• Choose a category
• All
• Classic-Fiction

■ Reading about any new vulnerability, exploit, or attack that appears in technical news.

■ Endeavoring to learn how and why attacks and exploits function.

■ Investigating the vulnerabilities and weaknesses addressed in newly released patches and updates.

Ethical security experts all agree: Never perform any attack activity against any system without written authorization from the owner of that system. Approval is your get-out-of-jail-free card. It is your protection from prosecution and job loss. If you want to experiment with an attack or exploit, do it only in your private lab. Never perform attack or exploit testing over the Internet. If you don’t own and control the system, you don’t have the legal authority to do what you want on that system. So obtain approval.

After you recognize the vulnerabilities and threats a system faces, you can begin to construct your lines of defense. In a corporate environment, the basics of defense should already be in place. If not, you need to make some strong recommendations to those with the authority to make network security decisions.

Of the basic prevention mechanisms available, here are the items deemed essential for every system:

■ Firewall

■ Antivirus

■ Antispyware

■ Anti-adware

■ E-mail filtering

A few of the latest editions of antivirus solutions have combined capabilities that encompass all of these features in a single product (or at least a single suite of products from the same company). Every client and every server in a network should have these security mechanisms installed, configured, and maintained. Depending on the size of your network and available security budget, you should also consider an intrusion detection system (IDS) to watch for the things these five foundational filtering/scanning tools might miss.

If you have systems that do not have these basic security tools present, then obtain permission to get them installed. But your security protections can’t stop there. As you’ll see in a moment, there are many forms of attacks and threats that require your focused attention.

Denial-of-service (DoS) attacks come in two major forms: flaw exploitation and traffic generation. You can protect against flaw-exploitation DoS attacks by applying vendor-supplied patches and updates as well as by installing firewalls and other traffic-filtering tools. Traffic-generation DoS attacks are not as easy to stop. They require detection and network traffic filtering. It is usually possible to block such attacks from entering your network, but you’ll have to convince an upstream network (such as an ISP) to filter out the malicious traffic as well. Otherwise, your communication pipeline might be consumed with the bogus attack traffic and thus be unable to support your legitimate communications.

Back doors are popular because they allow easy access into a computer or network device without having to deal with the authentication systems protecting them. Some back doors are left in accidentally by the vendor but are usually patched quickly by a vendor update. If the back door is a known user account and/or admin or configuration password, then you need to make sure that the accounts are renamed and a strong password defined. Other back doors are deposited by hackers or various forms of malicious code, such as Trojan horses. If your security perimeter is working properly and you are actively watching for attacks, depositing back doors or other malicious code is made significantly more difficult.

Spoofing, as described earlier, is faking information. Common spoofing attacks use e-mail source addresses, packet source addresses, and system MAC addresses. While it is not possible to stop all spoofing attacks, you can eliminate a great number with a few simple actions. Your network traffic filters and e-mail filters should be configured to check for source spoofing in network packets and e-mails, respectively. If a packet or message is leaving your private LAN, then it cannot have a valid source address from the Internet. Conversely,