Network Protection Systems – Chapter 13

This chapter is all about network protection systems with a focus on several key elements such as routers, firewalls, web filtering and honeypots. The first section begins with Routers and explains protocols, basic hardware, and then follows up with taking a closer look at Cisco routers. A strong point made was that routers are used as network protection devices. This is accomplished through having similar components as a computer. Such as the following:

• Random access memory (RAM) – The component holds the router’s running configuration, routing tables, and buffers. If you turn off the router, the contents stored in RAM are eased. Any changes you make to a router’s configuration, such as changing the prompt displayed, are stored in RAM and aren’t permanent unless you save the configuration.
• Nonvolatile RAM (NVRAM) - This component holds the router’s configuration file, but the information isn’t lost if the router is turned off.
•  Flash memory – This component holds the IOS the router is using, it’s rewritable memory, so you can upgrade the IOS if cisco releases a new version or the current IOS version becomes corrupted.
• Read only memory (ROM) – This component contains a minimal version of cisco’s IOS that’s used to boot the router if flash memory gets corrupted. You can boot the router and then correct any problems with the IOS, possibly installing a new, uncorrupted version.
• Interfaces – These components are the hardware connectivity points to the router and the components you’re most concerned with. An Ethernet port, for example is an interface that connects to a Lan and can be configured to restrict traffic from a specific IP address, subnet, or network.

The computers Firewall is an important part to the network protection. It serves two main purposes. The first is controlling access traffic entering an internal network and second controlling traffic leaving an internal network. There are both hardware and software firewalls they each have their own advantages and disadvantages. The security tester must pay close attention to this aspect of network protection.

A honeypot is a place on the network perimeter that contains information or data intended to lure or trap hackers. The purpose of this is to distract hackers from getting legitimate data. Another objective of the honeypot is to attract hackers to the phony computer long enough so they can be traced and turned over to law enforcement. A good website for more information about honeypots is www.honeynet.org.

The chapter presented a lot of good material that will certainly help in protecting a network system. There were many helpful websites as well as charts and diagrams. 

Cryptography – Chapter 12

This chapter is all about cryptography which is the process of converting plaintext (readable) into ciphertext (unreadable). This process has been around for centuries. The text goes through a brief chronological sequence of the high points as it cryptography evolved. It is important to understand Symmetric and Asymmetric algorithms. Symmetric algorithm uses one mathematical key to encrypt and to decrypt, whereas Asymmetric uses two mathematical keys to encrypt and to decrypt. The book has several pages on understanding cryptography attacks and some possible safeguards to help thwart off attackers.

The chapter goes into much detail about protecting data as travels a network. It provides the security professional with many tools as well as areas to be concerned about. I found the chapter to be very informative along with much insight.   

Hacking Wireless Networks – Chapter 11

This chapter is a synopsis of wireless technology and network standards. It also covers some tools attackers use to gain access to wireless networks. The text begins with explaining the fundamentals of wireless technology and its components. As complex as it may seem there are a few basic elements which are:

• Wireless network interface cards (WNIC). Which transmit and receive wireless signals and (Aps) which are the bridge between wired and wireless networks.
• Wireless networking protocols such as Wi-Fi protected access (WPA)
• A portion of the RF spectrum which replaces wire as the connection medium.

The next few sections cover the following wireless network standards:

• 802.11 standard
• Basic architecture of 802.11
• IEEE 802.11 standards
• 802.1x standard
• 802.15 standard
• 802.16

 User authentication is important and usually is used in combination with wireless encryption standards to ensure that access to a wireless local area network (WLAN) is authorized.

Hacking a wireless network isn’t much different from hacking a local area network. Virtually the same port-scanning and enumeration tools can be used on wireless networks that are used on wire line.  

I found this chapter to be a good resource for wireless network connectivity. It walked you through the various parts of the system, how wireless networks work, and even how to safeguard your system. It was also interesting to note the various potential assaults attackers use to gain access to one’s computer. 

Hacking Web Servers – Chapter 10

Web applications are computer programs allowing website visitors to submit and retrieve data to/from a database over the Internet using their preferred web browser. The data is then presented to the user within their browser as information is generated dynamically (in a specific format, e.g. in HTML using CSS) by the web application through a web server. Web browsers are software applications that allow users to retrieve data and interact with content located on web pages within a website.

Most importantly, modern web sites allow the capture, processing, storage and transmission of sensitive customer data (e.g., personal details, credit card numbers, social security information, etc.) for immediate and recurrent use. And, this is done through web applications. Such features as webmail, login pages, support and product request forms, shopping carts and content management systems, shape modern websites and provide businesses with the means necessary to communicate with prospects and customers. These are all common examples of web applications.

Common Gateway Interface (CGI) is another standard that handles moving data from a Web server to a Web browser. CGI’s main role is passing data between a Web server and a Web browser. It accomplishes this through scripting languages like Perl or others to creating dynamic web pages.

The critical piece or part is for the security tester to understand the vulnerabilities of Web Application. Security professionals need to access the system and examine potential methods for attacking it. When conducting security tests on Web applications determine whether dynamic web pages were used, whether the web application connects to a back end database, whether a separate sever is used for authenticating users and what platform was used to develop the Web application.

Many tools are available for testing Web application vulnerabilities such as Wfecth and Wapiti. Also Open Web Application Security Project offers open-source software to help security professional learn about Web application vulnerabilities.

Embedded Operating Systems – Chapter 9

What is an Embedded Operating System? It is a special-purpose computer system, which is completely encapsulated by the device it controls. An embedded system has specific requirements and performs pre-defined tasks, unlike a general-purpose personal computer. One type of specialized embedded OS is a real-time operating system. (RTOS) This is typically used in devices such as appliance controls, programmable thermostats, and even in pacemakers.

There are a plethora of other proprietary embedded operating systems such as VxWorks developed by Wind River Systems, Windows from Microsoft, and QNX form QNX. The *NIX embedded operating system is an example of a monolithic OS used in a multitude of industrial, medical, and consumer items.

Today hackers want more than notoriety; they are looking for monetary gain. They are looking for ways to exploit embedded operating systems for personal profit. For reasons of efficiency and economy connecting embedded systems to a network has its advantages. However a security tester will need to address:

• What peripheral component interconnects devices is present?
• Where were they manufactured? Is this supply chain trustworthy?
• Which embedded OS is currently loaded on device?
• Can you make sure the embedded OS hasn’t been corrupted or subverted with malicious code?
• Which devices have embedded OSs stored in rewriteable memory?

 Supervisory Control and Data Acquisitions systems (SCADA) are used for equipment monitoring in large industries, such as public works and utilities, power generators and dams, transportation systems, manufacturing and anywhere automation is critical. The protection of SCADA systems are a life or death proposition. So for this reason SCADA systems are usually separated from the internet by an air gap. This measure helps minimize the potential vulnerabilities.

In an effort to fight off attacks a security professional should be aware of all embedded systems, upgrade or replace embedded systems that can’t be fixed or pose an unacceptable risk, be on top of all patching, and follow the least privileges principle and restrict access to thwart off attackers.

Desktop and Server Os Vulnerabilities – Chapter 8

This chapter speaks to Vulnerabilities in Windows and Linux operating systems. As a security tester it is vital to be able to identify potential security problems and correct such weaknesses. A good website for determining vulnerabilities for any operating system is www.cve.mitre.org. This site can also be used to test a Windows computer and make sure it has current updates as well as patches. The following areas are potential locations for a security breach:

• Windows file Systems
• File Allocation Table
• NTFS (New Technology File Systems)
• Remote Procedure Call
• NetBios
• Server Message Block
• Common Internet File System
• Null Sessions
• Web Services
• SQL Server
• Buffer Overflows
• Passwords and Authentication

Some tools to help find vulnerabilities are eEye Retina, Tenable Nessus, QualysGuard, GFI Languard, and IBM Internet Scanner and OpenVas. All these scanners can be used on both Linux and Windows operating systems.

However built into Windows is MBSA (Microsoft Baseline Security Analyzer) which has the capabilities of checking for patches, security updates, service packs, and hotfixs. It can also address the concern right away.

The following list is ways to help make your computer more secure:
• Patching Systems
• Antivirus Solutions
• Enable Logging and Review Logs Regularly
• Disable Unused and Filtering Ports

The chapter continues with Linux operating system vulnerabilities and tools to identify these issues. There are several Lab activities throughout the chapter which give you some hands on experience.

Programming for Security Professionals – Chapter 7

This chapter is an introduction into programming for the Security Professional. It is an overview of C, HTML, and Perl programing. It began with some basics about Branching, Looping, and Testing. Branching takes you from one area of a program to another area. Looping is the act of performing a task over and over. The loop usually completes after testing is conducted on a variable and returns a value of true or false.

The most popular programming language is C. When writing an algorithm it is critical to have clear program code documentation. The text has several different charts giving descriptions of each of the following topics Compilers, Characters, Variable types, Specifiers, and Operators. Security Professionals should have a basic understanding of Peril and c because many security tools are written in these languages. With this knowledge a Security Professional could modify the security tools and construct their own customized program.

The chapter concludes with reviewing Object-Oriented Programing Concepts along with an overview of Ruby. Again there are some charts listing the functions and their descriptions. Overall the chapter provided some insights on the fundamentals of programing and it was not overwhelming.