Network security basics: protecting one’s network against cyber-attacks

Internet wasn’t meant the exact replica of real world, with its threats and dangers projecting in cyberspace. The very nature of many protocols and services doesn’t assume there could be denial-of-service and other kinds of attacks, nor deliberate misuse of the resources. Astaro Internet security mentions several basic ideas in their post How to protect your network from cyber-attacks.
 
It is said that there are three measures network administrators can take to avoid the types of network attacks that plague government websites in many countries nowadays. The three areas to focus on are network based mitigation, host based mitigation and proactive measures.
 
Network based mitigation:

• Install IDS/IPS with the ability to track floods (such as SYN, ICMP etc.)
• Install a firewall that has the ability to drop packets rather than have them reach the internal server. The nature of a web server is such that you will allow HTTP to the server from the Internet. You will need to monitor your server to know where to block traffic.
• Have contact numbers for your ISP’s Emergency Management Team (or Response team, or the team that is able to respond to such an event). You will need to contact them in order to prevent the attack from reaching your network’s perimeter in the first place.

 
Host based mitigation:

• Ensure that HTTP open sessions time out at a reasonable time. When under attack, you will want to reduce this number.
• Ensure that TCP also time out at a reasonable time.
• Install a host-based firewall to prevent HTTP threads from spawning for attack packets

 
Proactive measures:
For those with the knowhow, it would be possible to “fight back” with programs that can neutralize the threat. This method is used mostly by networks that are under constant attack such as government sites.
 
However, one could add that the prevention is in most cases much more productive than defense and counterattacks. Most attackers do use the brute force or known vulnerabilities exploits at random; if the problem isn’t handled as soon as possible, the amount and thoroughness of attacks may grow, especially if the site or service, or whatever is being under attack is of much importance.
 
In other words, the optimal network security strategy is to use network monitoring and early prevention to detect possible threats, thus taking measures quickly, in as automated manner as possible. It also has social effect: if network prevents major assaults quickly and takes little or no damage, its reputation can repel most of probable attackers (not all the cyber-crimes are committed with the single purpose of deliberately harming the target).
 

This article was brought to you by the developers of IPHost Network Monitor, network and server monitoring software.

2009/07/24 Posted by networkandservermonitoring | Uncategorized | Leave a Comment

Spam email: a social engineering tool of new age

Spam email, the primary type of junk Internet content, plagues us for decades. Tech Blorge blog mentions in its post Spam email fools millions of American Internet users an important point: junk mail can serve not only for selling illegal stuff and performing fraud, it is also a mighty tool to influence many people.
 
The post goes on: spam email has been with us for over 30 years now, having celebrated its birthday in May 2008. With that in mind, surely it’s been with us long enough that no one is now fooled into responding to the offers of mail order brides or penis enlargement solutions. Apparently not.
 
The phenomenon that has come to be known as spam was born on May 3, 1978, after a U.S. computer company sent out a message regarding a product launch to 400 email addresses. At that time, each email had to be sent manually by an actual human being. These days the whole thing is a lot easier for the crooks behind them, with botnets handling the process automatically.
 
Spam email ranges from phishing attempts, with criminals trying to persuade you to readily give up your bank or credit card details, to offers for weight loss cures, replica versions of branded products, and a lot more besides. Spam has become something which most people ignore, letting their email provider deal with it so they don’t have to.
 
But not everyone has cottoned onto the practice of spam email. Ars Technica reports on a new study by the Messaging Anti-Abuse Working Group (MAAWG) which suggests there are still a great many gullible people out there.
 
The MAAWG conducted 800 interviews both by phone and on the Internet. Everybody interviewed was resident in the U.S. and had an email address considered private and for home use. Although the majority of interviewees claimed to be experienced with Internet security, the numbers taken in by spam email are vast.
 
A slight minority of 48 percent stated they had never clicked on a spam email. But that leaves a majority 52 percent who had done so, and had admitted as much. Twelve percent of interviewees claimed to have responded to a spam email because they were actually interested in the product or service being advertised. Seventeen percent claimed they had made a mistake, 13 percent did it for no particular reason, while another 6 percent did it just to see what would happen.
 
These frightening numbers should bring more attention to junk mail problem: since so much people are willingly reading the email, the spam influence on minds and habits may be much more stronger than one could suspect. The majority of spam is dedicated to promoting and selling illegal goods and services, but, as spam share in all the information circulation grows, it can start serving as tool of social engineering, manipulating people by creating predefined patterns of attitude to brands, events and viewpoints.
 
The security is mostly in minds, not in algorithms nor hardware. The habit of totally ignoring spam email, a habit to qualify any unsolicited mass email as possible threat and thus a piece of junk could impact severely the whole spam industry. The very fact it grows and thrives indicates that the basic principle of security – “human beings must be as reliable as any other part of security system” – is too distant to reach in the immediate future.
 

This article was brought to you by the developers of IPHost Network Monitor, network and server monitoring software.

2009/07/24 Posted by networkandservermonitoring | Uncategorized | Leave a Comment