Security of your Network
| Home | Networking | Printing | Routers | Tutorials | Firewalls |
People assume they possess nothing of interest to hackers.
Most victimized machines are merely launch pads for other
attacks, such as a denial
of service or an automated worm. They serve as A link in a chain of
several breached machines. Like most criminals, crackers go after easy targets.
So do not be a target get smart. Get a secure Firewall not just a fake
firecracker type.
Nmap.
is a software tool used by hackers which scans for open ports on the internet.
Will provide the hacker with easy target IP addresses.
In less then a second the hacker will have your IP ADDRESS. Using scanning tools such as Nmap, it is quite possible to scan thousands of hosts in a few minutes. Security professionals regularly use assessment tools designed to automate the process of scanning hosts and exploring potential vulnerabilities. Using these tools, a cracker could probe and review thousands of hosts, ultimately producing a large list of potential targets in mere hours.
Once a vulnerable machine is located and compromised, it may be used in different ways. Some may be used for storage space, others as chat or FTP servers. One cracked device often leads to others on the same network, since sniffers and other analysis tools can be installed to capture local data. This may enable the cracker to view and alter vital personal information that is stored on the machine.
An intrusion will be costly in terms of time and effort required to resolve the problem. This includes the time spent discovering the incident, researching the ramifications and implementing a fix, time spent restoring, reinstalling and patching the vulnerability, and time spent on the phone with ISPs, technical support and, in some extreme cases, legal authorities. So, with this much at stake, it would be helpful for users to know how to prevent such scenarios from ruining their broadband experience.
Defense
Firewalls
The heart of always-on protection is the firewall . These devices are the gate-keepers for any network. They filter traffic based on a rule-set designed to reject everything but legitimate traffic.
If the system to be protected consists of more than one computer, a dedicated firewall is strongly recommended. This stand-alone device runs the firewall (and nothing else) designed to protect a network.
The SOHO (small office/home office) networking boom over the past few years has created a fantastic market for quality, yet scaled down networking gear. Four port router and switch combinations can be found for under a hundred dollars. Hardware vendors, such as Linksys and Dlink cater to the broadband market and have bundled basic filtering software into many of their devices. . This combination of networking hardware with built-in firewall features is hard to beat.
Some others offer simple NAT as a Firewall. of course that will not save you. Is an open invitation to Hackers. So need to check what type of Firewall you have!
If the system consists only of a single PC connected via broadband, a dedicated firewall might be overkill. Windows users can choose from several quality products to protect their desktops. ZoneAlarm and BlackICE Defender and Tiny Personal Firewall a good program that is free for personal use. All three of these products act as single user versions of their larger counterparts, but are easier to configure and maintain since they handle duties for only one machine.
. These devices are a small network's strongest defense.
Hardening the Host Computer
Having protected the perimeter of a broadband connection, we need strengthen the computer or computers that are connected by broadband. . Each device on a network must be "locked down" before going on-line. By this I mean removing unnecessary features, services and components. Windows users need to disable print and file sharing, remove nonessential network protocols, install a virus scanner and keep up to date on service packs. .
It's helpful to look at your own network through the eyes of a cracker. Run assessment tools such as Nessus and Nmap on each machine, research the results and learn how they could lead to potential vulnerabilities. There is no better way to protect a network than to try and break it.
Securing individual hosts adds another important layer to our defense strategy. If a firewall fails to perform as expected in some way (and, believe me, it happens), the machines themselves must be able to resist an attack.
Policy
The final line of defense in any network or system is Policy or operational security means secure on-line user behavior.
I remember seeing a great phrase on the Mexican Hackers Emergency Response Team page, which went something like "Passwords are like underwear: don't share them, hide them under your keyboard, or hang them from your monitor. Above all, change them frequently"