Computer Internet network security News

The new version of apache 2.5.9 have facility of disabling the modsecurity web applicationfirewall. The new version is available on internet. This will help in avoiding crashing the firewall while processing http packets.

It also fixes a potential Dos vulnerability in which pdf documents request shows. Apache administrators who use ModSecurity are advised to update to version 2.5.9 as soon as possible.

ModSecurity, Server security apache 2.5.9, Computer firewall

A firewall is a hardware or software solution to enforce security policies. In the physical security analogy, a firewall is equivalent to a door lock on a perimeter door or on a door to a room inside of the building – it permits only authorized users such as those with a key or access card to enter. A firewall has built-in filters that can disallow unauthorized or potentially dangerous material from entering the system. It also logs attempted intrusions.

F, Glossary of computer security Computer firewall, glossary of computer

Routers usually support one or more of the firewall features discussed previously. Router firewalls are usually available by default on low-end routers designed for Internet connections; they provide basic firewall features for blocking and allowing specific IP addresses and port numbers and use NAT to hide interior IP addresses.

High-end routers can be configured to tighten up access by barring more obvious intrusions, such as pings, and by implementing other IP address and port restrictions through the use of ACLs. Additional firewall features may be available that provide stateful packet filtering in some routers. In high-end routers, the firewall capability is similar to that of a hardware firewall device at a lower cost but also lower throughput.

Glossary of computer security Computer firewall, router firewall

XML firewalls generally protect Web services while residing in the DMZ between the hostile Internet and protected services. It is from this location they provide security policy enforcement for Web services and XML messages. To enforce security policy, the XML firewall validates message source, reads and modifies message headers, inspects the message content and validates message elements/attributes to enforce fine-grained security policies. Just as traditional firewalls protect the private IP addresses and ports from hackers, the XML firewall protects the Web service listener, XML parser and Web service application from a variety of attacks.

One such attack that traditional firewalls offer no protection against is an XML message-based denial-of-service attack. The attack involves sending extremely large messages or overflowing values of message fields. A malicious user can exhaust XML parser resources and thereby create a denial-of-service condition. It is also possible to launch SQL injection attacks against Web services by inserting SQL commands into the XML messages.

The XML firewall counters these threats by intercepting the XML messages and inspecting them before they get forwarded to the Web service applications. This is done with a high performance parsing engine that applies a message security policy, as well as heuristics that learn the characteristics of messages common to the Web service application. For example, if a Web service application receives messages no greater than 100 KB in size for a period of time and suddenly a 900 KB message is received, the XML firewall can take a variety of admin-prescribed actions, including dropping the message and alerting the admin.

xml security Computer firewall, hackers, xml security

‘Security is important for large enterprises, but not for a small company like mine.’ Not true! Security is essential for large enterprises that provide access to systems and networks for hundreds or thousands of people. But it is also an important concern for a small or medium sized enterprise. If you answer ‘yes’ to any of the questions below, then security is an important issue for you. · Is any of your important company or personal information (whether yours or that of employees, customers, contractors or partners) stored on a computer? · Do you or your employees access any important information (including banking, credit card, supplier or delivery information) across an internal network? · Do you have a company website? · Do you or your employees use the Internet at work? · Do you or your employees use e-mail at work? If you answered ‘yes’ to one or more of these questions, then the security of networks and information systems is an essential part of your business. You need to take steps to review the security of your systems and networks and make sure that it is up to the task. Possible Solutions: ‘OK, so I need to consider security, but what can I do? We’re not a technology company, I don’t have an IT department, and I’m not a technical expert.’ Unfortunately, ignorance is no excuse for inaction. In these days of higher levels of network connectivity and ‘intelligent’ viruses, info rmation on an unsecured system can be quickly compromised, or the system itself can be used as a launching point for attacks on other systems and networks. Even if you’re not an expert, you still need to take steps to protect your company. Even with limited resources and expertise, there is much you can do to help secure your system and network access. Consider the questions below. Are you taking these steps? · Do you have a firewall on your computer if you have Internet access (especially broadband access)? · Do you have software to prevent and detect viruses transmitted by email or in documents? · Is security an important criterion when you choose software or service providers? · Do you understand the security functions of the software and hardware you already have? · Has anyone in your company taken a computer course to become more familiar with these functions? · If you have the resources and it’s appropriate, have you consulted a local expert on the configuration and deployment of your IT system? · Have you checked if there are resources from government, a local trade association or chamber of commerce that relate to computer security? · Have you taken steps to physically secure your computers, especially laptops and portables? · Do you regularly back-up data? And test your back-ups? · Do you require your employees to use passwords? · Do the passwords used contain both letters and numbers? · Are passwords kept securely (not written down or shared, for example) and changed at least every three months? · Do you try to train your employees on information security? · Have you told your administrative support and reception staff what information they may and may not give to callers and visitors? Call to Action: ‘All these things apply to my business, but it sounds overwhelming!’ Like any challenge, security in its entirety can seem overwhelming. This guide provides you with a roadmap for how to start and what questions to ask. However, there is no onesize- fits-all security solution. And there is no free magic bullet. Information security costs both time and company resources. But security is an essential part of doing business today. Information security may require some specialist knowledge, but the approach is not all that different from how you maintain the physical security of your business. For example, when you installed the doors and locks on your premises, you probably considered the following factors: · Usability · Functionality · Security · Reliability · Cost · Maintenance. Your systems and network access are no different. Choosing and installing general software applications and specific information security measures requires the same calculation of factors and costs. The steps you take to ensure the physical security of your business probably seem like second nature. But they are a learned response to known threats and vulnerabilities. Locked doors, secure filing cabinets, and a safe or cash register are all security steps that 7 we take for granted as just part of doing business. Securing our networks and information systems should be no different. Just as with other purchases, good information security requires both initial effort and ongoing checks. You need to do your research before buying security software, hardware or services. While you should expect the technology to work well, you still need to carry out the right checks to ensure that it’s working correctly. Appropriate features must be set and adapted to work with your existing computers, software and network connections.. . Many security vulnerabilities are created when people install a new application and simply leave all the default settings in place, making them much easier for unauthorized users to manipulate. It may seem complicated or overwhelming at first, but over time your actions should become so familiar and automatic that they constitute a ‘culture of security’. No one expects people running small businesses to review software code or understand the intricate workings of hardware. But you can and should read the relevant information, ask pertinent questions and get explanations of issues that don’t seem clear. By taking the initiative and showing that security is important to your business, you can go a long way to making sure that your information systems develop in a secure way. In some cases, for example when making significant changes to your information systems, you may need expert assistance in the initial configuration and deployment of the system. But it’s essential to keep asking the experts what they are doing and why, and to satisfy yourself that the choices made reflect your business needs and improve the information security of your business.

Business security Computer firewall, information systems, internet access, medium sized enterprise, network connectivity

I was reading some forums about comodo firewall. Some users are not feeling easy in dealing with firewall. Here is a video tutorial to deal with this.

1. Go to http://www.personalfirewall.comodo.co… and download the firewall
2. Do what it says to download
3. set the level on the first screen to custom
4. go to the security tab on the top of the comodo firewall window. then add/remove zone click on your network.
5. stay on that tab and click on define a trusted application for all the applications that you trust and allow to run, the banned application is for files that you dont trust or is causing problems.

Video comodo, Computer firewall, Computer-firewall, Computer-security, Networking security, Video

Last month i bought a new computer. I installed an operating system on it and no any antivirus was installed on it. Firewall was also inactive. I just started using online. Later i discovered that cheeky stuff hovering around my computer as it is a topless lady standing in a populated area and attracting the attention of the lusty peoples towards her. even non lusty can take advantage too.

The hackers are ready to invade the computer where ever or when ever they see any loophole. I discovered my pc is full of adware, viruses and more other worms because i made it naked and available to access.

Since i on firewall and install antiviruses it becomes covered and safe. It looks like women wear a braw having nails on it. But still it is open, the only access is difficult like in the above picture there is bra but still accessible. I made the bra secure so the intruders will get difficulty in accessing.

The moral of the story is very simple. Make sure to go online safe, your pc must have security softwares installed.

This article was written by Mr Amir who is a Computer security analyst in Bizliner Pvt Ltd.

Computer security Systems Antivirus, Computer firewall, Computer security Systems, Computer-security

On virtually all systems (UNIX, Macintosh, Windows), programs call the function ‘gethostbyaddr()‘ with the desired address. This function will then do the appropriate lookup, and return the name. This function is part of the sockets API.

The key thing to remember about gethostbyaddr() is that it is virtual. It doesn’t specify how it resolves an address into a name. In practice, it will use all available mechanisms.

If we look at UNIX, Windows, and Macintosh systems, we see the following techniques:

• DNS in-addr.arpa PTR queries sent to the DNS server
• NetBIOS NodeStatus queries sent to the IP address
• lookups in the /etc/hosts file
• AppleTalk over IP name query sent to the IP address
• RPC query sent to the UNIX NIS server
• NetBIOS lookup sent to the WINS server
• etc.

Windows systems do the /etc/hosts, DNS, WINS, and NodeStatus techniques.

In more excruciating detail, Microsoft has a generic system component called a naming service. All the protocol stacks in the system (NetBIOS, TCP/IP, Novel IPX, AppleTalk, Banyan, etc.) register the kinds of name resolutions they can perform. Some RPC products will likewise register an NIS naming service. When a program requests to resolve an address, this address gets passed onto the generic naming service. Windows will try each registered name resolution subsystem sequentially until it gets an answer. (Side note: User’s sometimes complained that accessing Windows servers is slow. This is caused by installing unneeded protocol stacks that must timeout first before the real protocol stack is queried for the server name.).

The order in which it performs these resolution steps for IP addresses can be configured under the Windows registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\ServiceProvider. Of course, that doesn’t help you the firewall admin.

Computer-security Computer firewall

The IP identification (ID) field is a two-byte field contained within the packet. Its sole purpose in life is allow IP packets to be fragmented: all fragments should contain the same ID as the original packet so that they can be pasted back together again. Most systems use the concept of a monotonically increasing ID: for each packet sent, the field is increased by one.

There is a little twist to this scenario. A little-endian machine (like Intel processors) stores numbers in reverse byte-order than how numbers are represented on the wire. This means that a monotonically increasing integer from a Wintel box will increment the high-order byte first, whereas a Sun SPARC box will increment the low-order byte first. Therefore, lets say that you are being pinged steadily from both a Sun SPARC and a Wintel, you will see the following sort of progression in the IP ID field:

The above numbers are shown in hexadecimal, which shows the byte-order problem. However, many firewall logs (stupidly) show these numbers in decimal. If a firewall system assumes the number is big-endian but the incoming packets are little endian, then the progression of the numbers is hidden. For example:

This entire issue is complicated by the fact that a firewall running on a platform doesn’t have to base its decimal calculation of the IP ID field on the underlying CPU. What I mean by this is that the C code that interprets the IP ID could be written in two ways;

        /* ID field is a 2-byte number at offset 4 within the IP header */

        int ipid_cpu = *(unsigned short*)(iphdr+4);

        int ipid_be = iphdr[4] * 256 + iphdr[5];

The first example is CPU dependent: x86 CPUs will pull it out as a little-endian number, but SPARC CPUs will pull it out as a big-endian number. The second form is CPU independent: it tells all CPUs to interpret the field as a big-endian number. Note: ntohs(*(unsigned short*)(iphdr+4)) will crash a SPARC CPU and is not a good solution

Therefore, if you are running a Linux-based x86 firewall that interprets the IP ID field as a little-endian number, then a string of packets from a Wintel box will demonstrate a monotonically increasing number. However, a stream from a SPARC box will show skipping numbers. Conversely, if the Linux-based firewall uses the (correct) field parsing method, you’ll see the reverse.

Computer-security Computer firewall

A firewall is only a piece of the security puzzle, as it can only can protect your computer against certain types of attacks.

A firewall should never be your computer’s only protection. You always should combine a well-configured firewall with up-to-date anti-virus software and good system administration practices, such as:

• Turning off any unnecessary services your computer might be offering on the Internet;
• Setting up hard-to-guess passwords for each of the user accounts on your computer; and
• Regularly installing security updates from Apple and third-party software vendors.

In combination, security measures such as these can help keep your computer from being taken over by an intruder via the Internet, and can help protect your data from being destroyed, altered, or exposed.

For excellent, in-depth guides which cover many techniques for securing Macintoshes running Mac OS X from attack, please see Stephen de Vries’ white papers at Corsaire’s website, or Apple Inc.’s Mac OS X Security Guides.

Computer-security Computer firewall

The “correct” configuration of ICMP filters in a firewall is hotly debated. The problem is that ICMP are the “control messages” for TCP/IP. If you block some incoming ICMP, then you will break communication.

The absolute minimum ICMP traffic to allow is the packets dealing with TCP path MTU discovery. Fragmenting a stream is more efficient at the TCP layer rather than the IP layer, so the TCP layer will try to discover when IP packets are being inadvertently fragmented. They do this by setting the “DF” (Don’t Fragment) on all outgoing packets. When a router cannot forward the packet because it is too big, rather than fragmenting it, it sends back a “fragmentation needed” ICMP packet (type=3/code=4). The TCP stack then starts sending smaller IP packets, segmenting the data at the TCP layer rather than allow routers to fragment at the IP layer. Therefore, firewalls must be configured to allow incoming ICMP type=3, code=4 packets.

Another issue is Host unreachable and Destination Unreachable packets. Allowing these to come in through your firewall will allow connections to timeout faster, but they can also be used as a denial of service attack (by disconnecting clients from servers).

Users will constantly ask for the ability to ping and traceroute machines on the Internet. Most firewall adminsitrators will eventually give into these demands. Nobody really needs to ping/traceroute, but they really want to. It should be remembered, however, that ICMP ping responses are often used as a covert-cahnnel. (The massive DDoS attacks against Internet portals used this as a covert channel).

Computer-security Computer firewall

If an intruder can find a hole in your firewall, then the firewall has failed. There are no in-between states. Once a hacker is in, your internal network is at her mercy. If she hijacks an administrative account, you’re in big trouble. If she hijacks an account with lesser privileges, all the resources available to that account are at risk.

No firewall can protect against inadequate or mismanaged policies. If a password gets out because a user did not properly protect it, your security is at risk. If an internal user dials out through an unauthorized connection, an attacker could subvert your network through this backdoor. Therefore, you must implement a firewall policy.

Obviously, the firewall and the firewall policy are two distinct things that require their own planning and implementation. A weakness in the policy or the inability to enforce the policy will weaken any protection provided by even the best firewalls. If internal users find your policies too restrictive, they may go around them by connecting to the Internet through a personal modem. The firewall in this case is useless. You may not even know your systems are under attack because the firewall is guarding the wrong entrance.

The most basic firewall policy is as follows:

• Block all traffic, then allow specific services on a case-by-case basis.

This policy is restrictive but secure. However, it may be so restrictive that users circumvent it. In addition, the more restrictive your policy, the harder it will be to manage connections that are to be allowed. On screening routers, you’ll need to implement complicated sets of rules–a difficult task. Most firewall products including the Microsoft Proxy Server simplify this process by using graphical interfaces and a more efficient set of rules.

Security policies must be outlined in advance so administrators and users know what type of activities are allowed on the network. Your policy statement should address internal and external access, remote user access, virus protection and avoidance, encryption requirements, program usage, and a number of other considerations, as outlined here:

• Network traffic to and from outside networks such as the Internet must pass through the firewall. The traffic must be filtered to allow only authorized packets to pass.
• Never use a firewall for general-purpose file storage or to run programs, except for those required by the firewall. Do not run any services on the firewall except those specifically required to provide firewall services. Consider the firewall expendable in case of an attack.
• Do not allow any passwords or internal addresses to cross the firewall.
• If you need to provide services to the public, put them on the outside of the firewall and implement internal settings that protect the server from attacks that would deny service.
• Accept the fact that you might need to completely restore public systems from backup in the event of an attack. You can implement a replication scheme that automatically copies information to a public server over a secure channel.

Computer-security Computer firewall