Defending your network

Two recent SearchSecurity.com webcasts focused on the topic of network security. The first talk was by resident network security expert Ed Skoudis on new trends in computer attacks. The other webcast was conducted by Richard Bejtlich, of Foundstone, and Robert Visscher, of Ball Corporation, on the topic of Network Security Monitoring.

I would hate for those that couldn't view the webcasts to miss out on some of the essential ideas conveyed in them. In the following paragraphs I will look at some of the more important thoughts on security discussed in the webcasts. Who knows, maybe the tidbits will pique your interest enough to take a look at the full webcasts.

Ed Skoudis begins his talk by pointing out that there was a severe drop in hacker activity after Sept. 11 that lasted about six months. But since that time hacker activity has increased. And the only defense is to stay diligent. To that end, Ed recommended some defenses against attacks.

One method of attack that is on the rise is Trojaning software distribution. The main defense of which is obvious, don't put any downloaded software directly into production. Put it into a test environment first. But he also recommended downloading the software from various sources when possible and comparing the hashes of the downloads. This might save you some grief even in the testing phase.

I think the most important piece of advice and information from Ed's webcast was the insight into hacker methods.

    Requires Free Membership to View

He quoted Adrian Lamo as saying that Google is his favorite hacking tool. Learning about his target is the first tactic of a dedicated hacker. For instance, hackers can find out what kind of hardware and software you have by searching job postings. Along those same lines, hackers can utilize allwhois.com to get Web site registration info.

Ed's advice regarding these methods is to use the same tools as the bad guys. Find out everything you can about your company as seen from the outside; know what potential hackers know. You might even be able to use the same types of tools that hackers use to find holes in your security to discover them yourself. One possible tool is Dan Kaminsky's scanning tool available at Doxpara Research.

In theory, locking down your systems -- making them hacker proof -- is your goal, but some would call this an impossible goal. If this is the case, you must at least know when your security has been breached. Which brings us to the topic discussed in Bejtlich and Visscher's webcast, Network Security Monitoring. Bejtlich and Visscher pointed out that most people would call this intrusion detection, but they believe that intrusion detection is just part of what needs to be done. Just knowing that there has been an intrusion isn't enough. Beyond identification, network security monitoring provides forensic data, accelerates response and recovery actions, helps identify host and network misconfiguration, and it may be required by law.

Bejtlich and Visscher summarized the needs of network security monitoring by saying that it needed people, products and processes to work together. People are needed because products cannot interpret real world situations; products are needed because people have trouble interpreting network data; and processes are needed to make sure the data has a purpose.

Aside from explaining Network Security Monitoring and providing some guidelines for building a good network monitoring system, Bejtlich and Visscher also provide a wealth of resources on cyber crime and various security Web sites.

For more information, view the Network Security Monitoring Webcast at http://searchsecurity.com/r/0,,7956,00.htm.

Or catch up on the latest hacker methods at http://searchsecurity.techtarget.com/webcastsTranscriptSecurity/1,289693,sid14_gci847688,00.html.

About the author
Benjamin Vigil is a technical editor for SearchSecurity.com.

This was first published in December 2002

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.