where can i learn about network security

Posted on

Member Since: Jan 18, 2003

i have a bunch of questions i'd just like to clear up once and for all. like for example:

how bad is WEP encryption, really? how much better is the higher bit (longer string) key, or does it make a difference at all? (i use WPA-2, but not every network i use does) if WEP is bad, why and how is it bad?

what are the security implications of making my computer 'discoverable?' whenever you connect to a network using vista, you're asked to set the location as either home(private), coffeeshop/public, and there's a third option too (i forget the third). in 'home' mode, your machine is discoverable. but suppose you're visiting someone and their network is unsecured and you set the location as 'home,' making your computer discoverable. what, then, could snoopers see exactly? what do they have the power to do? what can they do when you are on an unsecured network in non-discoverable mode? what can they do when you're on a secure network in/not in discoverable mode? there are a few permutations. i'd like to know what's up with them all.

i want to learn as much as i can about 'practical' network security. nothing highly technical just yet (though i am picking some stuff up slowly). just the basic stuff that i missed the first time around. because it bugs me that i don't know how to answer these elementary questions, and it's kind of just in the back of my mind when i go wireless.

[ Back to Top ]


Eat Spam before it eats YOU!!!
Member
Since: May 11, 2002


Jul 03, 2008 06:33 pm

I've found the best way to learn about security is to hack it. I mean... uhh... not that I do much...err... I mean... just because I don't like private myspace profiles... erm...

well...

The primary issue with WEP encryption is people collecting data packets and cracking the encryption and then either viewing the packets or (usually) jumping onto your network for free access.

By 'viewing the packets' I mean they will be able to see exactly what you see.

As far as 'making a computer discoverable' it's not so much an issue. If I hopped on a cafe's network to mess with people one of the first things I would do is 'port scan' Basiscally...a small network is going to have a maximum of 254 computers excluding the router which will be xxx.xxx.xxx.1 ... so quickly scanning everyone just to see if known vulnerabilities are available takes only a couple minutes.


as far as practical advice...

Every once in a while I'll have a client ask about security and "hackers steal'n their cookies" .... I usually just try to describe the cost - benefit of hacking. 95% of criminal hacking is physical "real world" crime... If I wanted access to your bank account I could:

1. pick you out of millions of people and hope you do online banking and then hope you do it over a wireless connection which I crack and wait forever as you surf porn for you to actually go to your banks site and type in your information. (and then I STILL have to deal with getting the money - as I sure as hell wouldn't be paypaling it to myself :) )

2. I get a job at a bank and copy a hard drive. I then put that in my computer to crack to account info to all of the banks customers... this way, hopefully I would get the ATM information at which point I just make my own ATM cards of viable targets. Or I get their information and get an actual drivers license made... which is the primary goal of identity theft.


www.TheLondonProject.ca
Member
Since: Feb 07, 2005


Jul 03, 2008 06:40 pm

.... ah yes, Zek... great points but it is often easier just to ask someone for the info.... social engineering

Member
Since: Jan 18, 2003


Jul 04, 2008 02:29 pm

"If I hopped on a cafe's network to mess with people one of the first things I would do is 'port scan...' so quickly scanning everyone just to see if known vulnerabilities are available takes only a couple minutes."

what kind of vulnerabilities, though? this is a dumb question perhaps, but asasuming that someone was interested in spying on you, is a snooper's ability limited to just intercepting network traffic/packets? or can there ever be a way--maybe through leaving file sharing turned on or something--in which a person could actually access a folder on your computer through the network and start communicating covertly with your actual computer?

Member
Since: Jul 02, 2003


Jul 04, 2008 03:18 pm

The vulnerabilties can allow complete control of a machine, that's why it's important to keep all OS's updated with the latest security updates.

More likely for the average person though is getting burned downloading stuff with keyloggers, and other trojan type software attached unknowingly or hitting a website with malware, loggers etc, installed silently. All the security updates in the world won't protect people from themselves but it does catch most of the sneaky ones. Thats why UAC on Vista exists to give users one last chance before *allowing* malware, trojans, keyloggers etc., to be installed. It's a pain for users who are pretty well informed and careful about what they allow, but the majority of people fall for the traps every time.

Dan

Ne'er ate 'er
Member
Since: Apr 05, 2006


Jul 04, 2008 03:56 pm

And if you have any of your drives "shared" for a home network, be sure to "unshare" them before you take the thing out in public.

Member
Since: Jan 18, 2003


Jul 04, 2008 08:10 pm

ok so help me out here...i do have a shared folder on this computer. you saying that people might be able to access it when i'm out in public? how? and would access be limited to that folder, or does it act like an open door to the rest of the drive somehow?

what about having a shared folder and then connecting to someone else's home network, either secured or unsecured? a lot of times there are neighbors all around who can see your wireless signal.

it's hard to know where to go to get this information. i'm not so worried about trojans and stuff at the moment. but i want files to be safeguarded.

Ne'er ate 'er
Member
Since: Apr 05, 2006


Jul 04, 2008 08:39 pm

If you have a drive shared, it means that anyone connected to a network that you are on can see the files in it. Now, you can set specific permissions for folders within the drive, but I don't recommend having drive sharing turned on at all on a public computer. It's just a bad idea.

Member
Since: Jan 18, 2003


Jul 04, 2008 11:58 pm

what about a folder that is shared? would access then just be limited to that folder or once in can peeps get into your unshared areas too?

Member
Since: Jul 02, 2003


Jul 05, 2008 02:04 am

In Vista you can set your computer up so that when you connect to a public network your shares are automatically disabled. Even if you don't go that route others still cannot connect to and view the share unless they are authorized either by an account setup on your computer or thru very lax permissions on the folder (which isn't the default), but that doesn't mean that someone couldn't hack there way in and their access would be limited to the shared folder, though it's pretty unlikely. Your back to Zek's point about whether a given target is worth the effort.

Dan

Member
Since: Jan 18, 2003


Nov 23, 2008 05:21 am

i still don't get this.

got back on a kick about this tonight and found this:

netsecurity.about.com/cs/windowsxp/a/aa042204.htm

is this really saying that an xp machine with folder sharing turned on is completely open to snoopers through the guest account? look what it says there in paragraph 1.

i'm serious about this. i want to learn how this stuff works but i'm not sure how to go about it.

Eat Spam before it eats YOU!!!
Member
Since: May 11, 2002


Nov 23, 2008 08:14 am

completely open unless you have it behined a firewall... like a router. I've had 'local' problems with the XP home guest account in the past... it's a very powerful account for what it should be. XP Home is not really set up with user restriction in mind... It's been a while since I've dealt with it but I couldn't prevent users from installing anything... and that included the guest account. Had to go with XP Pro for that.

Czar of Midi
Administrator
Since: Apr 04, 2002


Nov 23, 2008 02:48 pm

Ya, in XP Pro I simply shut off the Guest account. Although I am behind both a hardware firewall on the router and a software firewall.

I use Sygate Personal Firewall and it works great. It just takes a little time to set it up to allow the things you want to get through.

You can do the same thing on XP Home as well with the firewall.

Member
Since: Jul 02, 2003


Nov 23, 2008 02:57 pm

The guest account in XP is disabled by default, so you should be fine, but it never hurts to double check. :) The firewall included with XP SP2 and above is pretty good as well. The Vista firewall is a full fledged rules based firewall that on the surface is similar to XP's in the way you configure it, but if one wants they can go deeper into it and control things with alot more control.

Dan

Member
Since: Jan 18, 2003


Nov 23, 2008 06:33 pm

no listen:

my guest account was suddenly activated about a year ago. i never figured out why. it seemed like it happened by itself. however, it's my understanding (correct me if i'm wrong) that you need a guest account if you're sharing files on your network, which i was. so it's possible, i guess, that i set up file sharing around that time and then XP created a guess account. i have no way to verify that, but that's something that could have happened, right?

i have now password-protected the guest account and i have no need to have shared folders on my network anymore.

this machine has always been attached to a router, either directly or wirelessly. so what does that mean in the whole scheme of things?

is a mcafee firewall sufficient, do you think?

i'm seeing a lot of tips and nuggets of information here in this thread but i am no closer to figuring out things generally. i don't have the comprehensive view.

Administrator
Since: Apr 03, 2002


Nov 23, 2008 06:41 pm

Some random auto update may have activated the guest account.

You can share files as any user if you choose to share the folder/files or whatever.

As hard as they try, I have NEVER looked at Windows as a multi-user OS, it's always had it's problems...at least in the consumer OS's.

Windows and user accounts are virtually worthless.

Czar of Midi
Administrator
Since: Apr 04, 2002


Nov 23, 2008 06:47 pm

Yep, forty I have shared folders on all the boxes in this house. And even 2 shared complete storage drives. And I have all the guest accounts shut down, even on Mary's box which runs XP Home.

I am with dB on a random update probably activated it again. But I can verify that you can shut it down and you will still be able to share files/folders without problems.

As for the firewall, I prefer the sygate one as it is much less intrusive and much easier to use the anything else.

Even the free version is a good bet.

Member
Since: Jan 18, 2003


Nov 23, 2008 09:30 pm

i dont know how to eliminate the guest account. know how to do that?

it also seems that some sites say that the thingg has to be activated for file sharing to be possible, so i have conflicting info on that now.

do you think a system is safe if it connects through a router? suppose someone had *no* firewall but was behind a router. how secure is that? i'm just trying to figure out how this works

Administrator
Since: Apr 03, 2002


Nov 24, 2008 06:19 am

Many small routers have hardware firewalls...check to see if yours does. I'd rather have a hardware firewall than a software one hogging up resources on my PC.

Member
Since: Jan 18, 2003


Nov 24, 2008 06:55 am

mine does. there are four options. three are checked. one is 'block anonymous internet requests'

analysis?

Administrator
Since: Apr 03, 2002


Nov 24, 2008 07:05 am

Then forget about the firewall on your PC, router based firewalls are quicker and don't take up PC resources.

That one checkbox would be good to check. What router do you have? Most firewalls have more than four options...

Member
Since: Jan 18, 2003


Nov 24, 2008 07:22 am

linksys

Member
Since: Jan 18, 2003


Nov 24, 2008 07:23 am

the internet requests one is checked

Administrator
Since: Apr 03, 2002


Nov 24, 2008 08:23 am

OK. I am not as familiar with the Linksys routers as I am D-Link, but they are still usable. There HAS to be more options and settings in there, but really, stopping the incoming traffic is the most important.

Then it's watching post numbers, 80 is for www, 25 and 110 is for email, 443 is for secure www...other than that, you should shut the ports down.

Byte-Mixer
Member
Since: Dec 04, 2007


Nov 24, 2008 12:01 pm

I'm still learning and trying to educate myself on the firewall end. Namely netfilters in RHEL5/other linux settings.

If I understand right, the -basic- rule of thumb, is you want to deny by default, except the ports that certain services on your machine require access to. 80 for http, 25 for smtp, 110 for pop3, 143 for IMAP, 443 for secure http ()then you have 465 for smtp over SSL, 585 for IMAP over SSL, 993 for POP3 over TLS, and 995 for IMAP over TLS.

Er, I could be wrong, and I could have TLS and SSL switched around in my head again. :P One's secure socket layer, and the other is transport layer security I think. I'm still getting my head wrapped around the different ports.

Beyond that, I guess it depends on what else you use. FTP client? SSH client? The fact that some things use TCP/IP, and others use UDP. It can get complicated really quick.

Here at work at the univ. we have an outer boundry/hardware firewall and then we have another boundry set up on each of our internal services (http server/database server/etc.) using iptables to manage the netfilter. But that's all server-side on our RHEL5 servers. I'm still getting my head wrapped around security settings and what does what, learning a bit when Wally has time to teach me. I guess what it boils down to, is customizing the firewall to only allow what you want to allow.

Anyway, I'd think there would be a way to access your router, and do a custom config of the firewall.

If I think of a good security site info-wise, I'll post a link. I'm sure Wally knows something about info sites.

-J

Member
Since: Jan 18, 2003


Nov 24, 2008 05:00 pm

I'm never gonna figure this stuff out

Administrator
Since: Apr 03, 2002


Nov 24, 2008 05:19 pm

Dude, computer security is such an incredibly deep subject, especially on windows, it's a nightmare.

See, Linux/Unix is nice, it's all locked down, everything, and you open it up as you need to, with Windows it's all open and you lock down as needed, much more complex.

Member
Since: Jan 18, 2003


Nov 24, 2008 05:29 pm

but one should be able to get some basic sense of whether the situation is adequate or not, even with windows?

Administrator
Since: Apr 03, 2002


Nov 24, 2008 05:33 pm

you'd be surprised, I know guys with four year IT degrees that still don't get the mysteries of the Windows Registry...

The meaning of life has nothing on unanswerable question of the Windows security model...seriously, I have went round and round securing web servers and stuff, there is ALWAYS something left undone. I will have to dig up a couple auditing programs I've used, it's amazing the stuff you can find.

Windows Baseline [something] is one app that is simple...I forget the others.

Related Forum Topics:



If you would like to participate in the forum discussions, feel free to register for your free membership.