 |
 |
 |
|
| Jay Fougere > |
|
So, You Have Been Cracked. What Next? As much as we would all like to say that our systems are impenetrable, the truth of the matter is that they aren't. No matter how much we patch, upgrade, and tune our systems, there are still vulnerabilities that have yet to be discovered. There is always the chance that some recently discovered exploit will be used against your system(s) before a patch is even available from your vendors. That being said, let's take a look at what your first responses to a break in should be.
Top Skills Your IT People Should Possess In this issue, we will take a look at the most desirable characteristics of your IT employees.
Building a Linux Kernel In our last issue, we looked at what data you need to collect before attempting to build a Linux kernel. This is very important information so you may want to take a look at the first article if you are a little rusty. I have also written an article about using the command line in Linux that may be helpful for you.
After the Hack: How to Get Back to Business More often than not, when your machine has been the victim of a cracker's attack, the best solution is to completely reinstall the operating system, being sure to apply all relevant patches to the machine. In other words, go to your software vendor's website and double-check all of the security announcements and patches... you may have been hit by a brand new exploit. I have many times been asked if a complete reinstall is absolutely necessary. The short and simple answer is "yes".
Security Basics Most cracks involve a tool as simple as a Trojan horse, which will leave a backdoor account open to the cracker. Young teenagers have been known to utilize such tools effectively, even against corporate giants. It is because of these types of attacks that users (even if it is your family hooked up to a small LAN on a cable modem) need to be educated about some basics that will stop most typical hackers. First of all, lets talk about passwords. Many of these tools that I have mentioned will expose null passwords. This means that if you do not enter a password when you log in, these scanners will show that to the potential offender, and then the hacker can easily take control of your system.
Casing the Joint First of all let's look at ports and what they are. When two machines across a TCP/IP network communicate with each other via a service (such as NetBIOS, HTTP, FTP, etc...) each machine will need to know not only the IP address but the port number that translates to the service that is being used. For instance, when someone is "surfing the web" the service that they will be using will be HTTP, which uses port number 80 by default. Most port numbers can be changed so that vulnerable services can be disguised by using a non-standard port number. For instance, if you knew that certain software exposed a vulnerability in a service, you could try to change the port number in order to circumvent that weakness. However, you would need to be sure all machines on the network are configured as such in order to continue using the service.
Windows 2000 Remote Installation Services Remote Installation Services (RIS) is a tool included with Windows 2000 Server products that is used to install Windows 2000 Professional over a network. I have heard that this can/may work with Windows 2000 Server now (it did not in the past), but I have not tried it and cannot verify that it does work.
Authenticating PostgreSQL Clients Today’s article is about security (authentication in particular) in PostgreSQL, the most advanced open-source database available anywhere (as its developers claim!!). So what about it? We know that security is a very important concern in the present day IT world. It’s no different with databases.
Most Common Viruses According To SARC Viruses are becoming more and more prevalent everyday (as if you didn't already know that...). This being the case, I decided to compile a list of the most common viruses according to SARC (see below), along with links on detection and removal procedures for each. It seemed that having this information in one place could be very helpful for those of you that have to deal with these viruses.
VPNs, 101 I am sure that most of you have heard of Virtual Private Networks, but do you know what they are and what they are good for? VPNs are a secure way for machines to communicate through a public network, privately.
Simple Network Troubleshooting I know that working from the command line can be intimidating to those of us who have always had a nice graphical interface to use. I am convinced, however, once you see how easy to use and effective the following tools are, you will be hooked. Even if you are an old pro, read on. You may find a use for one of these tools that you had not before considered.
Introduction to Cryptography Secret messaging has been in vogue since the times of Julius Caesar. But later, this art of communicating messages in a secret or encoded form has come to be known as cryptography. The word cryptography is derived from Greek and means 'secret writing'. This article is intended to introduce you to the basics of cryptography and lead you to do some encryption stuff yourselves.
My Favorite Security 'Tewlz' and Information Sites Almost anything you need to know about security can be found on the Internet. There are sites of every size, shape, and color - many with loads of useful information, others that are not nearly as useful. Many of these sites are very commercial while others are completely open.
An Introduction to Tripwire First of all, let me note that there exists two different versions of Tripwire. There is a commercial version available from http://www.tripwire.com. There is also a free version available for Linux fromhttp://tripwire.org and http://sourceforge.net/projects/tripwire/.
Windows 2000 Server Security Templates Ok, you have that shiny new, freshly installed server up and running. You are about ready to deploy it, but you are concerned about security. Judging by today's political climate, this is a concern that affects many system administrators, now more than ever.
Windows 2000 Groups Networking computers is done to serve one purpose; to share resources. As you probably already know, resources can be anything from printers to files to internet access, and more.
Top Skills Your IT Workers Should Possess 1). A willingness to learn IT is an ever evolving field. What was common practice six months or a year ago is not necessarily the best way to complete the task at hand now. Encourage your staff to read. Most good IT people will rarely be caught without a book; or at least documentation that they have downloaded and are looking at on their computer. Try to allocate some time to your staff so that they can stay abreast of issues pertaining to their area(s) of expertise.
Using the Windows 2000 Adminpak and Support Tools Included with Windows 2000 Server products is a utility known as "adminpak" which allows you to administer your Windows 2000 network from a Windows 2000 Professional machine that is located on the network (assuming you have permissions in Active Directory to do so; this is not a backdoor for crackers).
Compiling and Installing Software From Source Code I have only been using Linux for about three years, but I love it; the idea of Open Source, community, freedom, etc. I have found many topics concerning using and configuring Linux for which the documentation is either outdated or non-existent.
Setting Up A Secure Internet/Intranet Network The needs of businesses and their networks are evolving daily. Even in this time of recession, many corporations that have not previously had an Internet presence are considering such a presence to increase sales, service and customer support. Many small, static websites are being upgraded to offer all kinds of dynamic information. We have almost fully entered the information age.
Wireless LAN To bring those of you up to date on how WLAN technology works, let me give a brief overview. The version of WLAN that I am referring to is radio wave based and defined by IEEE 802.11b.
Why Active Directory? Many Windows NT Administrators are reluctant to upgrade to Windows 2000. What additional functionality does Windows 2000 offer over Windows NT? The answer to this can be summed up in two words: Active Directory.
Wireless LAN, Man First, let me explain that the wireless LAN technology that I am referring to is radio based, not Infra-Red (IR) or Microwave. The IR version requires "line of sight", as does the microwave version, which I consider to be a major drawback.
Your Site: Hackers Welcome Here? In our last issue, we discussed some of the basics for securing a machine on a network. The tactics that were mentioned are great for a first line of defense and will prevent a majority of attacks. In this issue, we will look a little closer at some of the most common TCP/IP ports that are used, the services that are generally run on these ports and what this means to you.
|
|
 |
iEntry Featured Services: Jayde Member Services | Forums | Freeware | Advertise with Us |
 |
| Contact
Us | Advertise
| Newsletter
Archive | Sitemap
| Submit an
Article | News
Feeds SecurityProNews is an iEntry, Inc.® publication - All Rights Reserved | Privacy Policy and Legal |
Join the WebProWorld Forums: Click Here |
|
|||||||||||||||||||||||||
