorized users secure access to the internal network. VPN uses tunneling protocols and encryption, giving remote uses a secure connection to the company network. Various VPN solutions exist, many of them require a securID token. This requires that VPN users both know a password and have a specific device. This is known as two factor authentication, based on something you know and something you have. This makes it very difficult for outsiders to gain access. Even if they manage to steal a securID token, they need to find out the password associated with this token. If a securID token has been stolen, it can be disabled, preventing it to be used for gaining VPN access. All in all, it is considered as a very safe solution.

Insiders are often bigger concern. After all, they are already inside the firewall and can often create a lot of serious problems without having many hurdles to worry about. Insider attacks are difficult to prevent but with the right security design, the damage can generally be limited. Intruder detection systems are generally deployed so that insider attacks can be detected early. But the subject is one of the most important in computer and network security, the solutions for preventing threats from the outside have proven to be very efficient.Threats from the inside has proven to be a much tougher challenge. Here you can read more about insider attacks.

With the success of the Internet, the TCP/IP protocols have become the de facto standard in networking. In the early days of data communications, there were a lot of different protocols. Some of them are still in use but TCP/IP is generally the protocol used on public networks.

New security flaws are found all the time in network equipment, or more exactly, in the software running on these devices. This means that network devices such firewalls and routers need to be patched regularly. Fortunately, this can often be done without taking the devices offline. Servers often have to be rebooted after patching, something that can be difficult to do in today’s 24×7 world. Network equipment can often be configured so that patching can be done without affecting the service.

How to keep your computer safe

Keeping your computer safe from viruses, malware, adware and other nuisances can be a full-time job. But fortunately, by paying a little bit of money you can keep your computer safe, against the most common attacks at least.

Most likely you already know that viruses and malware can create a lot of problems for you. In worst case, identity theft can be very cumbersome and expensive to sort out. Quite clearly, you need to protect your computer against the bad guys. Fortunately, it is fairly easy to protect you against most attacks. A little bit of money and common sense will protect you against most threats. Obviously, the specific solutions depend on what kind of computer you have. In this article, we assume you are trying to protect a Windows PC with a broadband Internet connection.

First of all, get a combined firewall and DSL router/cable modem/wireless hub. Although Windows comes with a firewall, a dedicated firewall will protect your PCs at home against most attacks and annoying scanner attempts. Connecting your PC directly to the Internet will quickly make it a target for numerous attacks and probes. Although an up to date Windows firewall should protect you against most of the attacks, the sheer number of probes can be staggering. A basic firewall with NAT, Network Address Translation, will stop all basic scanners and probes. Another useful feature is Stateful Packet Inspection, which prevents some common attacks including IP spoofing. But it is important to beware that a cheap combined DSL router/cable modem/firewall is not a full-blown firewall. It protects your PCs against basic attacks but seldom helps against more sophisticated attacks and coordinated denial of service attacks. But such attacks are generally aimed at large organizations not against home networks. Given the cheap price, it is well worth investing in a combined firewall/DSL router/cable modem.

Using anti-virus software on your PC is a must in today’s world. Although you can get free anti-virus programs, it is highly recommended that you buy one of the well-known programs, for example Norton, McAfee or Kaspersky. Note that some jokers even try to get you to download bogus anti-virus software which actually is malware. Security Shield has been around for quite some time, it pops up a window warning saying that your PC is infected. And want you to pay and download a version of infected software!

Note that firewalls and anti-virus software will not help if you are happy to open attachments that are sent to you by email. Since it is very easy to send false emails, some scammers send out thousands of emails with an executable attachment. Popular scams include emails supposedly coming from UPS, about a delivery, or IRS, about your tax return. Never ever execute the attached file. Although anti-virus program can detect common viruses, it is relatively easy to modify a virus so that it is not detected for some time.

Like everything else in computing, also viruses have become more sophisticated over time. The early viruses were made up of static code that was easy to detect, as long as you know what you were looking for. Nowadays, you have metamorphic viruses, which transform their code as they propagate. This means that the virus scanning programs have a much tougher tasks to detect these kind of viruses.

Needless to say, you need to try to keep your PC clean of viruses. Once a PC is infected, there is generally only one safe way of getting it clean, re-installing everything from scratch. This is time-consuming and may even be impossible unless you have a good backup, such as a ghost image. If you have anything really important on your PC, you should also make regular backups. Here you can learn how to back up a windows computer

Server Security

Server security is a complicated subject. Servers are supposed to be used by a lot of people, which means that they have to be accessible. On the other hand, servers often have sensitive data and are important parts of the network so it is very important that they are secure.

A server can run a lot of different operating systems. Nowadays most servers are running some version of Windows or Linux. But many other operating systems are also used. It is a mixed blessing securing a server running an OS that is not very popular. Already in the 1990s, Novell pointed out that its NetWare networking operating system was quite safe, after all it was using IPX, not TCP/IP as most other computers on the Internet. Anyone who wanted to break into a Netware server had to design their own attacks. This of course required a fair bit of knowledge about both NetWare and the IPX protocol. Attacking TCP/IP computers on the other hand did not require much skills, you could find ready-made attack methods and programs on the Internet. But if an operating system is not much used, security flaws may also take longer time to detect and to patch.

Popular server platforms, such as Linux and Windows, may have a lot of known security flaws but they quickly detected and solved. But servers have to be patched regularly. Many successful attacks are taking advantage of security flaws that have been known, and solved, several months ago, sometimes even for years. One of the biggest problem is to keep up with all new patches. This is not a big problem if you only have one or two servers. But today, a lot of places have hundreds of servers. This creates a problem, it will generally takes quite some time to apply patches to all servers. Before all servers have been patched, new fixes have been released.

As mentioned, server security is dependent on the server platform. Someone who tries to break into a Linux server trying to exploit known Windows security flaws will not be very successful. The same goes for the good guys, how to secure a server depends on what kind of server you are securing. Here you can learn more about Windows server security. The success of Linux has made it a very lucrative market. Linux solutions used to be cheap but once Linux started to become popular with large companies, the money in the Linux world has become much bigger. This is true both for Linux software and jobs. Here is more information about Linux server security.

It should also be pointed out that although most threats come from the outside world. Most of the successful security breaches are done by insiders. Today’s firewalls are very good at keeping outsiders away from your servers but firewalls don’t help against attackers that already have access to the servers. So how can you protect yourself and your servers against inside attackers? Actually, there is no simple solution that will work for all servers. But most systems have features that let you divide users into different groups with different privileges. This combined with auditing features are the best way of protecting your servers. Here is more information about insider attacks

It is especially important to keep file servers secure. One single infected file on a file server can quickly infect a lot of client computers. Unfortunately, running a virus scanner on a file server may slow it down significantly. A busy file server can seldom scan files that are opened by clients, the CPU load required for this quickly makes the server non-responsive. Therefore, many sites disable virus scanning on file servers but make sure that all clients have virus scanning enabled. It is reasonable solution, not as secure as having the file server scanning the files but the server will be able to handle all requests within a reasonable amount of time.