Posts Tagged Network security
Open-source All in one Security Solutions (Part 2)
Posted by Mourad Ben Lakhoua in Network security, Software Security on April 10, 2010
These days there are a great variety of security software designed to organize and manage global networks. Protecting internal resources from external threats, monitoring the network and blocking certain suspicious services is as a priority for any IT security professional.
One available solution is Smothwall.
Smothwall is a free, open source, customized distribution that includes a firewall, port forwarding features, VPN support, Web/DNS/POP3/SIP proxy, IM-proxy (MSN / AIM / ICQ / Yahoo) with pre-filters and traffic monitoring (based on IMSpector), and DHCP- server, NTP, QOS support. This is in addition to antivirus traffic scanning using Clamav.
After installing Smothwall you can configure it using the web page by accessing http://ip-address:81/ or https://ip-address:441/ where you will find the Control, About, Services, Networking, VPN, Logs, Tools, Maintenance, and you can adjust the settings as you wish.
By default the IDS is not activated unless you choose the option under the services to enable it. By using the Ajax admin, you can see the changes in real-time, and you can upgrade the distribution by clicking on the Maintenance and Update option
IPCop is another open-source security solution that has been focusing on SOHO users (Small Office, Home Office),and the includes everything you need to do packet filtering, IDS / IPS, Web and DNS proxy, DHCP Server / Client, Openswan, OpenVPN, and NTP-server.
The current version is IPCop Firewall 1.4.20 and available for download here.
The last solution in this series is Vyatta. Vyatta is Linux-based open source software providing routing, firewalling, VPN, intrusion prevention, anti-virus, and WAN load balancing services. The developer has managed to integrate in the Debian operating system the freely distributed routing platform XORP (eXtensible Open Router Platform) which is developed by ICSI (International Computer Science Institute) Berkeley.
Vyatta gives users a getway with IDS / IPS (Snort) functions, a caching proxy and filter URL (Squid & SquidGuard), network policies (Network Access Policies), OpenVPN, DNS Forwarding. And what makes it exclusive from all previous solutions is that you can perform configuration using Cisco commands.
As you can see there is a lot of network traffic controller solutions, if you want to work with Cisco commands you can use Vyatta, but for the linux distribution you have to untangle and Endain. for quick and easy usage , you can try IPcop and Smothwall.
make sure you subscribe to my RSS feed!
Open-source All in one Security Solutions (Part 1)
Posted by Mourad Ben Lakhoua in Network security on April 3, 2010
Today we can find a different Linux distribution for protecting the network infrastructure. Most of them are based on the opensource software and provide a solid protection against viruses, network attacks and even spam filtering. But selecting perfect solution can take more time than to implement it. so this post comes to provide a clear vision about different solutions.
The first multifunctional firewall in the list is Untangle , Untangle protect network users from malicious incoming Internet threats such as viruses, spyware, hackers, identity thieves and more. This solution can be used for small and medium size network (up to 300 hosts). Untangle is based on Debian and the Administration web dashboard is written in Java which requires a high system performance.
On the firewall you can install 23 applications 14 of them are free which provides: Antivirus/ Anti-phishing, routing, spyware protection, protocol analyzing for seven layers, web content filtering, VPN connection and many other features. These functionalities are provided over some popular opensource solutions like Snort, ClamAV, SpamAssasin, Squid etc. for preventing DoS low level attack there is a module called “Attack Blocker” which is integrated in the Firewall. Protocol analyzer module gives Administrators the ability to stop any application layer protocol like peer2peer and IM even if they use non standard ports.
Free report Module gives Admin the visibility and data necessary to investigate security incidents and enforce acceptable network usage policies , monitor behavior at the user, host, email and incident level, Understand traffic flows and network usage patterns, Fully exportable incident information in CSV, PDF or HTML formats.
The current version is Untangle 7.0.2 and the implementation is pretty easy and fast.
Next we can try Endian Firewall which is based on CentOS and includes a full set of protection measures against external threats. Endian 2.3 UTM (Unified Threat Management) includes a stateful packet inspection firewall Netfilter, IDS/IPS (snort), HTTP/FTP/POP3/SMTP AV scanner, spam protection and anti-phishing anti-spoofing Model. Endian allows making a filtering policy and routing as the admin wishes, by groups, users, Ip addresses, time with a 20 categories ready to use.
Endian supports Active Directory, LDAP, RADUIS and it allows to manage VLAN, support SNMP. You can find two applications for creating VPN OpenVPN and Openswan for IPsec Implementation on Linux.
After the installation you can get an encrypted backup of the complete configuration directly from the system and save it on your desired way (USB/DVD..).
This is the first part while selecting the right solution depends on the network need and architecture.Secure Computing is very important and defending your network start from here.
make sure you subscribe to my RSS feed!
Guest blog : Keeping Your IT Systems Secure and Up to Date
Posted by Mourad Ben Lakhoua in Guest blog on November 23, 2009
For organizations that want to keep their computer network secure, the most basic thing they can do is to keep it patched.
It’s not necessarily the most glamorous work out there for your overworked and overstretched IT people (which is why so many organizations are ignoring patching, at their peril). But your servers, network systems, routers and switches need to get patched regularly to prevent vulnerabilities. When systems don’t get patched, organizations can end up with a data breach.
The good news is that security patches are often automated. The bad news is that oftentimes, you will need to configure your system to receive those patches. Patch management also must be monitored carefully to avoid security threats that could try to take advantage of a fully-automated approach. Install-and-forget isn’t an option.
Some critical keys to successful security patch management are the development of a rigorous schedule and expertise to conduct patch testing to check that promised security improvements are actually working (and if not, finding a fix for that). As well, regularly-scheduled assessments should also be done to ensure that patched systems are truly compliant with both your business needs and regulations. For instance, the process of data transferral should be assessed to ensure confidential information is encrypted or otherwise secure.
There are numerous software packages which allows for central management across many OS platforms and applications. No IT department should be without one.
IT departments ought to continue to devote their time to developing solutions that meet business needs, but should also be scheduling time to take care of security patching. It’s not glamorous, but neither is finding that your organization has suffered a data breach.
Contributed by Vaclav Vincalek, PCIS President and author of the Pacific Coast Informer Blog
make sure you subscribe to my RSS feed!
DNS Poisoning
Posted by Mourad Ben Lakhoua in News on February 23, 2009
security researcher Dan Kaminsky who works at security services firm IOActive, said this week at BlackHat that the time may have come for IT vendors and users to consider broad adoption of the more-permanent security protections offered by DNS Security Extensions, or DNSSEC, technology.
The cache-poisoning flaw was publicly disclosed last July and after several months was discovered by Kaminsky, who first notified IT vendors to give them time to develop a fix. When he finally detailed the vulnerability, Kaminsky said it existed at the DNS protocol level and was so ubiquitous that virtually every domain name server resolving IP addresses on the Internet was vulnerable to attack.
The flaw could be used by attackers to spoof DNS traffic, potentially enabling them to redirect Web traffic and e-mail messages to systems under their control. Other security researchers said that although the concept behind such attacks had been well understood for some time, Kaminsky demonstrated an extremely effective way in which the attacks could be carried out.
You can read more about it here.
SUBSCRIBE
Latest Comments