Security Trends - What they forget to secure

Security Trends - What they forget to secure from L33tdawg
Sat Apr 20 @ 16:45(Reads: 325)
By: obscure
Note: This article first appeared over at our affiliates site EyeOnSecurity.net. The original article can be found here.

You set up firewalls, e-mail filtering, Intrusion Detection Systems (IDS), personal firewalls, Censor Software (both on network and
personal level) and they still get in. What I'm referring to is those pesky VBS, similar worms inhibiting the Windows platform right
now and maybe a few real life crackers here and there. For the network administrator, this can be a real problem. Even when he has
secured his network with the latest tools and patches, there is still a big chance of his kingdom getting infected, especially if
it's made up of MS Windows machines, and its trusting users.

The main problem lies in the user's activities. Normally, the administrator is expected to shut off inbound connections so that
malicious users cannot connect to the internal network. However, we are increasingly seeing that this is only one side of the coin.
Most users will be accessing hostile networks, like IRC, even if they have no business to do so.

In this article I will be outlining some of the protocols that most Security related tools do not cover or even think of protecting
users from. The HTTP protocol provides a backdoor for hackers and malicious crackers to get into your network; much the same goes
for e-mail. While this is getting a lot of press right now, there's a lot more to network security than just HTTP and e-mail.

-Newsgroups


Newsgroups basically have the same problems as e-mail. The difference is that instead of infecting just the target user, a malicious
newsgroup post targets more than just one. So if you're using Outlook Express to read Newsgroups, and have your mind at rest 'cause
you're filtering your e-mails from known exploits and attachments, you could be in trouble.


Newsgroups although similar to e-mail, cannot be filtered in the exactly same way. A solution to this would be to deploy a newsgroup
relay, that copies and filters all newsgroup posts to an internal host from a public newsgroup. Of course this can produce a number
of problems, like slow updating times, clogged servers, and large hard disk space. Of course you could always perform a secure
installation of the newsgroups clients on each and every machine in your network, but this is certainly not the most practical way
to improve security, especially in a large network.



-Instant Messenger


Then there are the so called instant messenger and similar networks like IRC, ICQ, AOL-CHAT and other similar networks. With
difference to Newsgroups and e-mail, these offer almost instant message reply. Obviously, these networks allow support for sending
and receiving files, and many users are very, maybe overly willing to receive any file as longs it's named myself_nude.jpg.exe or
anything similar.


This also means that users are more easily fooled into giving out personal information, some of which can give attackers some real
advantage when trying to get into your network. Apart from this, accessing IRC and similar networks, exposes your firewall's IP
address, or the user's NAT.


It is very common for users on IRC to get scanned for vulnerabilities. So if any user is accessing IRC, and has for example,
PCAnywhere, telnetd or whatever running on the IP address shown on IRC, you'll be sure to get some bruteforcing one day or another.


ICQ is also known to be a very unsecured "protocol". In fact, ICQ makes no claim on the security of their product. Much the same
goes to most other chatting networks, since they are generally not designed with security in mind, but rather overall "efficiency"
and multitude of features to satisfy a big number of users. Of course, giving access to these services to users on a supposedly
secure network, will create a backdoor in the network, and easily compromise the overall security.


-File Sharing



The relatively new file sharing applications, which allow users to download MP3s, videos, multimedia and apps. Napster is the most
notorious of all current file sharing applications. No public exploits exist for the protocol in Napster, and it has not produced
any significant security problems until now. This might be due to the fact that it only allows audio files (mp3s) to be shared,
rather than any files.


Another similar application, which has produced a lot less legal controversy is IMesh. This allows executables to pass, thus
allowing viruses, Trojans and worms to flow through the network. Of course the user has to be fooled into running the file, similar
to the IRC and ICQ file sharing problems. We should also keep in mind that this is quite unexplored territory as far as security
goes, so ... any evil thoughts ?


Similar to this, we have Gnutella which boasts of decentralization. While testing this Network, I have found it quite unreliable.
However I think that this will improve in terms of reliability. The idea of Gnutella gives me evil loads of ideas. For example worms
could communicate through the Gnutella protocol, making them virtually impossible to shut off and difficult to detect. Maybe a virus
writer could implement a system so that commands and files are tunneled through the protocol so that the worms can communicate
between each other. All is perfect: the source code is available and the protocol is public. Of course I'll leave the details for
your private research.



-Solutions


These kindof problems exist in any network that trusts it's own users. It's quite necessary to only allow users to only access
trusted or filtered protocols and maybe sites where security is critical and data simply cannot be shared unless legal access is
given. This applies to most Corporate networks, where compromising just one machine means a compromise on the whole network. The
solution would be to add the required rules to the firewall and restrict access. Besides that it's very reasonable to educate the
users and set up security policies. The traditional virus scanner always helps as well.



--------------------------------------------------------------------------------

--
Regard: Joh@nnes�

"Nothing is more damaging to a new truth than an old error"
0
Johannes
4/21/2002 12:28:00 PM
grc.security 16608 articles. 3 followers. Follow

3 Replies
740 Views

Similar Articles

[PageSpeed] 13

"Johannes Niebach" <sniebach@sprint.ca> wrote in message
news:a9uba5$15v3$1@news.grc.com...
> Security Trends - What they forget to secure from L33tdawg
> Sat Apr 20 @ 16:45(Reads: 325)
> By: obscure
> Note: This article first appeared over at our affiliates site
EyeOnSecurity.net. The original article can be found here.

[snip]

<BG> Got a URL?
Thanx

--
Finger, Probe, Crack, Hack, Sniff
What kind of person thinks all this stuff up?

Phil
pgregory@prexar.com
0
PhilGreg
4/21/2002 5:33:00 PM
Yep...sorry: http://www.hackinthebox.org/article.php?sid=6091

--
Regard: Joh@nnes�
1216771 Ont.Inc.
"Nothing is more damaging to a new truth than an old error"
0
Johannes
4/21/2002 7:38:00 PM
TY

--
Finger, Probe, Crack, Hack, Sniff
What kind of person thinks all this stuff up?

Phil
pgregory@prexar.com

"Johannes Niebach" <sniebach@sprint.ca> wrote in message
news:a9v4gr$23ah$1@news.grc.com...
> Yep...sorry: http://www.hackinthebox.org/article.php?sid=6091
>
> --
> Regard: Joh@nnes�
> 1216771 Ont.Inc.
> "Nothing is more damaging to a new truth than an old error"
>
>
0
PhilGreg
4/22/2002 3:01:00 AM
Reply:

Similar Artilces:

How secure is secure?
Thanks to this group and all the high tech individuals who frequent it I have learned how to protect my PC from the inside out. But what about security risks to my info 'before' it gets to my computer? Like my mail box on the server. Could someone hack into that and thumb through my mail? If so, how would I ever know? (The short story) We have a rogue employee at my work who one day decided to run the web site, she got in tight with the ISP, got tools to set and delete passwords on a protected directory on the server. Who knows if she has telnet access to other things, li...

when is secure, secure?
Lo everyone, I wrote a custom authentication handler for PureFTPD, using a combination of authentication methods, for about 4 different types of users. So far, from testing it, it does look to work properly, and does it's job pretty well (and fast). I use #!/usr/bin/perl -W as well as use Strict, and use warnings, and the code returns no errors or warnings when run. I am right to presume that this basically only really tells me the my syntax and structure of the application is right? What's a good way to see whether it is actually SECURE... There is a couple of lines of...

security too secure
Name: joe Product: Firefox Summary: security too secure Comments: The security thing won't let me in this sight no matter how I accept, confirm, get certificate, etc. https://www.vtext.com/customer_site/jsp/messaging_lo.jsp Browser Details: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.4; en-GB; rv:1.9.1b4) Gecko/20090423 Firefox/3.5b4 From URL: http://hendrix.mozilla.org/ Note to readers: Hendrix gives no expectation of a response to this feedback but if you wish to provide one you must BCC (not CC) the sender for them to see it. ...

form security against security
i have a form in my website which is to be filled by user and that form stores in database(sql server 2005). but someone told me that anyone can run script  in textboxes in that form and can damage database, so how to avoid such security lack.  it is common practice to use parameterized sql statements or stored procs to insure you are protected from sql injections attacks. if you concatenate user input directly into a sql statement, then you are at risk.Mike Banavige~~~~~~~~~~~~Need a site code sample in a different language? Try converting it with: http://converte...

Security
This is a multi-part message in MIME format. --------------080100010401000103080002 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit I'm a Mac user 10.4.8 of Thunderbird 1.5.0.7 & am wondering how "Enabling FIPS" will improve my security? I can't seem to find any explanation of FIPS under Thunderbird help. -- Have a good day R Schwager --------------080100010401000103080002 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Tr...

Secure connections: how secure are they?
*QUOTE* ......... both useful and malicious information can be transmitted via network connections. Standard solutions protect computers against threats present in standard network connections, but aren't able to counter threats present in secure connections. Verifying the contents of a secure connection is impossible by virtue of its secure nature, as demonstrated by the different types of protection listed above. As a result, malicious data within secure channels can cause a significant amount of damage, and sometimes more than if it were to be transmitted via a standard, non-s...

How secure is AuthenticationTypes.Secure?
I understand that AuthenticationTypes.Secure requests secure authentication using Kerberos or NTLM (??). However, here is a scenario I am trying to understand. Let us say that I am having a regular ASP.NET site - with SSL certificates not installed on the web server. The login sends the request out to an AD server which also does not have certificates installed. However, I have set Secure flag to AuthenticationTypes.Secure. When the username and password data gets transmitted between the application and the LDAP server, how secure are the password and username info? In other words is this in...

Password secure...is it secure?
Yes I just got this baby and I LOVE it! Its great. I have stored all my passwords inside of it (and yes made a few backups from them in secure locations) How secure is this program really? It uses blowfish to encrypt the database but how strong blowfish? 128bits? 256? 448? Anything else I should think about it? I have putted it and its databases inside PGPdisk just to play it safe...but then again Im a paranoid. :) -- Markus Jansson ************************************ My privacy related homepage and PGP keys: http://www.geocities.com/jansson_markus/ ********...

How secure is secure enough?
July 28, 2008 (Computerworld) This story originally appeared in Computerworld's print edition. If there is a Holy Grail in the information security industry, it surely is the answer to the question, "How secure is secure enough?" It's a question that many security managers have either avoided answering altogether or tried to quickly sidestep by throwing a fistful of mainly pointless operational metrics at anyone who cared to ask. http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=321921&intsrc=hm_list -- "Never d...

Secure By Design: How Guardian Digital Secures EnGarde Secure Linux
"EnGarde Secure Linux is not just another "repackaged" Linux distribution, but a modern open source system built from the ground up to provide secure services in the threatening world of the modern Internet."... http://www.linuxsecurity.com/content/view/125195/171/ ...."The Community edition of EnGarde Secure Linux is completely free and open source, and online security and application updates are freely available with GDSN registration."... http://www.engardelinux.org/modules/index/index.cgi -- js ...

Secure page to Secure page
Name: Jonathan Email: jbeldonatopenwaterloansdotcom Product: Firefox Release Candidate Summary: Secure page to Secure page Comments: I have had several crashes going from a secure page to another secure page. The response I often get is that the page does not exist. This only seems to occur on secure pages. Browser Details: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b4) Gecko/2008030714 Firefox/3.0b4 From URL: http://hendrix.mozilla.org/ ...

java.security.Security issue
Hi, EAServer 4.2 build 42012 on NT (jdk13). This code works as a Java clientapp but not when the code is inside an EJB in EAServer? Can we register Security provider dynamically? // system var. System.setProperty("javax.net.ssl.keyStore", "<val>"); System.setProperty("javax.net.ssl.keyStorePassword", "<val>"); System.setProperty("javax.net.ssl.trustStore", "<val>"); System.setPropert("javax.net.ssl.trustStorePassword","<val>"); System.setProperty("javax.net.debug", &...

Are Security Products a Security Risk?
"Approximately 800 vulnerabilities discovered in antivirus products" http://blogs.zdnet.com/security/?p=1445 My antivirus solution Kaspersky is one of them... Sigh... :( On Mon, 21 Jul 2008 18:05:21 +0800, Ryan Ernest S. Selda said: > "Approximately 800 vulnerabilities discovered in antivirus products" > > > http://blogs.zdnet.com/security/?p=1445 > > > My antivirus solution Kaspersky is one of them... Sigh... :( This has already appeared here, on 8th July, in a thread entitled "Approximately 800 vulnerabilities discove...

Netstorage Secure then UN-Secure
Have a problem with Netstorage: I log in under the secure website of https://ipaddress:51443/oneNet/NetStorage and then after drilling down to folder, the secure web site changes to http://ipaddress:51443/oneNet/NetStorage/Documents. Why??? does it go to the unsecure site? Claudia, It appears that in the past few days you have not received a response to your posting. That concerns us, and has triggered this automated reply. Has your problem been resolved? If not, you might try one of the following options: - Do a search of our knowledgebase at http://support.novell.com...

Web resources about - Security Trends - What they forget to secure - grc.security

Krebs on Security
The House Financial Services Committee is slated to hold a hearing this Friday on the impact of cyber heists against small- to mid-sized businesses. ...

Security Middle East - Latest news from the Middle East.
Security Middle East is a news portal for the entire security industry, focussed specifically on latest security news from the Middle East. Security ...

Information Security News, IT Security News & Expert Insights: SecurityWeek.Com
IT Security News and Information Security News, Cyber Security, Network Security, Enterprise Security Threats, Cybercrime News and more. Information ...

Committee on National Security Systems - Wikipedia, the free encyclopedia
The National Security Telecommunications and Information Systems Security Committee (NSTISSC) was established under National Security Directive ...

Intel Security and AirWatch team up to boost mobile protection
Intel Security has expanded its partnership with VMWare’s enterprise mobility subsidiary AirWatch, placing a greater emphasis on mobile security ...

Home security camera startup Canary says its first year sales were 'bigger than Fitbit, GoPro, and Dropcam's ...
Canary , an app-powered security camera for your home, finally hit the market in December of 2014, following a crazy-successful IndieGoGo crowdfunding ...

Former SecDef: Obama’s National Security Advisers Are Totally Naive
Former SecDef: Obama’s National Security Advisers Are Totally Naive

During rally, Trump ordered security to take protestor's coats and 'throw them out in the cold!"
What an asshole: "Throw them out into the cold," Trump ordered security, as protesters shouted "Bernie! Bernie!" during his rally Thursday night ...

Golden Globes Security “Our Main Concern”, Police Say
Security will be tighter than ever at Sunday's Golden Globes at the Beverly Hilton. "It's definitely going to be increased security this year," ...

2016 Will Be About Big Data, NFV, Containers, VR, Security: IEEE
From 5G to NFV, the IEEE Computer Society predicts nine top tech trends to watch in 2016.

Resources last updated: 1/9/2016 7:39:53 AM