Guide to Network Security: Computer Network Security

The best book on firewalls by far is Inside Perimeter Security by Northcutt, Zeltser, Winters, Frederick and Ritchey.

We have been very impressed with the free Unix/Linux/BSD firewall options:

The latest buzz in firewalls is airgaps and their a number of papers on this approach to perimeter security.

Computer Hacking is a bit broad for class of resources, but we have a information security educational papers on hacking. If you are looking for the deeply technical stuff go straight to the last reference.

RR paper by Zachary Wilson gets you started with the basics.

RR paper by Mike Poor discusses one of the more skilled hacker groups.

Your education about hacking is incomplete until you read about hacktivism and a RR paper by Julie L.C. Thomas will get you up to speed.

RR paper by Lee Biard on how we educate kids about hacking.

Related to the paper above, the FTC "Stay Safe Online" program for security awareness and government/citizen partnership is worth reading.
http://www.ftc.gov/bcp/conline/edcams/infosecurity/resources.html

DMZ - In information security, DMZ has multiple meanings. Classically it refers to the part of the perimeter between your service provider's point of demarcation and where you assume control. It can also mean any protected network, usually one at least partially accessible via the Internet. SANS has a number of papers shown below to help you learn about DMZ design and testing and also offers information security training in firewalls, DMZs and VPNs.

RR paper by Scott Young on DMZ design.

RR paper by Chris Mahn on three tiered or complex DMZs, if this sounds like overkill to you, it is worth noting the Visa Security Commandments for credit card merchants specify a separate DMZ for credit card activity.

RR paper by Jeff Pipping on extranets, a special type of DMZ.

Still haven't found what you are looking for? GIAC has hundreds of advanced papers on DMZs, firewalls and perimeter security and every paper has a section on auditing firewalls and also puts a firewall design under attack.

Netcat is the Swiss Army Knife of network and networked application testing.

RR paper by Tom Armstrong covers the basic commands and features of netcat and is in the Reading Room.

RR paper by Timothy Layton is primarily focused on penetration testing, but includes a section on netcat. If you are interested primarily in penetration testing, Tim recommends Jessica Lowery's paper on penetration testing . Jessica's paper did a great job of outlining and defining what penetration tests are and how an organization should view and use them. Tim builds on that paper with information on how to use the tools.

Reverse Proxy, this is a hot topic in information security training as the recent rash of Apache and IIS vulnerabilities have security engineers thinking they need something between their web servers and the Internet.

RR paper by Art Stricek covers the fundamentals of reverse proxy.

RR paper by Lynda L. Morrison shows an example reverse proxy with Apache and SSL.

RR paper reverse proxy architecture implemented with HP OpenView Web Transaction Observer by Matthew Patterson

Social Engineering is a soft skill designed to manipulate a user or employee for the attacker's gain. Classic examples include showing up at a site in coveralls to fix the phone or computer and naming a Trojan Horse (malicious software) program after free software.

Papers on social engineering include: RR paper by George Stevens refers to Mitch Kabay's definition of social engineering, and discusses Information Security training, Security Awareness, Testing, Physical Security Protocols.

RR paper by Rick Tims gives a fairly comprehensive list of the various types of human and computer based social engineering.

RR paper by James E. Keeling suggests using social engineering to get the workers in an organization to follow their security policy.

RR paper by Malcolm Allen includes a discussion on reverse social engineering and a list of the traits that would be present regardless of the social engineering approach that is used.

There is a multipart document by Sarah Granger based on a true story.

Scanning for Port 137
There has been an increase in security education regarding scanning for port 137. This has two sources, an increase in awareness among script kiddies of the ability to discover information about a target host using NBTSTAT and the spread of an internet worm known as network.vbs.

Please also see the document and detailed chart on "Using IDS to Evaluate Outbound Port Usage for Security and Reduction of IDS Alerts: A Case Study" written by Kenneth Underwood.

Also review the practical by Mike Harvey on "Network Trace Analysis 1.

What are TCP Wrappers?
TCP Wrappers acts much like a soldier at a checkpoint, verifying a host's clearance prior to entry. Simply put TCP Wrappers capitalizes on the client/server relationship necessary for most TCP/IP applications. TCP Wrappers inserts itself into the middle of the relationship and acts as the server until the client/host is authenticated. TCP Wrappers utilizes its access control feature to authenticate hosts. TCP Wrappers does all of this with no overhead to the system.

Detailed training information on TCP Wrappers in the paper "Configuring Secure Shell with TCP Wrappers on Solaris 2.8" by Jane Micheller is located at:

You can get TCP Wrappers for free at:
http://ftp.cert.org/pub/tools/tcp_wrappers_7.6.tar.gz and http://ftp.porcupine.org/pub/security/

Explain IP Spoofing
IP spoofing involves fooling a target system into thinking that the packets that it is receiving have been sent from a system other than the attacker's system. In its simplest form, IP spoofing is achieved by faking the source IP address in the packets that are sent by the attacker. .

It is important to keep educated on spoofing since it can take on many forms in the computer world, all of which involve some type of fraudulent representation of information. There are a variety of methods and types of spoofing.

For an introduction to IP spoofing see "Introduction to IP Spoofing" by Victor Velasco.

For full information on the many forms of IP spoofing check out "Spoofing: An Overview of Some of the Current Spoofing Threats" .

What is a security policy?
All security and technical training classes talk about the necessity of basing procedures on a good security policy. We need to understand what is meant by policy.

Safeguarding information is challenging when records are created and stored on a computer. Research projects are often excellent resources for security policies. A good sample of one is "Global Incident Analysis Center".

To learn how to define a sample security policy see the document "GIAC ISO Practical Assignment, VPN/Extranet Service Provider Security Policy and Procedure" by Jonathan Espenschied at:

For a more advanced point of view check out "Track 10: Security Essentials for Auditors" which is designed for individuals entering the information security industry who are tasked with auditing organizational policy, procedure, risk or policy conformance.

Explain fport
Fport identifies programs listening at ports even when a suspicious port is identified. For best practices of Fport view "Vulnerability Identification and Remediation Through Best Security Practices", by BJ Bellamy Jr..

To develop defense-in-depth computer security, an understanding of various vulnerabilities must be realized before a protection strategy is developed. The following document will help you identify those vulnerabilities, "Using Fport on Windows NT to Map Applications to Open Ports" by Teena J. Henson.

What does subseven mean?
SubSeven is a Trojan for the Windows platform. It comes at least in two parts a client and a server. The hacker to connect to the victim's machine uses the client. Once the server.exe is installed on the victim's machine the hacker has full access to the victim's machine.

Additional information on subseven can be found at "Deconstructing SubSeven, the Trojan Horse of Choice" by Jamie Crapanzano:

Also see "SubSeven 2.2: New Flavor of an Old Favorite" by Aaron Greenlee:

For more technical information on SubSeven including a Tcpdump of SubSeven Scans review the document by David Thibault.

What is a war dialer?
By using a war dialer, hackers can set their computer to automatically dial thousands of number until finding a modem. All too frequently, such modems will be enabled to answer incoming calls, and the computer they are connected to also happens to be connected to, and trusted by, the corporate internet.

View the following documents for more detailed information:

"PhoneSweep®: The Corporate War Dialer", by Greg Hodes:

"War Dialing", by Michael Gunn:

"Securing The Wile Modem: A Case Study on the Use of Policies, War Dialers, and Firewalls for Phone Lines" by Archie Woodworth:

For another War Dialing case study see the Remote Access White Paper by Ken Stasiak.

What is OS fingerprinting?
The practice of determine what operating system a remote system is running.

Toby Miller has two excellent papers in the RR on passive OS Fingerprinting.

What is snort?
Snort is a simple yet powerful packet sniffer and logger that can be used as a lightweight network intrusion detection system (NIDS). It is an important part of an overall approach to maintaining a secure network. For an excellent review of this tool as well as a large amount of more specific information, see Mark D. Tollison's paper:

Intrusion Detection: It is possible to set up an effective intrusion detection system using open source tools at little to no cost. If you build such a system, snort is likely to be an important part of your solution. For an intelligent and readable explanation of how to do this, check out "Using Snort For a Distributed Intrusion Detection System" by Michael P. Brennan.

What is SnortSnarf? In an effective NIDS system, detection of an attack is a must. But how is detection possible if the data is buried deep within the IDS log files? SnortSnarf provides a solution. It is a Perl script that uses the snort log files and processes them into a web viewable format.

Miscellaneous technical information: For a snort command line summary and other technical information, go to:

Snort can be used in a dynamically assigned IP address environment.

Snort and Specific Operating Systems: To use snort as a network intrusions detection system (NIDS) and network monitor under Linux, see the work by James Kipp:

Installing and running snort under FreeBSD is also a possibility.

Snort and Windows Operating Systems: Snort can also be used under the various versions of Windows. The instructions, however, can be arcane. They leave out important details, and do not explain exactly why certain things are being installed or configured a specific way. If you are working in Win2000/XP, even if you have limited technical experience, and would like to install a network intrusion detection system, check out Christina Neal's "Snort Install on Win2000/XP with Acid, and MySQL ."

A similar description aimed at Windows NT is available .

If you want a tutorial on the use of Snort in a Windows environment that also examines Intrusion Detection systems and the growing need for them, Kenneth Rode's paper may be useful.

What is dsniff?
If it's your job to manage or secure a network, you already know the importance of sniffing, that is, listening to the traffic on your network. Sniffing on a LAN is simple-just put a network card in promiscuous mode and grab everything. On a switched network though, every entity on your network is connected to its own port on the switch. Only packets destined for a given MAC address are sent down the segment that machine is connected to. A sniffing machine would only hear its own traffic. So how can you monitor traffic on a switched network? Simple: dsniff. Dsniff is a suite of utilities that allows a computer to intercept particular types of switched information in a variety of ways.

For an excellent introduction to dsniff as well as brief information on installation, use, detection, and countermeasures, read Lora Danielle's "Introduction to dsniff."

Packet sniffing on a switched network: To learn more about packet sniffing in a switched environment, take a look at Tom King's paper which discusses sniffing using dsniff as well as Cain and ScoopLM

or Douglas Hewes' I Can See You Behind Layer 2: Overcoming the Difficulties of Packet Capturing on a Switched Network

Detection and countermeasures: Dsniff is a powerful tool to help you know what's happening in your network. The downside is that it's an equally powerful tool for anyone else to know what's happening in your network.

Layer II vulnerabilities: Many people consider switches to be innately secure, because they operate at a low level of the TCP/IP protocol stack. This couldn't be further from the truth. If you would like a better understanding of this often misunderstood topic, and how dsniff is an important part of it, take a look at the following.

Network Insecurity with Switches

Securing Network Infrastructure and Switched Networks

Protecting Network Infrastructure at the Protocol Level

Security in an Ethernet LAN Environment

Security from Scratch ~E How to Achieve It

Why your switched network isn't secure.

Penetration testing: If you plan to use dsniff for penetration testing, check out:

dsniff and your network security: If you want to build a more secure network, the following provides pointers to information on dsniff and other network security related tools

What is Bluetooth?
There has been a lot of buzz lately about the Bluetooth protocol, with strong opinions expressed both for and against. Proponents describe it as a wireless networking panacea. Critics question its level of security, while the more extreme call it completely insecure. Is it brilliant or a belly-flop? Read on.

For an objective and fairly technical overview of Bluetooth security, check out either Nikhil Anand's "An Overview of Bluetooth Security"

or the more recent "Bluetooth: The Global Technology?" by Howard Johnson.

Both papers give background information on Bluetooth security as well as in-depth technical specifications, potential risks and possible responses.

The bigger picture: The extreme opinions about Bluetooth security are mirrored by the attitudes on wireless networking in general, with strong ideas being tossed out in favor and opposed. For more information, see Evan Uwakwe's "Wireless Computing- A Technological Breakthrough Laden with Risk?"

or "Wireless Networks: Panacea or the Next Hacker's Playground?" by Lee Elmendorf

Wireless networking: For an overview of the wireless situation and how Bluetooth fits in, try one of the following:
"The Wireless Confusion" by Craig Harrison

"Wireless Security" by Mike McMurry

"Wireless Communications Technologies: An Analysis Of Security Issues" by Jeffrey Posluns

"The Limits on Wireless Security: 802.11 in early 2002" by James Voorhees

"Threats and Countermeasures in Wireless Networking" by Sean Wang

Bluetooth and PANs: Personal area networks that connect you to your printer, PDA, and etc. make sense, right? But are they a security risk? "Personal Area Networks - How Personal are They?" by Virgil L. Hovar proposes Bluetooth as one solution to this potentially hairy problem.

Less technical:
If your interests lean more toward the business and legal aspects of wireless network security than to the technical, you might take a look at "How to Avoid Ethical and Legal Issues In Wireless Network Discovery" by Erik Montcalm

What is password cracking?
Password Cracking is one area of computer hacking that still quite often provides access to a system or application. If you are interested in the underlying concepts of password cracking, take a look at Patrick Boismenu's paper on password cracking; if your focus is on risk mitigation, focus on the papers of David Beverstock, Sam Wilson and David H. Sherrod. Should you need some more "war stories" to illustrate to decision makers the risks associated with the status quo, take a look at the papers of Kimberly Rallo, Leonard Hermens and William Geimer.

RR paper by Patrick Boismenu on password cracking uses L0phtCrack to illustrate how most password crackers operate, emphasizing the importance of password security for all authentication/based protected systems.

RR paper by David Beverstock on three properties of passwords that render them risky or unsuitable for use, suggested risk mitigation for these properties, current attacks on passwords, and future trends in computing that will obsolete password use. The paper also includes a short description of a risk analysis as applied to authentication, as well as pointers to alternative forms of authentication.

RR paper by Sam Wilson on combating the lazy user via password policies and guidelines. The paper compares a variety of password policies and guidelines that are publicly available on the Internet, demonstrating that many of them allow for the creation of weak passwords by lazy or inexperienced users, vulnerable to dictionary attacks and readily available password cracking tools.

RR paper by David H. Sherrod on making passwords a legitimate corporate defense, ensuring system and application passwords are secure from internal and external attacks. The paper outlines four easy steps to secure access to systems using strong passwords: Have a password policy and standards, and supporting procedures; Educate your users; Utilize your help desk personnel; Perform audits.

RR paper by Kimberly Rallo on the security implications of sending clear text passwords across an enterprise network, and documenting the implications in a risk assessment.

RR paper by Leonard Hermens on various problems resulting from inadequate password policies.

RR paper by William Geimer on password encryption and authentication techniques applied to the file-level protection of personal documents and databases, exemplified by protection schemes used by Intuit Corporation's Quicken software, which fail to provide the level of security that might be expected.

RR paper by Jason Mortensen: "Password Protection: Is This the Best We Can Do?"

What is a bastion host?
Bastion Host - a host computer / server which has been hardened in anticipation of vulnerabilities that have not been discovered yet to make penetration as difficult as possible. This is always a good idea for systems in the DMZ, as well as for firewalls, intrusion detection systems (IDSs) and intrusion prevention systems (IPSs), and can also be beneficial for production systems as a measure of risk mitigation. Jenkins' paper provides a general introduction to the topic; papers by Luz-Romero, Orebaugh and d'Albis provide an OS- and application-specific angle; and Vinciguerra and Foote in their respective papers discuss bastion hosts as a vital part of a Defense-in-Depth strategy.

RR paper by Tod Jenkins on installing a hardened bastion host, including a checklist by Zwicky/Cooper/Chapman: "The basic hardening process is as follows:

Secure the machine.
Disable all non-required services.
Install or modify the services you want to provide.
Reconfigure the machine from a configuration suitable for development into its final running state.
Run a security audit to establish a baseline.
Connect the machine to the network it will be used on."

RR paper by Pedro A. Luz-Romero, discussing secure OS environments for Linux, reviews the main set of tools and resources available for Linux system administrators willing to build an operating system with enhanced security features that allow applications to run securely in a network accessible from the Internet.

RR paper by Angela Orebaugh, providing a brief introduction to securing Solaris.

RR paper by Cedric d'Albis describing in detail the steps required to implement and harden a Symantec LiveUpdate server on a Microsoft Windows 2000 platform. In addition to being a cookbook to build a LiveUpdate FTP server, this paper describes methods and concepts that can be used to secure any vendor application on the Windows 2000 platform.

RR paper by Paul Vinciguerra, covering a Layer-7 strong security stance based on defense-in-depth, including Apache modules for ATG Dynamo, BEA Weblogic, IBM WebSphere, and Apache Tomcat. Also included, a discussion on protecting Exchange Server, running Outlook Web Access (OWA).

RR paper by Mary Foote, describing Defense-in-Depth improvements for NASA's Mission Network.

What is CIDR? ( Classless Internet Domain Routing )
CIDR Table - Classless Internet Domain Routing (CIDR) is a technique that breaks the traditional barriers of class based addressing and allocates blocks of any power of two. With CIDR, IP addresses and their subnet masks are written as 4 octets, separated by periods, followed by a forward slash and a number that represents the subnet mask. The CIDR table helps you to determine your network's Base IP Address and Broadcast IP Address, so that you do not accidentally go beyond your network's boundaries while penetration testing, or conducting similar activities. CIDR notation is also frequently used as shorthand in the definition of firewall, IDS and IPS filtering rules.

RR paper by Dana Price on IPfilter, a UNIX host-based firewall, touches on CIDR shorthand for writing filters.

RR paper by William Kirt Karl on securing Solaris servers using host-based firewalls, similarly touches on CIDR notation as a viable alternative in rule-writing.

RR paper by Sargon Elias investigates whether or not the Border Gateway Protocol (BGP) is safe. In this context, the infamous AS7007 case is presented as an example of what can happen if incorrect BGP routes are advertised. A small ISP jointed their network to Sprint; due to a misconfiguration, IGP converted CIDR routes into classful nodes; misinformation spread through Sprint's network to ANS, MCI, UUNet and other NSPs, crashing routers through the suddenly doubled size of their routing tables.

What is the Federal Bureau of Investigation (FBI) and what do they have to do with information security?
FBI - Depending on the industry you are working in, you might be required to bring in the Federal Bureau of Investigation (FBI) upon detection of certain types of incidents; in other cases it might still be a good idea, depending on the severity or consequences of certain adverse activities you have been victimized by.

The 2004 SANS Top Twenty Internet Security Vulnerabilities list consists of the ten most commonly exploited vulnerable services in Windows and the ten most commonly exploited elements in UNIX and Linux environments. A living document, the list is updated as more critical threats and more current or convenient methods of protection are identified. This expert consensus is the successor to the Ten Most Critical Internet Security Vulnerabilities document released by the SANS Institute and the National Infrastructure Protection Center (NIPC) at the FBI.

RR paper by Conrad Larkin deals with the additional computer security precautions that need to be addressed when it is a law enforcement agency that is being secured. In addition to an overview of basic computer security measures, the paper, using the Federal Bureau of Investigation (FBI) and its National Crime Information Center (NCIC) as its focus, examines various points of concern relating to security, the current ways of addressing these concerns as well as other possible means of meeting these needs.

RR paper by Maxim May, shedding light on Federal computer crime laws, including the Computer Fraud and Abuse Act (CFAA), the Electronic Communications Privacy Act (ECPA), the Communications Assistance for Law Enforcement Act (CALEA), the Cyber Security Enhancement Act (CSEA, passed together with the Homeland Security Act), the Digital Millennium Copyright Act (DMCA), and other laws used to prosecute computer crimes, such as the Economic Espionage Act (EEA).

RR paper by Chad Yancey discusses the danger of communication in the 21st century, exemplified by ECHELON as an example of capturing and deciphering international communications, as well as tools used by the FBI for what the author considers domestic spying.

RR paper by Shannon M. Lawson on information warfare, analyzes the threat of cyber-terrorism towards the U.S. critical infrastructure. The paper focuses on the information warfare capabilities of various terrorist groups, such as Hammas or al-Qaeda as well as analyzing the current U.S. posture towards cyber warfare and terrorism, concluding that the U.S. "cyber" infrastructure is vulnerable to cyber attacks.

RR paper by Torri Piper reviews the uneven playing field between cyber criminals and law enforcement. The paper provides observations of disparities between the criminals manipulating digital data and law enforcement seeking to capture them as well as suggestions as to how to give law enforcement a more level playing field.

RR paper by Jason Hiney asks what the Federal government is doing to improve the state of information security. The paper, which maintains that the government is taking decisive action to improve the state of information security in the U.S., covers a variety of major themes including government-industry partnerships, co-operation with law enforcement abroad, government sponsored research and protecting the right privacy.

RR paper by Oscar W. Peterson III discusses the 2001 USA PATRIOT Act and its implications for the IT Security Professional (ITSP) and his/her work environment. The paper concludes that the USA PATRIOT Act and the government's emphasis on IT security will have a wide ranging impact on ITSPs, including their being expected to be more diligent in accurate record keeping, so as to be able to provide the government with information when necessary, and increased work load.

What is a Gateway Architecture?
Gateway Architecture - A network point that acts as an entrance to another network should be architected in a way that minimizes risk. Both Swab and Heinrichs cover UNIX-based mail gateways utilizing AMaViS (A Mail Virus Scanner), Maarten Hartsuijker elaborates on securing a mail gateway, Karwisch takes an in-depth look at the auditing of corporate e-mail gateways, whereas Schario focuses on spam filtering at the gateway, and finally, on related topics, Mordijck discusses secure gateway router configuration, whereas Charlene Keltz explores split horizon DNS.

RR paper by Keven Swab, describing SMTP gateway virus filtering with Sendmail and AMaViS, an open-source product acting as an interface between supported MTAs (Mail Transfer Agents), such as Sendmail, and one or more supported (command-line) virus scanning utilities.

RR paper by Thomas A. Heinrichs covers virus filtering at an UNIX mail gateway, using open source Sendmail on Linux as an example. Heinrichs discusses open source versus commercial options, and provides guidance on finding and choosing a UNIX-based virus scanner.

RR papers by Amarottam Shrestha develop an Information Security Management System (ISMS) to provide assurance that the Internet gateway meets the required security level to protect the Information resources of an organization's internal network. Shrestha uses a case study to demonstrate the Plan Do Check Act (PDCA) process based on AS/NZS 7799:2:2003 Information Security Management.

RR paper by Maarten Hartsuijkeron securing UNIX for operating a secure mail gateway. After presentation of a description of the system, Hartsuijker performs a risk analysis, provides step-by-step guidance on the system, firewall and Postfix setup, discusses issues of ongoing maintenance and delineates various configuration checks.

RR paper by William Karwisch, on auditing a corporate e-mail gateway, based on a system running Postfix on Linux. This report of the audit of a corporate e-mail relay from an administrator's viewpoint divides the audit process into four sections. The first section describes the system, analyzes its risks, develops the high-level objectives of the audit, and researches current practice; the second section is the audit checklist. The third section documents the actual audit and analyzes the results; the fourth section is a summary of audit findings and the risks they pose, a description of system changes, results of retesting the system, and a justification of the final state of the system.

RR paper by Kraig P. Schario on implementing a spam filtering gateway with James, the Java Apache Mail Enterprise Server, developed by The Apache Software Foundation. In addition to covering RedHat Linux 9.0 and Windows 2000/XP installations, Schario explores performance and security considerations. Spam is quickly identified for end-user management, utilizing blacklists, whitelists, reverse DNS lookups, and a Bayesian filter.

RR paper by Toon Mordijck describes the disabling of unneeded features and services on Cisco Internet gateway routers. Mordijck, in addition to providing a one-stop approach, strives to resolve contradictions between Cisco's "Improving Security on Cisco Routers" and their IOS Basic System Management Commands command reference.

RR paper by Charlene Keltz, featuring Sidewinder as an example for a split horizon DNS architecture.

Where can I find information on HIPAA Security Policies?
HIPAA Security Policies - The Security Rule of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) stipulates certain precautions covered entities must take to protect the protected health information (PHI). There are 18 information security standards in three areas that must be met to ensure compliance with the HIPAA Security Rule. The three areas are:

Administrative Safeguards: documented policies and procedures for day-to-day operations; managing the conduct of employees with electronic protected health information (EPHI); and managing the selection, development, and use of security controls.
Physical Safeguards: security measures meant to protect an organization's electronic information systems, as well as related buildings and equipment, from natural hazards, environmental hazards, and unauthorized intrusion.
Technical Safeguards: security measures that specify how to use technology to protect EPHI, particularly controlling access to it.

RR paper by Frederick Hawkes details the planning and implementation of an Information Security Management System (ISMS) using Wireless LANs in an assisted living / extended care facility under the framework of ISO 17799. The paper explores possible security issues pertaining to privacy concerns and regulatory affairs such as the Health Insurance Portability and Accountability Act (HIPAA) that might arise as a result of the use of Wireless LANs in a healthcare environment.

RR paper by James C. Murphy on the impact of HIPAA Security standards on disaster recovery planning notes a healthcare organization may still be in violation of HIPAA if its disaster recovery plan does not protect patient information in the event of a major disaster. Under the HIPAA Security standards, healthcare organizations must provide adequate backup of information and a properly conducted disaster recovery plan after a major disaster. The paper discusses ways to define, organize and place in proper sequence events specific to a distributed computing environment in order to facilitate an adequate disaster recovery plan .

RR paper by Sheldon Borkin compares two security standards, the U.S. HIPAA Security Final Standards and ISO/IEC 17799, an international information security standard. The paper concludes that while there are many comparable parts between the two standards, each has some requirements the other doesn't. However, noting that both standards require controls be based on risk assessment, Borkin details a strategy that would satisfy both security standards.

RR paper by Tautra Romig discusses cost-effective solutions to satisfy the Technical Security measures required by HIPAA, including using one solution to satisfy more than one requirement and the utilization of existing Windows NT and UNIX built-in mechanisms, which if enabled, will assist in achieving HIPAA compliance in Technical Security measures.

RR paper by Tim Ferrel examines the impact of HIPAA Security Rules in healthcare organizations, which were designed to protect and secure protected patient health information that is stored or transmitted electronically. The discussion includes topics such as certification, security configuration management, termination procedures and security awareness training.

Help me understand Security Threats & Vulnerabilities?
Security Threats & Vulnerabilities - The growing number of security threats and vulnerabilities makes a thorough risk assessment and implementation of best practices for mitigation indispensable in today's environment.

RR paper by Elio Perez focuses on the current IEEE 802.11i standard and its components concluding that the implementation of the standard will be slow due to the high cost of hardware replacements and the low technology spending cycle of organizations. The paper also discusses the significant steps IEEE has taken to restore the faith in the security of the 802.11 standard, following publication of threats to and vulnerabilities in earlier 802.11 standards and their respective implementations.

RR paper by Danny Neoh offers corporate network administrators guidance on securing their wireless LAN (WLAN) in order to safeguard protected sensitive data. The paper focuses on the risks of wireless networks as well as methods to mitigate these risks. After a discussion of WLAN technology and its pros and cons, the various types of attacks on WLAN and the exploitable vulnerabilities in the 802.11 wireless security standards, the paper goes on to recommend a defensible in-depth method for securing a WLAN; such a method would include providing security measures and various layers, providing a proper wireless network security policy and auditing the network regularly.

RR paper by Robert Droppleman analyzes the use of Network Intrusion Detection Systems (NIDS) in small businesses environments. After a discussion of the need for small businesses to keep business information and internal networks secure, the paper examines the usefulness, effectiveness and cost effectiveness of using NIDS in such an environment as a means of mitigating risks posed by security threats and vulnerabilities, concluding that while the NIDS does provide some network security protection, it does it imperfectly and at great costs, making its use unlikely in small businesses.

RR paper by Pam Cocca on e-mail security focuses on what threats exist and proceeds to discuss various ways to help combat the problem. The paper considers the threat viruses, spam and phishing have on e-mail security and recommend various methods to assist in maintaining e-mail security including email security products and outsourcing e-mail security to an outsourced security provider.

What is a VLAN? - Virtual LAN (Local Area Network)
VLAN - Virtual LAN (Local Area Network), a logical, not physical, group of devices, defined by software, allowing the re-segment networks without physically rearranging the devices or network connections.

RR paper by Steve A. Rouiller examines weaknesses in Virtual LAN (VLAN) security and discusses countermeasures to improve security in these areas. The paper is based heavily on the possibility of sending packets across different zones, which would render VLANs useless. A variety of possible attacks, exploiting the VLAN Trunking Protocol, Spanning Tree, Basic Hopping and Address Resolution Protocol, are discussed and tested, with suggestions on how to avoid such attacks.

RR paper by Ken Creekmore provides how-to advice on designing and securing an internal network. The paper analysis the threats and risks involved in the configuration of several design scenarios and demonstrates how the design can be changed to eliminate or minimize the problems. In addition, comments are provided for each revised design.

RR paper by Chang Boon Lee provides best practice information on designing and implementing a secure network in an Internet Data Center, focusing primarily on telcos which provide Internet web hosting infrastructure to corporate customers. After an overview of the architecture, the paper gives details of specific modules, such as the ISP Conductivity Module, that make up the network design.

RR papers by George Farah demonstrate how to develop an information systems architecture in a complex environment with few security measures in place, establishing VLANs connecting all local and remote offices nationwide.

RR paper by Daniel Oxenhandler examines several strategies for designing a secure LAN from the view point of the network architecture. The paper focuses on three main areas; the network topology, both physical and logical, securing the routers and switches and emerging and advanced techniques in network security such as Network Intrusion Detection Systems (NIDS).

RR paper by Etienne De Burgh outlines various security issues that may occur when implementing a storage area network (SAN). The paper focuses on the current methods used to secure SANs, explaining problems that may occur when using these current approaches and investigating emerging technologies vendors are beginning to market that seek to address the concerns with earlier attempts at SAN security.

What is MPLS - (Multi-Protocol Label Switching)
MPLS - Multi-Protocol Label Switching is an IETF-defined protocol, used in IP traffic management, that integrates Layer 2 information about network links (bandwidth, latency, utilization) into Layer 3 (IP) in order to simplify and improve IP -packet exchange. This way, routers can pass on routing priorities to each other by means of a label and without a need to examine the packet and its header, saving the time required for the receiving device to look up the address for the next node. MPLS can also facilitate Quality of Service (QoS).

RR paper by Kelly DeGeest, discussing MPLS VPN technology as a alternative to Frame Relay and ATM networks, as well as dedicated telco lines, providing a good introduction and explaining its relationship to the Border Gateway Protocol (BGP).

RR paper by Ravi Sinha takes a quick look at traditional IP routing and ATM in service provider networks, followed by a discussion of various aspects of MPLS, as well as the operation of VPNs in a MPLS environment. The author concludes that MPLS provides benefits that service providers need urgently in their networks, such as predictability, scalability and manageability, and considers a MPLS infrastructure an excellent choice for providing VPN services.

RR paper by Gary Alterson compares BGP/MPLS and IPSec VPNs, assessing the security provided by both solutions and suggesting guidelines for network managers to assist in evaluating these two options. The following aspects should be considered: data confidentiality, data integrity, data availability, remote access, Internet access, and scalability. Alterson concludes that BGP/MPLS VPNs are more scaleable and provide better availability; IPSec VPNs provide for better data confidentiality and integrity; both types of VPN are difficult to configure, and poor implementation is a concern for either solution.

RR paper by Michael A. Stoos assesses whether MPLS VPN technology is the latest marketing ploy of the service providers or if it is a valid option for the enterprise within its security framework. Stoos determines what security is provided or not; looks at potential flaws as a VPN, as well as ways in which enterprise customers can take advantage of this technology.

RR paper by Guillaume Tamboise, providing hands-on guidance on how to securely use SNMP on a BGP/MPLS VPN network. Service providers manage their MPLS network and possibly the Customer Edge (CE) routers via their Operations and Business Support System (OSS/BSS) devices, hosted behind some of their own CE routers, as well as value-added on-demand services hosted behind these CE routers on managed servers. All these components can be managed using SNMP; Tamboise explains how to make the components interact safely.