How to Discover Network Security Loopholes

There is an illusion today towards discovering the loopholes in a network as wonders of global connectivity enfold. Such diversity seems to call for the need for companies to invest more in training their network operators on discovery of Network loopholes. Simultaneously, there also exists at large sophisticated hackers and crackers, who spend sleepless nights contemplating how to accurately discover security loopholes in a network enabling them penetrate through. this call for network security managers who should have the ability to hack into their own systems first.


These few challenges are the main forces driving research on discovering network security loopholes and as technological advances emerge, the cat and mouse game continues between attacker and protectors.

The major method that is being employed in most networks today to discover security loopholes is Penetration Testing as is examined below.

Penetration Testing

This can be defined as a process of actively testing information security measures. Organisations prefer to perform penetration tests to identify the threats facing them and resolving its vulnerabilities and weakness.

There are different types of penetration tests available. They are:

i. External Penetration Testing

The oldest approach of testing and is mainly focused on servers, infrastructure and software present in the target system. This type of testing is usually either performed with no prior knowledge of the site or with total knowledge of how the network topology is.


ii. Internal Security Assessment

This approach is similar to the external penetration testing with the addition of provision of a security report of the site. This testing is typically performed from a number of access points representing the different network segments.


iii. Application Security Assessment

This identifies and asses threats to an organisation through software applications that might provide interactive access to potentially sensitive materials. It is essential that the applications are accessed to ensure that they done expose the servers and the software to attack.

iv. Telephony Security Assessment

This assessment addresses security concerns relating to corporate voice technologies.


v. Social Engineering Security Assessment

This assessment addresses social engineering which is a non technical kind of intrusion.

For more information about Penetration Testing a great website that has lots of information is penetration-testing.com .

Network Analysing

After the penetration testings, it is quite easy to detect and confirm the network problems with a network sniffer/analyzer. With the professional data capturing technology and comprehensive capability of network analyzing, Colasoft Network Analyzer will help you monitor your network within seconds and maximize your network value.

Are You Being Watched?

by Brett Glass -- pcmag.com

How private is your PC data? Thanks to the proliferation of Internet worms and hardware and

software spying tools, the erosion of loyalty between corporations and their employees, and the

9/11 disaster (which has caused many to value security over privacy and civil rights), the

likelihood is greater than ever that your computer is reporting your every move to a suspicious

spouse, a government agency, an employer, or the entire world. In this article, we'll cover the

most prevalent spying hardware and software and explain how it can be used, abused, and

detected.

A hardware key logger is a device that captures keystrokes en route from keyboard to PC.

KeyGhost (www.keyghost.com), a New Zealand company, offers two hardware key loggers. The first is

an inconspicuous cable that runs from the keyboard to the PC (prices start at $139 and go up to

$409 direct). The second is a keyboard with the logging hardware tucked entirely inside the case

($189 and up). The company claims to have a wide variety of bugged keyboards ready-made to match

many brands of computers. If your existing keyboard is unique, KeyGhost will modify it and return

it with the logger hidden inside. Both the internal and external versions have maximum capacities

of about 2MB—enough memory to capture as much as a year's worth of typing. The Spy Store

(www.thespystore.com/pcsurveillance.htm) shows a more compact external key logger ($139 direct).

It has a smaller memory capacity, but its capabilities are otherwise similar.

Hardware key loggers usually can't be detected by software and may be tough for non-technical

users to spot. They're also compatible with most operating systems and don't require complicated

installations. The main drawback is that they can't capture the information that appears on the

screen but isn't typed in by the user. So hardware devices are best used to sniff out small but

vital pieces of information, such as passwords.

Although keystroke-logging hardware is relatively new, software that performs the same

function is not. In 1988, I implemented a primitive network keystroke logger as a DOS TSR, using

the NetBIOS protocol. My motivation at the time was not to spy but to ensure that my programming

work was preserved on another machine in the event of a system crash.

But today's spying programs do much more than log keystrokes. Spying software can be selective

about the data it captures; administrators can set the software to skim information and then

capture more data when certain criteria are met. WinWhatWhere Investigator

(www.winwhatwhere.com), a major product in the monitoring market, captures keystrokes, e-mails

information about your activities when key phrases are entered, and even renames itself and

changes its location at random. If the victim's machine has a Webcam connected, WinWhatWhere

snaps pictures periodically and sends them out surreptitiously.

SpectorSoft (www.spectorsoft.com) makes Spector Pro, which captures screen shots, records e-

mail and chat sessions, and logs keystrokes. In short, if something of interest to you happens on

a user's machine, you will not only know what the person typed, you'll have logs of e-mail and

chat room conversations and pictures of the screen. Competing products such as D.I.R.T., from

Codex Data Systems' (www.codexdatasystems.com/menu.html), offer similar features. And several

keystroke logger programs are freely available for download from many shareware archives. Logging

software is easier to detect via system diagnostic tools, however, and may be wiped off the hard

drive by reconfiguring or reinstalling the operating system.

In some cases, spying software may be installed as a virus, worm, or Trojan horse that arrives

via e-mail or an infected file. BackOrifice, a program created by a group of rogue hackers called

The Cult of the Dead Cow, can be installed in this way and can spy on and even commandeer the

victim's system. Several recent worms, including Badtrans.B, attempt to capture passwords and

credit card information from users' systems and forward the information to the worms' creators

via e-mail or Internet relay chat (IRC).

Another spying technique uses a network sniffer (usually a computer running special software)

installed on the same LAN as the victim's computer or upstream between the victim's computer and

the Internet. The sniffer taps and records the raw data flowing between the victim and other

machines; this data can be scanned later.

Only a few Internet protocols use encryption. E-mail is most often sent and retrieved as plain

text, and the password needed to break into someone's electronic mailbox is very rarely

encrypted. If encryption is used, a key logger can often be used to discover the password that

unlocks the data.

The FBI's Carnivore system, which is installed at ISP facilities to collect evidence, is one

example of a network sniffer. Civilian tools that can sniff LAN traffic—even on networks

supposedly protected from monitoring by network switches—are widely available for free via the

Internet.

Even if the party who wants to spy on you has no physical access to your network, you cannot

necessarily rest easy. A cracker who manages to gain control of any vulnerable system on your

network can set it up to sniff traffic from the rest of the network. And recently revealed bugs

in most implementations of SNMP (Simple Network Management Protocol) may provide an easy way for

intruders to take over managed hubs and switches, routers, print servers, and network appliances.

(For more on these bugs, see the CERT advisory.)

Tips for Troubleshooting Slow Internet Connections

Follow these steps to diagnose your slow Internet connections

1. Configure Broadband Router Settings Properly

Improperly broadband router configuration will probably lead to slow internet connections. keep consisting your router's settings with the manufacturer's and your Internet Service Provider (ISP) recommendations.

2. Reposition Router and Change WI-Fi Channel Number

Signal interference which requires computers to resend messages to overcome signal issues constantly may affect the performance of Wi-Fi and other types of wireless connections, repositioning your router and changing your Wi-Fi channel number may benefit your connection performance.

3. Run Antivirus Software Regularly To Diagnose and Remove These Worms

Internet worm may begin generating huge network traffic, causing slow network connection if any of your computers are infected. Remember to run antivirus software regularly to diagnose and remove these worms from your computers.

4. Don't forget the Running Background Applications

Some useful background applications, like Peer to peer (P2P) programs, will greatly consume network recourses. Therefore, don’t be blind to the running background applications when facing slow network connection issues.

5. Temporarily Re-Arrange and Re-Configure Your Gear

Faulty network equipment typically won't support connections. To troubleshoot potentially faulty equipment, temporarily re-arrange and re-configure your gear while experimenting with different configurations. Try bypassing the router, swapping cables and changing network adapters to isolate the slow performance to a specific component of the system.

6. Inquire Your Service Provider

Internet speed ultimately depends on the service provider. Don’t forget to inquire your ISP about what happened if you suspect they have main responsibility in your poor connection performance.

Conclusion

Reasons for slow connection are diversified, the 6 tips for troubleshooting slow internet connections are basic solutions that may guide you when suffering network connection problems, however,moreover, to diagnose and troubleshoot the issues manually is not an easy work. nowadays, many network administrators usually choose some easy - to - use network analysis tools, like Colasoft Network Analyzer (also called packet sniffer, network sniffer, protocol analyzer) to monitor,analyze, and troubleshoot their network in minutes.

How Public Key Encryption Works

When you are entering your credit card number, talking with your lover, chatting with your business partners, can you imagine what will happen if everything you are doing is exposing to everybody?

Yes, it is unbelievable but it is quite true, hackers can easily obtain your private information like crecit card number, email logs, chat logs etc. by using some network analytic tools, such as Colasoft packet sniffers.

Protect Your Email Secure And Safe

So if we are helpless with our private information from being monitored or stolen? Of course not, to keep data sent via email private, you just need to encrypt it, as only unencrypted content can be monitored by network analytic tools like network analyzer. Only the targeted recipient will be able to decipher the message.

How to Encrypt Your Message?

Public key encryption is a special case of encryption, it operates using a combination of two keys: one is a private key, the other is a public key which together form a pair of keys. The private key is kept secret on your computer since it is used for decryption, the public key, which is used for encryption, is given to anybody who wants to send encrypted mail to you.

How public key works?

When you send public-key encrypted mail, the sender's encryption program uses your public key in combination with the sender's private key to encipher the message. When you receive public-key encrypted mail, you need to decipher it.
Decryption of a message enciphered with a public key can only be done with the matching private key. This is why the two keys form a pair, and it is also why it is so important to keep the private key safe and to make sure it never gets into the wrong hands (or in any hands other than yours).

Why the Integrity of the Public Key is Essential

Another crucial point with public key encryption is the distribution of the public key.
Public key encryption is only safe and secure if the sender of an enciphered message can be sure that the public key used for encryption belongs to the recipient.
A third party can produce a public key with the recipient's name and give it to the sender, who uses the key to send important information in encrypted form. The enciphered message is intercepted by the third party, and since it was produced using their public key they have no problem deciphering it with their private key.
This is why it is mandatory that a public key is either given to you personally or authorized by a certificate authority.

Monitor Your Network Traffic with Colasoft Network Sniffer

Importance of network monitoring

Reading network traffic is essential for system administrators, network engineers, and security analysts. At some point there will be a need to read the network traffic directly instead of monitoring application level details. Examples of situations that might require monitoring network traffic are, auditing network security, debugging network configurations, and analyzing usage patterns. For this task we use network monitoring software, or network sniffers, that sniff the traffic your computer is able to see on the network. What exactly your computer can see really depends on how the network is laid out, but the easiest way to figure out what it can see is just start sniffing.

The most common tool to do the job is readily available. One of the most popular and easy – to - use tool for monitoring network traffic is Colasoft network sniffer,

How to Monitor Network Traffic

As a network sniffer, Capsa make it easy for us to monitor and analyze network traffic in its intuitive and information-rich tab views. With Capsa's network traffic monitor feature, we can quickly identify network bottleneck and detect network abnormities. This article is to discuss how we can monitor network traffic with Capsa's network traffic monitor feature.

1,Monitor network traffic in "Summary" tab

"Summary" is a view that provides general information of the entire network or the selected node in the "Explorer". In "Summary" we can get a quick view of the total traffic, real-time traffic, broadcast traffic, multicast traffic and so on. When we switch among the node from the explorer, corresponding traffic information will be provided.

(pic 1. monitor-network-traffic-in-summary)

2,Monitor network traffic in "Endpoints" tab

In "Endpoints" view, we can monitor network traffic information of each node, both local and remote. With its easy sorting feature we can easily find out which host is generating or has generated the largest traffic.

(pic 2. monitor-network-traffic-in-endpoints)

3,Monitor network traffic in "Protocols" tab

"Protocols" view will list all protocols applied in network transmission. In "Protocols" view we can monitor network traffic by each protocol. By analyzing network traffic by protocol, we can understand what applications are using the network bandwidth, for example "http" protocol stands for website browsing, "pop3" stands for email, etc.

(pic 3. monitor-network-traffic-by-protocol)

4,Monitor network traffic in "Conversations" tab

In "Conversations" tab we can monitor network traffic by each conversation and the figure out which conversation has generated the largest network traffic.

(pic 4. monitor-network-traffic-by-conversation)

5,Monitor network traffic in "Matrix" tab

"Matrix" is a view that visualizes all network connections and traffic details in one single graph. The weight of the lines between the nodes indicates the traffic volume and the color indicates the status. As we move the cursor on a specific node, network traffic details of the node will be provided.

(pic 5. monitor-network-traffic-in-Matrix)

6,Monitor network traffic in "Graphs" tab

If we want to get a trend chart of the network traffic, then we need to use the "Graphs" tab. "Graphs" view allows us view network statistics dynamically in different chart types, such as ling chart, bar chart, and pie chart. By selecting "Utilization" we get a real-time traffic trend chart.

(pic 6. monitor-network-traffic-in-graphs)

As we can see, with Capsa we can not only monitor network traffic in convenience, but also analyze network traffic in deferent levels, thus enables us quickly and efficiently detect network abnormities and troubleshoot network problems.

How to Monitor http Traffic with Network sniffer

Hypertext Transfer Protocol (HTTP) is an application-level protocol for distributed, collaborative, hypermedia information systems. Its use for retrieving inter-linked resources led to the establishment of the World Wide Web.

In order to monitor http traffic, we will need a network sniffer (or a protocol analyzer) software. Here is a detail process how we can monitor http traffic in LAN with Colasoft network sniffer – Capsa.

Again let’s launch Colasoft network sniffer and start a new project. Don’t forget one thing, we have to deploy the network sniffer to the mirror port of the core switch in order to monitor all http traffic in LAN, if not, we can only monitor http traffic of our own computer.

Then let’s start browsing a website, for example, www.colasoft.com, to generate some http traffic. Now let’s get back to the network sniffer and see if there is http traffic. OK, we can see the network sniffer has already captured some http traffic in the “Protocols” Tab

We can see both the aggregated http traffic since start capturing and the real-time http traffic in this tab.

If we want to do a deeper analysis on http traffic, we will need to use the “Locate” function to locate http protocol in the Explorer to let the network sniffer display only the data that is http protocol. Right click on the protocol and select “Locate Explorer Node” in the pop-up menu.

If we want to know who are using http protocol and what they are actually browsing, we are going to use two tabs, the “Endpoints” Tab and “Logs” Tab.

Let’s see who are using http protocol:

And what they are actually browsing:

What Can Hackers Do with Network Sniffer

What Can Hackers Do with a network sniffer?

A network sniffer in the wrong hands is a deadly weapon. A network sniffer is a real danger because it is a very powerful and difficult to detect tool

Security breaches of all kinds are reported all the time. Everyday we hear of hackers who managed to steal sensitive data, of people who become victims of identity theft, etc. Very often the breaches are so incredible that you wonder if hackers have supernatural powers. Well, hackers hardly have supernatural powers but they don't need them –supernatural powers are not necessary when a networklacks security and one has the right tools to break in.

Hackers Can Monitor Networks With a network sniffer

The tools hackers use to break into networks are more or less the same tools network admins use to monitor and maintain their network with. For example, network sniffers are among the tools hackers love most. A network sniffer captures packets and shows you their contents.This means that with the help of a network sniffer running somewhere into the network, hackers can monitor all the unencrypted traffic to and from this network.

This is really scary – just imagine a malicious hacker who knows all the secrets of your company. It gets even more dangerous for networks, where hubs (and not switches) are used because in this case a network sniffer can be installed on any computer and the hacker will monitor all the traffic in that segment, not only the traffic to and from the host. The good news is that hubs are almost out of use today and because of that hackers can do less damage with a network sniffer.

Hackers Can Obtain Passwords and Credit Card Numbers With a network sniffer

When a hacker uses a network sniffer to monitor your network, this is not nice but when he or she steals passwords, credit card numbers and other types of sensitive data, this is a real danger. Unencrypted passwords, credit card numbers and other sensitive data are an easy target for a hacker with a network sniffer.

In many of the cases of mass theft of credit card numbers and passwords happen because hackers use a network sniffer on an unencrypted network. For truth's sake, it is important to mention that even if all the traffic is encrypted, there are still many other ways to obtain sensitive data. But when the traffic over a network is not encrypted and nobody monitors the network for unauthorized network sniffers, sooner or later data will be stolen.

One of the greatest achievements for hackers with a network sniffer is to capture the administrator's password. When the administrator's password is transmitted over the network in an unencrypted form, this is an easy target for hackers. If hackers manage to intercept the admin password, they have the power to do everything they want to on your network – delete data, modify data, etc. So, do you see why hackers don't need supernatural powers but only the admin password?

5 Things Our IT Department had to skip

In last blog, we have talked about the 5 items our IT department must do even in the big recession, in addition to the things we can't do without, there are many more things we had to skip. We are not exactly happy to stop doing these things but desperate times cry for desperate measures and since these activities are something we can do without we had to either quit them, or drastically reduce them:

• No purchases of new hardware. Though it is not precise to say that we haven't bought a single piece of hardware in the last year, we have definitely cut hardware spendings. For the time being we do not plan to make major hardware purchases.

• Capital expenditures. Capital expenditures are another budget item we had to drastically shrink. We had schedules projects but the current economic situation made us have second thoughts and now capital expenditures are on hold.

• Software that is nice to have but we can do without it. Similarly to hardware and capital expenditures, some major software expenses had to be cut. Yes, there are many products, for instance accounting, HR, or ERP modules, which are great to have but we'll go for them when the economic outlook is less gloomy.

• Standardization. You know that IT people generally hate when they have to deal with bureaucracy and standardization, so if there is an item, we are happy to skip, this is standardization. More or less we skipped all standardization-related activities except those, that are related to regulations compliance. Standardization is put on hold, especially if it requires investment or other resources.

• No infrastructure upgrades. We are not exactly happy about this one but since there are more important items we can't skip, we had to significantly reduce the planned network upgrades. Some of the projects in this area are put on hold, while others are canceled.

It wasn't easy to decide what to skip and what to keep but when times are tough, it is not possible to pretend that everything is OK and go on as planned. We hope that we are right in our choices and time will show if we did wise choices or not.

James Ackland is Author of this article from www.Colasoft.com.

About Colasoft Co., Ltd.
Ever since 2001, Colasoft has been dedicated in providing all-in-one and easy-to-use network sniffer software for network administrators and IT managers to monitor network activities, analyze network performance, enhance network security, and troubleshoot network problems. Up to now, more than 5000 customers in over 70 countries trust the flagship product – Colasoft Network Sniffer as their network monitoring and troubleshooting solution. Colasoft also offers four free network utilities: Colasoft Packet Builder, Colasoft Packet Player, Colasoft MAC Scanner, and Colasoft Ping Tool. Learn more about Colasoft and its solutions, please visit http://www.colasoft.com/.