Computer Network Secure?

Computer security. With many people switching their systems to a broadband network, the need for computer security education has grown. This lens provides an overview of computer security topics as well as links to resources I use to keep the systems I manage at home and at work secure.
I have taken most of my computer security training from the SANS Institute. For those wondering, I have completed Firewalls, Perimeter Protection and VPNs, Intrusion Detection, Incident Handling and Hacker Techniques, Windows Security, LAMP Secure Online Presence and Wireless Network Auditing.

Internet Storm Center News

SANS

Fetching RSS feed... please stand by

ToaSecurity RSS

A popular site with great information on security topics.

Fetching RSS feed... please stand by

eWeek Security Feed

Fetching RSS feed... please stand by

Keep up with the latest security information

Internet Storm Center: The SANS organization hosts the Internet Storm Center. This site is a good place to start off your morning, helping you to be aware of the latest issues discovered relating to computer security.
CERT: CERT tracks current security alerts and know vulnerabilities.
Security Focus: Another site which posts articles on computer security as well as new vulnerabilities.
French Security Incident Response Team: Sometimes International sources know about problems before they show up in the United States.

My Other Featured Lenses

These are my other computer security lenses.

Learn to Wardrive

Auditing wireless networks is a good way to start exploring wireless networks, their popularity and the risks associated with them. This lens provides information on wardriving and wireless network security. I learned a lot by obtaining my SANS GAWN-...

Computer Security Jump Bag

A Jump Bag is the term used to describe the bag or container holding all of the tools you need to appropriately respond to a computer security incident. SANS Incident Handling Course covers the topic of Incident Handling in-depth. It is a great cours...

Physical Security

Securing the physical environment is a challenge but according to the COBIT framework covers the areas of site selection, physical security, controlling physical access, protecting against environmental factors and the proper management of a facility...

Social Engineering

This lens is about how social engineering attacks are attempted against companies in order to gain access to computer system, data or other company assets. Social attacks are attacks which use employees as a way to gain unauthorized access and inform...

Got a Security Policy?

A policy will guide decisions about how to implement security.

A security policy communicates the company's vision of security, it provides an easy-to-use source of security requirements and is a flexible document which must be updated regularly.

SANS Security Policy Project: The ultimate goal of this SANS project is to offer everything you need for rapid development and implementation of information security policies. You'll find a great set of resources posted here already including policy templates for twenty-four important security requirements.
Site Security Handbook: RFC 2196 documents a Site Security Handbook that is a guide to developing computer security policies and procedures for sites that have systems on the Internet.
ISO17799: ISO 17799, is a detailed security standard. It is organised into ten major sections, each covering a different topic or area; Business Continuity Planning, System Access Control, System Development and maintenance, physical and environmental security, compliance, personal security, security organisations, computer and operations management, asset classification and control and security policy.
NIST: The National Institute for Standards and Technology has publicly available security documents. Review NIST 800-53 Recommended Security Controls for Federal Information Systems which is a very detailed document explaining security controls covering 17 categories.

Secure your hosts

Center for Internet Security: The Center for Internet Security maintains a site with benchmarking and scoring tools for many different operating systems. They have great documentation on how to secure your hosts, with detailed instructions and explinations of why each step should be taken.

*** If you have never seen the documents produced by the Center for Internet Security, do yourself a favor and review one. They are the best I have seen on securing operating systems. ***
Secure Your Laptop!: Lundquist's Guide To Not Getting Fired for Losing Your Laptop. Eric Lundquist makes many very important points about what data you should keep on your laptop and additional steps you can take to keep the data safe and confidential in this article.
Host-Based Intrusion Detection (HIDS): Protect you host by installing software to watch for bad behavior. OSSEC is an open source Host-Based Intrusion Detection software solution getting a lot of attention.
Home PC Security Tips: For those of you who are looking for information on securing your home PC, or would like to know who to call for help with your home system, checkout Kim Kamando's site and Radio show.

Computer Protection Products from Amazon

I use WebRoot products to protect all of the systems in my house. Check out their new Childsafe product I just started using it to help limit what my kids can see while using the computer.

Webroot Spy Sweeper Antispyware 5.x

Amazon Price: $29.99 (as of 07/25/2008)

Webroot Spy Sweeper with Antivirus Family Edition - 3 PCs

Amazon Price: $49.99 (as of 07/25/2008)

Webroot SpySweeper AntiSpyware - 3 User

Amazon Price: $39.99 (as of 07/25/2008)

Spyware, Viruses

WebRoot SpySweeper: I like WebRoot's SpySweeper product and have used it over the past year.
Symantec Virus Software and more: If you are running email applications on your host, be sure to have anti-virus software installed.

Perimeter Secuity

Firewalls, Screened Subnets

The best approach to security is defense-in-depth. Many layers exist from the public internet to your host or servers, these are often defined as the perimeter, network, host, application then the data layers. Each of these layers should have some form of protection in place.

Defense in Depth: The term defense in depth comes from the military.
How Firewalls work: Firewalls come in many different configurations which provide different levels of support. They are often called packet filtering, stateful or proxy firewalls. Many different free firewalls exist, for example, ipf, ipchains, m0n0wall, and sonic wall to name just a few.

Monitor your hosts and network

It is important to monitor your hosts and network so you will know what normal system behavior looks like. Once this is known, you can set up detectors to look for, and alert you to anomalous behavior.

Nagios Host Monitoring: Nagios is gaining popularity as a good open source monitoring solution.
Cacti: A network graphing solution using PHP and MySQL.
Tripwire - Now Open Source: Open Source Tripwire® software is a security and data integrity tool useful for monitoring and alerting on specific file change(s) on a range of systems. The project is based on code originally contributed by Tripwire, Inc. in 2000.
Osiris: Osiris is a Host Integrity Monitoring System that periodically monitors one or more hosts for change. It maintains detailed logs of changes to the file system, user and group lists, resident kernel modules, and more. Osiris can be configured to email these logs to the administrator. Hosts are periodically scanned and, if desired, the records can be maintained for forensic purposes. Osiris keeps an administrator apprised of possible attacks and/or nasty little trojans. The purpose here is to isolate changes that indicate a break-in or a compromised system. Osiris makes use of OpenSSL for encryption and authentication in all components.
SamHain: Samhain is a multiplatform, open source solution for centralized file integrity checking / host-based intrusion detection on POSIX systems (Unix, Linux, Cygwin/Windows). It has been designed to monitor multiple hosts with potentially different operating systems from a central location, although it can also be used as standalone application on a single host.

Intrusion Detection Systems

Are you paranoid?

If you do not watch the activity on your network, you will not know who is knocking.

SNORT: SNORT is one of the most popular IDS tools.
ACID: If you are going to snort, you may as well use ACID. ACID is a php web console you can use to search and process Snort results.
BASE: BASE is another web based application useful when analyzing SNORT results.

Auditing your network (Ethical Hacking)

Have you looked yet?

Ethical hacking refers to a testing activity done by an individual who is authorized to audit a network. Always have paperwork which identifies your authorization to use software and test for vulnerabilities on your network.

OWASP: The Open Web Application Security Project (OWASP) is a worldwide free and open community focused on improving the security of application software. OWASP's Webgoat product will help teach you about how hackers attack web services. Their Webscarab tool is also quite useful. Check out their valuable content, find a local chapter and help build this community.
Nessus: Nessus is a free, very popular network auditing tool. A new version exists for MAC OS X.
NMAP from Insecure.org: The insecure.org site provides the nmap tool as well as the new list of the top 100 security tools.
Ethical Hacking: Ethicalhacker.net provides information and resources for auditing networks.
The Metasploit Project: Metasploit is a powerful tool which can help test expoits on a network.
SQL Injection Cheat Sheet: Do your applications filter user input to remove bad input characters? Have you tried to use sql injection against your applications to see what information you can extract. An SQL cheat sheet is handy to remember the techniques to use when testing injection attacks.
XSS Cheat Sheet: RSnake has put together a Cross Site Scripting Cheat Sheet.

Incident Response / Handling

Are you prepared?

The first step in incident handling is knowing what task has the highest priority, returning the systems to an operational state or collecting evidence in order to prosecute the attackers, if they can be found. The number one rule when collecting evidence is to always have two people collecting evidence removing the possible argument that the data collectors tampered with the evidence.

Intruder Detection Checklist: Hopefully you already have your own checklist, if not, look at available checklists and see what information your checklist should cover.
National Institute of Standards and technology: A 148 page PDF file covering the topic of incident handling.
SANS Intrusion Discovery Cheat Sheet: SANS provides a Intrusion Discovery cheat sheet for UNIX administrators which can help you remember many of the items you should look for if you suspect an intrusion.
Nmap Nessus PDF cheat Sheet: A PDF nmap and Nessus cheatsheet
Tools and Hardware for Incident Response: The Incident Response Book published by O'Reilly contains a lot of information. The Chapter Seven sample provides a list of tools and hardware that you will want to be familiar with or have in your response bag.
Have a Jump Bag: Be sure you are prepared to respond appropriately to computer incidents by having a jump bag.

Wireless Security

How far does your signal go?

Most new computer systems either come with builtin wireless devices or have the option to add a wireless device when purchased. Given the convenience of a wireless network many users set the network up without understanding the security implications of running a wireless network.

Wireless security information.: I cover many wireless security issues on my wardriving squidoo lens.

TCP/IP

What you must know.

TCP/IP wikipedia: The wikipedia is a nice place to start your research of the TCP/IP Protocol.
SANS TCP/IP Cheat Sheet.: I keep a copy of this document with me as well as stuck to my cubicle.
OmniPeek: WildPackets has recently released OmniPeek in response to the release of WireShark. There are many nice features built into this tool and I am starting to prefer to use it, rather than ethereal or wireshark.
WireShark (Ethereal): A network protocol analyzer which is very useful for analyzing problems or incidents on the network, formerly known as Ethereal. Keep this free product up to date.
tcpdump: Many UNIX systems support tcpdump as the tool to use to watch network traffic on a host or network. If tcpdump is not available check for snoop.
Windump: Windump is my tool of choice on a windows platform.

Help the good guys!

Dshield: Contribute your firewall reports to DShield and help the internet community know what activities are taking place on the internet. The internet storm center has graphs of the activities reported to DShield.
10 Most Wanted: Dshield's report of the top 10 offenders.

Learn from the Bad Guys!

Set out some bait.

There are numerous open source tools available to set up fake servers to watch what techniques or exploits the crackers are using.

Set up a Honeypot: A honey pot is a system placed on the network with the intention of letting crackers interact with the system. Logs are kept of the actions taking place on the host with the intention of learning what exploits are being used in the wild.

Wireless honeypots can also be setup to catch wireless crackers.
Tarpits are stickier: The idea of the tarpit is to set up a host which will answer all request made to it on any port, but never complete the conversation. When the host that is trying to establish the connection checks back with the tarpit, the tarpit responds back saying it will eventually finish the connection. Little does the external host know, but the tarpit will never allow the session to be set up. The idea is to tie up hosts acting badly on the network. These are fun to watch but many people do not consider them an extra layer of security.

Reader Feedback

What do you think of the lens?

donm207

Whoaa, great info, great lens, with fantastic links! Thanx! 5 stars here!

Posted June 07, 2008

Useful site with different type of Network Security for computers and related information regarding Auditing management , visit in Auditing
Software.

Posted May 22, 2008

Babsie56

Thanks Todd this is a great lens. Really like the info on SANS Internet Storm Center. I'll be back!

Posted May 25, 2007

General Network Security Tip Book

Network Security Hacks

by Andrew Lockhart

Take tips from the experts. Investigate O'Reilly's Hacks Book Series.

Amazon Price: $22.46 (as of 07/25/2008)

Network and System Monitoring Book

Know how to monitor your network and systems.

I have always used the open source SNIPS product to monitor my hosts and network, but Nagios is quickly gaining popularity as the open source choice for network monitoring.