Network security articles
| Tweet | |
| Share |
 Navigation: Categories » Electronics and communication » network security
Go to Page# 1 2 3 4 Home broadband is an easy way to communicate (04/30/2012)
... The widely increasing culture of comparison shopping in the UK has entered into the home broadband market too. A number of comparison websites have come into existence to make this process easier. Users just need to enter their postcode and the website displays a comprehensive list of the service providers in that area. There are various ways of connecting via home broadband, out of which most frequently opted one is via ADSL modem. The other way is to connect via a cable modem.... What is Network Monitor for (04/19/2012)
... These checks allow you to monitor a wide variety of network hosts and devices. The monitoring program should notify you when a device or server goes down automatically. Thanks to this fact, you can react to any problem quickly and recover all failures in time. The network monitoring program can help detecting malicious software on computers in time. The administrator can monitor opened TCP ports via the TCP protocol.... Why to Deploy a VPN (12/15/2011)
... A sufficiently wide radio frequency data carrier can constitute such a fat pipe. On the other hand, the second major motivator for VPN deployment is the increased need for privacy of data communications. All externally transmitted internal communications must be separated from the external observer through the use of strong cryptography and authenticity. The traditional secure solution that enables external clients to access internal resources is the deployment of RAS. However, affiliated costs of maintaining the equipment and the associated costs of telephone calls can aggravate the attractiveness of such a tactic.... Suspicious Events on WLAN (12/15/2011)
... 2 Management/Control Frames Events Increased frequency of normally present network frames. Frames of unusual size. Unknown frame types. Incomplete, corrupted, or malformed frames. Floods of deassociate/deauthenticate frames.... Reasons why Wirelwss Networks are hacked (12/14/2011)
... It gives (nearly) anonymous access and an attacker is difficult to trace. Any time the attacker logs in from his or her ISP account, he or she is within a single whois command and a legally authorized phone call from being caught. The "traditional" way of avoiding being traced back is hopping through a chain of "owned" hosts that then get rm -rfed (or, in case of a more experienced attacker, shredded, defiled, decimated, or bcwiped) after a serious attack is completed and the time for an escape sequence has arrived. There are few significant disadvantages (from a cracker's viewpoint) of such a method. A cracker still needs an ISP account, for which he or she has to supply credentials.... Wireless Crackers: Who Are They (12/14/2011)
... Instead, he or she will use them to take over your LAN, launch further attacks from it, and hide his or her tracks afterward. Although everyone is critical about "these damn script kiddies," a "script kiddie system administrator" who lacks an understanding of network security basics presents an equal, if not worse, security threat and should be held responsible for the network break-in as well as the cracker who did it. So, if a White Hat hacker or a security consultant approaches you regarding your wireless network vulnerabilities, listen, learn, and perhaps use the tools he or she employed to audit your own network for potential security flaws. Alternatively, you might want to order a wireless security audit from a capable local IT security consultancy that can fix the problems discovered. Of course, you don't have to wait for the disclosure to happen.... Wireless Security Policy (12/14/2011)
... Hosts that are not updated should be denied network access. Finally, perhaps the easiest way to gain access to a WLAN if the authentication is device-based is stealing, or finding a client device. Thus, every device lost or stolen should be reported to the security system administrator and denied network access immediately. 2 User Education and Responsibility Users should be informed about the contents of the corporate security policy and the basics of using the security features employed (so that they don't turn them off by accident). They should also be encouraged to report any lost or stolen devices immediately.... The Usefulness of WEP Closed ESSIDs MAC Filtering and SSH Port Forwarding (12/09/2011)
... Another reason is raising the bar. Penetrating any defenses requires time and effort. Time equals battery power and the higher possibility of being spotted. A large proportion of wireless crackers are the "bandwidth leech" type. They use laptops with preinstalled Windows and Netstumbler to find open wireless networks for a free Internet connection, which they might use to download pornography and warez or send spam.... Layer 1 Wireless Security Basics (12/08/2011)
... The EIRP should be sufficient to provide a decent quality link to users in the planned coverage zone and not a Decibel more. Pushing the EIRP up to the legal FCC limit is often unnecessary and makes your WLAN a beacon for all war-drivers in the area and a discussion topic for a local 2600 group meeting. There are several points at which you can regulate the emission power: Access point (all higher-end APs should support regulated power output) Variable output amplifier Appropriate antenna gain selection In extreme cases you might have to deploy an attenuator device. The second way is shaping the coverage zone via appropriate antenna selection and positioning. There are several tips we can provide: Employ omnidirectional antennas only when absolutely necessary.... Network Vulnerability Analysis (12/08/2011)
... At the end of this stage, we like to be able to document all target hosts (alive and otherwise) in a table along with the OS, IP address, running applications, any banner information available, and known vulnerabilities. This information is useful both during the exploitation stage and for presentation to the client so that the client becomes aware of the vulnerabilities on the network and the amount of information an outsider can gather prior to compromising the network. OS Identification By identifying the operating system, we can attempt to predict services that may be running on the host and tailor our port scans based on this information. Nmap, the leading tool used to perform OS identification, does this by analyzing the response of the target's TCP stack to the packets Nmap sends out. Various RFCs govern how the TCP stack should respond when queried.... Wireless attacks at Corporations Small Companies and Home Users (12/07/2011)
... Large corporations might have massive wireless networks with high output power to bridge distant buildings and provide wireless point-to-point links between company offices in the same city. Such links are easy to discover and tap into at a significant distance from the transceiver. Corporate point-to-multipoint networks might also have an impressive coverage zone with a huge number of roaming hosts. Thus, it can be difficult to discover an illicitly connected host in the "large crowd" or even an additional access point among multiple access points on the network. Besides, massive enterprises are at a higher risk from users installing unsolicited wireless equipment (both 802.... Practical Use of Asymmetric Cryptography: Key distribution Authentication and Digital signatures (12/07/2011)
...pca.dfn.de and horowitz.surfnet.nl) or privately deployed by your company or organization.... Deploying a Linux Based Custom Built Hardened Wireless Gateway (12/02/2011)
... An example from the Linux Netfilter script allowing IPSec traffic through is shown here: iptables -A INPUT -i $EXT -p 50 -j ACCEPT iptables -A INPUT -i $EXT -p 51 -j ACCEPT iptables -A INPUT -i $EXT -p udp --sport 500 --dport 500 -j ACCEPT A good idea is to set static ARP table entries for all access points and critical servers connected to the gateway. Place the following lines into your /etc/rc.local if applicable: arp -s arp -s ...... Network Isolation (09/19/2011)
... Isolation is discussed in the following contexts: · Service differentiation · VLANS · Firewalls The first and most obvious concept is the isolation of external from internal network traffic. Service differentiation is the identification and categorization of network services. The network services provided by an organization can be categorized as external-only, internal-only, or bridge services. As the name implies, external- and internal-only services provide functionality to either the external or internal network, but not both. Bridge services provide functionality to both the internal network and the external network.... Ethernet specification (06/21/2011)
... This specification is not what most people call Ethernet, however. In January 1985, the Institute of Electrical and Electronic Engineers published a networking system derived from Ethernet but not identical with it. The result was the IEEE 802.3 specification. Ethernet and IEEE 802.... Network Topologies (06/21/2011)
... It must present a constant impedance to the signal, and every connection must be properly made. Any irregularity increases the chance of noise, interference, and error. Designers have developed several topologies for PC networks. Most can be reduced to one of three basic layouts: linear, ring, and star. The names describe how the cables run throughout an installation.... Network Hierarchies (06/21/2011)
... Transferring the structure to PCs was natural. At first, the computer managers merely connected PCs to the mainframe as smarter terminals. The connection schemes were called micro-to-mainframe links. Eventually, however, some managers discovered that PCs provided more power at substantially less cost than the mainframe, and the actual computing was shifted down to the desktop. The powerful mainframe computer was left to do nothing but supply data (and sometimes program) files to the PCs.... Wireless Networks and Security Vulnerabilities (05/12/2010)
... The earliest protocol, Wire-Equivalent Protocol (WEP) was intended to fill the security gap. But the static nature of this protocol, coupled with rather weak encryption and authentication mechanisms, still leaves the wireless LAN vulnerable to a countless of security attacks. Improved protocols such as Wi-fi Protected Access (WPA) and its later versions attempt to overcome most of the shortcomings of WEP, but there are still certain security issues. Wireless Technologies Data networks have traditionally relied on 802.11x WLANs, but other technologies that are increasingly being deployed.... WIRELESS NETWORKS SECURITY CONUTERMEASURES (05/12/2010)
... Operational counter-measures address issues related to physical security and covers such areas as access controls, personnel identification and external boundary protection. Finally, the paper discuses the technical countermeasures which address both hardware and software solutions. Overview of Wireless Technologies There is a wide range of wireless technologies, some of which are still emerging, and with varying levels of complexities and functionalities. The technologies include: WLANs, largely based on IEEE 802.11 standards.... Go to Page# 1 2 3 4 |
|
RADIUS - This section takes a few steps to describe the basic principles of the AAA methodology, which is considered to be the fundamental structure behind the Remote Authentication Dial-In User Service (more...)
PDAs Versus Laptops - The first question that beginners ask before assembling their kit is whether a laptop or a PDA should be used for wireless penetration testing of any kind. Our answer is to use both if you can. (more...)
Cryptographic Hash Functions - Can symmetric cryptography meet the requirements of the Biba model, based on the data integrity checks and proper authentication?
The answer is "yes," but in a very inefficient way. Recal (more...)
802.11i Wireless Security Standard and WPA - Thus, the main hope of the international 802.11 community and network administrators lies with the 802.11i standard development. Sometimes 802.11i is referred to as the Robust Security Network (more...)
Proprietary Improvements to WEP and WEP Usage - The article devoted to the proprietary and standards-based improvements for currently vulnerable 802.11 safeguards.
The most publicized 802.11 vulnerability is the insecurity of WEP. We (more...)
Penetration Testing as Your First Line of Defense - It is hard to overemphasize the importance of penetration testing in the overall information security structure and the value of viewing your network through the cracker's eyes prior to further (more...)
Asymmetric Cryptography - Message authentication using HMACs works just fine, but how do we distribute symmetric cipher keys among the users? We can pass them around on floppies or fancy USB pen-drives with encrypted pa (more...)
Examples and Analysis of Common Wireless Attack Signatures - The best way of knowing these signatures is trying out the tools in question and sniffing out their output: "Attack through defending, defend through attacking" (Dr. Mudge). The best source o (more...)
Deploying a Wireless IDS Solution for Your WLAN - How many IDS solutions that implement the recommendations and follow the guidelines we have already discussed are present on the modern wireless market? The answer is none.
There are ma (more...)
Hash Functions Their Performance and HMACs - Other widely used hash functions include 128-bit MD5 from RSA Data Security, Inc., which is a very fast and commonly implemented hash. MD5 is traditionally used to encrypt Linux user passwords (has (more...)
Introduction to Applied Cryptography and Steganography - One can set up a reasonably secure wireless or wired network without knowing which ciphers are used and how the passwords are encrypted. This, however, is not an approach endorsed by us and dis (more...)
Streaming Ciphers and Wireless Security - Streaming algorithms were designed to avoid speed and throughput penalties due to the implementation of block symmetric ciphers in CFB and OFB modes when bit-by-bit data encryption is required. (more...)
|
The texts, articles and tutorials in the directory are property of their respective owners and authors.
