Guide To Popular Resources - Computer Security
|Helpful answers to common requests about Computer Security:|
What is the best firewall?
The answer is it depends, currently, the three most
popular firewalls used by the community are:
- Checkpoint Firewall 1:
- Cisco Pix:
The best book on firewalls by far is Inside Perimeter Security by Northcutt, Zeltser, Winters, Frederick
We have been very impressed with the free Unix/Linux/BSD firewall options:
The latest buzz in firewalls
is airgaps and their a number of papers on this approach to perimeter security.
|Computer Hacking is a bit broad for class of resources, but we have a information
security educational papers on hacking. If you are looking for the deeply technical stuff go straight to the last reference.
RR paper by Zachary Wilson gets you started with the basics.
RR paper by Mike Poor discusses one of the more
skilled hacker groups.
Your education about hacking is incomplete until you read about hacktivism and a RR paper by
Julie L.C. Thomas will get you up to speed.
RR paper by Lee Biard on how we educate kids about hacking.
to the paper above, the FTC "Stay Safe Online" program for security awareness and government/citizen partnership is worth
|DMZ - In information security, DMZ has multiple meanings. Classically it refers to the
part of the perimeter between your service provider's point of demarcation and where you assume control. It can also mean
any protected network, usually one at least partially accessible via the Internet. SANS has a number of papers shown below
to help you learn about DMZ design and testing and also offers information security training in firewalls, DMZs and VPNs.
RR paper by Scott Young on DMZ design.
RR paper by Chris Mahn on three tiered or complex DMZs, if this sounds
like overkill to you, it is worth noting the Visa Security Commandments for credit card merchants specify a separate DMZ for
credit card activity.
RR paper by Jeff Pipping on extranets, a special type of DMZ.
Still haven't found what
you are looking for? GIAC has hundreds of advanced papers on DMZs, firewalls and perimeter security and every paper has a
section on auditing firewalls and also puts a firewall design under attack.
|Netcat is the Swiss Army Knife of network and networked application testing. |
paper by Tom Armstrong covers the basic commands and features of netcat and is in the Reading Room.
RR paper by Timothy
Layton is primarily focused on penetration testing, but includes a section on netcat. If you are interested primarily in penetration
testing, Tim recommends Jessica Lowery's paper on penetration testing . Jessica's paper did a great job of outlining and defining
what penetration tests are and how an organization should view and use them. Tim builds on that paper with information on
how to use the tools.
|Reverse Proxy, this is a hot topic in information security training as the recent rash
of Apache and IIS vulnerabilities have security engineers thinking they need something between their web servers and the Internet.|
paper by Art Stricek covers the fundamentals of reverse proxy.
RR paper by Lynda L. Morrison shows an example reverse
proxy with Apache and SSL.
RR paper reverse proxy architecture implemented with HP OpenView Web Transaction Observer
by Matthew Patterson
|Social Engineering is a soft skill designed to manipulate a user or employee for the attacker's
gain. Classic examples include showing up at a site in coveralls to fix the phone or computer and naming a Trojan Horse (malicious
software) program after free software.
Papers on social engineering include: RR paper by George Stevens refers to Mitch Kabay's
definition of social engineering, and discusses Information Security training, Security Awareness, Testing, Physical Security
RR paper by Rick Tims gives a fairly comprehensive list of the various types of human and computer based
RR paper by James E. Keeling suggests using social engineering to get the workers in an organization
to follow their security policy.
RR paper by Malcolm Allen includes a discussion on reverse social engineering and a list of the
traits that would be present regardless of the social engineering approach that is used.
There is a multipart document
by Sarah Granger based on a true story.
|Scanning for Port 137|
There has been an increase in security education regarding scanning
for port 137. This has two sources, an increase in awareness among script kiddies of the ability to discover information about
a target host using NBTSTAT and the spread of an internet worm known as network.vbs.
Please also see the document
and detailed chart on "Using IDS to Evaluate Outbound Port Usage for Security and Reduction of IDS Alerts: A Case Study" written
by Kenneth Underwood.
Also review the practical by Mike Harvey on "Network Trace Analysis 1.
|What are TCP Wrappers?|
TCP Wrappers acts much like a soldier at a checkpoint, verifying
a host's clearance prior to entry. Simply put TCP Wrappers capitalizes on the client/server relationship necessary for most
TCP/IP applications. TCP Wrappers inserts itself into the middle of the relationship and acts as the server until the client/host
is authenticated. TCP Wrappers utilizes its access control feature to authenticate hosts. TCP Wrappers does all of this with
no overhead to the system.
Detailed training information on TCP Wrappers in the paper "Configuring Secure Shell with
TCP Wrappers on Solaris 2.8" by Jane Micheller is located at:
You can get TCP Wrappers for free at:
http://ftp.cert.org/pub/tools/tcp_wrappers_7.6.tar.gz and http://ftp.porcupine.org/pub/security/
|Explain IP Spoofing|
IP spoofing involves fooling a target system into thinking that
the packets that it is receiving have been sent from a system other than the attacker's system. In its simplest form, IP spoofing
is achieved by faking the source IP address in the packets that are sent by the attacker. .
It is important to keep
educated on spoofing since it can take on many forms in the computer world, all of which involve some type of fraudulent representation
of information. There are a variety of methods and types of spoofing.
For an introduction to IP spoofing see "Introduction
to IP Spoofing" by Victor Velasco.
For full information on the many forms of IP spoofing check out "Spoofing: An Overview
of Some of the Current Spoofing Threats" .
|What is a security policy?|
All security and technical training classes talk about the
necessity of basing procedures on a good security policy. We need to understand what is meant by policy.
information is challenging when records are created and stored on a computer. Research projects are often excellent resources
for security policies. A good sample of one is "Global Incident Analysis Center".
To learn how to define a sample security
policy see the document "GIAC ISO Practical Assignment, VPN/Extranet Service Provider Security Policy and Procedure" by Jonathan
For a more advanced point of view check out "Track 10: Security
Essentials for Auditors" which is designed for individuals entering the information security industry who are tasked with
auditing organizational policy, procedure, risk or policy conformance.
Fport identifies programs listening at ports even when a suspicious port
is identified. For best practices of Fport view "Vulnerability Identification and Remediation Through Best Security Practices",
by BJ Bellamy Jr..
To develop defense-in-depth computer security, an understanding of various vulnerabilities must
be realized before a protection strategy is developed. The following document will help you identify those vulnerabilities,
"Using Fport on Windows NT to Map Applications to Open Ports" by Teena J. Henson.
|What does subseven mean?
SubSeven is a Trojan for the Windows platform. It comes at
least in two parts a client and a server. The hacker to connect to the victim's machine uses the client. Once the server.exe
is installed on the victim's machine the hacker has full access to the victim's machine.
Additional information on subseven can be found at "Deconstructing SubSeven, the Trojan Horse
of Choice" by Jamie Crapanzano:
Also see "SubSeven 2.2: New Flavor of an Old Favorite" by Aaron Greenlee:
more technical information on SubSeven including a Tcpdump of SubSeven Scans review the document by David Thibault.
|What is a war dialer?|
By using a war dialer, hackers can set their computer to automatically
dial thousands of number until finding a modem. All too frequently, such modems will be enabled to answer incoming calls,
and the computer they are connected to also happens to be connected to, and trusted by, the corporate internet.
the following documents for more detailed information:
"PhoneSweep®: The Corporate War Dialer", by Greg Hodes:
Dialing", by Michael Gunn:
"Securing The Wile Modem: A Case Study on the Use of Policies, War Dialers, and Firewalls
for Phone Lines" by Archie Woodworth:
For another War Dialing case study see the Remote Access White Paper by Ken Stasiak.
|What is OS fingerprinting?|
The practice of determine what operating
system a remote system is running.
Toby Miller has two excellent papers in the RR on passive OS Fingerprinting.
What is snort?
Snort is a simple yet powerful packet sniffer and logger that can be
used as a lightweight network intrusion detection system (NIDS). It is an important part of an overall approach to maintaining
a secure network. For an excellent review of this tool as well as a large amount of more specific information, see Mark D.
Intrusion Detection: It is possible to set up an effective intrusion detection system using
open source tools at little to no cost. If you build such a system, snort is likely to be an important part of your solution.
For an intelligent and readable explanation of how to do this, check out "Using Snort For a Distributed Intrusion Detection
System" by Michael P. Brennan.
What is SnortSnarf? In an effective NIDS system, detection of an attack is a
must. But how is detection possible if the data is buried deep within the IDS log files? SnortSnarf provides a solution. It
is a Perl script that uses the snort log files and processes them into a web viewable format.
information: For a snort command line summary and other technical information, go to:
Snort can be used in a dynamically
assigned IP address environment.
Snort and Specific Operating Systems: To use snort as a network intrusions
detection system (NIDS) and network monitor under Linux, see the work by James Kipp:
Installing and running snort under
FreeBSD is also a possibility.
Snort and Windows Operating Systems: Snort can also be used under the various versions of Windows.
The instructions, however, can be arcane. They leave out important details, and do not explain exactly why certain things
are being installed or configured a specific way. If you are working in Win2000/XP, even if you have limited technical experience,
and would like to install a network intrusion detection system, check out Christina Neal's "Snort Install on Win2000/XP with
Acid, and MySQL ."
A similar description aimed at Windows NT is available .
you want a tutorial on the use of Snort in a Windows environment that also examines Intrusion Detection systems and the growing
need for them, Kenneth Rode's paper may be useful.
|What is dsniff?|
If it's your job to manage or secure a network, you already know the
importance of sniffing, that is, listening to the traffic on your network. Sniffing on a LAN is simple-just put a network
card in promiscuous mode and grab everything. On a switched network though, every entity on your network is connected to its
own port on the switch. Only packets destined for a given MAC address are sent down the segment that machine is connected
to. A sniffing machine would only hear its own traffic. So how can you monitor traffic on a switched network? Simple: dsniff.
Dsniff is a suite of utilities that allows a computer to intercept particular types of switched information in a variety of
For an excellent introduction to dsniff as well as brief information on installation, use, detection, and countermeasures,
read Lora Danielle's "Introduction to dsniff."
Packet sniffing on a switched network: To learn more about packet sniffing in a switched environment,
take a look at Tom King's paper which discusses sniffing using dsniff as well as Cain and ScoopLM
or Douglas Hewes'
I Can See You Behind Layer 2: Overcoming the Difficulties of Packet Capturing on a Switched Network
Detection and countermeasures: Dsniff is a powerful tool to help you know what's happening in your network.
The downside is that it's an equally powerful tool for anyone else to know what's happening in your network.
Layer II vulnerabilities: Many people consider switches to be innately secure, because
they operate at a low level of the TCP/IP protocol stack. This couldn't be further from the truth. If you would like a better
understanding of this often misunderstood topic, and how dsniff is an important part of it, take a look at the following.
Insecurity with Switches
Securing Network Infrastructure and Switched Networks
Network Infrastructure at the Protocol Level
Security in an Ethernet LAN Environment
Security from Scratch ~E How to Achieve It
Why your switched network isn't secure.
testing: If you plan to use dsniff for penetration testing, check out:
dsniff and your network security: If you want to build a more secure network, the following provides
pointers to information on dsniff and other network security related tools
|What is Bluetooth?|
There has been a lot of buzz lately about the Bluetooth protocol,
with strong opinions expressed both for and against. Proponents describe it as a wireless networking panacea. Critics question
its level of security, while the more extreme call it completely insecure. Is it brilliant or a belly-flop? Read on.
an objective and fairly technical overview of Bluetooth security, check out either Nikhil Anand's "An Overview of Bluetooth
or the more recent "Bluetooth: The Global Technology?" by Howard Johnson.
papers give background information on Bluetooth security as well as in-depth technical specifications, potential risks and
The bigger picture: The extreme opinions about Bluetooth security are mirrored by the
attitudes on wireless networking in general, with strong ideas being tossed out in favor and opposed. For more information,
see Evan Uwakwe's "Wireless Computing- A Technological Breakthrough Laden with Risk?"
or "Wireless Networks: Panacea
or the Next Hacker's Playground?" by Lee Elmendorf
Wireless networking: For an overview of the wireless situation
and how Bluetooth fits in, try one of the following:
"The Wireless Confusion" by Craig Harrison
"Wireless Security" by Mike McMurry
"Wireless Communications Technologies:
An Analysis Of Security Issues" by Jeffrey Posluns
"The Limits on Wireless Security:
802.11 in early 2002" by James Voorhees
"Threats and Countermeasures in Wireless Networking" by Sean Wang
Bluetooth and PANs: Personal area networks that connect you to your printer, PDA, and etc. make sense,
right? But are they a security risk? "Personal Area Networks - How Personal are They?" by Virgil L. Hovar proposes Bluetooth
as one solution to this potentially hairy problem.
If your interests lean more toward
the business and legal aspects of wireless network security than to the technical, you might take a look at "How to Avoid
Ethical and Legal Issues In Wireless Network Discovery" by Erik Montcalm
|What is password cracking?|
Password Cracking is one area of computer hacking that still
quite often provides access to a system or application. If you are interested in the underlying concepts of password cracking,
take a look at Patrick Boismenu's paper on password cracking; if your focus is on risk mitigation, focus on the papers of
David Beverstock, Sam Wilson and David H. Sherrod. Should you need some more "war stories" to illustrate to decision makers
the risks associated with the status quo, take a look at the papers of Kimberly Rallo, Leonard Hermens and William Geimer.
RR paper by Patrick Boismenu on password cracking uses L0phtCrack to illustrate how most password crackers operate,
emphasizing the importance of password security for all authentication/based protected systems.
RR paper by David
Beverstock on three properties of passwords that render them risky or unsuitable for use, suggested risk mitigation for these
properties, current attacks on passwords, and future trends in computing that will obsolete password use. The paper also includes
a short description of a risk analysis as applied to authentication, as well as pointers to alternative forms of authentication.
RR paper by Sam Wilson on combating the lazy user via password policies and guidelines. The paper compares a variety
of password policies and guidelines that are publicly available on the Internet, demonstrating that many of them allow for
the creation of weak passwords by lazy or inexperienced users, vulnerable to dictionary attacks and readily available password
RR paper by David H. Sherrod on making passwords a legitimate corporate defense, ensuring system and
application passwords are secure from internal and external attacks. The paper outlines four easy steps to secure access to
systems using strong passwords: Have a password policy and standards, and supporting procedures; Educate your users; Utilize
your help desk personnel; Perform audits.
RR paper by Kimberly Rallo on the security implications of sending clear
text passwords across an enterprise network, and documenting the implications in a risk assessment.
RR paper by Leonard
Hermens on various problems resulting from inadequate password policies.
RR paper by William Geimer on password encryption
and authentication techniques applied to the file-level protection of personal documents and databases, exemplified by protection
schemes used by Intuit Corporation's Quicken software, which fail to provide the level of security that might be expected.
RR paper by Jason Mortensen: "Password Protection: Is This the Best We Can Do?"
|What is a bastion host?|
Bastion Host - a host computer / server which has been hardened
in anticipation of vulnerabilities that have not been discovered yet to make penetration as difficult as possible. This is
always a good idea for systems in the DMZ, as well as for firewalls, intrusion detection systems (IDSs) and intrusion prevention
systems (IPSs), and can also be beneficial for production systems as a measure of risk mitigation. Jenkins' paper provides
a general introduction to the topic; papers by Luz-Romero, Orebaugh and d'Albis provide an OS- and application-specific angle;
and Vinciguerra and Foote in their respective papers discuss bastion hosts as a vital part of a Defense-in-Depth strategy.
RR paper by Tod Jenkins on installing a hardened bastion host, including a checklist by Zwicky/Cooper/Chapman: "The
basic hardening process is as follows:
- Secure the machine.
- Disable all non-required services.
- Install or modify the services you want to provide.
- Reconfigure the machine from a configuration suitable for development into its final running state.
- Run a security audit to establish a baseline.
- Connect the machine to the network it will be used on."
RR paper by Pedro A. Luz-Romero, discussing secure OS environments for Linux, reviews the
main set of tools and resources available for Linux system administrators willing to build an operating system with enhanced
security features that allow applications to run securely in a network accessible from the Internet.
RR paper by Angela
Orebaugh, providing a brief introduction to securing Solaris.
RR paper by Cedric d'Albis describing in detail the
steps required to implement and harden a Symantec LiveUpdate server on a Microsoft Windows 2000 platform. In addition to being
a cookbook to build a LiveUpdate FTP server, this paper describes methods and concepts that can be used to secure any vendor
application on the Windows 2000 platform.
RR paper by Paul Vinciguerra, covering a Layer-7 strong security stance
based on defense-in-depth, including Apache modules for ATG Dynamo, BEA Weblogic, IBM WebSphere, and Apache Tomcat. Also included,
a discussion on protecting Exchange Server, running Outlook Web Access (OWA).
RR paper by Mary Foote, describing Defense-in-Depth
improvements for NASA's Mission Network.
|What is CIDR? ( Classless Internet Domain Routing )|
CIDR Table - Classless Internet
Domain Routing (CIDR) is a technique that breaks the traditional barriers of class based addressing and allocates blocks of
any power of two. With CIDR, IP addresses and their subnet masks are written as 4 octets, separated by periods, followed by
a forward slash and a number that represents the subnet mask. The CIDR table helps you to determine your network's Base IP
Address and Broadcast IP Address, so that you do not accidentally go beyond your network's boundaries while penetration testing,
or conducting similar activities. CIDR notation is also frequently used as shorthand in the definition of firewall, IDS and
IPS filtering rules.
RR paper by Dana Price on IPfilter, a UNIX host-based firewall, touches on CIDR shorthand for
RR paper by William Kirt Karl on securing Solaris servers using host-based firewalls, similarly touches
on CIDR notation as a viable alternative in rule-writing.
RR paper by Sargon Elias investigates whether or not the
Border Gateway Protocol (BGP) is safe. In this context, the infamous AS7007 case is presented as an example of what can happen
if incorrect BGP routes are advertised. A small ISP jointed their network to Sprint; due to a misconfiguration, IGP converted
CIDR routes into classful nodes; misinformation spread through Sprint's network to ANS, MCI, UUNet and other NSPs, crashing
routers through the suddenly doubled size of their routing tables.
|What is the Federal Bureau of Investigation (FBI) and what do they have to do with information
FBI - Depending on the industry you are working in, you might be required to bring in the Federal Bureau
of Investigation (FBI) upon detection of certain types of incidents; in other cases it might still be a good idea, depending
on the severity or consequences of certain adverse activities you have been victimized by.
The 2004 SANS Top Twenty
Internet Security Vulnerabilities list consists of the ten most commonly exploited vulnerable services in Windows and the
ten most commonly exploited elements in UNIX and Linux environments. A living document, the list is updated as more critical
threats and more current or convenient methods of protection are identified. This expert consensus is the successor to the
Ten Most Critical Internet Security Vulnerabilities document released by the SANS Institute and the National Infrastructure
Protection Center (NIPC) at the FBI.
RR paper by Conrad Larkin deals with the additional computer security precautions
that need to be addressed when it is a law enforcement agency that is being secured. In addition to an overview of basic computer
security measures, the paper, using the Federal Bureau of Investigation (FBI) and its National Crime Information Center (NCIC)
as its focus, examines various points of concern relating to security, the current ways of addressing these concerns as well
as other possible means of meeting these needs.
RR paper by Maxim May, shedding light on Federal computer crime laws,
including the Computer Fraud and Abuse Act (CFAA), the Electronic Communications Privacy Act (ECPA), the Communications Assistance
for Law Enforcement Act (CALEA), the Cyber Security Enhancement Act (CSEA, passed together with the Homeland Security Act),
the Digital Millennium Copyright Act (DMCA), and other laws used to prosecute computer crimes, such as the Economic Espionage
RR paper by Chad Yancey discusses the danger of communication in the 21st century, exemplified by ECHELON
as an example of capturing and deciphering international communications, as well as tools used by the FBI for what the author
considers domestic spying.
RR paper by Shannon M. Lawson on information warfare, analyzes the threat of cyber-terrorism
towards the U.S. critical infrastructure. The paper focuses on the information warfare capabilities of various terrorist groups,
such as Hammas or al-Qaeda as well as analyzing the current U.S. posture towards cyber warfare and terrorism, concluding that
the U.S. "cyber" infrastructure is vulnerable to cyber attacks.
RR paper by Torri Piper reviews the uneven playing
field between cyber criminals and law enforcement. The paper provides observations of disparities between the criminals manipulating
digital data and law enforcement seeking to capture them as well as suggestions as to how to give law enforcement a more level
RR paper by Jason Hiney asks what the Federal government is doing to improve the state of information
security. The paper, which maintains that the government is taking decisive action to improve the state of information security
in the U.S., covers a variety of major themes including government-industry partnerships, co-operation with law enforcement
abroad, government sponsored research and protecting the right privacy.
RR paper by Oscar W. Peterson III discusses
the 2001 USA PATRIOT Act and its implications for the IT Security Professional (ITSP) and his/her work environment. The paper
concludes that the USA PATRIOT Act and the government's emphasis on IT security will have a wide ranging impact on ITSPs,
including their being expected to be more diligent in accurate record keeping, so as to be able to provide the government
with information when necessary, and increased work load.
|What is a Gateway Architecture?|
Gateway Architecture - A network point that acts as
an entrance to another network should be architected in a way that minimizes risk. Both Swab and Heinrichs cover UNIX-based
mail gateways utilizing AMaViS (A Mail Virus Scanner), Maarten Hartsuijker elaborates on securing a mail gateway, Karwisch
takes an in-depth look at the auditing of corporate e-mail gateways, whereas Schario focuses on spam filtering at the gateway,
and finally, on related topics, Mordijck discusses secure gateway router configuration, whereas Charlene Keltz explores split
RR paper by Keven Swab, describing SMTP gateway virus filtering with Sendmail and AMaViS, an open-source
product acting as an interface between supported MTAs (Mail Transfer Agents), such as Sendmail, and one or more supported
(command-line) virus scanning utilities.
RR paper by Thomas A. Heinrichs covers virus filtering at an UNIX mail gateway,
using open source Sendmail on Linux as an example. Heinrichs discusses open source versus commercial options, and provides
guidance on finding and choosing a UNIX-based virus scanner.
RR papers by Amarottam Shrestha develop an Information
Security Management System (ISMS) to provide assurance that the Internet gateway meets the required security level to protect
the Information resources of an organization's internal network. Shrestha uses a case study to demonstrate the Plan Do Check
Act (PDCA) process based on AS/NZS 7799:2:2003 Information Security Management.
RR paper by Maarten Hartsuijkeron securing
UNIX for operating a secure mail gateway. After presentation of a description of the system, Hartsuijker performs a risk analysis,
provides step-by-step guidance on the system, firewall and Postfix setup, discusses issues of ongoing maintenance and delineates
various configuration checks.
RR paper by William Karwisch, on auditing a corporate e-mail gateway, based on a system
running Postfix on Linux. This report of the audit of a corporate e-mail relay from an administrator's viewpoint divides the
audit process into four sections. The first section describes the system, analyzes its risks, develops the high-level objectives
of the audit, and researches current practice; the second section is the audit checklist. The third section documents the
actual audit and analyzes the results; the fourth section is a summary of audit findings and the risks they pose, a description
of system changes, results of retesting the system, and a justification of the final state of the system.
by Kraig P. Schario on implementing a spam filtering gateway with James, the Java Apache Mail Enterprise Server, developed
by The Apache Software Foundation. In addition to covering RedHat Linux 9.0 and Windows 2000/XP installations, Schario explores
performance and security considerations. Spam is quickly identified for end-user management, utilizing blacklists, whitelists,
reverse DNS lookups, and a Bayesian filter.
RR paper by Toon Mordijck describes the disabling of unneeded features
and services on Cisco Internet gateway routers. Mordijck, in addition to providing a one-stop approach, strives to resolve
contradictions between Cisco's "Improving Security on Cisco Routers" and their IOS Basic System Management Commands command
RR paper by Charlene Keltz, featuring Sidewinder as an example for a split horizon DNS architecture.
|Where can I find information on HIPAA Security Policies?|
HIPAA Security Policies -
The Security Rule of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) stipulates certain precautions
covered entities must take to protect the protected health information (PHI). There are 18 information security standards
in three areas that must be met to ensure compliance with the HIPAA Security Rule. The three areas are:
RR paper by Frederick Hawkes details the planning and implementation
of an Information Security Management System (ISMS) using Wireless LANs in an assisted living / extended care facility under
the framework of ISO 17799. The paper explores possible security issues pertaining to privacy concerns and regulatory affairs
such as the Health Insurance Portability and Accountability Act (HIPAA) that might arise as a result of the use of Wireless
LANs in a healthcare environment.
- Administrative Safeguards: documented policies and procedures for day-to-day operations; managing
the conduct of employees with electronic protected health information (EPHI); and managing the selection, development, and
use of security controls.
- Physical Safeguards: security measures meant to protect an organization's electronic information systems,
as well as related buildings and equipment, from natural hazards, environmental hazards, and unauthorized intrusion.
- Technical Safeguards: security measures that specify how to use technology to protect EPHI, particularly
controlling access to it.
RR paper by James C. Murphy on the impact of HIPAA Security standards on disaster
recovery planning notes a healthcare organization may still be in violation of HIPAA if its disaster recovery plan does not
protect patient information in the event of a major disaster. Under the HIPAA Security standards, healthcare organizations
must provide adequate backup of information and a properly conducted disaster recovery plan after a major disaster. The paper
discusses ways to define, organize and place in proper sequence events specific to a distributed computing environment in
order to facilitate an adequate disaster recovery plan .
RR paper by Sheldon Borkin compares two security standards,
the U.S. HIPAA Security Final Standards and ISO/IEC 17799, an international information security standard. The paper concludes
that while there are many comparable parts between the two standards, each has some requirements the other doesn't. However,
noting that both standards require controls be based on risk assessment, Borkin details a strategy that would satisfy both
RR paper by Tautra Romig discusses cost-effective solutions to satisfy the Technical Security
measures required by HIPAA, including using one solution to satisfy more than one requirement and the utilization of existing
Windows NT and UNIX built-in mechanisms, which if enabled, will assist in achieving HIPAA compliance in Technical Security
RR paper by Tim Ferrel examines the impact of HIPAA Security Rules in healthcare organizations,
which were designed to protect and secure protected patient health information that is stored or transmitted electronically.
The discussion includes topics such as certification, security configuration management, termination procedures and security
|Help me understand Security Threats & Vulnerabilities?|
Security Threats & Vulnerabilities
- The growing number of security threats and vulnerabilities makes a thorough risk assessment and implementation of best practices
for mitigation indispensable in today's environment.
RR paper by Elio Perez focuses on the current IEEE 802.11i standard
and its components concluding that the implementation of the standard will be slow due to the high cost of hardware replacements
and the low technology spending cycle of organizations. The paper also discusses the significant steps IEEE has taken to restore
the faith in the security of the 802.11 standard, following publication of threats to and vulnerabilities in earlier 802.11
standards and their respective implementations.
RR paper by Danny Neoh offers corporate network administrators
guidance on securing their wireless LAN (WLAN) in order to safeguard protected sensitive data. The paper focuses on the risks
of wireless networks as well as methods to mitigate these risks. After a discussion of WLAN technology and its pros and cons,
the various types of attacks on WLAN and the exploitable vulnerabilities in the 802.11 wireless security standards, the paper
goes on to recommend a defensible in-depth method for securing a WLAN; such a method would include providing security measures
and various layers, providing a proper wireless network security policy and auditing the network regularly.
paper by Robert Droppleman analyzes the use of Network Intrusion Detection Systems (NIDS) in small businesses environments.
After a discussion of the need for small businesses to keep business information and internal networks secure, the paper examines
the usefulness, effectiveness and cost effectiveness of using NIDS in such an environment as a means of mitigating risks posed
by security threats and vulnerabilities, concluding that while the NIDS does provide some network security protection, it
does it imperfectly and at great costs, making its use unlikely in small businesses.
RR paper by Pam Cocca on
e-mail security focuses on what threats exist and proceeds to discuss various ways to help combat the problem. The paper considers
the threat viruses, spam and phishing have on e-mail security and recommend various methods to assist in maintaining e-mail
security including email security products and outsourcing e-mail security to an outsourced security provider.
|What is a VLAN? - Virtual LAN (Local Area Network)|
VLAN - Virtual LAN (Local Area Network),
a logical, not physical, group of devices, defined by software, allowing the re-segment networks without physically rearranging
the devices or network connections.
RR paper by Steve A. Rouiller examines weaknesses in Virtual LAN (VLAN) security
and discusses countermeasures to improve security in these areas. The paper is based heavily on the possibility of sending
packets across different zones, which would render VLANs useless. A variety of possible attacks, exploiting the VLAN Trunking
Protocol, Spanning Tree, Basic Hopping and Address Resolution Protocol, are discussed and tested, with suggestions on how
to avoid such attacks.
RR paper by Ken Creekmore provides how-to advice on designing and securing an internal
network. The paper analysis the threats and risks involved in the configuration of several design scenarios and demonstrates
how the design can be changed to eliminate or minimize the problems. In addition, comments are provided for each revised design.
RR paper by Chang Boon Lee provides best practice information on designing and implementing a secure network in
an Internet Data Center, focusing primarily on telcos which provide Internet web hosting infrastructure to corporate customers.
After an overview of the architecture, the paper gives details of specific modules, such as the ISP Conductivity Module, that
make up the network design.
RR papers by George Farah demonstrate how to develop an information systems architecture
in a complex environment with few security measures in place, establishing VLANs connecting all local and remote offices nationwide.
RR paper by Daniel Oxenhandler examines several strategies for designing a secure LAN from the view point of the network
architecture. The paper focuses on three main areas; the network topology, both physical and logical, securing the routers
and switches and emerging and advanced techniques in network security such as Network Intrusion Detection Systems (NIDS).
RR paper by Etienne De Burgh outlines various security issues that may occur when implementing a storage area
network (SAN). The paper focuses on the current methods used to secure SANs, explaining problems that may occur when using
these current approaches and investigating emerging technologies vendors are beginning to market that seek to address the
concerns with earlier attempts at SAN security.
|What is MPLS - (Multi-Protocol Label Switching)|
MPLS - Multi-Protocol Label Switching
is an IETF-defined protocol, used in IP traffic management, that integrates Layer 2 information about network links (bandwidth,
latency, utilization) into Layer 3 (IP) in order to simplify and improve IP -packet exchange. This way, routers can pass on
routing priorities to each other by means of a label and without a need to examine the packet and its header, saving the time
required for the receiving device to look up the address for the next node. MPLS can also facilitate Quality of Service (QoS).
RR paper by Kelly DeGeest, discussing MPLS VPN technology as a alternative to Frame Relay and ATM networks, as well
as dedicated telco lines, providing a good introduction and explaining its relationship to the Border Gateway Protocol (BGP).
RR paper by Ravi Sinha takes a quick look at traditional IP routing and ATM in service provider networks, followed
by a discussion of various aspects of MPLS, as well as the operation of VPNs in a MPLS environment. The author concludes that
MPLS provides benefits that service providers need urgently in their networks, such as predictability, scalability and manageability,
and considers a MPLS infrastructure an excellent choice for providing VPN services.
RR paper by Gary Alterson
compares BGP/MPLS and IPSec VPNs, assessing the security provided by both solutions and suggesting guidelines for network
managers to assist in evaluating these two options. The following aspects should be considered: data confidentiality, data
integrity, data availability, remote access, Internet access, and scalability. Alterson concludes that BGP/MPLS VPNs are more
scaleable and provide better availability; IPSec VPNs provide for better data confidentiality and integrity; both types of
VPN are difficult to configure, and poor implementation is a concern for either solution.
RR paper by Michael
A. Stoos assesses whether MPLS VPN technology is the latest marketing ploy of the service providers or if it is a valid option
for the enterprise within its security framework. Stoos determines what security is provided or not; looks at potential flaws
as a VPN, as well as ways in which enterprise customers can take advantage of this technology.
RR paper by Guillaume
Tamboise, providing hands-on guidance on how to securely use SNMP on a BGP/MPLS VPN network. Service providers manage their
MPLS network and possibly the Customer Edge (CE) routers via their Operations and Business Support System (OSS/BSS) devices,
hosted behind some of their own CE routers, as well as value-added on-demand services hosted behind these CE routers on managed
servers. All these components can be managed using SNMP; Tamboise explains how to make the components interact safely.