GBnet

Indian Business Network

Latest Posts

Network Security Camera and CCTV Comparison

The benefits of a network security camera system extend beyond the functionality that an analog security camera system can provide. The advantages include remote accessibility, high image quality, even management and intelligent video capabilities, easy integration possibilities and better scalability, flexibility and cost-effectiveness.

A network system allows multiple users to access, configure, view live and recorded video at anytime from anywhere in the world with an internet connection. This allows for a third-party company, such as a security firm, to provide additional services such as diagnosing problems or monitoring the system. With an analog CCTV system, you would have to be at the monitoring site to view and manage video, and remote video access would require installation of additional equipment such as a video encoder or a network digital video recorder (DVR). A DVR is the digital version of a video cassette recorder.

When there is a need for high quality images to identify people’s faces or detailed objects, network security cameras with progressive scan and megapixel technologies can deliver better image quality and higher resolution than an analog CCTV camera. Image quality is also better retained in a network security camera system than an analog camera system. With analog systems that use DVR, there has to be conversions from analog to digital in the camera, then converted back to analog to transport through the analog cables, then again to digital to be recorded. With each conversion the image quality is degraded. Analog video signals also become weaker the more cabling it has to travel through. In a fully digital system, images are digitized once in the network camera and stay digital so there is minimal degradation.

All network security products are built to an open standard can be integrated with computers and Ethernet-based devices and software. Also, as the video system grows, the scalability and flexibility of a network security system comes in extremely handy. Any number of cameras and devices can be added to the system minimal invasion to the infrastructure already in place. In an analog system, each camera needs a cable running directly from the security camera to the monitoring station. Network cameras can be placed and networked or removed from virtually anywhere. For this reason, once the network system is already in place, it is much more cost effective than an analog system on the basis of the flexibility alone. Network cables and wireless devices are also cheaper than traditional cabling for analog systems.



Source by Will Edison

Why Network Security Is Important for Your Business

With so much work being done and stored on computers, network security should be a priority for all businesses. Everything from customer information and corporate secrets to other important data are stored on and transmitted via computer networks, so it’s no wonder that the temptation for criminals to break in to your network is great.

In reality, the threat of network intrusion is real, no matter what the size of your business. For example, smaller businesses, thinking that their networks may not pose as much of a temptation, may have less secure networks and thus leave them open to attack.

Imagine what your company would have to lose if a criminal were to breach your computer network. They may have access to your personnel files, your customer files, credit card numbers, and confidential financial information. The havoc a criminal could cause with just one of these pieces of information is almost unthinkable.

How to Secure Your Network

One part of securing a network is ensuring that the network is built to be secure. When building a business network, a network architect should determine how best to secure the network, whether that network is a small network for a small business or one that has to integrate into part of a huge global enterprise network. Building a secure network starts with choosing the network equipment, including firewalls, routers, and switches.

A much larger part of network security is creating policies that ensure your network is secure by allowing only certain people to use the network for prescribed purposes only. Only allowing authorized users access to a computer network by logging in keeps unknown people from getting in. Likewise, having password policies that require a strong password and teaching users of your network not to share those passwords with unauthorized users also helps to keep a network safe.

Additional tips include:

  • Identify what could possibly tempt an attack. By taking inventory of what your company’s data assets are and taking steps to protect those assets by securing your network, you help to ensure your company’s data is safe.
  • Institute policies that keep your computers safe while being used by authorized user, such as preventing or limiting downloads or unauthorized browsing.
  • Keep users aware of the simple things they can do like changing their password regularly, not writing down their password, and not giving their password out to anyone.

Taking the steps above helps to protect your business not only from intrusion but also from downtime due to malware infections, which can adversely affect your company’s bottom line.



Source by Daniel Gottilla

Network Support For Computer Network Security Problems

Computer networking was invented to make the computers communicate with each other. Communication between computers is faster and easier than any other mode of communication. In addition to providing faster communication, computer networking empowered the computer users to to access remote programs and databases. Apart from these plus points, there are several other benefits of computer networks. Computer networking reduces the business process expenditure by making hardware and software resources remotely accessible and by downsizing to microcomputer-based networks instead of using mainframes. Accumulating data from multiple resources has become effortless process, which also ensures the reliability of the information.

Definition Of Computer Network

A computer network is defined as an interconnected system in which computers are interlinked to each other for communication purpose so that resources and information could be accessed by all connected nodes.

Menace to Computer Networks

Computer hacking poses a very grave danger to computer networks. This threat is defined by infringement on the secure private information or illegal modification of files, web pages or software stored on computer. Computers are hacked because important and critical data are stored on these machines. One common perception is that all computer hackers are outsiders, who must be prevented from accessing the protected computer networks illegally. But that is not completely true. An evil insider with sinister intention could as dangerous as an outsider is! The most common form of computer hacking are:-

1. Illegal entry into any protected computer system.

2. Unlawful modification, deletion and access denial to data stored on a computer system.

3. Illegitimate searching and browsing.

4. Unauthorized attempts to breach computer security system.

The objective of illegal entry is access some secret and important data. There could be different forms of such attacks, such as unlawful execution of commands, breaching confidentiality, data deletion and data diddling.

Generally unknown and untrustworthy persons are not allowed to execute commands on a protected machine. When such an act takes place, network security is breached. Such problem could happen either through normal user access or administrator access. A normal user is allowed to perform certain operations on a computer like reading and writing files, sending e mails, etc. A hacker requires that access to perform all those operations. Certain operations could be performed only by system administrators, such as changing configuration settings. Without gaining administrator privilege, a hacker cannot perform this system operation.

There are two types of destructive attacks,namely data diddling and data deletion. Data is manipulated in the data diddling process without the knowledge of the user. The effects of data diddling becomes visible to the user after a log period. I the data deletion process, the critical data is destroyed for ever.

How To Stop Hacking

There are a number of ways to deter hacking.

1. Acceptable user policies should be clearly established and disseminated to the concerned users.

2. Sufficient backups should be taken periodically. Data backup services are rendered by PC Support providers.

3. The use of filters should be considered to deny access to unauthorized elements. Effective firewalls could be installed with the help of network support providers.

4. The operating system installed on the computer must be updated as and when required. Many PC support providers render support for various operating systems.

5. The security system with single point of failure should be avoided. Any security system that could be easily breached by breaking through any one component is not a good one.

6. It is advisable to take the help of PC Support provider when security is breached. New methods of hacking always keep coming up. It is difficult for a common user to keep abreast of latest means of hacking. Since Network Support providers always keep themselves updated on all the latest developments on hacking, it is prudent to use their services.



Source by Daniel A Hughes

Planning Network Security

The Need for Computer / Network Security:

Computer / network security includes:

Control of physical accessibility to computers / network
Prevention of accidental data
Erasure, modification, compromise
Detection and prevention of
Intentional internal security breaches
Unauthorized external intrusions (hacking)

All three legs of the triangle must exist for a network intrusion to occur:
Motive
A reason to want to break your security
Means
The ability
Opportunity
The chance to enter the network
This last item is the administrator's only chance at controlling events.

Principles of Network Security:
Network security goals are sometimes identified as Confidentiality.
Only the sender and intended recipient should "see" the message Integrity.
Sender and receiver want to make sure that the message is not altered in transit, or afterwords. Authentication
The sender and receiver wants to confirm each other's identity availability.
Services and resources must be available and accessible.

Understanding Risk Management:
A key principle of security is that no network is completely secure.
Information security deals principle with risk management.
The more important an asset, the more it is exposed to security threats, so the more resources you must put into securing it.

Understanding Risk Management – 2:
In general, without training, administrators respond to a security threat in one of three ways:
Ignore the threat, or acknowledge it but do nothing to prevent it from occurring.
Address the threat in an ad hoc fashion.
Attempt to completely security all assets to the utmost degree, regardless of usability or manageability
None of these strategies take into account what the actual risk is, and all of them will usually lead to long-term failure.

What are Some Risks?
Eavesdropping
Interception of messages
Hijacking
Taking over the role of a sender or receiver.
Insertion
Of messages into an active connection
Impersonation
Spoofing a source address in a packet or any field in a packet
Denial of service (DOS).
Prevent others from gaining access to resources, usually by overloading system.

Managing Risk:
Once the assets and their corresponding threats have been identified risk management can consist of:
Acceptance
Mitigation
Transference
Avoidance

Accepting Risk:
If you take no proactive measures, you accept the full exposure and consequences of the security threats to an asset.
Should accept risk only as a last resort when no other reasonable alternatives exist, or when the costs are extremely high.
When accepting risk, it is always a good idea to create a contingency plan.
A contingency plan details a set of actions that will be taken after the risk is realized and will less the impact of the compromise of loss of the asset.

Mitigating Risk:
The most common method of securing computers and networks is to mitigate security risks.
By taking proactive measures either to reduce an asset's exposure to threats or reduce the organizations dependency on the asset, you are mitigating the security risk.
A simple example: installing antivirus software.

Transferring Risk:
Transfer security risk to another party has many advantage including:
Economies of scale, such as insurance.
Use of another organization expertise and services.
Example: using a web hosting service.
When under this type of risk transference, the details of the arrangement should be clearly stated in a contract known as a service level agreement (SLA).

Avoiding Risk:
The opposite of accepting risk is to avoid the risk inherently.
To avoid risk, you must remove the source of the threat, exposure to the threat, or your organization reliance on the asset.
Typically, you avoid risk when there are little to no possibilities for mitigating or transferring the risk, or when the consequences of realizing the risk far outweigh the benefits gained from undertracking the risk.
An example can be a military or law enforcement dBase that, if compromised, could put lives at risk.

Implementing Security:
Think of security in terms of granting the least amount of privileges required to carry out the task.
Example: consider the case of a network administrator unwittingly opening an e-mail attachment that launches a virus.
If the administrator is logged on as the domain administrator, the virus will have administrator privileges on all computers in the domain and thus unrestricted access to nearly all data on the network.

Defense in Depth:
Imagine the security of your network as a series of layers.
Each layer you pull away gets you closer to the center, where the critical asset exists.
On your network, defend each layer as though the previous outer layer is ineffective or nonexistent.
The total security of your network will dramatically increase if you defend at all levels and increase the fault tolerance of security.
Example: to protect users from launching an e-mail-borne virus, in addition to antivirus software on the users' computers, you could use e-mail client software that blocks potentially dangerous file types from being executed, block potentially dangerous attachments depending on their file type, and ensures that the user is running under a limited user account.

Reducing the Attack Surface:
An attacker needs to know of only one vulnerability to attack your network successfully, whereas you must pinpoint all you vulnerabilities to defend your network.
The smaller your attack surface, the better chance you have of accounting for all assets and their protection.
Attackers will have fewer targets, and you will have less to monitor and maintain.
Example: to lower the attack surface of individual computers on your network, you can disable services that are not used and remove software that is not necessary.

Addressing Security Objectives:
Controlling Physical Access to
Servers
Networked workstations
Network devices
Cabling plant
Being aware of security considerations with wireless media related to portable computers.
Recognizing the security risk.
Of allowing data to be printed out.
Involving floppy disks, CDs, tapes, other removable media.

Recognizing Network Security threats:
To protect your network, you must consider the following:
Question: from what or what are you protecting if?
Who: types of network intruders and their motivations.
What: types of network attackers and how they work.
These questions form the basis for performing a threat analysis.
A comprehensive threat analysis should be the product of brainstorming among people who are knowledgeable about the business processes, industry, security, and so on.

Classifying specific Types of Attacks:
Social engineering attacks
DOS attacks
Scanning and spoofing
Source routing and other protocol exploits
SOFTWARE and system exploits
Trojans, Viruses and worms

It is important to understand the types of threats in order to deal with them properly.

Designing a Comprehensive Security Plan:
RFC2196, the Site Security Handbook.
Identify what your are trying to protect.
Determine what you are trying to protect it from.
Determine how likely the anticipated threats are.
Implement measures that will protect your assets in a cost-effective manner.
Review the process continuously and make improvements each time a weakness is discovered.

Steps to Creating a Security Plan:
Your security plan will generally consist of three different aspects of protecting your network.
Prevention: the measures that are implemented to keep your information from being modified, destroyed, or compromised.
Detection: the measures that are implemented to recognize when a security breach has occurred or has been attempted, and possibly, the origin of the breach.
Reaction: the measures that are implemented to recover from a security breach to recover lost or altered data, to restore system or network operations, and to prevent future occurrences.

Security Ratings:
The US government provides specifications for the rating of network security implementation in a publication often referred to as the Orange Book, specifically called the DOD Trusted Computer System.
Evaluation criteria, or TCSEC.
The Red book, or Trusted Network Interpretation of the TCSEC (TNI) explains how the TCSEC evaluation.
criteria are applied to computer networks.
Canada has security rating systems that work in a similar way.
CTPEC

Security Ratings -2:
To obtain a government contract, companies are often required to obtain a C2 rating.
A C2 rating has several requirements.
That the operating system in use be capable of tracking access to data, including both who accessed it and when it was accessed.
That users' access to objects be subject to control (access permissions).
That users are uniquely identified on the system (user account name and password).
That security-related events can be tracked and permanently recorded for auditing (audit log).



Source by M Matik

The Basics of Computer Network Security

When you first think about computer network security you might picture two security guards watching your computer. Actually computer network security is the line of defense that stops intruders from accessing your computer or network. Detection provides information when someone tries to access your systems, whether or not they were successful and understanding what they could have done. Information stored on your computers include banking details, credit card credentials and communication logs either chat or email. You can live with someone reading you personal conversations but not when they steal your bank or credit card information.

Intruders often use other computers as a way to launch attacks and disguise themselves as the intruded computer. Custom Malware is one of the largest network security problems facing the internet. Targeted attacks, designed to be used against a single target, can avoid signature detection. Since the Malware is custom designed to avoid any known signatures and has never been publicly released, a signature for it will not exist and no signature detection mechanism will find it, either in anti-virus software, intrusion detection software, or any other form. Malware can also be disguised from signature detection by using polymorphic tools that change the code constantly, creating a unique version with a unique signature each time the program is created. Polymorphic toolkits such as: ADMutate, PHATBOT, Jujuskins, TAPioN and CLET put this kind of functionality within the reach of the average skilled malware creator, if not the novice In another separate, but real-life example of stealthy malware, the Gozi trojan exists in the wild for over fifty days in the beginning of 2007, and it has been estimated that the first variant of it infected more than 5,000 hosts and place account information for over 10,000 users. Gozi's primary function was to steal credentials being sent over SSL connections before they were encrypted and add them to a database server that would dispense them on demand in exchange for payment. Had the malware author made a better choice of the packing utility used, the trojan may have gone much longer before being detected.

Intruders are discovering new vulnerabilities or loop holes every day. Developers or computer vendors often provide patches that cover up previous loop holes. A "zero-day" attack is an attack that targets a vulnerability for which there is no solution easily available. Once the vendor releases a patch, the zero-day exposure has ended. A recent example of a critical zero-day vulnerability was the Windows Animated Cursor Remote Execution Vulnerability that was patched by MS07-01719 (Microsoft Security Bulletin 925902). This was considered a critical hole because it could allow remote code of the attackers' choosing to be executed. A security research company called Determina notified Microsoft of the problem on December 20, 2006. The vulnerability was publicly announced on March 28 2007. On April 2nd, Determina released a video demonstration of Metasploit using exploit code against Vista. Microsoft then released the patch on April 3, 2007 ending at least six days of zero-day exposure. Exploit code that targeted this vulnerability was active in the wild for at least several days, if not several weeks before the patch was released Even after patch is released, many organizations take several days to get around to updating systems with the patch. Most of the time it is your job to download and install these patches. It is a good idea to check for updates at least once a day or use an enterprise tool to manage updates on your network.

How can an intruder infiltrate my system? Well intruders have numerous tools available that provide them access to your system. Tools such as:

  • Paros Proxy
  • Metasploit Framework
  • Aircrack
  • Sysinternals
  • Scapy
  • BackTrack
  • P0f
  • Google
  • WebScarab
  • WebInspect
  • Core Impact
  • IDA Pro
  • Rainbow Crack

If your organization has an Internet connection or one or two disgruntled employees (and who does not!), Your computer systems will get attacked. From the five, ten, or even one hundred daily probes against your Internet infrastructure to the malicious insider slowly creeping through your most vital information assets, attackers are targeting your systems with increasing viciousness and stealth. You need to understand attackers' tactics and strategies in detail so you can find vulnerabilities and discovering intrusions.Equipping yourself with a comprehensive incident handling plan is vital in protecting your organization against attackers.



Source by Roy Sencio

What Roles Do Firewalls and Proxy Servers Play in Network Security?

Prior to Firewalls being developed, routers provided network security through the use of Access Control Lists. Firewalls themselves only came on scene in the late 1980s in response to the demand for greater security as the Internet began to take shape.

Prior to Firewalls being developed, routers provided network security through the use of Access Control Lists. Firewalls themselves only came on scene in the late 1980s in response to the demand for greater security as the Internet began to take shape.

The first Firewalls were fairly simple packet filters that worked by inspecting the IP packets, and comparing certain information in the packet with a set of packet filtering rules. The Source and Destination IP Address, together with the protocol type would normally be checked against this set of rules. When TCP or UDP were the protocol type, then the port numbers would also be checked. This meant that application protocols using well know port numbers could be identified and filtered by means of the port numbers associated with them. If applications are using non-standard port number then their identification would not be possible. Packet filters are therefore only really effective at the lower layers of the OSI reference model up to Layer 4, the transport layer. These packet filter firewalls are known as Stateless, because they are not able to determine where a packet sits within a stream of packets, or what the condition of the connection is at the time.

The next development was that of stateful packet inspection where each data packet is examined, as well as its position within a data stream. A stateful packet inspection firewall can determine whether an individual packet is part of an existing conversation or stream, or whether it is the start of a new connection. This type of firewall was given the label of second-generation as it was a step up from the original stateless packet filter.

Both First and Second-generation firewalls could not guarantee to detect or filter particular applications, unless they were adhering to the published lists of well-known TCP and UDP ports. In other words it would be possible to circumvent the firewall by setting up applications protocol communications using non-standard ports. If we are to have confidence that we can protect our networks from unauthorised access or harmful content, then we need to be able to perform deep packet inspection. A firewall with this capability is often known as an application layer firewall because it can detect specific application protocol content regardless of the TCP or UDP port numbers in use. Any applications that exhibited unusual characteristics would be filtered out to ensure viruses and other unwanted material did not infect the network.

A fairly new feature that is sometimes associated with later firewalls is sandboxing, a security feature that has the ability to separate programs and create an environment where untrusted programs can be run with relative safety. These programs are restricted from accessing certain resources on a host, such as memory or disk space.

A proxy server is normally a standalone device or software running on a host that acts as a packet filter for connection requests. It is an intermediary device sitting between hosts and server that filters the requests by checking IP Addresses, Protocol and/or application content. If the proxy server deems the connection request to be valid, then it connects to the application server and requests the service on behalf of the client device. A proxy server will often cache information such as web pages and return this content directly to the client devices rather than forward the request to the application server such as a Web server. Although there are now many different types of Proxy Servers, by far the most common is the Caching proxy, which is in use with many medium to large business networks as well as Service Provider networks.

To summarize, both proxy servers and firewalls are commonly found in networks today and firewalls have evolved since the first stateless packet filter types at the end of the 80s. With so many applications running on today’s Internet, it is imperative that we are able to interrogate and analyse the content of the network packets and not just the header information. Some proxy servers, in particular caching proxies, are able to act as a central filtering point in the network for many application services, as well as be able to cache content and forward this content direct to the client devices without involving the application server itself.



Source by David W Christie

Network Security Model – Defining an Enterprise Security Strategy

Overview

These are the 5 primary security groups that should be considered with any enterprise security model. These include security policy, perimeter, network, transaction and monitoring security. These are all part of any effective company security strategy. Any enterprise network has a perimeter that represents all equipment and circuits that connect to external networks both public and private. The internal network is comprised of all the servers, applications, data, and devices used for company operations. The demilitarized zone (DMZ) represents a location between the internal network and the perimeter comprised of firewalls and public servers. It that allows some access for external users to those network servers and denies traffic that would get to internal servers. That doesn’t mean that all external users will be denied access to internal networks. On the contrary, a proper security strategy specifies who can access what and from where. For instance telecommuters will use VPN concentrators at the perimeter to access Windows and Unix servers. As well business partners could use an Extranet VPN connection for access to the company S/390 Mainframe. Define what security is required at all servers to protect company applications and files. Identify transaction protocols required to secure data as it travels across secure and non-secure network segments. Monitoring activities should then be defined that examine packets in real time as a defensive and pro-active strategy for protecting against internal and external attacks. A recent survey revealed that internal attacks from disgruntled employees and consultants are more prevalent than hacker attacks. Virus detection should then be addressed since allowed sessions could be carrying a virus at the application layer with an e-mail or a file transfer.

Security Policy Document

The security policy document describes various policies for all employees that use the enterprise network. It specifies what an employee is permitted to do and with what resources. The policy includes non-employees as well such as consultants, business partners, clients and terminated employees. In addition security policies are defined for Internet e-mail and virus detection. It defines what cyclical process if any is used for examining and improving security.

Perimeter Security

This describes a first line of defense that external users must deal with before authenticating to the network. It is security for traffic whose source and destination is an external network. Many components are used to secure the perimeter of a network. The assessment reviews all perimeter devices currently utilized. Typical perimeter devices are firewalls, external routers, TACACS servers, RADIUS servers, dial servers, VPN concentrators and modems.

Network Security

This is defined as all of the server and legacy host security that is implemented for authenticating and authorizing internal and external employees. When a user has been authenticated through perimeter security, it is the security that must be dealt with before starting any applications. The network exists to carry traffic between workstations and network applications. Network applications are implemented on a shared server that could be running an operating system such as Windows, Unix or Mainframe MVS. It is the responsibility of the operating system to store data, respond to requests for data and maintain security for that data. Once a user is authenticated to a Windows ADS domain with a specific user account, they have privileges that have been granted to that account. Such privileges would be to access specific directories at one or many servers, start applications, and administer some or all of the Windows servers. When the user authenticates to the Windows Active Directory Services distributed it is not any specific server. There is tremendous management and availability advantages to that since all accounts are managed from a centralized perspective and security database copies are maintained at various servers across the network. Unix and Mainframe hosts will usually require logon to a specific system, however the network rights could be distributed to many hosts.

· Network operating system domain authentication and authorization

· Windows Active Directory Services authentication and authorization

· Unix and Mainframe host authentication and authorization

· Application authorization per server

· File and data authorization

Transaction Security

Transaction security works from a dynamic perspective. It attempts to secure each session with five primary activities. They are non-repudiation, integrity, authentication, confidentiality and virus detection. Transaction security ensures that session data is secure before being transported across the enterprise or Internet. This is important when dealing with the Internet since data is vulnerable to those that would use the valuable information without permission. E-Commerce employs some industry standards such as SET and SSL, which describe a set of protocols that provide non-repudiation, integrity, authentication and confidentiality. As well virus detection provides transaction security by examining data files for signs of virus infection before they are transported to an internal user or before they are sent across the Internet. The following describes industry standard transaction security protocols.

Non-Repudiation – RSA Digital Signatures

Integrity – MD5 Route Authentication

Authentication – Digital Certificates

Confidentiality – IPSec/IKE/3DES

Virus Detection – McAfee/Norton Antivirus Software

Monitoring Security

Monitoring network traffic for security attacks, vulnerabilities and unusual events is essential for any security strategy. This assessment identifies what strategies and applications are being employed. The following is a list that describes some typical monitoring solutions. Intrusion detection sensors are available for monitoring real time traffic as it arrives at your perimeter. IBM Internet Security Scanner is an excellent vulnerability assessment testing tool that should be considered for your organization. Syslog server messaging is a standard Unix program found at many companies that writes security events to a log file for examination. It is important to have audit trails to record network changes and assist with isolating security issues. Big companies that utilize a lot of analog dial lines for modems sometimes employ dial scanners to determine open lines that could be exploited by security hackers. Facilities security is typical badge access to equipment and servers that host mission critical data. Badge access systems record the date time that each specific employee entered the telecom room and left. Cameras sometimes record what specific activities were conducted as well.

Intrusion Prevention Sensors (IPS)

Cisco markets intrusion prevention sensors (IPS) to enterprise clients for improving the security posture of the company network. Cisco IPS 4200 series utilize sensors at strategic locations on the inside and outside network protecting switches, routers and servers from hackers. IPS sensors will examine network traffic real time or inline, comparing packets with pre-defined signatures. If the sensor detects suspicious behavior it will send an alarm, drop the packet and take some evasive action to counter the attack. The IPS sensor can be deployed inline IPS, IDS where traffic doesn’t flow through device or a hybrid device. Most sensors inside the data center network will be designated IPS mode with its dynamic security features thwarting attacks as soon as they occur. Note that IOS intrusion prevention software is available today with routers as an option.

Vulnerability Assessment Testing (VAST)

IBM Internet Security Scanner (ISS) is a vulnerability assessment scanner focused on enterprise customers for assessing network vulnerabilities from an external and internal perspective. The software runs on agents and scans various network devices and servers for known security holes and potential vulnerabilities. The process is comprised of network discovery, data collection, analysis and reports. Data is collected from routers, switches, servers, firewalls, workstations, operating systems and network services. Potential vulnerabilities are verified through non-destructive testing and recommendations made for correcting any security problems. There is a reporting facility available with the scanner that presents the information findings to company staff.

Syslog Server Messaging

Cisco IOS has a Unix program called Syslog that reports on a variety of device activities and error conditions. Most routers and switches generate Syslog messages, which are sent to a designated Unix workstation for review. If your Network Management Console (NMS) is using the Windows platform, there are utilities that allow viewing of log files and sending Syslog files between a Unix and Windows NMS.

Copyright 2006 Shaun Hummel All Rights Reserved



Source by Shaun Hummel

The Urgency in Deploying Network Security Appliance For Small Business Networks

Information is a business asset, like other valuable business assets, that must be protected against any threats. In medium to enterprise business networks, the management of the information security is a must. In small business networks, generally the organizations lack of competent security experts that should manage the information security. Therefore the choice of the deployment of small business network security appliance is a must for small organizations.

In large enterprise networks, they have many layers of security safeguards including the endpoint security, the management of information security and policies which must be enforced to all business unit groups. Unlike large scale business or enterprise networks, in small organizations – generally they do not develop the management of information security in place. This is generally due to lack of IT security expertise which does not compare to the assets that must be protected. Any layers of security that should be deployed, depends on how critical your information assets is. Therefore, they mainly focus in securing the endpoint security.

The entry point of the private network generally where all the internet threats are coming from, the intruders or the hackers as well as the malware will start to attack the vulnerabilities they found. Therefore, small business network security should concentrate in protecting the entry point by any types of secured firewall appliances. There are many security appliances available in the marketplace you can consider to use for your organization.

The following are some of the small biz network security appliances you can consider to use for your small organizations. DSD-150 is designed for home or SOHO networks that use broadband internet connection.

DSD-150 Security Appliance

D-Link DSD-150 Internet security adapter is an all-in-one network security which is designed for home and small business networks. With this single device connected in the entry point of your broadband internet connection, you have a complete protection including network protection, firewall protection, virus protection, spyware protection, identity protection, pop-up blocker, SPAM blocker, and parental control – all in a palm-sized box.

DSD-150 is suitable for home and SOHO network security which has 4 computers or more. Installation and configuration is easy, DSD-150 has 2 Ethernet ports, WAN port must be connected to the modem (RJ-45 LAN port), and the LAN port must be connected to the wireless router.

CheckPoint Safe Office 500

CheckPoint Safe Office 500 is a small business network security – a total internet security appliance for small to medium sized business networks. If your organization is lack of security personnel, do not worry – trust the network security to this CheckPoint Safe Office 500 that can protect a network of up to 100 users from any types of network threats.

Safe Office small business network security appliance delivers proven and integrated security, networking and connectivity features right out-of-the-box. Safe Office offers a simple, affordable and reliable solution to keep small business networks protected and connected.

The following shows main features of the Safe Office security appliances:

  • Web filtering, integrate best-of-breed Web filtering using an intensive database of categories and associated URLs. You can also create web access policy and also a custom web rules to block or allow access to specific websites and URLs
  • VPN and remote access, this feature is suitable for your traveler work to connect to the business network securely via public internet.
  • Network access control, ensuring that both LAN and WLAN users securely sign on before gaining physical access to the network.
  • Integrated a wireless access point to allow wireless network connection that securely supports the Super-G and Extended Range (XR) standard, enhancing the range and network speeds of the wireless access point.
  • Integrated ADSL modem (optional) to support download of up to 24 Mbps. This will simplify the initial deployment.

Cisco ASA 5500 Series Adaptive Security Appliances

Cisco ASA 5500 Series Adaptive Security Appliances is a powerful solution for small business network security as well as for medium sized business networks. Cisco ASA 5500 all-in-one solution for your business security which combines the proven technologies from Cisco PIX 500 Security Appliances, Cisco IPS 4200 Series, and Cisco VPN 3000 Series concentrator.

Cisco ASA5500 is a built-in security solution which integrates the function of hi-grade firewall, IPSec VPN, and or intrusion prevention (IPS).

Deploying small business network security is a must for small organizations for high performance network protection against any types of Internet threats. Endpoint security appliances such as CheckPoint Safe Office 500 or ASA 5500 series are perfect security solutions for small biz.

By Ki Grinsing



Source by Ki Grinsing

Network Security – MPLS is a Better Choice Than Traditional VPN

Today’s businesses expect a lot when it comes to their data networks. Speed, reliability, robustness, and scalability are just a few of the performance parameters with high standards from business users. One area in particular requiring special emphasis is security. Choosing the right network infrastructure is critical to ensuring that your security requirements are met end to end…and everywhere in between.

For example…. do NOT be so enamored with a traditional VPN backbone (e.g. Layer 2-based VPN services such as ATM and Frame Relay) that you overlook the drawbacks in maintaining the secure environment that your company applications will require. A standard VPN will not offer the same level of privacy and security as will a private dedicated backbone. At least not without extra effort on your part… and higher costs therefore in the long run.

A typical virtual private network (VPN) is a computer network that is layered on top of an underlying computer network. This is most commonly a public telecommunication infrastructure such as the internet. The private nature of a VPN means that the data travelling over the VPN is not generally visible to, or is encapsulated from, the underlying network traffic. Although it is run “layered” on top of a public pathway (the internet)…. secure segregation of the two is enacted through using encrypted tunnels to ensure that data cannot be accessed without authorization.

The purpose of a VPN is to enable remote locations and/or individual users (e.g. telecommute staff) to access a company’s network with some expectation of secure activity. An additional intent is to avoid the perceived high cost of owned or leased lines (dedicated circuits) that can only be used by one business. So, the goal of a VPN is to provide the organization with the same, secure capabilities, as a dedicated network. But at a much lower cost.

However that presumption is misleading. A traditional VPN network is not as secure as you likely expect and need. After all… it is still tied to a public infrastructure. A talented and persistent intruder can still defeat most encryption safeguards. Plus, a glitch in the hardware or software leaves your information open to public eyes. The appearance of failsafe privacy and security is really just that…. an appearance.

As for cost…. the price tag of the extra hardware and software to enable encrypted communication over your entire network is not cheap. Even though it may appear so compared to other options you may be considering. There’s much more to the cost than set-up, installation, and encryption software. Don’t overlook the maintenance, oversight, and trouble shooting of those safeguards. Particularly since you are responsible for all of that…. forever…. just to try and save a few pennies.

This is where MPLS comes in.

The architecture and protocols of MPLS (Multi-Protocol Label Switching) are predicated on the absolute privacy and security enabled via a dedicated network infrastructure. Put simply….. the entire network is completely separate and unto itself. You own it, share it with no one, and there is no connectivity of any kind with a public infrastructure. Now that is security.

To further drive home the main point of this entire article in simple terms….. with private lines or MPLS solutions, there is no path from the public into those network facilities. With VPN over the internet, the path is there and it’s your responsibility to provide your own security. Think of the difference between a brick wall, and a brick wall with a door. VPN over the internet is the wall with a door, and you have to manage the lock and keys.

Once your MPLS core is configured and operating….. you’re done. In fact it’s unlikely you would even have much involvement with that. Your provider will do it all for you. Since it’s a dedicated circuit network you are not responsible for the maintenance, oversight, and troubleshooting you would be with a VPN. In short…. it’s hands off for you. No recurring costs except the monthly “leasing” fee for the lines comprising your network.

Before you play the cost card….. look deeper. The price of all dedicated circuits has been dropping dramatically for the last few years. Whether it’s copper or fiber based…. the sticker shock days of old for dedicated T1 lines, DS3 Bandwidth, or SONET circuits (e.g. OCx) is long past. In fact…. probably the best deal for you today is pursuing MPLS over an Ethernet backbone. You’ll get the best of both security and cost savings.



Source by Michael Lemm

Cyber Security Tips for Retailers and Consumers

The holiday season has arrived, and it is high time that consumers and retailers make arrangements for staying one step ahead of the prevalent holiday scams. With trouble lurking in the shadows due to multiple spikes in spending habits, it is important to avoid any that financial frauds and identity thefts. Apart from that, the winter holidays bring along possible opportunities for impersonation and data breaches which can easily take down systems and IT networks.

Previously, IT administrators concentrated more on the consumers but in due course of time, even the retailers have started getting the attention. While customers can lose a specific part of their payment and confidential data sets, retailers can face harmful catastrophic consequences when and if a holiday cyber security attack hits their systems. Once the retailers have are safeguarded their systems and network, they can add specific security measures to protect the interests of the prospective consumers.

How Retailers can Stay Protected?

It is common for hackers to ramp up their activities during the holiday seasons. Spear phishing and data breaches are at an all-time high which in turn calls for increased vigilance and improved cyber security practices. Retailers offer a wider landscape to the hackers as a lot of financial and personal records are usually at stake.

1. Amplifying Threat Detection Capabilities

While most retailers already have preventive security measures in their repertoire, the holiday season requires them to beef up their detection and threat monitoring capabilities. A host of additional authentication steps are usually preferred during the peak shopping season which blocks suspicious transactions. However, additional verification steps can thwart the customers and this is why retailers must try to implement functional threat detection techniques. This approach towards cyber security keeps malicious activities at bay, identifies threats quicker and doesn’t even negatively impact the user experience.

2. Prioritizing Employee Awareness

Adding new employees to the existing staff during a holiday season is probably not the smartest move of all time. Most of the temporary workforce looks to make quick money and some can even cause data breaches, deliberately or accidentally. Therefore, employee awareness in the form of training is extremely important, preferably as a part of the staff on-boarding process.

3. Sharing Threat Data

When criminals can easily share attack methodologies and breach through multiple databases, even retailers can share the threat data for procuring an additional layer of safety. They can make use of automated methods to share the threat data followed by some semi-automated strategies like threat intelligence and closed groups. Once the threat data is publicly shared, it becomes easier for other retailers and organizations to implement the strategies and stay protected.

4. Implementing Incident Response Plans

Retailers must have a functional incident response plan for every threat scenario. These shall typically include rebuilding systems, isolating the systems and having technical controls in hand. That said, these plans must be both communicational and procedural for adding value to the scheme of things. Apart from that, retailers must also have a backup plan in place lest the aforementioned security tips fail to detect and counter the attacks.

Can Consumers stay Protected?

Majority of online and offline consumers have already improved the existing security awareness; thanks to the increasing media coverage of cyber incidents. However, there are a few cyber security tips which can help them safeguard their hard earned money and shop freely during the holiday shopping season.

1. Assessing Convenience against Risk

Consumers need to assess the security risks before establishing connections with servers. Not just the retailers, but the consumers are also responsible when it comes to striking the perfect balance between privacy and personalization. Saving card details or working with the stored customer data can lead to catastrophic cyber-attacks in the form of SQL injection threats and even database compromises.

2. Looking out for Phishing Emails

Consumers must look out for suspicious email attachments before proceeding with any download or click. Unexpected links, for example, a mail reading ‘Track Package’ when you haven’t order anything, must be refrained from.

3. Using Multi-factor Authentication

Password security and hygiene are often ignored by consumers which in turn compromises their confidentiality and privacy. The preferred avenues for staying safe would include multi-factor authentication like OTPs, having a digital vault and even using paraphrases.

4. Checking Card Statements

The period of holiday shopping often misleads the consumers into shopping beyond limits. However, the spending spikes must be paired with periodic statements checks. This approach allows consumers to keep a close eye on their expenses and track the card for any kind of abnormalities. This strategy nips financial frauds right in the bud.

Inference

The correct balance between awareness and vigilance is the key to a safe and yielding holiday shopping season, both for the retailers and consumers. However, the perfect strategy would be to keep the cyber security guard up, right across the year. This round-the-year approach helps imbibe the best online shopping practices; thereby safeguarding the finances and mitigating unfortunate attacks.



Source by Ankita Ashesha