You are on page 1of 11

Abstract:

For every consumer and business that is on the Internet, viruses, worms and
crackers are a few security threats. There are the obvious tools that aid
information security professionals against these problems such as anti-virus
software, firewalls and intrusion detection systems, but these systems can only
react to or prevent attacks-they cannot give us information about the attacker,
the tools used or even the methods employed. Given all of these security
questions, honeypots are a novel approach to network security and security
research alike.

A honeypot is used in the area of computer and Internet security. It is a resource,


which is intended to be attacked and compromised to gain more information
about the attacker and the used tools. It can also be deployed to attract and divert
an attacker from their real targets. Compared to an intrusion detection system,
honeypots have the big advantage that they do not generate false alerts as each
observed traffic is suspicious, because no productive components are running on
the system. This fact enables the system to log every byte that flows through the
network to and from the honeypot, and to correlate this data with other sources
to draw a picture of an attack and the attacker.

This paper will first give an introduction to honeypots-the types and uses. We will
then look at the nuts and bolts of honeypots and how to put them together.
Finally we shall conclude by looking at what the future holds for the honeypots
and honeynets

Why It's Important


Protecting computer networks requires the implementation and maintenance of
many different types of network security. Hackers and disenchanted employees
are not the only threats to network systems, devices and data. Poor procedures
and processes, ignorance of policy, lack of security awareness, and
inappropriate physical access to systems increase the risks to data, personnel,
and devices. Effective and efficient security plans include overlapping types of
network security within the computer network.

Physical Security
The physical types of network security provide protection from fire, unauthorized
access, and/or natural disasters. Restrict physical access to systems, routers,
firewalls, etc. by combining the use of high quality locks with secondary
verification systems, such as biometric scanners. Security guards, video
monitoring and alarms are other ways to help keep areas secure. Password-
protect and monitor physical access to all systems. Invest in fire detection and
waterless fire suppression systems.
Perimeter Protection
Perimeter protection refers to the devices that separate your network from the
rest of the world. Firewalls are the most commonly implemented perimeter types
of network security devices. Application and appliance-based firewalls block
certain types of data from entering your network using standard and user-defined
filters. Many wireless routers include basic firewalls. Another important part of
perimeter security is the implementation of encryption and protocols to protect
the wireless network from unauthorized access.

Monitoring
Scanners, sniffers and analysis tools give the trained administrator insight
regarding system vulnerabilities. Many hackers use these tools to find
weaknesses in network security. Port scanners reveal open ports, which may
lead to the discovery of unnecessary or compromising services or applications.
Content filters prevent users from accessing websites that are inappropriate for a
work environment or contain malicious coding. Anti-virus and adware/malware
scanners protect data and equipment from unwanted applications. Monitoring
keeps those responsible for network security informed about the types of data
and network events that take place on the network. Baselines are established
over time during routine scanning and monitoring. Deviations from the baseline
are clues to new and possibly compromising events on the network.

User Education and Training


Many people are surprised to learn that user education and training are types of
network security. User education and training should begin at orientation with an
overview and discussion of the company’s expectations regarding employee
compliance with the various types of network security policies. Security
awareness programs include items not covered by policy, such as social
engineering, reasons for implementing certain processes and procedures and the
effect of security breaches on individuals and the business. Scheduled training
and awareness events serve as a reminder of the importance of security policies,
and help to keep employees apprised of changes and updates. Training and
educational opportunities include presentations by fellow employees, videos,
computer-based training, newsletters and other organizational communications,
and presentations or courses given by external professionals or organizations.

SMS Phishing
SMiSHing is another term for SMS Phishing—a type of phishing attack that is
received through a mobile phone as an SMS message. The message may
contain a link to a website and ask customers to verify their accounts,
unsubscribe or subscribe to a service, or activate their memberships.

Some SMS-based phishing attacks do not contain website links in the message,
but do include a phone number for the recipient to call to activate or provide
information requested from automated prompts. The SMS phishing message
may also contain nothing but a text message, and the potential victim is
instructed to reply to the message with a yes or no text message in response.

How Can SMiSHing Harm Legitimate Businesses?


Phishing, as we know, is a form of criminal activity. If a business name is used by
a fraudster, the company or business name may become unpopular to potential
customers. That is, if the company being targeted by phishers does not take
action to clarify that their business is not involved and associated with recent
phishing attacks, customers may lose faith or even blame the business for the
phisher's actions.

Below are examples of SMiSHing attacks that I have received over the past few
weeks:

The above message is from a service number. If I respond to the message with a
"Yes", my account will be credited for the amount requested by the SMiSHer.
Here's another example of a fake service message via SMS that contains a link
to download a file which is infected:
Below is yet another example of SMiShing that I received. This one used a
company name "Power Root Sdn." (Sdn is an abbreviation for Sendirian Berhad,
which means "private business" in the Malaysian language) in the message. The
company Power Root may or may not exist, but the message announces that I
won 20K and should call the provided number to claim the prize.

People who respond to the message or call the provided number will be
prompted to provide their credit card number, mother's maiden name, birthday
and other personal information, allowing the phishers to gain access to their
accounts.

People who have not heard of SMiSHing might fall into the trap of revealing their
identity or giving out private information such as credit card numbers, social
security numbers, and other personal data. If the victim realizes that they are
being phished via SMS messages, they might blame the other victim—the
business or company being used by the fraudsters. The customers will become
unsatisfied because the company did not alert them of potential fraud or scam
messages using their business name. In some cases, the unsuspecting customer
might expect that something good actually happened, e.g. winning money from
the company that supposedly hosted a contest. They will try to claim the amount
they've won. The company will now have to deal with the customer and explain
their business is not associated with the fake SMS message.

How Can You Stop SMiSHing?


A company or business should be aware of the current online and offline threats
that their customers or their own company might face. Prevention is better than a
cure, which is why it's recommended to stay updated on all scams that are being
perpetrated. If companies A and B are victims of phishing, then companies C, D
and E could be next.

To stop SMiShing from using your business or company name, you should start
creating security policies. An example policy to create and implement is to filter
messages sent and received by your company. There are security software
vendors that provide anti-spam and anti-phishing protections e.g. Trend Micro
and Symantec. If your business sends an automated message to customers, but
you are using managed security protection, then malware, security issues,
vulnerable platforms and applications will be prevented. And, if your business
system is free from any security issue, a fake SMS or phishing attempt will not be
sent by your automated service messaging system.

Keep Your Customers' Data Private

Phishers or spammers target a company or person for private data. Any


information that was leaked (intentionally or unintentionally) is what they want.
Apply the fixes and restrictions to ensure that all information will never be leaked
and immediately respond to any report by customers to prevent another victim.

Use Verification Services

If your company is using mobile system


messaging or providing mobile services to
customers, ensure that there is some
verification system, e.g. mobile transaction
authentication code (TAC), in addition to the
account PIN code. Operating System Attacks
Operating systems have flaws, and some come with the way the OS is written.
They may create vulnerabilities unintentionally; hackers look for them and exploit
them if found. There are several denial of service attack examples for you to
consider.

One such vulnerability is a weakness that allows a hacker to enter the system
and take it over remotely. Then all he or she has to do is prevent a legitimate
user from accessing or working on the system.

Lockouts are possible, where the denial of service--DoS--prevents legitimate


users from accessing their system. This comes from the fact that many systems
have authentication features, such as a login name and password. It is also
typical that there are a limited number of attempts that can be used in order to
gain access, and reaching that limit locks out the user. So a hacker can

manipulate the login account limit and lockout the user.


Networking Attacks
DoS attacks can also affect networks. One example deals with the physical
destruction or alteration of network components. Connections between two
computers may be disrupted or the disruption will occur among the multiple
devices on the network. One way to do this is to flood the bandwidth with
extraneous traffic. Legitimate traffic can't enter or it travels at a reduced speed.

Another example is a "SYN Flood" attack, which prevents legitimate hosts from
connecting to the network. The attacker starts the process of establishing a
connection to the victim's machine; however, the ultimate connection is
incomplete, deliberately so. Then the victim's machine has reserved one of a
limited number of data structures required to complete the impending connection,
but it will never complete it. So the real connections are never complete, while
the victim is waiting for another, bogus, connection to complete.

Non-Renewable Resources
DoS attacks can also consume scarce, limited, or non-renewable resources. One
example of a denial of service attack comes with the destruction or alteration of
configuration information in the operating system. Such an attack may flood the
system so that it is incapable of performing the normal operations. The CPU may
be performing at the 100% level, which prevents other processes from running.

Another example is when programs are triggered to access more and more
memory, thereby filling up the available space in the system. Generating excess
mail messages may take up memory. This slows the system down, even to the
point that other programs can't run. Even after a re-boot the problem does not go
away. In such a case the DoS attack now comes with malware that has infected
the system.

Sources
For an article on legal cases involving hackers and cyber crime see: Busted
Hackers and Cyber Criminals - Interesting Cybercrime Cases
Operating System Attacks: http://www.irchelp.org/irchelp/nuke/

Image: http://en.wikipedia.org/wiki/File:Stachledraht_DDos_Attack.svg Common


License

Networking Attacks: http://www.cert.org/tech_tips/denial_of_service.html

The Purpose of an Intranet

An intranet is much different from an extranet and the


Internet. It is a private network for a small collection of users like employees
which have been granted permission by their organization to access the Web,
email, and other information services found on the Internet. An intranet is
intended for small-scale operations, but it has proven useful for collaboration and
sharing resources like computer data, network applications and sharing
information among employees. There are other intranet benefits as well, such as
saving a business time and money when using one.

*For those people who are still uncertain why an intranet is important to business,
check out this article, "The Purpose of an Intranet."

According to Oracle, an "Intranet is a network that is "owned" by a single


organization that controls its security policies and network management." [1] In
short, it fulfills data and information management requirements. It is deployed for
internal users and not external users who are on the outside of the private
network, like business partners or other businesses. However, such users can be
granted use of an intranet if an organization permits it.

Often, for security reasons, an organization will deploy a demilitarized zone, or


DMZ, which is a computer or small subnetwork to protect internal, private
networks from being accessed by external users (see image). In addition, an
organization may segregate the applications in the intranet, which are on internal
severs, from other network systems through the use of firewalls to increase
internal security. Firewalls are useful in an intranet for filtering traffic and to
effectively manage and control network traffic, but as with any network system
(like an extranet), an intranet creates risks and has intranet security issues (as
shown in the next sections of the article).

Image Credit Sun.com

10 Common Intranet Security Issues


Here is a list of 10 intranet security issues and what a user and organization do
to resolve them:

1. Network security threats. Internal and external threats are common. Some
are deliberate threats while others are not. It's best to use a firewall and some
sort of security software like McAfee Network Threat Response.

2. Security breaches. There are times when an intranet will encounter


suspicious traffic, such as spam, phishing, spyware, adware and malware, so
deploying an effective email filter (and firewall) can help block the suspicious
traffic from entering the network.

3. Network attacks. There have been several cases reported of an intranet


being attacked. A network-based intrusion prevention system (IPS) or an
intrusion detection prevention system (IDPS) can offer great protection. They
also can be deployed for monitoring network traffic and detecting and preventing
well-known threats and attacks.

4. Unauthorized access. This happens much too often when an internal or


external user (not authorized) gains access to data and corporate information
stored on an intranet. It may be wise to use some type of authentication like
passwords, smart cards, or biometrics; in addition, to deploying a bastion host
before a user has access to the intranet.

5. Misuse of user privileges. Too often are users gaining unauthorized access
to systems from the Intranet. Businesses may want to use some type of intranet
monitoring software to see what their employees are doing on the intranet or on
their own PCs.

More Intranet Security Problems


6. Violations of security policies. At times, users will
make illegal attempt to penetrate the network without clearance and permission.
Internal users must understand what happens when someone violates the policy
in attempt to protect internal IT systems on the intranet.

7. Malicious content. Intranet users are vulnerable to malicious content


(viruses, worms, and Trojan Horses) that attach themselves on emails.
Businesses and users alike must remember to always maintain and update their
security software on every PC and server on an intranet to ensure protection.

8. Usability problems. There are users who still improperly use the intranet.
They do not know how to search, retrieve, send or share data and information;
often, doing more harm than good on the private network. Some users may need
formal training.

9. Weak passwords. Users tend to use weak passwords, write down passwords,
never change them, or forget them. Network administrators must encourage
users to overcome these issues and have them use hard-to-guess passwords, as
well as not to share them, or write them down.

10. Lack of encryption. Many times unsecured "confidential" data is shown to


unauthorized users because they do not use encryption. Using SSL digital
certificates can help secure the Intranet.

Intranet Tip: Set up firewall rules to allow only those messages that originate
from the internal server.

Advice: Any person granted access to an intranet should receive formal security
training first. Users need an IT security policy handy to know what to do when
there is a security violation, a security threat or attack, or learn how to resolve all
other intranet security issues such as those mentioned above.

Solution: Businesses can set up on their own intranet and choose a software
solution like Office Ability to overcome some of the common security issues like
usability problems, passwords, and encryption, or use HyperOffice, which is a
business that offers their own "Securely Hosted Intranet Software Solution" for
other businesses.

Resources & References


[1] Network Considerations:
http://download.oracle.com/docs/cd/A97335_02/apps.102/a86202/chap09.htm

• Intranet Journal - http://www.intranetjournal.com/features/isecurity.shtml


• Windows Securit Whitepaper -
http://www.windowsecurity.com/whitepapers/guide_to_securing_intranet_
and_extranet_servers.html
• Sun - http://www.sun.com/software/whitepapers/wp-security-
intranet/protectingfromwithin.pdf

Conclusion

Untangle is a marvelous product. It does more in a single installation than any other product on the market,
commercial or otherwise. The incorporation of third party open source projects means that there is a diverse
body of support and updates for the product and a mass of humanity working on keeping the various
components current.

If you are a small to medium sized business looking for better protection of your network, use this product.
Buy the Professional Package. You will not regret it.

Network Security Solutions


NGIT's operational excellence will facilitate to provide functional knowledge to
stream line the operations with technology. NGIT's security experts and consultants
use international standards (BS 7799, ISO17799) and widely accepted tools to install
best practices.

• Risk Assessment

• Define and identify the assets to be protected


• Measure the various risk levels
• Identify vulnerabilities associated
• Recommend a complete security plan

• IT Security Audit
• Vulnerabilities in LAN & WAN architecture
• External access & e-business architecture
• Firewalls, routers, web servers, proxy servers, NT servers, Unix servers.

• Security Policy Development

• CIT consultants use the following methodology to develop security policies


• Analysis of the security needs
• Review of the existing rules
• Rework of the rules
• Validation & distribution of the policy
• The policy developed shall be in compliance with BS 7799 and ISO standards.

• Infrastructure Security Design

• Design a secured LAN, WAN & Internet access architecture


• Design a VPN & PKI architecture (technical & functional design)
• Design a secured external & remote access architecture
• Design a secured e-business architecture
• Design a secured internal firewal