As I’m surfing blogs and other security related Websites these days, I’m seeing a lot of good advice on how people can protect themselves from hackers. Everyone advises people to use anti-virus/spyware software, use a firewall, update everything as required, and to be careful when opening email and browsing Websites. There is also good advice about what to do in the event someone gets hit with malware that makes its presence know by causing all types of errant computer behavior. But what many bloggers and Websites don’t seem to be writing about, are hackers that can circumvent these and other types of security measures, including network intrusion detection systems.
“We are experiencing damaging penetrations — damaging in the sense of loss of information. And we don’t fully understand our vulnerabilities,” [ James ] Miller said.
The above is a quote posted in an article up on Reuters by Dr. James N. Miller, Principal Deputy Under Secretary of Defense for Policy, during a forum on Cyber Warfare hosted by Ogilvy Exchange. In the Government Computer News article about the forum, it quotes him as saying,
“The cyber threat has outpaced our ability to defend against it,” he said. “We still are learning” the extent of our dependency on these networks and the scope of the threats against them. “We still see significant gaps and vulnerabilities. We don’t fully understand them, but we’re learning.”
Who, exactly, are the “we” that he is referring too? There are many within the U.S. government and the Department of Defense that know exactly where they are vulnerable, why they are vulnerable, the real threat associated with the millions of probes/scans he refers to in the article, and what can be done to improve the security posture of networks and computers. They have known about these things for many years.
One of the reasons why hacking continues to be a problem, is because a lot of people don’t understand computer security, or how what they do puts themselves or an organization at risk for compromise. If you know people like this – friends, relatives, co-workers, acquaintances or customers, you may want to let them know about my book, OWNED: Why hacking continues to be a problem. The book is a quick read and will teach them everything they need to know about computer security and hacking. After reading the book, you’ll notice a big difference in their knowledge and attitude about security. They can preview the first 18 pages of the book for free without having to register or sign up for anything. The book is only $9.99 (US) and comes in many formats, including Kindle (.mobi), Epub, Palm Doc (PDB) and LRF (Sony Reader). Even if they don’t have an ebook reader, they can continue to read the book online in HTML or download the PDF version.
Here are the links:
The U.S. National Security Council has an interesting document up on the White House Website about the The Comprehensive National Cybersecurity Initiative (CNCI). It’s certainly an impressive plan for addressing many of the cybersecurity issues facing the U.S. government, but is it a plan that the government can successfully implement?
The government hasn’t won the war on drugs, addressed the nationwide education problem, or many of the other major issues facing the U.S. So how can the government possibly think it can solve the country’s computer security problems? While some say that something is better than nothing, is “better than nothing” really going to make a difference?
If your network administrator/security guy implemented more than just the basic security for your network, you’ve got a Network Intrusion Detection System (NIDS) connected to your network. A NIDS inspects network packets looking for indications of hostile activity, such as exploit attempts, malicious email, port scanning, and protocols associated with specific Trojans. When implementing a NIDS, there are several different options for connecting it to the network. A common option is to mirror one or more ports on a network switch to send a copy of each packet to the NIDS. This can be accomplished in several different ways:
VMware Player is a free product from VMWare that allows you to run many different operating systems in a virtual environment on your computer. It’s like having another separate computer in your computer . There are a number of reasons why you should be using it:
- You have an environment to install trial software without polluting your regular environment. This means you can also try newer versions of software you already have on your computer without messing up the current version.
- Read more…
The U.S. Defense Information Systems Agency’s (DISA) Information Assurance training Website is open to those outside of the .mil domain. This means that you (and your staff) can get important security awareness training absolutely free, courtesy of the U.S. government. These multimedia presentations cover the basics that every business person need to know about computer security. Topics include:
- DoD Information Assurance Training
- Federal Information System Security Awareness
- Personal Electronic Devices / Removable Storage Media
- Personal Identifiable Information (PII)
- Phishing Awareness
If your company doesn’t have a computer security awareness training program in place, these are perfect. Just have your staff watch these presentations and sign an acknowledgment form confirming that they’ve watched all of them. You may want to decide which of the first two presentations is most appropriate for your organization. Even though one is targeted for DoD personnel, there is certain information you may want your staff to know. Make sure that every new staff member watches these presentations and you’ll be all set!
To make it less painful for your staff to go through the training, you may want to spread it out over several days or weeks. Don’t forget to have everyone review them annually. People have a tendency of “forgetting” little details over time, so it’s a good idea to fresh their memory.
Writing a book is challenging. Getting people to read it is even more challenging. Read my page on ebook Marketing for some thoughts and ideas to help make the most of your ebook marketing efforts.
That’s right! You can learn everything you need to know about computer security and hacking in just 4 hours by reading my new ebook, OWNED: Why hacking continues to be a problem ($9.99). The book intermixes both subjects and explains how and why hackers are able break into secured networks and computers. Information is presented in a simple and concise manner, building readers’ knowledge as they progress through the book. Readers learn the basics about security and hacking, move on to understand why hackers are so successful, learn about advanced hacker techniques, and why computer security personnel often do not see hackers on networks and computers. If you need to get up to speed overnight, this is the book for you. Preview and buy the book online today at Smashwords.com.
If a Trojan survives on your network for more than 72 hours, chances are that you’ll never find it unless you stumble upon it by accident. If your security tools don’t see it or its network traffic, how are you ever going to know it’s there?
Too many organizations are finding malware on their network – days, weeks or even months after the initial compromise. Are you experiencing these types of problems? Are you concerned that there might be well-hidden malware on your network?
A Internet Connectivity Audit (ICA) can help you identify network activity indicative of a malware infection on your network. A ICA is an in-depth analysis of ALL traffic leaving and entering your network using a custom suite of packet crunching tools that can identify much more than a simple protocol analyzer (a.k.a sniffer). In some cases, a ICA will even identify covert channels used by malware that adhere to protocol RFCs. If you want to increase your chances of finding well-hidden malware, you need a ICA.
The problem is that many organizations don’t know about ICAs or that it’s even possible to do such an audit. Why? Because the tools to do a proper ICA don’t exist on the commercial market. As a result, many organizations will never know that a hacker is on their network or that a hacker came and left. Until ICAs become a mainstream capability, hackers will continue to remain undetected on many organization’s networks.
To learn more about ICAs, click here.