Month: March 2009
Firewalls are essential components of an effective information security infrastructure. At its most basic level, a firewall is a hardware or software that filters traffic between your network and the Internet. The firewall (hardware) I am most familiar in using is the Cisco PIX (Private Internet eXchange) Firewall. It was one of the first products in the IP firewall and NAT appliance market segments.
PIX firewalls include the following security and network services features:
- Network Address Translation (NAT) or Port Address Translation (PAT)
- Content filtering
- URL filtering
- IPsec VPN
- DHCP client/server
- PPPoE support
- Advanced security services for multimedia applications including Voice over IP (VoIP), H.323, SIP, Skinny
Managing the firewall can be done through its integrated web-based management interface called PIX Device Manager (PDM), command-line interface (CLI), Telnet, Secure Shell (SSH), console port, SNMP, and syslog.
Here are 10 steps to ensure your PIX Firewall is as secure as it can be:
- Password protect it
- Know your access-lists
- Log denials and errors
- Use SSH in place of Telnet
- Understand the ASA
- Enable optional security
- Keep the PIX OS and PDM patched
- Back up your configuration
- Use secure encryption
- Know your network
Read more in detail here: Cisco PIX Firewall: Lock it down in 10 steps
Most PIX Firewall models optionally support multiple outside or perimeter networks (also known as demilitarized zones (DMZs)). Connections between the networks can be controlled by the PIX Firewall.
A Demilitarized zone (DMZ) is the most common and secure firewall topology, often referred to as a screened subnet. A DMZ creates a secure space between your Internet and your network. It will typically contain the following:
- Web server
- Mail server
- Application gateway
- E-commerce systems (It should contain only your front-end systems. Your back-end systems should be on your internal network.)
In 2005, Cisco introduced the newer Adaptive Security Appliance (ASA) firewall that inherited much of PIX features, and in 2008 announced the PIX end-of-sale. I actually just found out about their discontinuity of the PIX firewall as I was doing some research for this blog post. However, the PIX technology is still sold in a blade, the FireWall Services Module (FWSM), for the Cisco Catalyst 6500 switch series and the 7600 Router series.
Photo Credit: fzurell
The Conficker Worm is the latest buzz right now in IT security. Conficker, initially just considered a trojan but now considered a worm, is now said to have the ability to identify antivirus software and/or malware scanners running on the infected PC along with the ability to disable the identified applications.
Side note: Trojan horses are files claiming to be something desirable but actually contain malicious code that when triggered cause loss, or even theft, of data. Worms, on the other hand, are programs that replicate themselves from system to system without the use of a host file. Worms spread from computer to computer, but unlike a virus, it has the capability to travel without any human action.
Conficker, also known as Downup, Downadup and Kido, is a very sophisticated worm that surfaced in October 2008 and took advantage of a security hole in the Microsoft Windows operating system. It is also known by the following names:
The hole affected all 32-bit and 64-bit Windows operating systems even those with latest service packs. The hole allowed the virus to infect the computer without any user interaction via the Internet, local network or USB thumb drives. Once infected, it stops the computer’s security services as well as Windows update service and disabled tools and software designed to remove it. Apart from that, the worm also allows the creator to remotely install other malicious codes on the infected computer.
Consequently, the worm is programmed to update itself from domains it randomly generates. By April 1, 2009, the mount of domains the worm generates and goes to find update could grow to 50,000 a day. The owner of the virus only needs to use one of these domains to host the update. This makes it virtually impossible for authorities to track the source of the update.
Now, what do we do?
Applying the MS08-087 patch to Windows would have been sufficient initially, but unfortunately, it may not be that simple now. Antivirus applications are trying their best to keep up and provide solutions that will remove the malware, but as previously mentioned, those are being shut down by the worm. Still, I suggest regularly updating your antivirus software especially as April 1st , the presumed date of worm activation, looms near.
Officially, the only real resolution is to reformat and reload, especially since Conficker.C still resides at the application level. If the developers decide to bury the malware in the BIOS or SMM, it could get ugly.
I would just suggest to constantly keep yourself updated for whatever developments experts will find so you would know what to do just in case.
Photo Credits: Wikipedia; registrycleanerz.com
Securing the network may include implementing technologies such as firewalls, VPNs, antivirus, and anti-spam software. These are for first line of defense of the network. In addition, for enterprises, they need to have a comprehensive approach that includes Access Control, Data Privacy, and Compliance.
Firstly, in order to know what kind of security measures should be implemented, it is imperative that you know the network inside out. It is not possible to protect anything unless you clearly understand what you want to protect.
Secondly, you need to understand the different threats, both from internal and external sources. They may be human-based, automated, or a natural phenomenon.
Thirdly, physical security should be established, then partitioning and protecting network boundaries with firewalls, and also putting up workstation firewalls.
Authentication includes the use of passwords, token cards, and/or biometrics. Authorization policies should be centralized. User Provisioning & Identity Administration should be automated to prevent human errors. As well, user roles/privileges should be properly managed.
Data Privacy will include encrypting data, classifying data based on sensitivity, and putting up access control lists. Adding a security layer to enterprise search results will additionally prevent access of confidential information.
Automated Compliance controls and processes flexible enough to adapt to meet changing requirements should be used to conform with governance and privacy regulations.
Photo Credits: Javier Aroche, JoePhoto
(This post is a modified version of a Multiply blog post I wrote on February 10th, 2008.)
During the 2008 winter term, I was taking up a Unix/Linux course (COMP 1156) at George Brown College – Casa Loma campus. Here’s a little knowledge I’d like to share about what I learned in my first class.
A little history about Linux:
- Linux is a modern, free operating system based on UNIX standards.
- First developed as a small but self-contained kernel in 1991 by Linus Torvalds, with the major design goal of UNIX compatibility.
- Its history has been one of collaboration by many users from all around the world, corresponding almost exclusively over the internet.
- It has been designed to run efficiently and reliably on common PC hardware, but also runs on a variety of other platforms.
- The core Linux operating system kernel is entirely original, but it can run much existing free UNIX software, resulting in an entire UNIX-compatible operating system free from proprietary code.
Using Linux as your operating system actually has many advantages:
- Risk reduction
- Meeting business needs
- Stability and security
- Different hardware platforms
- Ease of customization
- Ease of obtaining support
- Cost reduction
Risk reduction means that using open source software (OSS) products offer you the opportunity to change and maintain the source code. Even if the market and consumer needs would change frequently, you don’t really have to worry much about changing software. This would surely result in reduced costs in administration and upgrades. If you used closed source software, on the other hand, then you would be gaining some burden in the financial aspect.
Linux is a system that meets a lot of business needs because it has different software available for different uses. It is also more stable and secure compared to closed source OS like Windows, since bugs and security loopholes can be identified and fixed more quickly. Fact is there’s actually lesser viruses in Linux compared to Windows.
There are also quite a number of different hardware platforms on which Linux can run, e.g. Intel, Macintosh, Itanium, Mainframe, Cirrus Logic, SPARC, and others. Linux is also easily customizable wherein you can compile the kernel needed to support only what is needed.
Linux documentation, newsgroups, and user groups contribute to the ease of obtaining support, whenever you would have a problem. Here are some helpful sites:
cpqlinux.com – This site seems to have disappeared already now though.
I like programming and scripting but haven’t had the chance to do so lately. Sometimes I wish I took Computer Engineering instead of Electronics & Communications Engineering, but we’ll save that as another story for another day.