
Internet & Web security
  Know Your Enemy: Learning About Security Threats by the Honeynet Project (~US$33 from Amazon) is a technical guide to
configuring and using honeypot systems to analyze hacker exploits and malware in the wild. Read our book review.
Lance Spitzner’s previous book Honeypots: Tracking Hackers (also ~US$33 from Amazon) is another gripping read for technical folks involved in defending networks against hacker attacks.
Vulnerabilities in Not-So Embedded Systems described the hack of a Xerox mulitfunction device (copy-scan
-print). The machine has an embedded AMD CPU running Linux and Apache with the Xerox applications layered on top. Accessing the device remotely thanks to its web and telnet interfaces, the hacker exploited
vulnerabilities in parameter handling by the applications to compromise the root account. To the presenter, this was a bit of a lark. He clearly enjoyed explaining how to hack the machine and, for example, photocopy
and scan a stray paper clip and set it up as a default printing template. For Xerox, however, the presentation and exploit represents a security incident that forced them to roll out urgent security fixes to
their understandably rather irate customers.
Defense Intelligence Systems Agency (DISA) occasionally conducts network penetration tests against US
military networks and publishes interesting statistics such as the proportion of attacks that go unnoticed and unreported, presumably to shame the network/system administrators into improving their security
responses. Given that their targets are (or at least should be) highly security conscious, the figures are a salutary lesson for all of us since the implication is that, if the vast majority of network intrusion attempts
are not recognized as such, then how many successful intrusions are also being missed?
James Madison University has some good advice for students on Internet security, especially their RUNSAFE initiative and a general page with news of current security issues such as phishing.
The Internet, and hence modern civilization as it has come to be, is essentially founded on Transmission Control Protocol/Internetworking Protocol (TCP/IP). TCP/IP is a suite of communications protocols that
works over almost any communications medium, including bongo drums. Does this prove that the roots of
modern civilization are in the jungle? Maybe not ... but it sure is a fun way to learn about TCP/IP.
A US-CERT Cyber Security Tip covers browser security settings - fine if your users understand the issue and can alter the settings.
The WWW security FAQ addresses the sorts of web security queries typically raised by clued-up technically
-minded end-users and novice sysadmins. It is useful albeit a few years old (a few years = one Internet eternity).
Stay Safe Online publishes advice for home users about computer security including, of course, Internet security aspects.
CERT published a good overview of Internet security in a 1997 paper. It is interesting though rather sad to
note that the risks they identified in ’97 are still with us, plus more besides.
Firewalls
The Sam Spade and Geek Tools websites have extremely useful technical tools for analyzing IP addresses. Useful to find out who has put suspicious entries in your firewall logs (you do analyze your logs
regularly, don’t you?).
Discover step-by-step how to analyze Cisco network/firewall logs using Kiwi Syslog and Sawmill (both free or low-cost products).
A CERT CyberSecurity Tip on firewalls starts from ground zero: what is a firewall and why would I want one?
If you’re trying to shut off unnecessary ports at the firewall, take a look at this useful table listing most well
known TCP/IP ports.
DataSafe is evidently no conventional firewall but an “Extrusion Prevention System”, no less. It inspects
network traffic and applies filtering rules in real time, rather like a firewall, but it’s focus is on preventing the
unauthorized export of critical or sensitive information such as personal information, credit card data, health care records, intellectual property and classified information, rather like a content inspection firewall.
[Nothing to do with extruded aluminum then!].
A US-CERT Cyber Security Tip briefly explains firewalls without delving into the technology. This is A Good
Thing for security awareness materials intended for non-technical audiences.
Securing Wi-Fi / wireless networks

Network Security Architecture is an excellent textbook by Sean Convery (~$46 from Amazon). It is thoroughly recommended if you are tasked with preparing network
security designs. See our full book review here and visit the author’s website with a
collection of links from the book.
Wi-Foo: The Secrets of Wireless Hacking by Andrew Vladimirov, Konstantin Gavrilenko and Andrei Mikhailovsky (~$27 from Amazon) has good
technical information about hacking and, by implication, securing wireless networks.
Wardriving: Drive, Detect, Defend by Chris Hurley, Michael Puchol, Russ Rogers and Frank Thornton (~$33 from Amazon) gets mixed
reviews from those presumably hoping for a technical wireless network hackers’ manual but is appreciated by those with more limited technical knowledge.
Men from Florida and the UK were arrested for obtaining unauthorized access to WiFi networks. In the Florida case, the man admitted using a laptop PC in an SUV parked outside the house to ‘steal’ WiFi access. Cases of this nature
are bound to consider whether the WiFi network was adequately secured - most aren’t. The numerous risks relating to WiFi take the edge off an otherwise useful facility.
Beware fake wi-fi connections in public places such as airports and Internet cafes. Fake connections, perhaps labeled “free wi-fi” or similar, are likely to be ad hoc rather than access point types and may have
false MAC addresses. The hackers use tools such as Airsnarf. They can easily intercept all plaintext network
traffic from attached machines including, for example POP3 email passwords, and with a bit more effort may potentially spoof encrypted SSL connections using man in the middle attacks. If your PC is not properly
secured, shared drives and directories may also be fully accessible to the fakers.
“AirSnare is an intrusion detection system to help you monitor your wireless network. AirSnare will alert you
to unfriendly MAC addresses on your network as well as to DHCP requests. If AirSnare detects an unfriendly MAC address, you have the option of tracking its access to IP addresses and ports or of launching Ethereal.”
It can also email alerts, meaning that it could be run on a suitable machine unobtrusively monitoring a remote chunk of your network. Interesting idea.
Tools to help the overworked Security Manager identify wireless networks in their premises range from free to $thousands. At the bottom end are Wi-Fi snooping tools such as NetStumbler and kismet, and the cheap-n-nasty wLAN detectors given away as merchandising at computer shows. In the mid range is commercial
software that uses standard wireless LAN cards to scan the normal Wi-Fi frequency bands, and wide range UHF/SHF scanners. High end tools use very expensive software to get more information from the wLAN
cards, or use dedicated spectrum analyzer hardware to get even more gen, provided the user has the technical skills to control the machine and interpret the output. Read about (some of) the range on Informit.
Intrusion Detection Systems (IDSes) are being adapted to monitor wireless networks. Standard IDSes work as normal monitoring the wired Ethernet side of the Access Points while the new wireless-capable IDSes
monitor the wireless signals. See eWeek’s review of wireless IDSs for more.
If you still need convincing that wireless networking is something you need to manage, take a look at this survey. Security concerns were raised by more than 60% of the respondents who claimed business
benefits from wireless technology.
“A Maryland man with a grudge against a Connecticut-based patent firm used unsecured wireless networks at homes and businesses in the Washington DC area to penetrate the company’s computers and deliver
untraceable threats and extortion demands, until an FBI surveillance team caught him in the act ...” (news from The Register).
Even the Department of Homeland Security evidently has trouble securing its wireless networks despite
publishing advice in this area.
ComputerWorld’s best practice advice for securing wireless networking starts with a great suggestion - sort
out policies, training and awareness.
Having found publicly accessible wLAN Access Points using a portable PC, PCMCIA wLAN card and software tools such as Netstumbler, Airsnort and WEPcrack, ‘war-drivers’ may take up ‘war-chalking’. wHackers
leave chalk symbols on the pavement to indicate accessible wLANs nearby. Wardriving and warchalking are described at www.wardrive.net. The site recommends ten controls to improve wireless LAN security, adding
that applying them creates a basic level of security. The site also has a good collection of links to further information on wireless LAN security.
Placement and types of antennas may certainly be used to control the range of the wireless network, contrary to the rather disparaging remarks in NIST’s otherwise excellent Special Publication 800-48 Wireless network security – 802.11, Bluetooth and handheld devices. You may be aware of the organized war
-driving contests and various ad hoc efforts to identify wireless LANs that are publicized on the Web. You may not realize, however, that there are many other wireless networks in the vicinity of the so-called “war
-drivers” that were not even identified as such. This was due to their use of directional antennas and/or careful placement of omni-directional antennas to avoid blanket coverage of public areas (‘security by
obscurity’ has some value after all).
Insecure wireless LANs provide a convenient network entry point for hackers to launch practically
anonymous/untraceable attacks. “All the bars and restaurants near our offices have wLANs for waiters to
send orders to the kitchen. All are insecurely configured. However, since the worst anyone could do is jump
the queue for ordering drinks, perhaps the low level of protection is all that’s necessary.”
An excellent Security Focus article Protecting road warriors: managing security for mobile users takes a
broad look at information security for workers constantly on the move. Another covers Wireless attacks and penetration testing, starting with a description of common attack scenarios. Here are parts 2 and 3
Here are ten top tips from South Africa to secure your wLAN. Microsoft advises on wLAN security for small- to medium-sized enterprises and published a technical pack/guide to securing wLANs, the Microsoft way.
Boeing has thousands of wireless devices in its gigantic Seattle factory. Discover how they are secured.
Computerworld’s best practices for wireless network security.
Other network security links
Russ McRee’s Toolsmith columns (originally published in the ISSA Journal) are well worth a read if network security is your day-job.
CERT is overflowing with sound network security advice to home PC users. Security standards are being developed in this area.
A number of sites offer to port-scan your system using your IP address. This one is typical - it probes TCP
and UDP ports, identifying likely vulnerabilities. Because of the sensitivity and the volume of network traffic and security log entries a port scan can create, you should probably not try this from a PC inside the
corporate firewall without authority from management ... but on the other hand, it might be worth finding out whether the network defenses actually work! As with all pen testing, though, a report saying ‘everything
was OK’ does NOT necessarily mean your system is secure, merely that the scanning tools and techniques they used did not find any glaring vulnerabilities.
QualysGuard is a suite of tools to identify and remedy system security vulnerabilities on networked systems.
Tools like this make the job of tracking and checking IT assets for compliance much less tedious, and hence more likely to be done properly.
Related NoticeBored links collections
Bugs!, hacking, identity theft, information security management, change management, secure development, incident management, social engineering, email security, IT fraud, gizmos and malware
NB: we do not necessarily endorse or agree with the third party websites accessible through the links. Use at your own risk. Please let us know about new or broken links.
|