Social Engineering is one of the most difficult hacking techniques to defend against because it is all about attacking the human elements. It is about manipulating employees and using non-technical means to discover information about the company or users to exploit them to gain access to the network. The best safeguard to use against social engineering is to educate the users and executives of the company. Educate them not to give personal private information to others without the employees knowing who they are. No one should have a need to know the user's password or access codes to their equipment. Train the employees on the proper way to discard sensitive information. Train them in not throwing papers with social security numbers or financial information in a regular trash can. Teach them the proper use of shredding material. Security is all about trusts and forming trust relationships. If you do not have trust then how can you be secure, that is why social engineering is so difficult to secure against because you are putting trust in your employees to not click on links in e-mails, give passwords to strangers, not to keep their passwords in the open, and not throw away sensitive information in normal trash.
A Denial of Service Attack (DoS) is attacks on a network and a web infrastructure. Its major objective is to prevent legitimate use of a network by preventing authorized access to resources, delay time critical operations, and by degradation of services. One of the most common types of DoS attacks is called TCP SYN Flooding also known as IP spoofing. A safeguard of this kind of attack is by installing a filtering router that restricts the input to your external interface, known as an input filter or ingress filter. You also should filter outgoing packets that have a source address different from your internal network to prevent a source IP spoofing attack from originating from your site.
E-Mail Attacks are very common as more people are being connected. You can have spam, phishing, and malware sent though e-mail. How do you safeguard against these types of attacks? It is simple don’t use e-mail. Make phone calls or send a letter to the person you are trying to reach. Those are not very good solutions. Just because a technology is not safe to use does not mean you cannot use it safely. If that were the case, why are you on a computer or using a pen or telephone? To protect your network from e-mail attacks remember to educate the users. Don’t click on links in an e-mail. If you have to go to the link open up a new browser and type that link in the browser. If you are told to log-in to your bank or credit card site then do it from the home page, and remember that a bank will never ask you to log in to change records or verify account information. If they do you need to change banks because they lack good Information Security procedures. Do not run a program from your e-mail. Save it to your desktop, and run it from there.
Thursday, March 25, 2010
Saturday, March 20, 2010
Knock, Knock Let Me In
Do you know who is trying to get in to your network. Someone is always knocking at your door. The doors of the network is called ports. Anyone working on my network should have a fairly good understanding and knowledge of why a port is open, and if they do not have a good reason for it to be open then close it. Port knocking provides a stealthy method of authentication and information transfer to a networked machine that has no open ports. Some basic functionality needs to be provided with any port knocking implementation:
- A way to monitor the firewall log file needs to be devised.
- A method to extract the sequences of ports from the log file and translate their payload into usable information.
- Once the information is obtained from the sequence, the implementation must provide some way to manipulate the firewall rules.
Thursday, March 18, 2010
Awards and Achievement
Well it is 2:37pm and I am in the process of getting ready to be inducted into Alpha Beta Kapa National Honor's Society. I do admit I have worked hard towards this event. I know my family and I have both sacificed a lot and will sacifice a lot for this achievement. I have given up my weekends, most of my nights, and days. I could have been with my wife on those times, but my choices have lead me down this path. We both wonder sometimes if the pressure of school is worth it in the end...
I think it will be. I have just one goal, and that is to provide a better lifestyle for my wife and our future child together. That is what this degree is all about to me. Some of my classmates only sees it as a way to get a job and have fun. I see it more than that. I know my value, and I must convey that to any partential employees. That is way I will not settle for just any job it has to be that right job. I have done that before, and I will not go down that road again.
I am very excited about being a member of such a prestiagous organization. I am ready to prove everyone that I am smart and that the decision to go to school was the right one. By December I hope with the help of God that I will be Validictorian of my class. If not that then at least in the top ten percent. I just wish that I had applied myself like this in high school. I may would have turned out a little different. I finally get to right that wrong.
Back to the question... Is the ABK Honor important to me? Heck yes it is. Some people it may not be. I just hope that I can live up to the standards and do them and my family proud.
I think it will be. I have just one goal, and that is to provide a better lifestyle for my wife and our future child together. That is what this degree is all about to me. Some of my classmates only sees it as a way to get a job and have fun. I see it more than that. I know my value, and I must convey that to any partential employees. That is way I will not settle for just any job it has to be that right job. I have done that before, and I will not go down that road again.
I am very excited about being a member of such a prestiagous organization. I am ready to prove everyone that I am smart and that the decision to go to school was the right one. By December I hope with the help of God that I will be Validictorian of my class. If not that then at least in the top ten percent. I just wish that I had applied myself like this in high school. I may would have turned out a little different. I finally get to right that wrong.
Back to the question... Is the ABK Honor important to me? Heck yes it is. Some people it may not be. I just hope that I can live up to the standards and do them and my family proud.
Thursday, February 18, 2010
Risk Assessment Necessary Evil
This week I have been learning about doing risk assessment in order to inform how much companies would actually lose if the company lost equipment or data. I learned it is tough in coming up with all that could go wrong and with what is of value within a company that I need to take into account.
The hardest part of the "assessment" is assigning a numerical value. You have to think of the employee worth, and the amount of time that goes into the assessment. You also have to think of the time that it takes to replace the data and information that may be compromised if a system fails.
Will you be able to cover quickly? Remember that the longer your system and network may be down the longer you will be not satisfying customers' needs. You have to be prepared. Make the necessary backups, images, have the necessary disks. Do you have extra computer parts in case your system blows up? Are the backup and recovery procedures written down and are the staff prepared on how to implement those procedures. These are the questions to ask.
Systems should be operational within an hour. If it is not then something is wrong with your recovery procedure. The quicker you can get back to work the better. I know there are some extreme instances where that will not be possible, but that also needs to be taken into account.
As always leave me a comment about anything I say, and remember stay secure out there.
The hardest part of the "assessment" is assigning a numerical value. You have to think of the employee worth, and the amount of time that goes into the assessment. You also have to think of the time that it takes to replace the data and information that may be compromised if a system fails.
Will you be able to cover quickly? Remember that the longer your system and network may be down the longer you will be not satisfying customers' needs. You have to be prepared. Make the necessary backups, images, have the necessary disks. Do you have extra computer parts in case your system blows up? Are the backup and recovery procedures written down and are the staff prepared on how to implement those procedures. These are the questions to ask.
Systems should be operational within an hour. If it is not then something is wrong with your recovery procedure. The quicker you can get back to work the better. I know there are some extreme instances where that will not be possible, but that also needs to be taken into account.
As always leave me a comment about anything I say, and remember stay secure out there.
Monday, February 15, 2010
Linux in a Nutshell 5th Edition Review
Linux in a Nutshell, 5th Edition By: Ellen Siever, Aaron Weber, Stephen Figgins, Robert Love, Arnold Robbins, et al. is a fantastic reference book for both newbies to Linux or system administrators that have 20+ years of experience. The book is published by O'Reilly Media, which is the leader in great and easy to read technical book. The book is a massive 944 pages. Two-thirds of which is commands to use with linux and a detail and examples of most if not all the options with that command. If you are reading a forum post and want to find the truth about what that command is doing to the system then use this book to find that out so you want be left with possible deleting your system. The list of commands are in alphabetical order so they are easy to thumb to the correct command. It is great to learn about the commands. I think adding the commands in this kind of list and format is the best thing about the book. I will use that section for years to come.
Also if you want to know about how to set up different services or servers running Linux you can with this book also. You can learn about DNS/BIND, SSH, file sharing, networking and a lot more within the other chapters of the book.
My only caution with this book is that it is for the person wanting to become proficient in the use of the command line. It is not for the typical user unless you love the command line. If you are a casual user then I would recommend an Ubuntu book by O'Reilly. There are no graphics in the book, so you will know the command line by the time you study and read this book. Also you cannot understand the command line unless you use it day in and day out.
I give this book 4 out of 5 Penguins just because I wished they would have given more examples and covered more administration topics and expanded on them. But it is still a wonderful book and reference tool. It will stay next to me and my computer.
Sunday, December 13, 2009
TV On the Desktop
I have been using Hulu Desktop. It is a new product from www.hulu.com. It brings TV, movies, news, and trailers to watch all in one place without searching on-line for the broadcasts. You can watch clips or in most cases full episodes. This is also a great solution if you have a MythTV solution to your television watching. MythTV is a linux based solution sort of like Windows Media Center, except Myth provides a lot more functionality than Myth does.
Back to Hulu Desktop...
Hulu Desktop allows you to control the screen either with your remote control or with the keyboard, which you would only need your control if it was part of a MythTV solution. Hulu also provides only limited 30 second commercials which are non-obtrusive to the user. The commercial time gives you time to take a break without pausing the shows.
You can edit your profile, subscribe to "channels", and add friends and also discuss shows and offer your opinions on what you thought of the shows. Adding friends and all brings a social networking aspect to whole site and desktop experience.
Check it out I highly recommend it for everyone. This is a great step towards letting go of the cable company or satellite company. People want to watch the shows they want to watch when they want to watch it. Hulu allows that. You get to choose the shows to watch and don't have to record anything any more.
Let me know by leaving a comment if you have looked at it, and what you think. It is availible for Windows, MAC, and Linux.
Back to Hulu Desktop...
Hulu Desktop allows you to control the screen either with your remote control or with the keyboard, which you would only need your control if it was part of a MythTV solution. Hulu also provides only limited 30 second commercials which are non-obtrusive to the user. The commercial time gives you time to take a break without pausing the shows.
You can edit your profile, subscribe to "channels", and add friends and also discuss shows and offer your opinions on what you thought of the shows. Adding friends and all brings a social networking aspect to whole site and desktop experience.
Check it out I highly recommend it for everyone. This is a great step towards letting go of the cable company or satellite company. People want to watch the shows they want to watch when they want to watch it. Hulu allows that. You get to choose the shows to watch and don't have to record anything any more.
Let me know by leaving a comment if you have looked at it, and what you think. It is availible for Windows, MAC, and Linux.
Friday, October 30, 2009
New Ubuntu
I downloaded the new Ubuntu 9.10 Linux operating system. It is a wonderful operating. It loads and install super fast. It has new features and improvements over the previous versions. This version includes a Software Store see Figure 1. They have taken out some software such as Pidgin and included Empathy as the default IM/Chat program, but the good thing about free and open source software is that if you miss the old programs then you can always get those programs back and re-download them through the synaptic package manager.
Ubuntu also seems to run faster at both start-up and shut-down. They have also updated some of the themes and background images for the desktop which is wonderful. The install looked more professional. While installing Ubuntu I can tell that it is becoming a more mature operating system. I really look forward to the long-term support edition and the future of Ubuntu.
I can tell that Ubuntu is trying to go head-to-head with Microsoft and Apple. It is no accident that Microsoft and Apple both released their operating systems around Ubuntu's normal release. Ubuntu releases an OS every 6-months in April and October.
Subscribe to:
Posts (Atom)