Port knocking

Port knocking is a means of providing an extra layer of security via firewall. The better firewalls are able to keep ports closed against outside attempts to connect unless a set of connections attempts are made to a pre-determined list of ports in a specific order — or, at least, provides the means of implementing port knocking through some additional utility.

In other words, port knocking is like a secret knock, where you knock on a door a certain number of times with some recognizable pauses between some of the individual knocks, producing a pattern that can be used to identify the person on the other side. This can help solve the problem of needing to allow connections to a commonly used port, such as port 22 for SSH, without having to just leave the port open for any schmuck in the world to start bombarding it with connection attempts in a brute-force attack on your user passwords. Not only does this help cut down on the likelihood that a user account that accepts remote connections can be compromised by a brute-force attempt to crack security, but it also eliminates a lot of opportunity for denial of service attacks because it will be more difficult for an attacker to find an open port to attack.

Referring to Chad Perrin, http://blogs.techrepublic.com.com/security/?p=292

Best Sites for Networking Guidance

Practically Networked (www.practicallynetworked.com):
The leading home and small-business networking site, with tips and tutorials on everything from setting up file sharing to using dynamic DNS services. the troubleshooting guides are invaluable, and an active peer-help forum is another great resource.

SmallNetBuilder (www.smallnetbuilder.com): A bit more techni than Practically Networked, with articles dedicated to such specialized topics as how to set up LAN parties and how to crack WEP encyption. You will also find very good FAQs and tutorials on general networking issues.

Wi-Fi Planet (www.wi-fiplanet.com): The place to go for truly deep wireless tutorials and testing. Don't miss the site's articles discussing SSID Spoofing and the use of VPNS at public hotspots. Has an active discussion area too.

CERT Home Network Security (www.cert.org/tech_tips/home_networks.html): A comprehensive and unbiased guide to home network security, maintained by the Carnegie Mellon-based Computer Emergency Response Team, a federally funded Internet security research and development center. The guide also serves as a fantastic primer on networking terms and technology. It's required reading for the network administrator in your home.

Security Now (www.grc.com/securitynow.htm): Great network security resource, with transcripts of Steve Gibson's and Leo Laporte's weekly SecurityNow podcasts, which translate complex security issues into plain language for a broad spectrum of visitors.

Shields Up (www.grc.com/x/ne.dll?bh0bkyd2): Also from Steve Gibson, a very popular free Internet security test site. Go here to find out about holes (such as open ports) in your network that potential hackers could exploit, as well as useful tips on how to close them.

Port Forward (www.portforward.com): Need help removing roadblocks obstructing desirable traffic to and from your network? At this site you can examine a comprehensive list of ports used by Internet games, streaming video, and other applications, with port-forwarding setup guides for most popular routers.

DynDNS (www.dyndns.com): Most ISP:s assign IP addresses dynamically, meaning that yours is always changing. But if you need a fixed IP address for your Web server, Webcam, or media streamer, DynDNS's Dynamic DNS service will provide it--and will do so free of charge for home users.



Obtained from : www.pcworld.ca/news/column/053d04620a01040801683e806daae7f2/pg0.htm

Setting Up A Secure Home Wireless Network - 2 Simple Steps To Protect Your Privacy

Securing a home wireless network is a two step process. The first step is to ensure network security by securing the wireless access point or router. All of this can normally be done through the web based software interface of the device, by typing in the default address of ‘192.168.0.1’.

The first thing that needs to be changed is administrator username and password. Many networks are hacked into, simply because nobody bothered changing the default values. This is the same as most VCRs still blinking 12:00 because no one changed the time. Once this is done, enable MAC address filtering, and add computers based on their MAC address. This option will allow only those specified computers to connect to the network, but will not however guarantee total security.

The network SSID defines a name for the network. The default value of this should be changed to an obscure and long string. This value should be written down in a safe place and entered into the machines that are allowed to connect. Disabling the broadcast of the network SSID also provides an extra layer of security as the network will not advertise itself to outsiders.

Encryption should also be enabled. The default encryption is normally weak and can be easily broken. Normally WEP (Wireless Equivalent Privacy) is used for data encryption, however where available try and use WPA-PSK encryption. This method uses 256 bit encryption for transmitting data and the key also changes so provides a far more secure alternative to WEP.

Some routers have firewalls built in. Where available make sure that this option is enabled.

The second step of securing a home wireless network is securing each individual’s PC. This can be done by installing a software firewall (this may not always be necessary if a hardware firewall is installed), antivirus software, anti-spam and pop-up blocking software. It is essential to keep this software up to date, as downloading the latest security updates for the operating system and web browser you are using.

You can manage your home network yourself if you have the time, or you can buy a home networking software that will monitor your network and alert you to any intruders or weak security measures for about $30. Whichever way you choose to do it make sure you secure your home wireless network.

Article Source: http://EzineArticles.com/?expert=Wallace_Renckers

Using Cain and Abel for ARP poisoning

You can perform ARP poisoning on your switched Ethernet network to test your IDS/IPS or to see how easy it is to turn a switch into a hub and capture anything and everything with a network analyzer.

ARP poisoning can be hazardous to your network's hardware and health, causing downtime and more. So be careful!

Perform the following security testing steps to use Cain and Abel for ARP poisoning and improve Microsoft network security:

1. Load Cain and Abel and click the Sniffer tab at the top to get into the network analyzer mode. It defaults to the Hosts page.
2. Click the Start/Stop ARP icon (the yellow and black circle). This starts the ARP poison routing (how Cain and Abel refers to ARP poisoning) process and also enables the built-in sniffer.
3. If prompted, select the network adapter in the window that displays and click OK.
4. Click the blue + icon to add hosts to perform ARP poisoning on.
5. On the MAC Address Scanner window that comes up, ensure the All Hosts in My Subnet option is selected and click OK.
6. Click the ARP tab (the one with the yellow and black circle icon) at the bottom to load the ARP page.
7. Click in the white space under the uppermost Status column heading (just under the Sniffer tab). This re-enables the blue + icon.
8. Click the blue + icon, and the New ARP Poison Routing window comes up showing the hosts discovered in Step 3 above.
9. Select your default route (in my case, 10.11.12.1). This will then fill the right-hand column with all the remaining hosts, as shown in Figure 9-20.
10. Ctrl+click all the hosts in the right column that you want to poison.
11. Click OK, and the ARP poisoning process starts. This process can take anywhere from a few seconds to a few minutes depending on your network hardware and each hosts' local TCP/IP stack. The results of ARP poisoning on my test network are shown in Figure 9-21.
12. You can use Cain and Abel's built-in passwords feature to capture passwords traversing the network to and from various hosts simply by clicking the Passwords tab at the bottom of the screen.

Figure 9-20: Selecting your victim hosts for ARP poisoning in Cain and Abel.

Figure 9-21: ARP poisoning end results in Cain and Abel.

This excerpt is from Chapter 9 - Network Infrastructure in "Hacking for Dummies, 2nd edition," written by Kevin Beaver and published by Wiley Publishing.

ARP spoofing

An excessive number of ARP requests can be a sign of an ARP spoofing attack (also called ARP poisoning) on your network.

A client running a program such as the UNIX-based dsniff or the UNIX- and Windows-based Cain and Abel can change the ARP tables -- the tables that store IP addresses to media access control (MAC) address mappings -- on network hosts. This causes the victim computers to think they need to send traffic to the attacker's computer rather than to the true destination computer when communicating on the network. This is often referred to as a Man-in-the-middle (MITM) attack.

Spoofed ARP replies can be sent to a switch very quickly, which can crash an Ethernet switch or (hopefully) make it revert to broadcast mode, which essentially turns it into a hub. When this occurs, an attacker can sniff every packet going through the switch without bothering with ARP spoofing.

This security vulnerability is inherent in how TCP/IP communications are handled.

Here's a typical ARP spoofing attack with a hacker's computer (Hacky) and two legitimate network users' computers (Joe and Bob):

1. Hacky poisons the ARP caches of victims Joe and Bob by using dsniff, ettercap or a utility he wrote.
2. Joe associates Hacky's MAC address with Bob's IP address.
3. Bob associates Hacky's MAC address with Joe's IP address.
4. Joe's traffic and Bob's traffic are sent to Hacky's IP address first.
5. Hacky's network analyzer captures Joe's and Bob's traffic.

If Hacky is configured to act like a router and forward packets, it forwards the traffic to its original destination. The original sender and receiver never know the difference!

Top 100 Network Security Tools

Based on website http://sectools.org/


1. Nessus
2. Wireshark
3. Snort
4. Netcat
5. Metasploit Framework
6. Hping2
7. Kismet
8. Tcpdump
9. Cain and Abel
10. John the Ripper
11. Ettercap
12. Nikto
13. Ping/telnet/dig/traceroute/whois/netstat
14. OpenSSH/PuTTY/SSH
15. THC Hydra
16. Paros proxy
17. Dsniff
18. Netstumbler
19. THC Amap
20. GFI LANguard
21. Aircrack
22. Superscan
23. Netfilter
24. Sysinternals
25. Retina
26. Perl/Python/Ruby
27. L0phtcrack
28. Scapy
29. Sam Spade
30. GnuPG/PGP
31. Airsnort
32. BackTrack
33. P0f
34. 'Google'
35. WebScarab
36. Ntop
37. Tripwire
38. Ngrep
39. Nbtscan
40. WebInspect
41. OpenSSL
42. Xprobe2
43. EtherApe
44. Core Impact
45. IDA Pro
46. Solar Winds
47. Pwdump
48. LSoF
49. RainbowCrack
50. Firewalk

51. Angry IP Scanner
52. RKHunter
53. Ike-scan
54. Arpwatch
55. KisMAC
56. OSSEC HIDS
57. Openbsd PF
58. Nemesis
59. Tor
60. Knoppix
61. ISS Internet Scanner
62. Fport
63. chkrootkit
64. SPIKE Proxy
65. OpenBSD
66. Yersinia
67. Nagios
68. Fragroute/Fragrouter
69. X-scan
70. Whisker/libwhisker
71. Socat
72. Sara
73. QualysGuard
74. ClamAV
75. cheops/cheops-ng
76. Burpsuite
77. Brutus
78. Unicornscan
79 Stunnel
80. Honeyd
81. Fping
82. BASE
83. Argus
84. Wikto
85. Sguil
86. Scanrand
87. IP filter
88. Canvas
89. VMware
90. Tcptraceroute
91. SAINT
92. OpenVPN
93. OllyDbg
94. Helix
95. Bastille
96. Acunetix Web Vulnerability Scanner
97. TrueCrypt
98. Watchfire AppScan
99. N-stealth
100. MBSA (Microsoft Baseline Security Analyzer)

Wi-Fi, VoIP, USB security still lacking

<

That is according to Manchester-based IT membership body, the National Computing Centre (NCC), which found that 40 percent of companies have installed partial to no security on their wireless networks, while only 15 percent have initiated VoIP security measures.

With the proliferation of small, high-capacity USB storage devices also posing a liability, the NCC found that nearly 75 percent of respondents recognise that there is an issue to be addressed, but that only 11 percent have done so.

Stefan Foster, managing director of the NCC, said: "Running unsecured Wi-Fi is like locking the front door, but leaving the windows open. Fraudsters are increasingly targeting IT systems and the growing use of Wi-Fi is attracting their attention both inside and outside of the office environment.

A recent study by network security specialist BigFix found that mobile devices such as laptops and smart phones were posing a risk to network security, because most security configuration management solutions are unable to manage them when they are not connected to the network.

Although 80 percent of companies were using anti-virus products, 40 percent admitted to having been affected by malicious code in the last year.
>>
extracted from ITwales website "http://www.itwales.com/798604.htm"

We have to take a drastic counter-measure in order to provide a good network security. Easier said than done :P

In my opinion, in Malaysia, there is still lack of awareness in computer network security, generally, in wireless computing environment, specifically. Some of them haven't educate themselves with wireless network security as nowadays security has becoming a main issue of almost anything.

There is so much to be done in order to educate people and increase their conscience about computer network security. Life nowadays cannot be part from mobile technologies as they have become necessities.

So we have to held seminars, classes, or maybe even a short movie of "How to..." regarding of network security in commercial media.