Network Security

Day-zero attacks , virus , and worms have become an increasing problem and continue to disrupt business operations . As discussed earlier , the most common issue on modern and open-standard network is the security posture of internal endpoint devices that connect the network . Endpoints that do not comply with established security policies pose a threat and can introduce a security risk into the network . A NAC solution is needed to ensure that an endpoint is complying to predetermined security policies , such as the latest antivirus and operating system patches , thus preventing vulnerable and noncompliant hosts from obtaining network access .

Security controls are the building blocks of a security program. They are the tools that you implement to protect the confidentiality, integrity, and availability of important assets and data. Much of the assessment work that an auditor conducts is around the many controls that a company has (or doesn’t have) to reduce risk. Auditors are concerned with how well the controls accomplish the goals set forth by the security policy.

Controls are typically thought of in terms of technology. Firewalls or IPS systems come to mind, but there are many types of controls that can be used to protect your systems. The primary classification of controls can be accomplished by grouping them under three main categories: administrative, technical, and physical.

Administrative Controls
Administrative controls can consist of policies, like Acceptable use or security awareness training. Additionally, administrative controls can also consist of processes like balancing the corporate books, and security auditing. This type of control is typically focused on managing people, like separation of duties, requiring vacation or any other rules that provide a deterrent to fraud or improper behavior.

Technical Controls
Technical controls consist of the technology that you implement to prevent or enforce behavior on the network or computing resources. They can include Firewalls, IPS, HIPS, Role Based Access control, or any other mechanism of enforcing policy.

Physical Controls
If you want to deter people from walking through your yard, put a fence up. While this won’t keep everyone out it is an example of a useful physical control. In an office setting, physical controls include locked doors, key card access systems, video surveillance, guards, gates, and so on. This type of control is designed to restrict access to sensitive devices and areas.

Each of the primary control groups can be further broken out into specific types of actions the control can take. While there are others, the standard set includes preventive, detective, corrective, and recovery.

Preventative
A Preventative controls purpose is to enforce the confidentiality, integrity, and availability of data and assets. If the primary control is Technical, then preventive controls will be firewall rules, ACLs, or other technology used to block unauthorized access. Administrative preventative controls can include things like policies and warning banners. The primary category of controls (administrative, technical, and physical) gives context to how to implement the secondary controls.

Detective
Detective controls are the alarm systems built into various parts of the business to detect if bad things are happening. These could be video surveillance, firewall logs, an intrusion prevention system, or Cisco MARS. This type of control also includes financial and security audits.

Corrective
Corrective controls are reactionary in nature. If you detect a malicious packet on the network, and your IPS is configured to drop the packet and also block the source, then this is an example of a corrective control. Patch management is another example of correcting a vulnerability and would fall under this control type.

Recovery
Recovery controls are like parachutes on a plane. Hopefully you won’t need then, but they are there if you do. Backup systems, redundant power supplies, and spare parts are all examples of recovery controls. Restoring services is the goal of these controls.

For Bluetooth device to pair with each other , they must first establish a 128-bit key that is used to encrypt all communication . in this way , no one can snoop on the devices and steal data , and no outside device can pose as one of the devices because outside devices don’t have the 128-bit encryption . both users of the devices that are to pair have to type in the same secret PIN , which is then used to create the 128-bit encryption key .

If a Bluetooth hacker is nearby during the Pairing process , he can use a device called a Bluetooth sniffer that records the messages the pairing devices use to create the encryption key .
Those stolen communication are fed to a special piece of software that has information about Bluetooth algorithms . The software is able to go through all 10,000 PIN combinations and compare that PIN against the communication until it finds the right Pin .

After the hacker finds the right PIN , he can create the 128-bit encryption key using that encryption key , he is able to take control and hijack the Bluetooth device and can control it just as if it were in his hands . For example , he could steal files or make phone calls over someone else’s Bluetooth telephone .

This methods of hacking Bluetooth has one serious drawback : hackers can only do it at the exact time the Bluetooth device pair .

Take a look at your system. Is it running 50 different processes you know nothing about? If we take some random Windows XP install and run netstat -aon inside a CMD window, what might we see?

Active Connections
Proto Local Address Foreign Address State PID
TCP 192.168.1.81:1292 64.191.197.245:706 ESTABLISHED 2160
TCP 192.168.1.81:1863 192.168.1.1:5819 ESTABLISHED 3828
TCP 192.168.1.81:1894 70.109.139.219:52525 ESTABLISHED 3828
TCP 192.168.1.81:1919 192.168.1.1:5819 ESTABLISHED 3828
TCP 192.168.1.81:1967 24.8.195.195:30809 ESTABLISHED 3828
TCP 192.168.1.81:1971 81.93.108.73:46123 ESTABLISHED 3828
TCP 192.168.1.81:1972 75.134.131.167:16470 ESTABLISHED 3828
TCP 192.168.1.81:2031 84.190.103.54:6881 ESTABLISHED 3828

What is all this stuff? Why is it running and listening on all of these ports? If you want to get a quick view of what processes are using the network, pop open a CMD window and run netstat –aonbv. The –n disables DNS lookups (for speed), the –o shows the Parent Process ID, and the –b and the –v work in conjunction to show the name of the executable currently using the connection. GNU/Linux administrators should get in the habit of popping off netstat –aopl —numeric–hosts, which does the same thing, just with different letters. If the machine has been heavily compromised and is running a rootkit, don’t expect netstat to show truthful data. Windows administrators can download a copy of TCPView from internet .which is from the Sysinternals tool suite .I really like this tool. It’s like a combination of netstat and the Windows Task Manager, and it allows you to right-click on a process to either examine the properties or kill the process.

The Bluetooth 3.0 specification was adopted by the Bluetooth SIG on April 21st, 2009.

Bluetooth is a standard for wireless communications between devices in a personal area network (PAN) using radio frequency for a short range (around 10 meters). earlier we have many version with different range and Data-tansfer Rate .

Bluetooth 3.0’s main benefit over its predecessor is its enhanced transfer speed. Whereas Bluetooth 2.1+EDR offered maximum speeds of around 3Mbps, the new version of the technology takes that up to around 24Mbps, through its use of the 802.11 radio protocol — better known as the basis for Wi-Fi.

Bluetooth 3.0 gets its speed from the 802.11 radio protocol. The inclusion of
the 802.11 Protocol Adaptation Layer (PAL) provides increased throughput of data
transfers at the approximate rate of 24 Mbps. In addition, mobile devices
including Bluetooth 3.0 will realize increased power savings due to enhanced
power control built in.

Now Users won’t have to connect to a Wi-Fi for high-speed file transfers .Transferring an entire music library, a complete DVD, a vacation’s worth of photos, all within seconds at the touch of a button and wirelessly will now be possible through only the Bluetooth 3.0 .

Improved Security
The Generic Alternate MAC/PHY in Bluetooth high speed enables the radio to discover other high speed devices only when they are needed to transfer your music, pictures or other data. Not only does this optimize power, but it also aides in the security of the radios.

Here we outlined some of the basic steps to take to secure wireless networks in a small deployment. For home use, we recommend:

* Disabling SSID broadcasts
* Enabling MAC filtering
* Enabling WEP and change keys frequently
* Using WPA, if available

These basic steps are simple things you can do to make your network safer. Unfortunately, these steps will only slow down—not stop—the dedicated attacker. Use these steps, but don’t rely on them to keep your network 100% secure. They aren’t perfect, but they are appropriate for many home environments, where the information assets are not critically valuable. If you need a higher level of security, use a VPN or some of the methods used for enterprise security

All technology has a security issue, from electronic voting machines to VoIP. One of the items that often confuses or inappropriately diffuses matters is the perceived difficulty involved in launching and carrying out an attack. The truth is that with sufficient motivation, including possible wealth, fame, or vengeance, any security issue can be exposed and exploited. VoIP attack vectors are similar to traditional vectors in networking equipment. For example, there is no need to have physical access to a phone or to the PBX closet. The access needed to perform VoIP attacks depend on the type of VoIP deployment. The most popular attack vectors for VoIP networks are shown in the following list.

A local subnet, such as an internal network, where VoIP is used by unplugging and/or sharing a VoIP hard phone’s Ethernet connection (usually sitting on one’s desk), an attacker can connect to the voice network.

A local network that is using wireless technology with untrusted users, such as a coffee shop, hotel room, or conference center An attacker can simply connect to the wireless network, reroute traffic, and capture VoIP calls.

A public or nontrusted network, such as the Internet, where VoIP communication is used An attacker who has access to a public network can simply sniff the communication and capture telephone calls.

In this topic we will discuss some VoIP security basics. the main components of security includes authentication, authorization, availability, confidentiality, and integrity the protection will always need to be discussed.

Authentication

The authentication process in most VoIP deployment occurs at the session layer. When an endpoint connects to the network or places a phone call, authentication takes place between the VoIP phone and support servers, such as SIP Registrars, H.323 gateways, or IAX Asterisk servers. Media protocols, such as RTP or the media portion of IAX, do not require authentication because it already occurs at the session setup portion of a call. While the use of authentication is always a good thing, the use of insecure or poor authentication mechanisms is not. Unfortunately, SIP, H.323, and IAX all use weak authentication mechanisms.

The most common default authentication types for each signaling protocol are:

SIP Digest authentication

H.323 MD5 hash of general ID (username), password, and timestamp

IAX MD5 hash of password and the challenge

Authorization

Authorization on VoIP can sometimes be used for security purposes. For example, limiting certain VoIP endpoints’ ability to dial specific phone numbers may be desirable. Permitting only certain devices to join the VoIP network also may help protect VoIP networks. It should be noted that authorization values are rarely used in enterprise VoIP deployments and are easy to bypass. Nonetheless, the following list shows what entities can be used for authorization parameters

E.164 alias Each H.323 endpoint contains an E.164 alias. The E.164 alias is an international number system that comprises a country code (CC), a national destination code (NDC), and a subscriber number (SN). An E.164 alias can have up to 15 alphanumeric values and can be set either dynamically by a gatekeeper device or locally by the endpoint itself.

MAC Machine Access Control addresses are on every Ethernet-enabled (Layer 2 in the OSI model) device. These addresses are sometimes used to authorize certain devices on VoIP networks.

URI SIP really does not have an authorization value, but the Uniform Resource Identifier (URI) is a value that each SIP User Agent contains. The value can be used to authorize endpoints. Similar to SIP, IAX does not have an authorization value, but the URI can also be used.

Availability

VoIP networks need to be up and running most of the time, if not all of the time. Unlike with other IT-managed services, such as email, calendaring, or even Internet access, users have grown to rely on telephones 100 percent of the time. Usually, users can tolerate hours when “the network is down,” but they will not be very patient when they hear “the telephones cannot be used because of a Denial of Service attack.” Having the ability to make reliable telephone calls is almost a mandate for VoIP. The methods used to ensure the VoIP network remain available are shown in the following list.

QoS Quality of Service is used with VoIP. QoS contains quality requirements for certain types of packets and services. In many situations, audio packets are given priority over data packets using QoS.

Separating data networks and voice networks Voice networks are often placed on a separate network and/or VLAN, isolating them from data packets. While the Internet is not a series of tubes that could get clogged up, separating the voice networks can isolate them from issues that appear on data networks, such as an unresponsive switch/router.

Encryption

The encryption of VoIP traffic can occur at multiple places, including signaling or media layers. Because authentication occurs at the signaling layer and the audio packets are used at the media layer, encrypting VoIP traffic in two different segments is often required. For example, protecting the signaling but not the audio leaves the actual communication unprotected; however, protecting the media and not the signaling layer leaves the authentication information unprotected. In all situations, the following items can be used to encrypt VoIP networks:

IPSec Point to Point IPSec gateways can be used to protect VoIP traffic over public or untrusted networks, such as the Internet. It should be noted that IPSec is often not used between endpoints because of the limited support for an IPSec client on VoIP clients.

SRTP Secure Real Time Transfer Protocol can be used with Advanced Encryption Standard (AES) to protect the media layer during VoIP calls.

SSL VoIP protocols can natively be wrapped with SSL (SIPS) or with Stunnel (H.323) to protect signaling protocols.

Voice over IP (VoIP) is experiencing explosive growth. Many corporate environments have migrated, are actively migrating, or are researching the process of migrating to VoIP. Some long-distance providers are using VoIP to carry voice traffic, particularly on international calls. Companies, such as Vonage, offer VoIP service as a replacement for traditional telephony service in the home .

What is Voip & Internet Telephony

Internet Protocol(IP) telephony is a technology that uses packet-switched connections to exchange voice, fax and other forms of data that were previously carried on circuit – switched connections. using the internet, the packets of data are sent over shared lines.

Voice over IP ( Voip ) is voice information information delivered in digital forms as packets of data using internet Protocol instead of the traditional circuit – switched lines of the PSTN. VoIP is free for users if they already have Internet access, allowing them to avoid the tolls charged for using ordinary phone lines .

How It Works

VoIP uses IP technology. In a manner similar to how your computer uses TCP/IP to transfer packets with data, VoIP transmits packets with audio. Instead of the data protocols—such as HTTP, HTTPS, POP3/IMAP, and SMTP—used in the transfer of data packets, VoIP packets use voice protocols, such as SIP (Session Initiation Protocol), H.323, IAX (Inter-Asterisk eXchange protocol), and RTP (Real-time Transport Protocol). The header in the TCP/IP packet for data will be the same as for VoIP, including Ethernet frames, source IP address, destination IP address, MAC information, and sequence numbers.

Last week we discussed a new dangerous attack on the websites called clickjacking. The question now is how to prevent such attacks?

A popular free security tool for the Firefox browser has been upgraded to block one of the most dangerous and troubling security problems facing the Web today.

NoScript is a small application that integrates into Firefox. It blocks scripts in programming languages such as JavaScript and Java from executing on untrusted Web pages. The scripts could be used to launch an attack on a PC.

Download latest version of NoScript firefox plugin. NoScript for Firefox pre-emptively blocks malicious scripts and allows JavaScript, Java and other potentially dangerous content only from sites you trust. Once installed restar firefox. Click on NoScript icon located on bottom right status bar > Select options > Click on Forbid [IFRAME] > Ok

Install this plugin and browse safely.