Computer Network Security

• Using spoofing, an intruder can fake the source address of his packets and make them look like they originated on the trusted hosts.

• The basic idea of anti-spoofing protection is to create a firewall rule assigned to the external interface of the firewall that examines source address of all packets crossing that interface coming from outside. If the address belongs to the internal network or the firewall itself, the packet is dropped.

Physical Security is the protection we provide for the buildings, property and assets against intruders. When designing a physical security program, the three levels you need to protect are your outer perimeter, your inner perimeter and your interior. The outer perimiter of your property is defined by your actual property lines.

Perimeter security is a set of physical security and programmatic security that provide levels of protection against remote malicious activity.

Perimeter security is enforced in the following areas:

• Physical Access Control. The security devices and policies that are enforced for physical access control prevent the spread of viruses through portable storage devices, help protect data on the phone and the Subscriber Identity Module (SIM) card.
• .cab Signing. .cab file signing provides a more secure method of packaging and delivering applications in Windows Mobile Standard. By signing the .cab files for downloads, Windows Mobile Standard can verify the source and integrity of the file.
• Device Management. The security policies that are enforced for device management help to protect the device from threats that may originate from over-the-air (OTA) downloads or push messages.
• Microsoft® ActiveSync®. The RAPI policy that is enforced for ActiveSync operations helps to protect against application-level threats.

1. Software defect This is the most common one will encounter. A defect can be in operating system

   software or application software. Defects in the OS are typically more worrisome, but an application defect can be just as troublesome. For example, a defect in a database management system (DBMS) that allows customers' data to be viewed by unauthorized people on the Web is just as damaging as revealing that same data through an OS defect. Examples of typical sofware defects are buffer overflows, design problems that allow access to functions that should be disallowed, allowing malformed input, allowing access to files or data that should be disallowed, and so on.

2. Clear text data captured It is more true now, that the usage of wifi is a common practice. If user, password, or other data is transmitted across open networks in clear text, it can be intercepted and used. A classic example is the difference between TELNET and SSH. TELNET transmits all data including passwords and login names in clear text. Anyone on the network and have their network card in promiscuous mode, can sniff out the login information and gain access to a system. SSH uses encryption on all traffic and is more secure. The same is true when using FTP instead of SFTP.
3. Weak passwords Crackable or easily guessable passwords are a common way for hackers to gain initial access to a system. Cracking passwords are much more easier with more people having access to very powerful computers than ever before; and if you can network a host of powerfull computers to crack passwords the possibiulites are great. Because of the fact that linux passwords (and commands) are case sensitive, one should take advantage of this and use both uppercase and lowercase words along with numbers punctuation marks and even spaces. And change it often, atleast once a month.
4. Spoofing Spoofing occurs when an attacker pretends to be an entity and takes over communication between systems. For example, if SystemA and SystemB are communicating, the attacker could set up SystemC to use SystemB's IP address, hostname, and so on. The hacker could then use a DoS attack to knock SystemB offline and take over the "conversation" with SystemA.
5. Carelessness Carelessness is a human error that hackers exploit to gain access to a system that is exposed through negligence or stupidity. Two classic examples are using the default password and writing down a password.
6. Denial of service "A denial-of-service attack (also, DoS attack) is an attack on a computer system or network that causes a loss of service to users, typically the loss of network connectivity and services by consuming the bandwidth of the victim network or overloading the computational resources of the victim system" (from http://en.wikipedia.org/wiki/Denial_of_service). Examples are invalid packet floods, valid packet floods, and service floods such as HTTP attacks.
7. Access controls restriction This condition occurs when permission to access a resource (a service, file, directory, system) is not properly restricted.

I am sure there are other types of vulnerabilities that should be taken just as seriously as the one mentioned above. However you can never be too secure. So don't only think about conventional methods of attacks and securing your system, chances are like yourself, an attacker is also thinking out of the box to attack your system.

As a Network Security Specialist instructor, this is what I tell my students:

1. Have an excellent background in networking
2. Learn the various aspects of security from a security program
3. It is desirable to have some aspects of software development, notably with scripting

work with vendors to analyze and troubleshoot solutions

automate software application deployments

provide and recommend solutions to senior management

patch desktops in an enterprise architecture

analyze and troubleshoot windows installers