Microsoft Research:
The Betweenness Centrality Game for Strategic Network Formations In computer networks and social networks, the betweenness centrality of a node measures the amount of information passing through the node when all pairs are conducting shortest-path exchanges. In this paper, we introduce a strategic network-formation game based on the betweenness centrality.
Tuesday, December 30, 2008
Microsoft news and product information from microsoft.com and product team blogs
Saturday, November 15, 2008
Data security in e-business using intrusion signature analysis.
Data security in e-business using intrusion signature analysis.
ABSTRACT - Data security is becoming one of the most serious problem threaten e-business
activity. Most people still worry about their personal information, especially their financial data
can be exposed to those computer criminal. Signature analysis system is the system that can help
detecting known attacking signature by detecting IP packet travel into the system. If any of the
packet match the database of the known attacking signature, the system should then alert the
administrator by e-mail or short message service (SMS) directly into administrator’s mobile
phone, to help them tackle security problem as soon as it happen. The detail of suspected IP
packet also written to relational database system for later analyze. This study conduct by using
all free open source software on Linux system machine.
KEY WORDS - Signature analysis, Security, Hack, Crack, Intrusion Detection.
บทคัดย่อ – ความปลอดภัยของข้อมูลสิ่งซึ่งมีความสำ คัญและเป็นปัจจัยสำ คัญที่ส่งผล
กระทบโดยตรงต่อกิจกรรมธุรกิจทางอิเลคทรอนิคส์ ผู้คนส่วนใหญ่ยังคงมีความกังวล
เกี่ยวกับข้อมูลส่วนตัวของตนเอง โดยเฉพาะอย่างยิ่งข้อมูลทางด้านการเงินอาจรั่วไหล
ไปสูเ่ หล่าอาชญากรทางอิเลคทรอนิคส์ได้ ระบบการวิเคราะห์รูปลักษณะการบุกรุก เป็น
ระบบที่จะสามารถช่วยในการตรวจจับการบุกรุกทางเครือข่ายโดยเทคนิคการตรวจสอบ
ชุดข้อมูล IP ที่เดินทางผ่านเข้ามายังระบบ ซึ่งหากตรวจพบแล้วก็จะทำ การแจ้งเตือนไป
ยังผูบ้ ริหารระบบโดยทางจดหมายอิเลคทรอนิคส์หรือทางบริการข้อความสั้น (SMS) ไป
ยังเครื่องโทรศัพท์เคลื่อนที่ของผู้บริหารระบบให้สามารถเข้ามาแก้ไขปัญหาที่เกิดขึ้นได้
ทันท่วงที รายละเอียดของชุดข้อมูล IP ที่ต้องสงสัยนั้น ก็จะถูกบันทึกลงในฐานข้อมูล
เชิงสัมพันธ์ เพื่อให้สามารถทำ การวิเคราะห์รายละเอียดเพิ่มเติมในภายหลังได้ต่อไป ใน
งานวิจัยครั้งนี้ทำ การศึกษาโดยใช้ซอฟต์แวร์แบบเปิดเผยรหัสชนิดให้เปล่าบนระบบ
ปฏิบัติการลินุกซ์
คำ สำ คัญ – การบุกรุกทางเครือข่าย, การตรวจจับการบุกรุก, ชุดข้อมูล IP
1. Introduction
Nowadays computer network security becoming more and more important issues. As all of the
computer become connected through local or wide area network or even the Internet. Business
organization use the network as part of the business strategy to become the advantage over their
competitors. And the network itself can become threaten to their computer system. Their valuable IT
resources can be threaten by various type of security. This study will be conduct by using Linux
machine act as Intranet server , installing necessary software to work in the manner design by
researcher. The Signature Analysis System can be used efficiently with other security tools especially
the well known firewall system.
2. Scope of this study
Scope of this study will be on the TCP/IP protocol suite. As TCP/IP is becoming world’s
standard protocol used in both small and large network. TCP/IP is also base system for many
important services available on the Internet such as www, ftp, e-mail etc. The system developed in
this study will capture all IP datagram comparing to the known pattern of attacking. If the pattern is
matched, the alert subsystem will work by sending e-mail to the administrator and short message
service (SMS). The detail of the IP suspected datagram will also keep into the relational database
system, namely Postgresql for later query the detail of the attacking.
3. Objective of the study.
Objective of this study is to
• Study the problem of computer network security
• Study the system currently available security system from various research system and
commercial security system.
• Analysis and design security system that can alert the network administrator through the e-mail
and SMS.
• Presenting an appropriate practice to maintain security of the system which can be easily
followed and can be really used.
4. Computer Network Security.
Computer Network Security can be classified into 4 categories [1]
• Secrecy is the practice to keep the data secret and will only be accessible by authorized person.
• Authentication concerning process to prove that the person or process being communicate with is
the real person or process they told.
• Nonrepudiation is the protection against denial of any responsibility , concerning signature which
will prove that the person or client is the one that is desirable. Also this will prove to make sure
that the received message is not from the malicious intention.
• Integrity control is the control the correctiveness of message to be as it was supposed to be
such as sending registered mail or the encryption of data using password.
5. Person who can be dangerous.
Person threaten to computer network security can be classify into [2].
5.1 Hackers
The generic term applies to computer enthusiasts who take pleasure in gaining access to other
people’s computer or networks. Many hackers are content with simply breaking in and leaving their
“footprints”, which are joke applications or messages on computer desktops. Other hackers, often
referred to as “crackers” are more malicious, crashing entire computer system, stealing or damaging
confidential data, defacing Web pages, and ultimately disrupting business. Some amateur hackers
merely locate hacking tools online and deploy them without much understanding of how they work or
their effects.
5.2 Unaware Staff
As employees focus on their specific job duties, they often overlook standard network security
rules. For example, they might choose passwords that are very simple to remember so that they can
log on to their network easily. However, such passwords might be easy to guess or crack by hackers
using simple common sense or widely available password cracking software utility. Employees can
unconsciously cause other security breaches including the accidental contraction and spreading of
computer viruses. One of the most common ways to pick up a virusis from a floppy disk or by
downloading files from the Internet. Employees who transport data via floppy disks can unwittingly
infect their corporate networks with viruses they picked up from computers in copy centers or
libraries. They might not even know if viruses are resident on their PCs. Corporations also face the risk
of infection when employees download files, such as PowerPoint presentations, from the Internet.
Surprisingly, companies must also be wary of human error Employees, whether they are computer
novices or computer savvy, can make such mistakes as erroneously installing virus protection software
or accidentally overlooking warnings regarding security threats.
5.3 Disgruntled Staff
Far more unsettling than the prospect of employee error causing harm to a network is the
potential for an angry or vengeful staff member to inflict damage. Angry employees, often those who
have been reprimanded, fired, or laid off, might vindictively infect their corporate networks with
viruses or intentionally delete crucial files. This group is especially dangerous because it is usually far
more aware of the network, the value of the information within it, where high-priority information is
located, and the safeguards protecting it.
5.4 Snoops
Whether content or disgruntled, some employees might also be curious or mischievous.
Employees known as "snoops" partake in corporate espionage, gaining unauthorized access to
confidential data in order to provide competitors with otherwise inaccessible information. Others are
simply satisfying their personal curiosities by accessing private information, such as financial data, a
romantic e-mail correspondence between coworkers, or the salary of a colleague. Some of these
activities might be relatively harmless, but others, such as previewing private financial, patient, or
human resources data, are far more serious, can be damaging to reputations, and can cause financial
liability for a company.
6. Proposed Signature Analysis System Design.
The Signature Analysis System required by this study is the system that can monitor any
suspected intrusion attempted by capturing all IP packet running within the monitored system. if any
of the IP packet in the system have been founded containing the known signature, this should be
assumed to be an intrusion attempt has occured. The system will alert system administrator by e-mail
and/or short message service (SMS). The detail of the intrusion activities such as activity type, IP
address, date and time of occurrence will also keep into relational database system for later detail
investigation. Design of this system fall into 8 subsystem. (figure 1)
Intrusion
Detection
Subsystem
(Snort)
Linux’s System
logger
(syslogd)
Relational Database
System
(Postgresql)
Incident
Analysis Tools
(ACID)
www Services
(Apache + PHP)
Log file checking
subsystem.
(Logcheck)
SMS
Sending
Subsystem
(smsd)
E-mail Sending
Subsystem
(sendmail)
Any changed in alert file
Figure 1- Illustrate all major subsystem of the Network Intrusion Detection System
6.1 Intrusion Detection Subsystem.
Main part of the system which function is to capture all IP datagram running within the
monitored system (packet originated both from inside or outside the enterprise network should be
captured) and analyze content of the datagram. Comparing datagram with database of intrusion
signature, if found it will put all the detail of the datagram to database subsystem (Postgresql).
Moreover the brief detail of the intrusion activity will also send to system logger daemon
(syslogd).
This subsystem is implemented using lightweight network intrusion detection system called
Snort. Snort has been created by Martin Roesch which based on the libpcap packet capture
library, commonly used in may TCP/IP traffic sniffers and analyzers. It can perform protocol
analysis, content searching/matching, and can be used to detect a variety of attacks and probes,
such as buffer overflow, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts,
and much more.
Snort use database of known attacking pattern, also known as signature which came from
various source to create rules. Information about Intrusion signature came from web site that
specialize in security. User can create their own rule based on the known attacking signature.
6.2 Relational Database Subsystem.
The database subsystem will function as main storage area of the system where the
Intrusion Detection Subsystem send all detail captured to. The system administrator can use the
database as the main source where they can trace back to the activities that had happen to their
system and may used as source where they can trace back to the origin of the intruder.
6.3 Incident Analysis Tools
Data collected in the database may be large and hard to analyze. To make analysis of the
data not a tedious job a subsystem is needed. Analysis Console for Incident Databases (ACIS) was
chose. The subsystem is PHP-based analysis tool that can help analysis of the data much more
efficient.
6.4 WWW services subsystem.
This subsystem is function as a main interface for system administrator so that they can use
their web browser to query for further detailed. This subsystem work in accordance with prior
subsystem.
6.5 System Logger.
System logger is common process that exist in major operating system. In this study the
system logger of Linux (syslogd) was used as starting point of alerting subsystem by create log
file and write any alert data received from Intrusion Detection Subsystem to this file.
6.6 Logfile Cheking Subsystem.
This subsystem’s function is to checking for any changed in the alert log file, any changed
in the log file will activate another two subsystem to alert system administrator.
6.7 Mail Sending Subsystem.
Sending alert through e-mail is one major alerting mechanism in this study. Alerting through
e-mail can give moderate detail of the event. Sendmail is activated whenever the logfile
checking mechanism found any change in the alert log file.
6.8 SMS Sending Subsystem.
This subsystem responsible in communication with GSM digital mobile phone system using
AT command. The system also activate by log file checking mechanism. Major advantage of this
subsystem is that it can send alert message as soon as the intrusion occurred. However the major
drawback of this subsystem is the limited amount of data that can be send at a time.
7. System Implementation and Testing Result.
Signature Analysis System developed in this study has been tested on Linux based Internet
/Intranet Server of 50 clients. The server connect to Internet through two interfaces one is
Ethernet which link to Bangkok headoffice through Satellite communication. The other interface is
dial-up modem connected to Internet Service Provider as a backup channel. The system normally
served as proxy-cache server, DNS server, FTP server, Intranet Web Server. After installing all
required subsystem and making necessary configuration, It can detect many intrusion attempted
both by technical staff who want to test the system and by the real intrusion attempted by staff
from other department. Testing of the system has been done by using tools and some technique
of the well known intrusion attempts and try to break into the Linux Server. The system can send
alert to system administrator both by e-mail and SMS. However some limitation of the system is
7.1 The system developed in this study use all separated free open-source software set up to work
together so the configuration of the whole system is quite tedious and need the understanding all
that component’s configuration.
7.2 The alerting mechanism, if not properly configure can send lots of message to administration
and become a e-mail bomb or sms bomb itself.
7.3 System administrator should always keep the database of signature up-to-date so that it can
detected the most recent technique of intrusion.
8. Conclusion
Signature Analysis System is one major that tool that should be implemented by all
organization interest in e-business activities. As security is the most important issue that can cause
customers or trade partners to be uncertain of their electronics activities. The common used
security tools is firewall which act like security guard that checking any data coming in and out of the
system, if the data coming in or out pass the rules specified by firewall administrator it can go in and
out of the system regardless of what activity that data should effect the system. The Signature
Analysis System on the other hand, is like surveillance system that keep an eye on all activity within a
system regardless of the origin of the activity, if found any suspected activity it will log and alert the
system administrator or even stop related process. Working together of both tools can help improve
the system security.
References
[1] Prasong Praneetpolgrang, Management Information System, Thanathach Press, Bangkok, 2000,pp
447-448
[2] Graham,Robert. , FAQ : Network Intrusion Detection Systems , ,[Online] Available
http://www.robertgraham.com/ pubs/network-intrusion-detection.html [ September 2, 2001]
[3] Frederick, Karen. (2001, March 28 – last update) Network Monitoring for Intrusion Detection
[Online] Available http://www.securityfocus.com/focus/ids/ articles/networmon.html [ September
2, 2001]
[4] Frederick, Karen. (2000, October 13 - last update) Abnormal IP Packets [Online] Available
http://www.securityfocus.com/focus/ids/articles/abnormal1.html [September 2, 2001]
[5] Elson, David. (2000, March 27 - last update) Intrusion Detection, Theory and Practice [Online]
Available http://www.securityfocus.com/focus/ids/articles/ davidelson.html [ September 2, 2001]
[6]. Elson, David (2000, May 22 -last update) Intrusion Detection on Linux [Online] Available
http://www.securityfocus.com/focus/ids/articles/linux-ids.html [September 2, 2001]
[7] MacBride, Robert. (2000, April 6 -last update) Intrusion Detection : Filling in the Gaps [Online]
Available http://www.securityfocus.com/focus/ids/articles/ robmacbride.html [ September 2, 2001]
[8] Cisco Systems ( 2001 ) A Beginner’s guide to Network Security[Online] Available
http://www.cisco.com/warp/public/cc/so/neso/sqso/beggu_pl.pdf [ September 9, 2001]
[9]. Enterprise Management Associates . ( 2000, May ) An Introduction to Network Security ,[Online]
http://www.solsoft.com/library/ema_whitepapers.pdf [ September 9, 2001]
[10]. Jai Sundar Balasubramaniyan, et al. ( 1998, June 11 ) An Architecture for intrusion Detection
using Autonomous Agents. Center for Education and Research in Information Assurance and
Security, Purdue University. [Online] Available
http://www.cerias.purdue.edu/homes/aafid/docs/tr9805.pdf [ September 9, 2001]
[11] Lee, Wenke ,et al. A Data Mining Framework for building Intrusion Detection Model. Computer
Science Department, Columbia University. [Online] Available
http://www.snort.org/docs/ieee_sp99_lee.ps [ September 9, 2001]
[12] Brandenburg University of Technology at Cottbus. The Intrusion Detection System AID. [Online]
Available http://www-rnks.informatik.tu-cottbus.de/~sobirey/aid.e.html [September 9, 2001]
Saturday, August 9, 2008
Symantec NAC upgraded
Integrates on-demand client into Symantec Network Access Control
Enterprises can expect more consumer devices to enter their networks, says analyst Zeus Kerravala. The key is controlling how much access they get
BANGALORE, INDIA: Symantec has upgraded Symantec Network Access Control, providing enforcement for managed endpoints, guest users and unmanaged devices. Symantec is helping customers reduce overall cost and simplify network access control deployment by integrating the on-demand client into Symantec Network Access Control.
Symantec is releasing an upgrade to Symantec Network Access Control (NAC), which will allow IT administrators to exert control over unmanaged devices and set customized levels of access for guest users entering their corporate networks.
The upgrade is available at no additional cost to customers under warranty or maintenance. The software image will be available for download from Symantec’s Web site on Aug. 15.
In addition, consolidated network access control policy configuration and management for managed and guest users can all be done through the Symantec Endpoint Protection Manager. The Symantec Network Access Control upgrade is scheduled to be available in August 2008.
An integrated, dissolvable on-demand client for guest user access can now be delivered directly from the Symantec Network Access Control Enforcer appliance in Gateway or DHCP modes to simplify deployment.
This helps ensure that unmanaged endpoints attempting to connect to corporate networks have the appropriate protection and security software installed. The on-demand client performs predefined checks to ensure that antivirus, antispyware, firewall and service pack software is installed and up-to-date.
"This critical expansion of our network access control capabilities allows customers to centrally enforce endpoint compliance policies for both managed and unmanaged endpoints, through integration with Symantec Endpoint Protection, and guest users," said Brad Kingsbury, senior vice president, Endpoint Security and Management Group, Symantec Corp. "With Symantec Network Access Control, we have taken a flexible approach that goes beyond host-based enforcement and offers customers an array of options for enforcing network access control on the network."
Symantec Network Access Control also supports authentication and identity-based access control for guest users by offering a new Web login that can be enabled as part of the on-demand client download process. Users can be authenticated against logins centrally stored in ActiveDirectory, LDAP, RADIUS or logins stored locally on the Enforcer. When used with LAN Enforcement, RADIUS attributes can control which resources guest users can access on the network once they have authenticated.
Furthermore, enhanced MAC address authentication functionality enforces network access for unmanaged devices in 802.1x-enabled environments. In LAN Enforcement mode, the Enforcer can check the MAC address of a device connecting to an 802.1x-enabled switch port, validate it against a store of known/authorized MAC addresses, and allow or block the device depending on whether it finds a match.
“We’ve actually brought all of the power of Symantec’s NAC agent for managed systems and put up that for the unmanaged world,” said senior manager of product management Rich Langston, who runs the NAC product line.
The on-demand product is a brand new, ground-up rewrite for unmanaged devices that gives administrators the exact same capabilities they currently have with the managed agent for guests and contractors, he explained.
It works by having users access the network through a Web browser, which takes them to a portal that requires a login. After presenting valid credentials, users download the on-demand agent, which runs in resident memory and dissolves when the user exits the system.
The agent ensures unmanaged devices meet predefined criteria for endpoint compliance before connecting to the network. This includes appropriate levels of security and protection, including up-to-date antivirus, antispyware, firewall and service pack software.
If a device fails to meet the criteria, automated remediation capabilities can work to resolve the issue. “Some of the competing solutions will take the user to a Web page and say, ‘You’re not on the network because your antivirus isn’t up-to-date so click on this URL,’” said Langston. “We automate everything.”
Non-compliant devices can be blocked or quarantined from the network. “The idea is to keep the network safe by keeping impurely configured systems off the network,” he said.
Symantec Network Access Control securely controls access to corporate networks, enforces endpoint security policy and easily integrates with existing network infrastructures. Regardless of how endpoints connect to the network, Symantec Network Access Control discovers and evaluates endpoint compliance status, provisions the appropriate network access, provides automated remediation capabilities, and continually monitors endpoints for changes in compliance status. The result is a network environment where corporations realize significant reductions in security incidents, increased levels of compliance to corporate IT security policy and confidence that endpoint security mechanisms are properly enabled.
Page 1 of 2
Symantec NAC upgrade aims at manageability
By: Jennifer Kavur - Network World Canada (01 Aug 2008)
Enterprises can expect more consumer devices to enter their networks, says analyst Zeus Kerravala. The key is controlling how much access they get
Symantec is releasing an upgrade to Symantec Network Access Control (NAC), which will allow IT administrators to exert control over unmanaged devices and set customized levels of access for guest users entering their corporate networks.
The upgrade is available at no additional cost to customers under warranty or maintenance. The software image will be available for download from Symantec’s Web site on Aug. 15.
“We’ve actually brought all of the power of Symantec’s NAC agent for managed systems and put up that for the unmanaged world,” said senior manager of product management Rich Langston, who runs the NAC product line.
The on-demand product is a brand new, ground-up rewrite for unmanaged devices that gives administrators the exact same capabilities they currently have with the managed agent for guests and contractors, he explained.
It works by having users access the network through a Web browser, which takes them to a portal that requires a login. After presenting valid credentials, users download the on-demand agent, which runs in resident memory and dissolves when the user exits the system.
The agent ensures unmanaged devices meet predefined criteria for endpoint compliance before connecting to the network. This includes appropriate levels of security and protection, including up-to-date antivirus, antispyware, firewall and service pack software.
If a device fails to meet the criteria, automated remediation capabilities can work to resolve the issue. “Some of the competing solutions will take the user to a Web page and say, ‘You’re not on the network because your antivirus isn’t up-to-date so click on this URL,’” said Langston. “We automate everything.”
Non-compliant devices can be blocked or quarantined from the network. “The idea is to keep the network safe by keeping impurely configured systems off the network,” he said.
Another key feature of the upgrade is a new Web login for guest users. “We now have the capability of giving them different levels of access,” said Langston. “This is important because most enterprises are interested in giving as little access to the network as necessary. For example, they might want to offer Internet access as a courtesy to casual guests, vendors, or the board of directors…If anything changes, they will get kicked off the network,” said Langston.
“We really have one the most powerful agents for client-side NAC that is available, which means that we are fully on board with the client,” said Langston. This includes performing very deep inspections of endpoints to make sure they are compliant with “all the policies the administrator wants…whatever his policies may be.”
Friday, August 8, 2008
CISCO Network Admission Control
The Cisco® NAC Guest Server adds a new Secure Guest service to existing Cisco Network Admission Control (NAC) services such as authentication, posture, and profiling. The new Cisco NAC Guest Server enables simple, efficient, and secure management of guest network access. Cisco NAC Guest Server works with either Cisco NAC Appliance or Cisco wireless LAN controllers to manage the entire lifecycle of guest access, including:
• Provisioning: Allows any internal sponsor to create guest accounts
• Notification: Provides access details to the guest by print, e-mail, or text message
• Management: Makes it easy to modify and suspend accounts
• Reporting: Provides full reporting on guest accounts and guest activity
Cisco NAC Guest Server helps IT staff deal with administrative challenges commonly associated with supporting corporate visitors. The Secure Guest service enhances IT's ability to protect its own organization's assets, employees, and information from guests and their devices while providing secure and flexible network access to meet visitors' business needs. Cisco NAC Guest Server with its Secure Guest service delivers the following business benefits:
• Decreases deployment and management costs. Cisco NAC Guest Server allows trusted employees to create guest accounts quickly and securely. This removes the burden from IT and helpdesk personnel.
• Improves productivity. Streamlined account provisioning and notification processes help increase both guest usage and the productivity benefits for internal users and their guests.
• Improves customer and partner satisfaction. Providing guest access for visitors enables greater collaboration. Customers and partners alike appreciate this capability.
To learn more about Cisco NAC Guest Server and its Secure Guest service, visit the following resources:
• Product bulletin (including ordering information): http://www.cisco.com/en/US/products/ps6128/prod_bulletin0900aecd806f3235.html
• Data sheet: http://www.cisco.com/en/US/products/ps6128/products_data_sheet0900aecd806e98c9.html
• Q&A: http://www.cisco.com/en/US/products/ps6128/products_qanda_item0900aecd806f525a.shtml
Volume I: NAC Framework Architecture and Design (Networking Technology) (Paperback)
Volume II: NAC Deployment and Troubleshooting (Networking Technology) (Paperback)
Product Description
Cisco Network Admission Control
Volume I: NAC Framework Architecture and Design
A guide to endpoint compliance enforcement
Today, a variety of security challenges affect all businesses regardless of size and location. Companies face ongoing challenges with the fight against malware such as worms, viruses, and spyware. Today’s mobile workforce attach numerous devices to the corporate network that are harder to control from a security policy perspective. These host devices are often lacking antivirus updates and operating system patches, thus exposing the entire network to infection. As a result, worms and viruses continue to disrupt business, causing downtime and continual patching. Noncompliant servers and desktops are far too common and are difficult to detect and contain. Locating and isolating infected computers is time consuming and resource intensive.
Network Admission Control (NAC) uses the network infrastructure to enforce security policy compliance on all devices seeking to access network computing resources, thereby limiting damage from emerging security threats. NAC allows network access only to compliant and trusted endpoint devices (PCs, servers, and PDAs, for example) and can restrict the access of and even remediate noncompliant devices.
Cisco Network Admission Control, Volume I, describes the NAC architecture and provides an in-depth technical description for each of the solution components. This book also provides design guidelines for enforcing network admission policies and describes how to handle NAC agentless hosts. As a technical primer, this book introduces you to the NAC Framework solution components and addresses the architecture behind NAC and the protocols that it follows so you can gain a complete understanding of its operation. Sample worksheets help you gather and organize requirements for designing a NAC solution.
Denise Helfrich is a technical program sales engineer that develops and supports global online labs for the World Wide Sales Force Development at Cisco®.
Lou Ronnau, CCIE® No. 1536, is a technical leader in the Applied Intelligence group of the Customer Assurance Security Practice at Cisco.
Jason Frazier is a technical leader in the Technology Systems Engineering group for Cisco.
Paul Forbes is a technical marketing engineer in the Office of the CTO, within the Security Technology Group at Cisco.
Understand how the various NAC components work together to defend your network
Learn how NAC operates and identifies the types of information the NAC solution uses to make its admission decisions
Examine how Cisco Trust Agent and NAC-enabled applications interoperate
Evaluate the process by which a policy server determines and enforces a policy
Understand how NAC works when implemented using NAC-L2-802.1X, NAC-L3-IP, and NAC-L2-IP
Prepare, plan, design, implement, operate, and optimize a network admission control solution
This security book is part of the Cisco Press® Networking Technology Series. Security titles from Cisco Press help networking professionals secure critical data and resources, prevent and mitigate network attacks, and build end-to-end self-defending networks.
Category: Cisco Press–Security
Covers: Network Admission Control
1587052415120506
About the Author
Denise Helfrich
is currently a technical program sales engineer developing and supporting global
online labs for the Worldwide Sales Force Delivery. For the previous six years, she was a technical marketing
engineer in the Access Router group, focusing on security for Cisco Systems. She is the author of
many Cisco training courses, including Network Admission Control. She has been active in the voice/
networking industry for over 20 years.
Lou Ronnau,
CCIE No. 1536, is currently a technical leader in the Applied Intelligence group of the
Customer Assurance Security Practice at Cisco Systems. He is the author of many Cisco solution guides
along with
Implementing Network Admission Control: Phase One Configuration and Deployment.
He
has been active in the networking industry for over 20 years, the last 12 years with Cisco Systems.
Jason Frazier
is a technical leader in the Technology Systems Engineering group for Cisco Systems.
He is a systems architect and one of the founders of Cisco’s Identity-Based Networking Services
(IBNS) strategy. Jason has authored many Cisco solution guides and often participates in industry
forums such as Cisco Networkers. He has been involved with network design and security for seven
years.
Paul Forbes
is a technical marketing engineer in the Office of the CTO, within the Security Technology
Group. His primary focus is on the NAC Partner Program, optimizing the integration between vendor
applications and Cisco networking infrastructure. He is also active in other security architecture initiatives
within the Office of the CTO. He has been active in the networking industry for ten years, as both a
customer and working for Cisco.
Product Description
Cisco Network Admission Control
Volume II: NAC Framework Deployment and Troubleshooting
The self-defending network in action
Jazib Frahim, CCIE® No. 5459
Omar Santos
David White, Jr., CCIE No. 12,021
When most information security professionals think about threats to their networks, they think about the threat of attackers from the outside. However, in recent years the number of computer security incidents occurring from trusted users within a company has equaled those occurring from external threats. The difference is, external threats are fairly well understood and almost all companies utilize tools and technology to protect against those threats. In contrast, the threats from internal trusted employees or partners are often overlooked and much more difficult to protect against.
Network Admission Control (NAC) is designed to prohibit or restrict access to the secured internal network from devices with a diminished security posture until they are patched or updated to meet the minimum corporate security requirements. A fundamental component of the Cisco® Self-Defending Network Initiative, NAC enables you to enforce host patch policies and to regulate network access permissions for noncompliant, vulnerable systems.
Cisco Network Admission Control, Volume II, helps you understand how to deploy the NAC Framework solution and ultimately build a self-defending network. The book focuses on the key components that make up the NAC Framework, showing how you can successfully deploy and troubleshoot each component and the overall solution. Emphasis is placed on real-world deployment scenarios, and the book walks you step by step through individual component configurations. Along the way, the authors call out best practices and tell you which mistakes to avoid. Component-level and solution-level troubleshooting techniques are also presented. Three full-deployment scenarios walk you through application of NAC in a small business, medium-sized organization, and large enterprise.
“To successfully deploy and troubleshoot the Cisco NAC solution requires thoughtful builds and design of NAC in branch, campus, and enterprise topologies. It requires a practical and methodical view towards building layered security and management with troubleshooting, auditing, and monitoring capabilities.”
—Jayshree V. Ullal, Senior Vice President, Datacenter, Switching and Security Technology Group, Cisco Systems®
Jazib Frahim, CCIE® No. 5459, is a senior network security engineer in the Worldwide Security Services Practice of the Cisco Advanced Services for Network Security team. He is responsible for guiding customers in the design and implementation of their networks with a focus on network security.
Omar Santos is a senior network security engineer in the Worldwide Security Services Practice of the Cisco Advanced Services for Network Security team. He has more than 12 years of experience in secure data communications.
David White, Jr., CCIE No. 12,021, has more than 10 years of networking experience with a focus on network security. He is currently an escalation engineer in the Cisco TAC, where he has been for more than six years.
Effectively deploy the Cisco Trust Agent
Configure Layer 2 IP and Layer 2 802.1x NAC on network access devices
Examine packet flow in a Cisco IOS NAD when NAC is enabled, and configure Layer 3 NAC on the NAD
Monitor remote access VPN tunnels
Configure and troubleshoot NAC on the Cisco ASA and PIX security appliances
Install and configure Cisco Secure Access Control Server (ACS) for NAC
Install the Cisco Security Agent Manage-ment Center and create agent kits
Add antivirus policy servers to ACS for external antivirus posture validation
Understand and apply audit servers to your NAC solution
Use remediation servers to automatically patch end hosts to bring them in compliance with your network policies
Monitor the NAC solution using the Cisco Security Monitoring, Analysis, and Response System (MARS)
This security book is part of the Cisco Press® Networking Technology Series. Security titles from Cisco Press help networking professionals secure critical data and resources, prevent and mitigate network attacks, and build end-to-end self-defending networks.
Category: Cisco Press—Security
Covers: Network Admission Control
$60.00 USA / $75.00 CAN
About the Author
Jazib Frahim, CCIE No. 5459, has been with Cisco Systems for more than seven years. With a Bachelor’s degree in computer engineering from Illinois Institute of Technology, he started out as a TAC engineer with the LAN Switching team. He then moved to the TAC Security team, where he acted as a technical leader for the security products. He led a team of 20 engineers as a team leader in resolving complicated security and VPN technologies. Jazib is currently working as a Senior Network Security Engineer in the Worldwide Security Services Practice of Cisco’s Advanced Services for Network Security. He is responsible for guiding customers in the design and implementation of their networks, with a focus in network security. He holds two CCIEs, one in Routing and Switching and the other in Security. He also authored the Cisco Press book Cisco ASA: All-in-one Firewall, IPS, and VPN Adaptive Security Appliance(ISBN: 1-58705-209-1). Additionally, Jazib has written numerous Cisco online technical documents and has been an active member on Cisco’s online forum, NetPro. He has presented at Networkers on multiple occasions and has taught many onsite and online courses to Cisco customers, partners, and employees.
Jazib is currently pursuing a Master of Business Administration (MBA) degree from North Carolina State University.
Omar Santos is a Senior Network Security Consulting Engineer in the Worldwide Security Services Practice of Cisco’s Advanced Services for Network Security. He has more than 12 years of experience in secure data communications. Omar has designed, implemented, and supported numerous secure networks for Fortune 500 companies and the U.S. government, including the United States Marine Corps (USMC) and Department of Defense (DoD). He is also the author of the Cisco Press book Cisco ASA: All-in-one Firewall, IPS, and VPN Adaptive Security Appliance(ISBN: 1-58705-209-1) and many Cisco online technical documents and configuration guidelines. Prior to his current role, he was a technical leader of Cisco’s Technical Assistance Center (TAC), where he taught, led, and mentored many engineers within the organization. He is an active member of the InfraGard organization, a cooperative undertaking between the Federal Bureau of Investigation and an association of businesses, academic institutions, state and local law-enforcement agencies, and other participants that are dedicated to increasing the security of the critical infrastructures of the United States of America. Omar has also delivered numerous technical presentations to Cisco customers, partners, and other organizations.
David White, Jr., CCIE No. 12021, has more than ten years of networking experience with a focus on network security. He is currently an Escalation Engineer in the Cisco TAC, where he has been for more than six years. In his role at Cisco, he is involved in new product design and implementation and is an active participant in Cisco documentation, both online and in print. David holds a CCIE in Security and is also NSA IAM certified. Before joining Cisco, David worked for the U.S. government, where he helped secure its worldwide communications network. He was born and raised in St. Petersburg, Florida, and received his Bachelor’s degree in computer engineering from the Georgia Institute of Technology.
Enforce Security Policy Compliance
Enforce your organization's security policies on all devices seeking network access. Cisco Network Admission Control (NAC) allows only compliant and trusted endpoint devices, such as PCs, servers, and PDAs, onto the network, restricting the access of noncompliant devices, and thereby limiting the potential damage from emerging security threats and risks. Cisco NAC gives organizations a powerful, roles-based method of preventing unauthorized access and improving network resiliency.
Business Benefits
Security policy compliance: Ensures that endpoints conform to security policy; protects infrastructure and employee productivity; secures managed and unmanaged assets; supports internal environments and guest access; tailors policies to your risk level
Protects existing investments: Is compatible with third-party management applications; flexible deployment options minimize need for infrastructure upgrades
Mitigates risks from viruses, worms, and unauthorized access: Controls and reduces large-scale infrastructure disruptions; reduces OpEx and helps enable higher IT efficiency; integrates with other Cisco Self-Defending Network components to deliver comprehensive security protection
NAC Deployment Scenarios
Cisco NAC can be deployed in all infrastructure scenarios, including corporate LAN, WAN, wireless, and remote access (VPN). Cisco NAC deployments include the following options:
Cisco NAC Appliance is the recommended deployment solution for most customers. It is an appliance-based product that provides
Rapid deployment
Self-contained endpoint security posture assessment
Policy management
Integration with identity, remediation, and other services
Cisco NAC Appliance In-Band Option
This is the ideal option for wireless, remote access, and branch office applications, and works in heterogeneous network environments.
Cisco NAC Appliance Out-of-Band Option
This option is ideal for larger campus LAN deployments in which enforcement is controlled at the switch. Cisco NAC Out-of-Band can be combined with the Cisco NAC In-Band deployment option.
Cisco NAC Framework, through the Cisco Network Admission Control Partner Program, provides the option of integrating an intelligent network infrastructure with solutions from more than 75 manufacturers of leading antivirus and other security and management software.
NAC Deployment Services (PDF)
Cisco Security NAC Services provide rigorous requirements analysis, planning, design, and implementation consulting—essential to deploying an effective NAC solution.
Brochure
All contents are Copyright © 1992–2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Cisco Expands Its NAC Leadership with the Cisco NAC Network Module and Cisco NAC Profiler
The new Cisco NAC Network Module for Cisco 2800 and 3800 Series Integrated Services Routers is the industry’s first full Network Admission Control (NAC) module. The Cisco NAC Network Module provides exceptional security for branch and remote offices, adds more NAC deployment options, and assists customers by simplifying deployment, troubleshooting, and management.
Cisco is also introducing the Cisco NAC Profiler, which adds new capabilities for endpoint device handling (including “dumb” devices such as IP phones, printers or scanners). The Cisco NAC Profiler provides visibility, intelligence, and automation to simplify initial NAC deployments and to reduce the ongoing NAC maintenance cost.
Read the complete Cisco NAC Network Module and Cisco NAC Profiler announcement.
For more technical information, read the Cisco NAC Network Module data sheet and the Cisco NAC Profiler data sheet.
Printed in USA C02-434732-00 9/07 All contents are Copyright © 1992–2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
McAfee Network Access Control
McAfee System Protection
Protect your network from noncompliant or infected systems
Noncompliant, infected, or misconfigured systems pose security risks and incur costs due to system downtime and restoration. Even one infected host already on the network can cause disruptions to network bandwidth or can infect other compliant systems. Boost NAC with McAfee IntruShield® IPS to protect high-risk areas on the network by identifying, quarantining, and remediating infected devices.
About the Author
Jamey Heary, CCIE No. 7680, is currently a security consulting systems engineer at Cisco Systems, Inc., and works with its largest customers in the Northwest United States. Jamey joined Cisco in 2000. He currently leads its Western Security Asset team and is a field advisor for the U.S. Security Virtual team. Prior to working at Cisco, he worked for the Immigration and Naturalization Service as a network consultant and project leader. Before that he was the lead network and security engineer for a financial firm whose network carries approximately 12 percent of the global equities trading volume worldwide. His areas of expertise include network and host security design and implementation, security regulatory compliance, and routing and switching. His other certifications include CISSP, CCSP, and Microsoft MCSE. He is also a Certified HIPAA Security Professional. He has been working in the IT field for 13 years and in IT security for 9 years. He has a BS from St. Lawrence University.
About the Contributing Authors
Jerry Lin, CCIE No. 6469, is a consulting systems engineer for Cisco and is based in southern California. He specializes in security best practices. Jerry has worked with a variety of Cisco enterprise customers in areas such as software development, local government agencies, K—12 and universities, high tech manufacturing, retail, and health care, as well as managed web-hosting service provider customers. He holds his CCIE in routing and switching as well as in CCDP and CISSP. Jerry has been working in the IT industry for the past 12 years. During the late 1990s, he worked as a technical instructor. Jerry earned both a bachelor’s degree and a master’s degree in mechanical engineering from the University of California, Irvine.
Chad Sullivan, CCIE No. 6493 (Security, Routing and Switching, SNA/IP), CISSP, CHSP, is a senior security engineer and owner of Priveon, Inc., which provides leading security solutions to customers globally. Prior to starting Priveon, Chad worked as a security consulting systems engineer at Cisco. Chad is recognized within the industry as one of the leading implementers of the Cisco Security Agent product and is the author of both Cisco Press books dedicated to the Cisco Security Agent.
Alok Agrawal is the technical marketing manager for the Cisco NAC Appliance (Clean Access) product. He leads the technical marketing team developing technical concepts and solutions and driving future product architecture and features. He works with the Cisco sales and partner community to scale the adoption of the NAC Appliance product line globally. Prior to joining the Cisco Security Technology Group, he worked in the switching team of the Cisco Technical Assistance Center. He has a strong background in routing and switching and host security design and implementation. Alok holds a master’s degree in electrical engineering from the University of Southern California and a bachelor’s degree in electronics engineering from the University of Mumbai.
Mobile Workers and Guest Users May
Breed Security Threats and Pose Risk to Regulatory Compliance Juggling compliance audits with timely remediation of non-compliant, infected, and misconfigured systems can leave you vulnerable. Do you want to deploy a network access control (NAC) solution but feel frustrated with products that are unmanageable, very complex to deploy, and too expensive? Give yourself some breathing room with McAfee® Total Protection for Endpoint—Advanced, which includes McAfee Network Access Control solution. McAfee Network Access Control keeps you updated with new threat information while enforcing compliance, ensuring healthy networks, and addressing concerns about the cost, manageability, and complexity of most other NAC solutions.
NAC Benefits:
1. Minimize risk of outbreaks while allowing for policy flexibility
2. Protect your network from zero-day threats and infected guest devices; monitor the network continuously for threat assessment and attack behavior originating from all types of devices Minimize exposure from noncompliant, infected, or misconfigured systems
3. Allow only authorized devices to have network access: enforce compliance by scanning devices to test their overall security posture as they attempt to log onto a network Reduce downtime and risk
4. Guard against infections and vulnerabilities from mobile devices; identify and quarantine misconfigured systems and company laptops that fall out of compliance; enforce network access decision at the system level; remediate noncompliant devices automatically Make intelligent decisions based on real knowledge
5. Gain visibility of system and network threats with efficient security collaboration; breakthrough McAfee ePolicy Orchestrator® (ePO™) integration provides real-time visibility of actionable system host details, as well as the most relevant host IPS, anti-virus, and spyware events Leverage your existing network infrastructure
6. Deploy to all ePO managed systems in your network infrastructure without hardware replacements; get continuous, broad protection that keeps up with the latest threats with McAfee Total Protection for Enterprise—Advanced with NAC included; manage it all from a single, centralized console.
McAfee Makes NAC Accessible
You are not alone among enterprises that are reluctant to deploy an NAC solution. Prior options are unmanageable, too complex to deploy, and expensive—especially when you include product, deployment, and ongoing maintenance costs. McAfee addresses all of these concerns and more with:
McAfee addresses all of these concerns and more with a global partner ecosystem of distributors, value-added distributors (VADs), value-added resellers (VARs), and systems integrators, all offering product order fulfillment, professional services for deployment, and solution training for NAC administrators.
Yahoo Partners With McAfee To Make Search More Secure
Following Google (NSDQ: GOOG)'s lead, Yahoo (NSDQ: YHOO) is moving to make its search engine safer.
Yahoo and McAfee on Tuesday announced a partnership to integrate McAfee's SiteAdvisor technology with Yahoo Search. SiteAdvisor tracks Web site security issues, identifying sites associated with adware, malware, spyware, phishing, and spam.
More Security Insights White Papers CISSP Exam Tips Security vs. Flexibility: Must IT Management Choose? WebcastsWeb 2.0: Business Opportunity or Security Threat? Managing Risk and Bringing Rigor to Information Security ReportsWeb 2.0 Gets Down To Business Rolling Review: Microsoft NAP The new SearchScan feature in Yahoo Search is a manifestation of the partnership. It provides red warning messages about the risks posed by Web sites that appear in Yahoo Search results lists.
Google began flagging risky search results in February 2007.
"Searching on the Web can present a minefield of spyware, malware, and other malicious sites that can cause serious harm to your PC and cost you valuable time and money," said Vish Makhijani, senior VP and general manager of Yahoo Search, in a blog post. "We are taking steps to make you feel safe when searching the Web -- warning you about dangerous sites before you click on them."
According to Makhijani, "No other search engine today offers you this level of warning before visiting sites. Period."
Citing a March 2008 survey conducted by marketing research services provider Decipher, Yahoo and McAfee claim that 65% of Americans online are more worried about clicking unsecured search listings than the threat of neighborhood crime, getting one's wallet stolen, or e-mail scams. Unfortunately, Decipher hasn't posted this survey online, making it harder to divine why so many people supposedly prefer being pistol-whipped and robbed to a malware infection.
Tim Dowling, VP of McAfee's Web security group, said that SearchScan tests for browser exploits, so it will detect sites where malware is delivered through online ads.
According to a Google security report published in February, 2% of malicious Web sites were delivering malware via advertising. Because ads tend to be placed on popular sites, searchers encounter them more often than their general prevalence suggests. "On average, 12% of the overall search results that returned landing pages were associated with malicious content due to unsafe ads," the report said.
Flagging such sites, however, is not without problems. Web sites penalized by McAfee's scarlet letter may see a drop in visitors despite the possibility that the fault may lie with the security of the site's ad syndication network rather than with the hosting site itself. Still, fear of such stigma may make site owners demand better security at ad networks, which would improve Internet safety for everyone.
It's something of a surprise to find Yahoo striking a deal with McAfee given that McAfee in May 2007 fingered Yahoo as the search engine with the greatest percentage of risky search results (5.4%). But perhaps having partnered with McAfee, Yahoo will fare better in McAfee's forthcoming 2008 State of Search Engine Safety survey.
Asked whether Yahoo's new relationship with McAfee represents a conflict of interest that might affect the search engine's ranking in McAfee's upcoming survey, Dowling replied, "It's hard to say whether there's a real conflict of interest. It's a pretty quantitative study." He added that due to Yahoo's commitment to cleaner search results, "I would expect Yahoo to be the safest search engine, or one of them."
Dowling said McAfee was running a bit behind in compiling the data for its 2008 search safety survey but did provide a preview: Sponsored search results are twice as likely to link to malicious sites as organic search results, he said. "The bad guys try to look good and Internet advertising is a way they can buy their way into a higher search result position," he said.
Dowling also said that search engines collectively serve 8 billion risky sites per month worldwide.
Testimonials 1
I want to start out by saying that this book completely exceeded my expectations for the first NAC Appliance book. I wish this was published 3 years ago. The author clearly articulates the business benefits of NAC, including how NAC provides return on investment (ROI), which gives any reader the know-how to wisely purchase Cisco NAC Appliance. He also shows his technical expertise by diving extremely deep into the inner workings of Cisco NAC Appliance, which gives engineers, consultants, and operations the information they need to successfully deploy or maintain the product.
This book shows great details into the process flows of In-Band & Out-of-Band users, Clean Access Agent (CAA) users and network scanning users. The information on the different deployment options and how to use them in diverse environments is great to start your NAC Design. This book makes the confusing topics seem easy and manageable.
Some of the highlights that caught my eye and I thought everyone would like were:
- Chapter on Host Security Policy - An amazing deal of information on how to design/create a Host Security Policy as it relates to NAC Appliance is invaluable to deployments
- Exploration of High Availability and Load Balancing - Information on how to load balance Clean Access Servers using the CSM, CSS, ACE and PBR cannot be found anywhere else. This includes saving money on Failover Bundles by using N+1 Failover
- Layer 3 OOB Deployment options - Walk through of the benefits of the different methods of deploying L3 OOB, e.g. PBR, ACLS, VPNs, etc.
- Deployment Best Practices - An entire chapter on how to plan, schedule, and keep all parties happy for your NAC Appliance deployment
- Monitoring & Troubleshooting information - detailed list of all logs located on the CAM and CAS, as well as the information on how to troubleshoot and monitor online users
All in all this is a great book and I would recommend it for all people interested in Buying, Deploying, Operating, or Troubleshooting Cisco NAC Appliance. This is definitely a great reference manual to have at your desk!
Testimonials 2
The Cisco Self Securing Network platform is currently structured around several cornerstone technologies of which the Cisco Clean Access technology is a leading component. The Cisco Clean Access technology is one of several industry wide Network Admission Control (NAC) technologies which rely on a combination of client-server components. The Cisco Clean Access suite includes a client component which could be host-installed applet or a browser based applet that can read basic configuration data from a host machine and communicate compliance to enterprise defined rules/policies which are pre-defined on a clean access server appliance and other coorperating systems. The book, Cisco NAC Appliance is a good guide for administrators deploying this complex set of solutions brought from Perfigo Inc. after Perfigo's acquisition by Cisco 2006.
The book's organization and tone is aimed at security architects, security managers and security administrators. While a security architect will better understand the various deployment options and thus the place of the Cisco NAC framework in an enterprise, security managers will get a comprehensive enough view of the Cisco NAC framework to make the judgment call on actual deployment of the infrastructure and of course make decisions on cost/facility and better grapple with the potential cost benefit requests from enterprise's executive and the security administrator will have a quick guide handbook to help wade through the myriads of documentations from Cisco on its evolving SAFE architecture in general and the NAC framework in particular.
The organization of this book is excellent for the intended audience; six parts covering the basics of host security landscape, design of Cisco NAC appliance, developing a host security policy, the Cisco NAC configuration, some deployment best practices, and of course NAC appliance maintenance and troubleshooting. The six parts are laid out in fifteen accessible chapters spanning more than 500 pages with generous amount of configuration examples and screenshots.
With Cisco now having more than 45% market share in the endpoint access control market, books like these can only increase in importance as a guide to organizations grappling with the decision on what and where to deploy these technologies.
And for this volume, the taste of the pudding remains in the eating. So if you don't have a copy yet, go grab one (so long as you are interested in some endpoint security solutions now or at some point in the future). As for rating, I'll give it my best rating so far, four star out of five.
Thursday, July 17, 2008
RADMIN - Remote Control Software
RADMIN - Remote Control Software is Fast and Reliable Remote Control Software for Secure Remote Access to PC from Anywhere. Available on Windows Vista 32-bit and 64-bit Compatible (including Service Pack 1)
Radmin (Remote Administrator) is the world famous, award winning secure remote control software and remote access software which enables you to work on a remote computer in real time as if you were using its own keyboard and mouse.
Radmin (Remote Administrator) is fast and secure remote control and remote access software that enables you to work on a remote computer as if you were sitting right in front of it and access it from multiple places. Radmin includes full support for Windows Vista (32-bit and 64-bit), file transfer, multi-user text and voice chats, Windows security, Kerberos authentication, 256-bit AES encryption for all data streams, telnet access, multiple monitors support and unique DirectScreenTransfer™ technology. Radmin utilizes the ever-present TCP/IP protocol - the most widespread protocol used in LANs, WANs and the Internet. This means you can access your remote computer from anywhere in the world. Radmin is deployed on thousands of corporate PCs worldwide. Among our clients are companies where Radmin is the standard application for network management.
You view the remote computer's screen on your own monitor either in a window or full screen. All your mouse movements and keyboard signals are transferred directly to the remote computer. You work on the remote computer just as if it were right there in front of you. You can remotely access the same computer from multiple places and use advanced file transferring, text and voice chats, remote shutdown, Telnet and other useful features.
Radmin 3 consists of two modules:
The Viewer module (Radmin Viewer)
Radmin Viewer needs to be installed on the local computer (for example your home PC or notebook) which you want to use to access your remote computer.
The Server module (Radmin Server)
Radmin Server needs to be installed on the remote computer (for example your office PC) which you want to access from your own one.
Installing Radmin Server 3
The Server module needs to be installed on the remote computer (for example your office PC) that you want to access from your own one (for example your home PC or notebook).
Step 1: Run rserv32.exe to install Radmin Server.
Step 2: Follow the on-screen instructions. The installer will copy all required files into the default system directory.
Step 3: Please, remember to activate your newly installed copies of Radmin Server 3.
Installing Radmin Viewer 3
The Client module (also called the Viewer) needs to be installed on the local computer (for example your home PC or notebook) which you want to use to access your remote PC.
Step 1: Run rview32.exe to install Radmin Viewer.
Step 2: Follow the on-screen instructions and select an installation directory when asked. The installer will copy all required files into the specified directory.
FAQ
1. I can't connect to Radmin server. What can I do?
Check your connection to the remote host via TCP/IP: Type in the command prompt: ping remote_host_name
Ex: ping 10.0.0.1
Ex: ping myserver.mycompany.com
Make sure that radmin server is running on the remote computer. Verify that you are connecting to the correct port on which the radmin server is waiting for the incoming connection. Check the firewall settings on the remote computer. You can also examine Radmin’s logfile.txt to discover what's causing the problem.
2. I'm behind a router and don't have public IP address. What can I do?
Several situations are possible:
Your computers are in an internal network behind a NAT based router. Only the router has a public IP address. You can access your internal network computers via the Internet. To do this you need to configure 'Forwarding' on the router/firewall. Configure the router to forward connections from a port on the router to a specific IP address and port (Radmin server's default port is 4899) of the target computer in your internal network. You need to assign a port on the router for every computer you need to access. The router will then forward the connection to your computer in the internal network.
Your PCs have real IP addresses but the firewall has its port 4899 closed. In this case you have to open 4899 or use another open port.
Radmin Server does not start on the server. Examine the log file on the server for the reason.
Tuesday, July 15, 2008
Free Vulnerability Scan
NetClarity offers FREE SCAN tool to findout if you have any
vulnerabilities ( Malware, Viruses, Worms, Trojans, Keyloggers and all
those nasty exploits are not the problem ) they can exploit, harden
your system and take a more proactive approach to securing your
personal computer.
http://www.netclarity.net/freescan.html
On completing the SCAN, please contact us for the full report unlock key.
NACwall are Network Access Control (NAC) appliances which scan
corporate networks for devices that may contain exposures or
vulnerabilities exploited by hackers that firewalls can't defend
against. NACwalls also alert customers and block against malicious and
un-trusted network access at all points on the network, whether wired
or wireless.
NACwall are proactive appliances that take just minutes to install.
Continuously scanning for vulnerability' s across every device on a
network, NACwalls can stop threats within milliseconds.
NACwall detect & respond to threats from network connected computers,
returning mobile users, wireless devices, new devices and even detect
´imitation´ users (spoofed machines). NACwalls respond in milliseconds
to un-trusted and potentially hazardous computer assets stunning off
their network access in less time than it took to read this sentence.
Network Access Control (NAC) is an approach to computer network security that attempts to unify endpoint security technology (such as antivirus, host intrusion prevention, and vulnerability assessment), user or system authentication and network security enforcement.
Network Access Control is a computer networking concept and set of protocols used to define how to secure the network nodes prior to the nodes accessing the network. NAC might integrate the automatic remediation process (fixing non-compliant nodes before allowing access) into the network systems, allowing the network infrastructure such as routers, switches and firewalls to work together with back office servers and end user computing equipment to ensure the information system is operating securely before interoperability is allowed.
Network Access Control (NAC) aims to do exactly what the name implies: control access to a network with policies, including pre-admission endpoint security policy checks and post-admission controls over where users and devices can go on a network and what they can do.
"NAC's roots trace back to the trusted computing movement. In this context an open-architecture was created as an alternative to proprietary NAC initiatives. TNC-WG aims at enabling network operators to provide endpoint integrity at every network connection, thus enabling interoperability among multi-vendor network endpoints.[3]"
Initially 802.1x was also thought of as NAC. Some still considers 802.1x as the most simple form of NAC, but most people think of NAC as something more.
Goals of Network Access Control
Because NAC represents an emerging category of security products, its definition is both evolving and controversial. The overarching goals of the concept can be distilled to:
Mitigation of zero-day attacks
The key value proposition of NAC solutions is the ability to prevent end-stations that lack antivirus, patches, or host intrusion prevention software from accessing the network and placing other computers at risk of cross-contamination of network worms.
Policy enforcement
NAC solutions allow network operators to define policies, such as the types of computers or roles of users allowed to access areas of the network, and enforce them in switches, routers, and network middleboxes.
Identity and access management
Where conventional IP networks enforce access policies in terms of IP addresses, NAC environments attempt to do so based on authenticated user identities, at least for user end-stations such as laptops and desktop computers.
Pre-admission and post-admission
There are two prevailing design philosophies in NAC, based on whether policies are enforced before or after end-stations gain access to the network. In the former case, called pre-admission NAC, end-stations are inspected prior to being allowed on the network. A typical use case of pre-admission NAC would be to prevent clients with out-of-date antivirus signatures from talking to sensitive servers. Alternatively, post-admission NAC makes enforcement decisions based on user actions, after those users have been provided with access to the network.
Agent versus agentless
The fundamental idea behind NAC is to allow the network to make access control decisions based on intelligence about end-systems, so the manner in which the network is informed about end-systems is a key design decision. A key difference among NAC systems is whether they require agent software to report end-system characteristics, or whether they use scanning and network inventory techniques to discern those characteristics remotely.
Out-of-band versus inline
In some out-of-band systems, agents are distributed on end-stations and report information to a central console, which in turn can control switches to enforce policy. In contrast the inline solutions can be single-box solutions which act as internal firewalls for access-layer networks and enforce the policy. Out-of-band solutions have the advantage of reusing existing infrastructure; inline products can be easier to deploy on new networks, and may provide more advanced network enforcement capabilities, because they are directly in control of individual packets on the wire. However, there are products that are agentless, and have both the inherent advantages of easier, less risky out-of-band deployment, but use techniques to provide inline effectiveness for non-compliant devices, where enforcement is required
Remediation, quarantine and captive portals
Network operators deploy NAC products with the expectation that some legitimate clients will be denied access to the network (if users never had out-of-date patch levels, NAC would be unnecessary). Because of this, NAC solutions require a mechanism to remediate the end-user problems that deny them access.
Two common strategies for remediation are quarantine networks and captive portals:
Quarantine
A quarantine network is a restricted IP network that provides users with routed access only to certain hosts and applications. Quarantine is often implemented in terms of VLAN assignment; when an NAC product determines that an end-user is out-of-date, their switch port is assigned to a VLAN that is routed only to patch and update servers, not to the rest of the network. Other solutions use Address Management techniques (such as Address Resolution Protocol (ARP) or Neighbor Discovery Protocol (NDP)) for quarantine, avoiding the overhead of managing quarantine VLANs.
Captive portals
A captive portal intercepts HTTP access to web pages, redirecting users to a web application that provides instructions and tools for updating their computer. Until their computer passes automated inspection, no network usage besides the captive portal is allowed. This is similar to the way paid wireless access works at public access points.
Benefits:
Minimize risk of outbreaks while allowing for policy flexibility
Protect your network from zero-day threats and infected guest devices; monitor the network continuously for threat assessment and attack behavior originating from all types of devices Minimize exposure from noncompliant, infected, or misconfigured systems
Allow only authorized devices to have network access: enforce compliance by scanning devices to test their overall security posture as they attempt to log onto a network Reduce downtime and risk
Guard against infections and vulnerabilities from mobile devices; identify and quarantine misconfigured systems and company laptops that fall out of compliance; enforce network access decision at the system level; remediate noncompliant devices automatically Make intelligent decisions based on real knowledge
Gain visibility of system and network threats with efficient security collaboration; breakthrough McAfee ePolicy Orchestrator® (ePO™) integration provides real-time visibility of actionable system host details, as well as the most relevant host IPS, anti-virus, and spyware events Leverage your existing network infrastructure
Deploy to all ePO managed systems in your network infrastructure without hardware replacements; get continuous, broad protection that keeps up with the latest threats with McAfee Total Protection for Enterprise—Advanced with NAC included; manage it all from a single, centralized console.
Features:
Dynamic NAC with IntruShield
Protect the internal organization from the threat of remote access, high-risk branch offices, or guest wireless networks by identifying, quarantining, and then remediating any infected device Flexible and powerful remediation options
Minimize helpdesk calls and make faster fixes on managed systems with automated remediation; for unmanaged systems, go to a user-directed remediation portal for quick results Broad enforcement options
Select from a variety of enforcement strategies, thanks to integration with ePO and a flexible architecture; protect against critical systems that cannot run agents with integrated McAfee Network Security Platform; add support for Microsoft NAP Framework Centralized management and control
Manage and control access to your network, along with your other system security protection, through a single console with ePO; get a bird's eye view or all the details about hosts and define policies; retrieve centralized reports of failed compliance checks and remediation action Protection from non-Microsoft® Windows devices
Monitor and assess threats and attacks from any device, including Macintosh and Unix systems and devices with embedded operating systems, like VoIP phones, printers, faxes, and copiers
Thursday, July 10, 2008
Stealing the Network: How to Own the Box
"Steal This Network" is not another of the countless hacker books out there, but an edgy, provocative, attack-oriented series of chapters written in a firsthand, conversational style. World-renowned network security personalities present a series of 25-to-30-page chapters written from the point of view of an attacker who is gaining access to a particular system.
Synopsis
"If you want to hack into someone else's network, the week between Christmas and New Year's Day is the best time. I love that time of year" (from Chapter 1, "Hide and Sneak"). Written by a team of network security professionals, this volume contains a series of fictional short stories demonstrating the techniques commonly used by criminal hackers. The appendix provides an overview of the "Laws of Security" and discusses ways to mitigate many of the attacks detailed in the book. Annotation © 2004 Book News, Inc., Portland, OR
Annotation
"Steal This Network" is not another of the countless hacker books out there, but an edgy, provocative, attack-oriented series of chapters written in a firsthand, conversational style. World-renowned network security personalities present a series of 25-to-30-page chapters written from the point of view of an attacker who is gaining access to a particular system.
Stealing the Network: How to Own the Box is a book about breaking into computer systems by various means, ranging from obtaining physical access to network intrusion. There are lots of books on computer security and on breaking into computer systems. What is unusual about this book is that it is composed of fictional stories based around various "exploits" to gain access to computer systems. The book has nine authors: Ryan Russel, Tim Mullen, FX, Dan Kaminsky, Joe Grand, Ken Pfeil, Ido Dubrawsky, Mark Burnett and Paul Craig. Each wrote a chapter, except for Ryan Russel who edited the book and wrote two chapters. All of the authors are involved in computer security or computer intrusion (or perhaps both at differing points in their lives).
The fictional nature of the book makes it readable, although Stealing the Network is not exactly Neuromancer. Most of the chapters revolve around a different fictional character using various methods for gaining unauthorized access to computer systems. These include "social engineering" - obtaining information or physical access by gaining the confidence of people at a company. Some are attacks are sophisticated. One vignette involves a beautiful woman hacker who specializes in hacking into printers.
One of the objectives of the authors of Stealing the Network is to get you to think about computer security in new ways. Before reading Stealing the Network I had never thought of printers as possible targets for intrusion attack. Printers have evolved into full network devices that run some form of operating system, which supports the network stack software. Although printers are increasingly powerful computers, they started out as dumb devices (raise your hand if you remember the old "chain" printers) so there is a tendency keep thinking of them as the dumb devices. This means that the network security on a printer may be non-existent. Since the printer can communicate with the rest of the network, it can serve as a platform for attack (as a network proxy if nothing else).
Although the characters in Stealing the Network are fictional, the techniques and software tools are real. The attack described in each chapter also includes a description of the software tools used (in some cases including the web site that publishes the software). The details of the attack are also broken down. Unless you have a real passion for the fine details of computer security and intrusion, these accounts can become tedious in places.
The appendix of Stealing the Network is titled Laws of Computer Security which attempts to summarize some of the issues raised in the stories. Stealing the Network is a valuable reference for those who want to understand current security exploits. The usefulness of the book as a reference is harmed by the fact that it does not include an index.
We wouldn't have to spend so much time, money, and effort on network security if we didn't have such bad software security. Think about the most recent security vulnerability about which you've read. Maybe it's a killer packet that allows an attacker to crash some server by sending it a particular packet. Maybe it's one of the gazillions of buffer overflows that allow an attacker to take control of a computer by sending it a particular malformed message. Maybe it's an encryption vulnerability that allows an attacker to read an encrypted message or to fool an authentication system. These are all software issues.
Bruce Schneier, from the forward to Building Secure Software: How to Avoid Security Problems the Right Way by John Viega and Gary McGraw, Addison-Wesley, 2002
Computer security is viewed by many people as "cool". Case, the cyberspace cowboy in Neuromancer hacking into computer systems. The mirror of Case is the computer security guru who protects the system with their vast store of knowledge. Some computer security "gurus" have even gained their fifteen minutes of media fame (can you say Satan). The truth is that network computer systems are vulnerable because of human limitations. While computer security is important, it may come as a shock to those who attend conferences like Black Hat to learn that computer security is not as cool as they think it is.
The design and implementation of secure computer networks, or at least networks that will not fall to most of the attacks described in Stealing the Network are not waiting for new results from computer science research or software engineering. As Bruce Schneier points out above, the problems that are encountered in computer security are frequently the result of well understood issues. For example, many of the computer network attacks that are described in Stealing the Network are buffer overflow attacks. Methods for avoiding buffer overflow problems have been known for something like 30 years.
There are two major historical factors that have lead to the poor state of computer security that prompts me to read books like Stealing the Network. These are:
Susceptibility to buffer overflow attack (as noted above)
The C/C++ programming languages have been used to implement every major operating system in use today (e.g., Windoz, UNIX and Linux). This includes the operating systems that run on network routers, like Cisco's IOS. Most, if not all, of the buffer overflow attacks result from the lack of compiled range checks in C/C++.
A range check allows buffer (array) overflows to be caught at runtime. For example, a potential buffer overflow problem exists in the code below (which calls the POSIX function gets).
#define SIZE 80
char buf[SIZE];
while (! gets( buf )) {
....
}
In this code a stream of text, terminated by a newline character, is read from the POSIX standard input (which might be connected to a TCP/IP socket). If the stream of text is longer than 80 characters, it will overwrite data which is stored following buf. A text stream of just the right size may overwrite the return address for a function (possibly the function that called the current function), allowing the attacker to insert and execute their own code.
Compilers for languages like Pascal and Java insert code that checks that an array (buffer) access is within the bounds of the memory allocated for the array. If there is an access beyond the end of the array, a runtime error will result. The software will fail, but the intruder will not gain access to the system.
The equality between arrays and pointers in C makes it very difficult, if not impossible to compile range checked into C. The designers of C (Kernighan and Ritchie) might have designed the language differently if they had realized that it would become the lingua franca of software. C was designed so that it could be efficiently translated into the Digital Equipment Corporation PDP instruction set. This allowed C to be used as an efficient vehicle to implement operating system software (e.g., the early versions of UNIX). The extra code generated by the compiler to support range checks was anathema to the concentration on efficiency in C.
Since every operating system in wide spread use has been implemented in C (or C++), the historical decisions in the C programming language resulted in many of the computer network vulnerabilities that exist today.
Microsoft Software
The most commonly attacked and penetrated computer systems run various versions of Microsoft's Windows operating system. The original root of the security problems in Windows based operating systems comes from the fact that Microsoft's model for computation is a computer system, running Microsoft Windows, on every desktop, joined by a network that supports simple operations like printing. Unlike UNIX, which evolved on systems joined by the Internet, the Internet was not part of Microsoft's world view until it exploded into popular culture. In Microsoft's view, computers running Windows would only communicate with other computers running Windows within a corporate network. The Web did not exist in this world view and computer networks where not heavily connected to the outside world. As a result, network security was not an issue Microsoft considered much.
Microsoft implemented features like OLE (Object Linking and Embedding) which allows a Microsoft Word document to include a spread sheet constructed with Microsoft Excel. By clicking on the spread sheet you can bring up Excel and make changes in the spread sheet. By allowing code execution to be started from a document, which could be sent via e-mail, Microsoft laid the foundation for security holes which are probably still not fixed.
All this is old history with Microsoft and a larger question exists: Why did Microsoft not take action to re-architect their software when it became obvious that the foundation for their design view was wrong? The fact that viruses have exploited vulnerabilities in Microsoft e-mail for years is simply inexcusable.
As Stealing the Network points out, there is no way to build a computer system that cannot be successfully attacked by some means. If nothing else, high levels of security make computer systems difficult to use. UNIX was designed in reaction to the secure, but difficult to use, MULTICS operating system. Systems that are difficult use to may be compromised as their users open holes to make their jobs easier.
While recognizing the limitations of computer security, it is still obvious that computer security could be greatly improved if people simply applied the knowledge that engineers and computer scientists have had for many years. Many of the vulnerabilities exploited by the characters in Stealing the Network would not exist if this happened. Firewalls and network intrusion detection systems exist to protect against problems that could have been avoided.
A Note on Terminology
The computer security/hacker community, like any community, has developed their own set of jargon. Some of this is generally familiar in the software world. The one term that I found unfamiliar was the term "0-day exploit". I did not find an explaination for this term in this book, but I later found that it means an exploit with 0-days of warning before the attack.
For example, it frequently happens that a vulnerability is announced for Microsoft operating systems. An attack does not appear for some number of days, so there is some chance to install software to protect the system.
In a 0-day exploit a previously unknown exploit becomes known only as a result of a successful attack. Those who manage the computer system have 0-days of warning. The security research community hopes to keep ahead of those who attack computer systems. But as the potential profits from system attacks increase 0-day attacks become inevitable.
Credit to Ian Kaplan
Stealing the Network: How to Own the Box is a couple years old, and is the first in a series of books that provide information on computer and network security by combining fictional narratives with genuine techniques. It is not written as a "how-to" guide, which makes it an easier read for a non-geek, though there is enough real technical information contained in the short stories to give a sysadmin or security enthusiast something to go on.
The book is divided into ten chapters (and an appendix that non-geeks may take a pass on), each one of which gives a short story dealing with some aspect of security. While there are clear roles associated with the protagonist in each story -- some white hat, some black -- overall the book does a nice job of presenting the information in a useful way without imposing morals on the reader. The stories give a wide variety of scenarios, which include:
- a general "break into a network" hack
- worm analysis
- hardware hacking
- printer security
- hacking without hacking (relying on the general laziness of users)
- wireless security
- social engineering
- forensics and post-incident analysis
The narratives are all more or less easy to follow (though a couple are somewhat long and dull), and help to illustrate good security by showing just how powerful poor security can be in the hands of an attacker. By riding shotgun on several different scenarios, you can spot the weak points and see where exactly vulnerabilities can be exploited. It shows that many networks, even those with SOME security in place, can often still be compromised relatively simply. Although it has been repeated to the point of being cliche, it is true that a chain is only as strong as its weakest link -- and many times, the weakest link is plain human laziness or ignorance.
This book is a quick read; I finished it in a little over a week. However, the effect it has had on me will be much longer-lasting. Although it is a bit dated by modern standards, there is enough real information to serve as a reminder that, while it is easy to talk about security on a web forum, true security is found only when you roll up your sleeves and get your hands dirty. It is not always enough to assume you are secure simply because you know a thing or two about firewalls and Windows Update. Security is a process, and it ends up being a process that is never truly finished.
I would like to close by sharing a quote from the book that, for some reason, has stuck with me:
What's funny is that I've never needed to resort to some fancy theoretical exploit that security researchers talk about, because the script kiddy stuff usually works just fine. I've seen administrators go to great lengths to prevent man-in-the-middle attacks. But I've never actually used such an attack myself, I don't know anyone else who has used one, and I don't know anyone who was ever a victim of one.
I highly recommend this book to anyone with a real interest in the guts of security. The dead tree edition retails for around US$50, though you can probably find a cheaper one used, or if you don't mind reading electronic copy (or if you have a printer that can handle it), you can download the eBook.
From the Publisher
"Stealing the Network: How to Own the Box" is NOT intended to be a "install, configure, update, troubleshoot, and defend book." It is also NOT another one of the countless Hacker books out there. So, what IS it? It is an edgy, provocative, attack-oriented series of chapters written in a first hand, conversational style. World-renowned network security personalities present a series of 25 to 30 page chapters written from the point of an attacker who is gaining access to a particular system. This book portrays the "street fighting" tactics used to attack networks and systems.
Not just another "hacker" book, it plays on "edgy" market success of Steal this Computer Book with first hand, eyewitness accounts
A highly provocative expose of advanced security exploits
Written by some of the most high profile "White Hats", "Black Hats" and "Gray Hats"
Gives readers a "first ever" look inside some of the most notorious network intrusions
Table of Contents
Chapter 1: Hide and Sneak--Ido Dubrawsky
Chapter 2: BabelNet--Dan Kaminsky
Chapter 3: The Worm Turns--Ryan Russell and Tim Mullen
Chapter 4: Just Another Day at the Office--Joe Grand
Chapter 5: h3X's Adventures in Networkland--FX
Chapter 6: The Thief No One Saw--Paul Craig
Chapter 7: Flying the Friendly Skies--Joe Grand
Chapter 8: dis-card--Mark Burnett
Chapter 9: Social (In)Security--Ken Pfeil
Chapter 10: The Art of Tracking--Mark Burnett
Appendix: The Laws of Security
Read an Excerpt
From Chapter 5, The Thief No One Saw
This is my story. My name is Dex. I'm a 22-year-old systems administrator. I live in an upper-class apartment in New York's CBD. My apartment is lined with computers, coffee cups, and cables. I work eight hours a day for a small online e-commerce site, mostly managing servers and security.
In my free time, I run my own contract development company, writing mostly C/C++. I also moonlight as a "Rent a Thief" for a black market media "distribution" company based out of Taiwan. On demand, I hack into companies and steal whatever is required. Usually, it's a new, highly anticipated game or a large, expensive CAD (computer-aided design) software package. Once, I was even asked to steal software used to design a nuclear power plant. I don't ask questions. This thievery doesn't stop at software, though. There is big money in commercial plans, financial data, and customer contact lists, as well.
I do this because I enjoy the rush and the feeling of outsmarting someone else. I never tell anyone else about a hack, and to date, only a few companies I've hit even suspected that they had been hacked. I am not a part of the typical hacker community, and I always work alone....
Slashdot.org
Stealing the Network is a refreshing change from more traditional computer books. The authors have created fictional stories based on non-fictional concepts that could really happen to our computer systems today. The realistic fiction approach makes the book much lighter to read and actually entertaining. I also believe this approach makes the true methods behind the fictional stores much more memorable then memorizing thousand page textbooks.
Wired
Stealing The Network: How to Own the Box, a compendium of tales written by well-known hackers, is a perfect summer read. The stories are fictional. The technology and techniques described are very real … At 328 pages, Stealing the Network is a summer blockbuster without the nonsense that packs the pages of most warm-weather reads. It's entertaining, but it won't leave your brain gagging on an overdose of fluff.
Amazon.com
Stealing the Network is a book of science fiction. It's a series of short stories about characters who gain unauthorized access to equipment and information, or deny use of those resources to the people who are meant to have access to them. The characters, though sometimes well described, are not the stars of these stories. That honor belongs to the tools that the black-hat hackers use in their attacks, and also to the defensive measures arrayed against them by the hapless sysadmins who, in this volume, always lose. Consider this book, with its plentiful detail, the answer to every pretty but functionally half-baked user interface ever shown in a feature film.
One can read this book for entertainment, though its writing falls well short of cyberpunk classics like Burning Chrome and Snow Crash. Its value is in its explicit references to current technologies--Cisco routers, OpenSSH, Windows 2000--and specific techniques for hacking them (the heroes and heroines of this book are always generous with command-history dumps). The specific detail may open your eyes to weaknesses in your own systems (or give you some ideas for, ahem, looking around on the network). Alternately, you can just enjoy the extra realism that the detail adds to these stories of packetized adventure. --David Wall
Product Description
"Stealing the Network: How to Own the Box" is NOT intended to be a "install, configure, update, troubleshoot, and defend book." It is also NOT another one of the countless Hacker books out there. So, what IS it? It is an edgy, provocative, attack-oriented series of chapters written in a first hand, conversational style. World-renowned network security personalities present a series of 25 to 30 page chapters written from the point of an attacker who is gaining access to a particular system. This book portrays the "street fighting" tactics used to attack networks and systems.
Not just another "hacker" book, it plays on "edgy" market success of Steal this Computer Book with first hand, eyewitness accounts
A highly provocative expose of advanced security exploits
Written by some of the most high profile "White Hats", "Black Hats" and "Gray Hats"
Gives readers a "first ever" look inside some of the most notorious network intrusions
Download Description
"Stealing the Network: How to Own the Box" is NOT intended to be a "install, configure, update, troubleshoot, and defend book." It is also NOT going to be another one of the countless Hacker books out there now by our competition. So, what IS it going to be? "Stealing the Network: How to Own the Box" is going to be an edgy, provocative, attack-oriented series of chapters written in a first hand, conversational style. World-renowned network security personalities will present a series of 25 to 30 page chapters written from the point of an attacker who is gaining access to a particular system. This book will portray the "street fighting" tactics used to attack networks and systems. --This text refers to the Digital edition.
Book Info
(Syngress Publishing) Combines fictional stories with real technology. Provides a glimpse into the creative minds of some of today's best hackers. Softcover.
From the Publisher
In the real world, hackers go after the "low-hanging fruit." They take the least risk and go for the greatest reward. They often act alone or in small groups. They don’t have government funding or belong to world criminal organizations. What they do have is spare time and a lot of curiosity, and believe me, hacking takes a lot of time. Some of the best hackers spend months working on one exploit. At the end of all that work, the exploit may turn out to not be reliable or to not to function at all! Breaking into a site is the same way. Hackers may spend weeks performing reconnaissance on a site, only to find out there is no practical way in, so it’s back to the drawing board.
In movies, Hollywood tends to gloss over this fact about the time involved in hacking. Who wants to watch while a hacker does research and test bugs for weeks? It’s not a visual activity like watching bank robbers in action, and it’s not something the public has experience with and can relate to. In the movie "Hackers," the director tried to get around this by using a visual montage and some time- lapse effects. In "Swordfish," hacking is portrayed by drinking wine to become inspired to visually build a virus in one night. One of the oldest hacking movies, War Games, is the closest to reality on the big screen. In that movie, the main character spends considerable time doing research on his target, tries a variety of approaches to breaking in, and in the end, is noticed and pursued.
But what if …? What would happen if the attackers were highly motivated and highly skilled? What if they had the guts and skills to perform sophisticated attacks? After a few drinks, these authors of the book you are holding in your hands are/were quick to speculate on what would be possible. Now, they have taken the time and effort to create ten stories exploring just what it would take to own the network.
About the Author
Dan Kaminsky, also known as Effugas, is a Senior Security Consultant for Avaya's Enterprise Security Practice, where he works on large-scale security infrastructure. Dan's experience includes two years at Cisco Systems, designing security infrastructure for cross-organization network monitoring systems, and he is best known for his work on the ultra-fast port scanner, scanrand, part of the "Paketto Keiretsu," a collection of tools that use new and unusual strategies for manipulating TCP/IP networks.
FX of Phenoelit has spent the better part of the last few years becoming familiar with the security issues faced by the foundation of the Internet, including protocol based attacks and exploitation of Cisco routers. He has presented the results of his work at several conferences, including DefCon, Black Hat Briefings, and the Chaos Communication Congress.
Mark Burnett is an independent security consultant, freelance writer, and a specialist in securing Windows-based IIS Web servers. Mark is a contributor to Dr. Tom Shinder's ISA Server and Beyond: Real World Security Solutions for Microsoft Enterprise Networks (Syngress Publishing, ISBN: 1-931836-66-3).
Joe Grand is the President and CEO of Grand Idea Studio, Inc., a product design and development firm that brings unique inventions to market through intellectual property licensing. As an electrical engineer, many of his creations including consumer devices, medical products, video games and toys, are sold worldwide. A recognized name in computer security and former member of the legendary hacker think-tank, The L0pht, Joe’s pioneering research on product design and analysis, mobile devices, and digital forensics is published in various industry journals.
Ido Dubrawsky (CCNA, CCDA, SCSA) is a Network Security Architect working in the SAFE architecture group of Cisco Systems, Inc. His responsibilities include research into network security design and implementation.
Paul Craig is a network administrator for a major broadcasting company in New Zealand. He has experience securing a great variety of networks and operating systems. Paul has also done extensive research and development in digital rights management (DRM) and copy protection systems.
Ken Pfeil is a Senior Security Consultant with Avaya's Enterprise Security Consulting Practice, based in New York. Ken's IT and security experience spans over 18 years with companies such as Microsoft, Dell, Identix and Merrill Lynch in strategic positions ranging from Systems Technical Architect to Chief Security Officer. While at Microsoft, Ken co-authored Microsoft's Best Practices for Enterprise Security white paper series, was a technical contributor to the MCSE Exam, Designing Security for Windows 2000 and official curriculum for the same.
Timothy Mullen is CIO and Chief Software Architect for AnchorIS, a developer of secure enterprise-based accounting solutions. Mullen is also a columnist for Security Focus' Microsoft Focus section, and a regular contributor of InFocus technical articles. Also known as Thor, he is the founder of the "Hammer of God" security coop group.
Ryan Russell has worked in the IT field for over 13 years, focusing on information security for the last seven. He was the primary author of Hack Proofing Your Network: Internet Tradecraft (Syngress Publishing, ISBN: 1-928994-15-6), and is a frequent technical editor for the Hack Proofing series of books. Ryan founded the vuln-dev mailing list, and moderated it for three years under the alias "Blue Boar." Ryan is the Director of Software Engineering for AnchorIS, where he's developing the anti-worm product, Enforcer.