Should you not find your question listed below, then please click here to submit your query to the Blue Cube Team.
A port is a connection portal to a computer. To establish a connection, the TCP/IP from one computer links to another port on a separate computer. With over 65,000 ports available and various types of ports for different computers, this means hackers can easily tap into your system, hence firewall protection.
Port scanners work like your computers browser in that they determine if the port is listening for a connection. Unless you are running a service on that port it would be impossible to connect to it, essentially protecting your computer much like a firewall system.
There are certain ports on your computer that connect by default. This means that without a firewall you will not be able to shut them down, therefore posing danger to your computer.
Intrusion Detection Systems (IDS) are operations that look for particular activities in scan trends. The IDS application matches the scan behaviours up with their database in order to establish if the activities are malicious. IDS are useful if you run outside services such as a web server.
A de-militarized zone (DMZ) is referred to as a buffer zone which simply separates the internet and your private LAN. It is considered as a separate network which is not as trusted as an internal LAN (local area network), but more trusted than the internet. The purpose of a DMZ is to add more security to an organisations LAN.
The positive use of a DMZ is that it allows you to section your network so that it becomes entirely safe. You can connect to the DMZ and the internet, but neither network can connect to you. Essentially you are saying the networks are unsafe and are separate from your internal LAN. This way, if your host in DMZ is attacked, the hacker will not be able to damage any other computers in your LAN.
Start off by asking what your needs in terms of security is, and what you use the internet for? This will help to establish the level of security that you need. The remaining questions give an indication on how secure the protection should be and what needs protecting.
A worm is a repetitive code that doesn’t require a user to activate it. Essentially it is a disease that starts in one computer and finds other machines to infect.
A Trojan is a program that appears to be something that it is not. It is usually disguised as something else to trick you, for example a pop up reading “click here to protect against viruses”.
The main difference here is that they are in separate places on the protocol stack.
For example, IPSec is: TCP/UDP/ICMP – IPSec – IP – Ethernet
SSL is: Application (HTTP) – SSL – TCP – IP – Ethernet
The difference noted here gives IPSec more of an advantage. TCP is a little more secure because it actually encrypts the TCP header with the application data payload. It is therefore able to encrypt UPD packets, ICMP packets or another protocol that sits on top of IP.
Yes. If a site published pages which are not protected by a password, essentially the website can be copied and pirated. It is easily done with the use of ‘spiders’ (Perl) that can duplicate an entire website with the click of a button. Sometimes this can be legitimate, but most of the time, it is piracy.
This is cleverly used by hackers who copy an entire website but slightly change the domain name. This is why it is important to check that the website’s URL address is correct before giving out any personal information.
In some cases, it is possible for a site to spoof the domain name system so that the URL points to the wrong server. When this happens, the URL and the content look correct but the server you are connecting with is not. If the site uses SSL, you can confirm its identity by checking the site’s digital certificate.
There is no way to prevent material being copied and pirated across the public domain as of yet, but there are a number of ways to watermark images, sound samples and other binary formats to discourage their use.
My local network runs behind a firewall. How can I use it to increase my Web site's security?
The simplest use of a firewall in order to increase security is to create an “internal site”. This will be accessed only by computers within your own LAN. To do this, all you need to do is place the server inside the firewall.
If you want to make the server accessible outside your local area network, you need to put it outside the firewall. In order to make it safe in terms of security for your organization, it needs to be completely outside your LAN. This way, the server IS at risk of being hacked, but even if it is it will not have any impact to your inner network.
IP address restriction is not safe against hackers but is against harmless searchers. With accurate equipment, hackers can fake the IP address and make it appear as if they are connecting from a different location. Also, there is no assurance that the person contacting your server from an authorised host is in fact who you think they are. Therefore, it is a good idea to combine the IP address restriction with an identification check (user name and password). IP address restriction can be made safer by running your server behind a firewall that can reject fake IP addresses.
If your browser is set to use a proxy server then your server will only know about the IP address of the proxy, not the real user’s. This means that if the proxy is in a trusted domain, anyone can use it to gain access to your site; therefore, do not add the IP address of a proxy unless you can trust it.
Restriction by domain poses the same risks but also entails the “DNS spoofing”. This can be more problematic as it tricks your server into thinking that the trusted name belongs to an outsiders IP address.
User verification simply determines and verifies the identity of the user. A simple form of this is the use of user name and password.
Encryption works by encoding text with a key. Traditional encryption systems use the same key for encoding and decoding. In new systems, the keys come in pairs because one key is used for encoding and the other for decoding. Everyone owns a pair of keys which means the message can only be decrypted by the owner of the key, therefore making it safe to use. This is handy when creating digital signatures.
SSL (secure locket layer) is used to encrypt transactions in higher-level protocols like HTTP, NNTP and FTP. SSL includes server authentication, encryption of data in transit, and optional client authentication. SSL is put in place on various browsers.
SHTTP is a system set-up by CommerceNet. It is a higher level protocol that only works with the HTTP, but is more extensible than SSL.
Shen is a scheme by Phillip Hallam-Baker of CERN. It is a high level replacement for the existing HTTP protocol but has not been implemented yet.
A Denial of service is an attack which targets a computer or network which cannot provide normal services.
Usually the DoS attacks target the computers network bandwidth or connectivity. The bandwidth attacks essentially overload the network with a large amount of traffic that all network resources are destroyed making it impossible for legitimate user requests to get through.
Connectivity attacks swamp the computer with an increasingly high number of connection requests resulting in all the operating system resources being consumed. This means the computer can no longer process legitimate user requests.
High profile examples of this were the attacks from February 6th, 2000 which were bandwidth attacks on high-profile internet sites.
A Distributed Denial of Service (DDoS) attack uses a number of computers to create a coordinated attack against more than one target. Using the client/server system, the hacker is able to increase the effects of the DoS by utilizing the resources of various accomplice computers which can stage attacks.
This is done by installing a main DDoS program in one computer using a stolen account. This program then communicates to various “agent” programs which are installed elsewhere on the internet; the agents can then initiate the attack.
The only way to execute a DDoS is by swamping one or more of the servers with so many commands that it does not work correctly. If page requests are made during the attack, they will completely fail or the download pace will run so slowly it will make the site unusable.
The attacks usually take a number of computers which concurrently launch a large amount requests at the target website. So that they are not traced, the hackers hide the DDoS programs using the internet on unsecured computers. They can then launch them as anonymous attacks.
No, the only solution is to secure computers properly so that they do not face the potential threat. Despite this, many companies do not have the recourses to put this security in place. Also, because they are easier to break into, the attackers usually use non-commercial computers to stage the attacks. University systems are popular with attackers as they are usually understaffed, or the security levels are so low in order for students to browse the systems as part of their education.
In order to establish if your computer can stage attacks, check for the following:
To reduce the possibility of potential threat:
Look for echo reply packets at the border and drop them. For Cisco routers, use CAR to specify the maximum amount if bandwidth that can be used by echo reply packets.
A firewall can be either software or hardware, and are designed to prevent unauthorized access to a network by monitoring information coming from the Internet or network. Firewalls are considered the first line of defense in protecting personal information. The Firewall analyses the security criteria and either block it or allow it to pass through to or out from your computer.
A firewall can help prevent hackers gaining access to your computer. A firewall can also help stop your computer from sending malicious software to other computer.
Network Access Control (NAC) is either hardware or software that lets an organisation enforce access control policies based on an individual basis. NAC can be applied across LAN, wireless and VPN infrastructures.
Network Access Control (NAC) is the combination of a number of tools which control the access to a network, such as pre-admission endpoint security policy checks and post admission controls. NAC solutions ensure that new users and devices are evaluated to ensure security and compliance with corporate security policy. For example NAC can verify security policies and patch levels in line with the requirements of the organisation before it allows new users to the network.
The complexity of NAC can vary hugely from a range from simple rules to dictate network access or a, as complex as a set of per-user firewall rules which define which parts of the network are accessible to each user.
A proxy server, is a computer that acts as a gateway between a local network (e.g., all the computers at one company or in one building) and a larger-scale network such as the Internet. Proxy servers provide enhanced performance and security. Proxy servers can also be used by organisations to monitor employees' use of outside resources.
A proxy server works by intercepting connections between sender and receiver. All incoming data enters through one port and is forwarded to the rest of the network via another port. By blocking direct access between two networks, proxy servers make it much more difficult for hackers to get internal addresses and details of a private network.
Anti-virus software operates in one of two ways; either through Scanning or Real Time Monitoring.
Running a scan function with one or more anti-virus will not results in a conflict, however running more than one Real time monitoring service can cause conflicts. When installing anti-virus programs they automatically install and enable real-time monitors. Running two or more real-time anti-virus monitors at the same time is very likely to result in a conflict, causing error messages, crashes of the anti-virus programs, or other types of failure.
It is generally deemed ok to have more than one anti-virus program installed, and it can make sense to run a scan using a different program from time to time, but you must make sure you only have one real-time monitor enabled at a time.
However, it is recommended to use two different Anti-Virus engines positioned at the network gateway, and internally on Desktops/Servers to ensure a good coverage against risk of malware exposure.
Network security requires a number of factors to be considered in order to be successful. The level of network protection will vary depending upon the size of organisation to be safeguarded. Network protection relates to the protection of an organisations boundaries from external threats such as hackers.
Key considerations include the implementation of strong authentication, Firewall, Anti-virus, Intrusion Prevention Systems (IPS), Vulnerability Management systems, Log Management Systems, and Web/Email Security solutions.
Authentication systems are developing above and beyond the ‘something you know’ authentication requiring just a password/username to gain access, to encorporate multi factor authentication.
Two Factor authentications require the combination of ‘something you know (passwords)’ with ‘something you have’ such as a token, ATM card, dongle etc ... to ensure an added layer of security. Three factor authentication can also be applied to combine the something you know and something you have, to incorporate biometric authentication to provide a ‘something you are’ level of cover.
A computer security audit can be either a manual or systematic technical assessment of a system/application. Manual assessments include interviewing staff, performing security vulnerability scans, reviewing application and operating system access controls, and analyzing physical access to the systems. Systematic assessments include system generated audit reports or the use of software to monitor and report changes to files and settings.
Hard disk encryption transforms content including temporary and deleted files on your computer's hard drive into an unreadable format, to block access to data and details to unauthorized users. Should your laptop or PC be lost or stolen, hard drive encryption prevents your personal data being accessed without the authorised password to enable the content to be un-encrypted.
Hard drive encryption installs an encryption/decryption driver to act as a filter between an operating system and hard disk to ensure that all data stored on or retrieved from the disk is encrypted or decrypted
