Wednesday, December 27, 2006

Great Anti Phishing Site!!!

Sorry for such frequent posts but I just came across this great phishing site

The best defense is don't go to sites you are not familiar with but I should also mention that many vendors offer anit-phishing protection included in products such as Software Firewall, Hardware Firewall, Network Intrusion Prevention, Anti Virus, Network Anti Virus Protection.

What is a phishing attack?

A phishing attack is designed to steal your logon credentials and possibly steal your identity from web sites that would store this type of information.

Currently the most common form of a phishing attack are e-mails sent to your personal e-mail account claiming to be a business such as PayPal or a financial institution. Usually within the e-mail they well ask you to click on a link and verify your account status or address. The trick is that, the link in the e-mail that you click on, is linked to a web site that is a mirror of your bank or financial institution. It is not really their website, it is a phishing site that looks exactly like your banks website.. You will then be presented with a username and password. Phishing web sites then store your username and password to access your data from the real web site. If you entered the data he attacker now has everything they need to access your banking information, to transfer funds, to change mailing addresses, bank account numbers, credit card numbers. Etc…..

If this happens to you, you should notify ASAP. See for more information regarding Internet Fraud and Fraud Response.

You should never click on a link contained in an e-mail, even if this the e-mail has your name on it, is from an institution where you do have an account, and has a return address of your financial information. Always log into your personal accounts by entering the URL your self into the browser.

Thursday, December 21, 2006

Do I really need URL filtering at home if my kids are on the internet?

Absolutely beyond a doubt. Here’ a true story…..

I was stealing a nap one Saturday afternoon after I had written my first book. I was exhausted after what seemed like endless hours of non-stop editing and writing. Only my oldest child was in the house with me. As I was half asleep I heard him ask , “Hey Dad can I get on” He is 8 years old and my wife and I decided this is a completely appropriate site for an eight year old. I groggily replied, “sure, no problem”. Seconds later I heard him say, “Hey Dad, I clicked on foxracing, there’s no mountain bikes, but there are a bunch of girls in their PJ’s!!”. OK I’ve seen the screen pop-up of images that you don’t really want to try and explain to a very curious and intelligent eight year old. I flew out of bed, and raced to the computer. Ah, I thought, there must be a God, to my extreme relief it was ACTUALLY girls in PJ’s……..Instead of just typing in the browser, he typed “fox racing” into the Goolge search screen, which is our default home page and thin clicked on the first link. This little lesson did a few things for me. - made me realize how stupid I was by not putting in child surf control software. - Made me research software that could spare other families and friends from this same experience. - Motivated me to start this blog - Motivated me to start my new book aimed at protecting you and your family while on the internet. Below are recommendation from security professionals on software to apply filters to protect your kids when they are on-line.

Wednesday, December 20, 2006

Do I Need IPS at Home?

This is a question I’ve had asked by several of your more savvy Internet users.

IPS looks deep into a network packet to see if an attack is being attempted against your network. IPS works by comparing inbound and outbound traffic on your network to a known list of attacks, this list of know attacks are called signatures. If a match is found IPS can drop the traffic before it does damage to your network devices.

Let’s start this discussion with an absolute, first-things-first, I’m assuming you have a firewall, if not, you’re crazy!!! The chances of you already being compromised are somewhere between 99% and 99.999% and you are asking the wrong question.

So….let’s change the question. I have a firewall in place do I need IPS?

Ahhh. Much better. The answer is, if you are hosting a Web Server or an FTP server or are providing an Internet service of any type, then you are letting unprotected traffic into your network and you should have an IPS device to help ensure the security of your device and data. In addition, you should have Anti Virus Protection, not only because it’s a great best practice for a home user but also because mail viruses can evade IPS because email viruses are often encrypted. IPS does not work against encrypted traffic.

If you are not hosting a web server or something similar, then your firewall should at a minimum be doing two things..
- Allowing your outbound traffic and the corresponding return traffic
- Blocking any inbound traffic sourced from the internet.

Again, regardless of if you are hosting a web server or not Anti Virus is highly recommended.

Tuesday, December 19, 2006

I know Myspace is fun, it’s also dangerous. .... I hate to be a kill-joy. Please read!!!!!

There are crimes committed based on information learned from Myspace and other social communication sites. Parents you need to coach you children on how to protect themselves when they are on-line, you need to protect them like their well-being depends on it, because it does!!!

As evidenced by serious crimes recently committed at schools, predators use social websites for pre-crime reconnaissance and chose their victims based on information they find on some of these web sites. Picture the kid who says, I’m a 16 boy, may name is XXXXXX and I work at McDonalds on Ocean street during the evening shift, and also includes a handsome picture of himself. He is dreaming that a nice young girl his age is going to drop by to check him out. Nice thought but the reality is that he may be setting himself up for the local predator who happens to like the picture. If you have any doubts search the web for “predator and myspace”, at the time of this writing there are 902,000 hits.

Please consult the following links to get a better understanding of how people can still use these websites but use them safely. I am planning on writing a book on this subject so I can consolidate all these types of threats and ways to mitigate the threats in a single location.

Wednesday, December 13, 2006

Basic Home Computer Security Question #5. Why should I change the password of my router once I install it?

Basic Home Computer Security Question #5. Why should I change the password of my router once I install it?

I’m glad somebody asked this question, because it's often overlooked and is a huge mistake if you don’t do it. You must absolutely change both the username and password on any network device that you install, such as;
1) router
2) firewall
The reason is most network devices must come with a default username or password and there are several tools out there that will just scan for devices and automatically enter default usernames or passwords. In fact to make it more dangerous a hacker can get a scanner that will go out and find a network device from certain vendor, and they can manually enter the default username or password to try and gain access to this device. Once someone has access to the device protecting your network, they can open it up for access, sniff your network for usernames or passwords, sniff for personal information that will allow them to steal your identity credentials.
Just for laughs enter this URL and you will see how easy it is to gain the default usernames and passwords for all vendors networked devices.

Websense to Address New E-Mail Ransom Attack

In an ongoing effort to make home users aware of emerging threats I am posting this notice that was borrowed from an email from Websense. PROTECT YOUSELF!!! See and search on ThreatSeeker.

THREAT ALERT New Cyber-Extortion Scheme Targets Webmail Websense® Security Labs™ has identified a new form of cyber-extortion with its ThreatSeeker™ technology. Unlike previously documented cases, this attack compromises online Webmail accounts. In this case, when victims logged into their Webmail accounts (in this case, Hotmail®), they noticed that all their “sent” and “received” e-mails were deleted along with all their online contacts. The only message that remained was one from the attacker that requested they contact them for payment in order to receive the data back.
In this case, the victims had recently visited an Internet cafe where their credentials may have been compromised. The email, which was poorly written in Spanish, roughly translates in English to: "if you want to know where your contacts and your e-mails are then pay us or if you prefer to lose everything, then don't write soon!"
Although there has only been a single documented case of this new kind of threat, Websense security customers were immediately and automatically protected from it.
Resources: Learn more about Websense ThreatSeeker technology See the alert details from Websense Security Labs Read press coverage of the discovery

Tuesday, December 12, 2006

Basic Home Computer Security Question #4. I have a Mac. Do I need anti-virus software?

It is true that most viruses and malware in the past have been written for Windows systems. But recently as Macintoshes enjoyed more popularity there of course have been more viruses, adware, spyware etc. written for the Macintosh. In addition there are some threats such as Microsoft office vulnerabilities they can be utilized to attack a Macintosh. Because of this it is recommended that you run a reputable and current antivirus software application on your Macintosh.

The following is a list of the six top rated antivirus software packages for the Macintosh that I borrowed from an excellent antivirus web site -
1) Norton Internet Security for Macintosh

2) Norton AntiVirus for Macintosh

3) Virex

4) Sophos Anti-Virus for Macintosh

5) Intego Security Products

6) RAV Antivirus for Mail Servers

In addition, to protect yourself further, install a personal firewall on your Macintosh or a hardware firewall on your network.

Monday, December 11, 2006

Basic Home Computer Security Question #3 - When I receive spam, should I "unsubscribe" myself?

Most definitely not, spam may seem innocuous but it’s not. Don’t try to unsubscribe yourself for the following reasons;
Spam usually comes from mail accounts that have been compromised. So unsubscribing will do no good.
If you’re presented with a web site by a spammer clicking the unsubscribe button merely validates that your address is a valid address. Spammers will keep this information in a database, maybe even sell it to other spammers which insurers that you will get much more spam in the future.

Some of the large-scale e-mail providers such as Yahoo and AOL now have pretty good spam protection. If you do get spammed, you have an option to mark it so that there spam protection algorithms and software can stop this particular message in the future. The best thing to do when you get spam is nothing. If you get spam that contains a web site, or links that you can click on, under no circumstances should you ever click on these links or go to these web sites. If you do you run the risk of malware being installed on your machine without your knowledge, opening your machine up for attacks or further spamming.

I haven’t had personal experience with anti-spam software, so I don’t know exactly how it works or how well it works. But if you Google Spam protection you will get several hundred hits which may add some value to stopping spam on your system.

Friday, December 8, 2006

Basic Home Computer Security Question #2 How do I know if my machine has been compromised?

This question is as excellent as it is difficult to answer. There are so many different ways a machine can be compromised, and so many different clues that it’s kind of hard to define. One of the main reasons this is a difficult question to answer is that hackers normally cover their tracks when a compromise a machine. This means that they can delete messages and logs or run programs that hide processes are files that they may be using. I’ll go with some bullet points here.
- The first thing I normally do is scan my machine to see if there is any malicious software on it such as viruses, spyware, adware or Trojans. You can do this one of many ways. What I usually do is go to a web site such as trend micro and run their scanner tool which will scan my machine remotely. This tool will come back and tell me if I have any known software on my machine that is classified as malware. There are other utilities besides trend micro. Just to name the few: Spy Doctor, Ad Aware, and also Microsoft Defender is very good.
- Getting a little more complex you can simply use the netstat utility on your PC and see any network ports are open that shouldn’t be open. This is tough because you get a list of open ports and you will need to compare that against the ports that should be open. You will need to compare each port on your list to what Google shows as being the correct usage for that port, and then compare those results to what you have installed on your computer. Check the sysinternals web site, which now redirects to a Microsoft site for tools that can help you with this process. TCP view is a nice utility that tells you the ports are open and the application that has support open. That you need to be aware that an attack can be a very tricky thing and whoever wrote the attack code may be using an existing System file which could fool these types of applications.
- One of the most common ways to tell if your computer is compromised is if it suddenly starts to run very sluggishly. In this case again he would run the scans and take the same steps outlined above.
The best way to ensure that you are not currently compromise is to rebuild your operating system off-line, install a personal firewall and install antivirus software before bringing the machine back online.

Wednesday, December 6, 2006

Basic Home Computer Security Question #1 -. Why do I need a firewall or NAT device? Can someone log into my computer from the internet?

So we have two questions here to evaluate and answer. Why do I need a firewall or NAT device? And can someone log into my computer from the Internet?

From a security engineer pointed of view these questions are just a little bit backwards, so let’s answer the second question first. Yes, a hacker can very easily log into your computer from the Internet. The first thing a hacker does is to run a vulnerability scanner, this is commonly called a reconnaissance attack, looking for ports that are open on your computer and being used by an application that has a security weakness or flaw. In most cases the hacker has a favorite set of tools that they will use to try to log onto your system, these tools are often called Kiddie scripts. They tools are named so because they’re so easy to use a child can use it. Probably the most common tool accessible on the Web is a tool called *Metasploit. So when somebody is doing reconnaissance on your system they will be looking for a weakness that can be exploited by their favorite tool. Once they’ve identified your IP address and a vulnerable port/service, with just a few clicks they can gain full command level access with administrative privileges on your PC.

Here's a list of dangerous characteristics of many of these attacks that gain access to your system :
- many of these attacks not require a username or password to log on to your system
- many of these attacks give you full administrative privileges
- once an attacker has this type of access on your system there is no limit to the damage they can do or the information they can steal
- once an attacker has this type of access your system can be used to attack other systems without your knowledge, until of course the FBI comes knocking on your door:)
- the are many other ways your system can be besides someone logging on.

Now let’s address the second part of the question, why do I need a firewall or a NAT device? A firewall can help to ensure, in the case of a personal computer using a Internet service provider, that no ports are open for inbound traffic. This eliminates the possibility that a hacker can do a vulnerability scan and find open ports on your system, if no open ports are found there is no attack vector for an attacker to access your system. There is an ongoing debate in the security engineering world whether NAT is a security feature or not. The main purpose of Nat is to map the IP addresses on the inside of your network to single or multiple addresses that are used when you go out on the Internet. Effectively this cuts down on the amount of money you need to pay for your service provider per Internet address, and also reduces the threat that we will run out of IP addresses in the near future.

Even with the firewall, it’s recommended that you install antivirus from a reputable antivirus company and keep it up-to-date to help protect your home system.

I hope I covered the highlights adequately answering this question. Please feel free to comment or add whatever you think is appropriate to the subject. Thanks.

Tuesday, December 5, 2006

Security Subject Request - Basic Home Computer Security

Please feel free to post a comment with suggestions on subjects or questions that you would like to see covered in this blog. George Lambidakis, a colleague who does some security consulting has recommended the following subjects be addressed. Look for comments and answers on these question in the next day or two. Thanks George!!!

1. Why do I need a firewall or NAT device? Can someone log into my computer from the Internet?
2. How do I know if my machine has been compromised?
3. When I receive spam, should I "unsubscribe" myself.
4. I have a Mac. Do I need anti-virus software?
5. Why should I change the password of my router once I install it?

I Don't Have Anything on My Computer Anyone Wants. I don't Need Security

This subject is probably a little more for the intermediate user. There is a misconception that hackers or web criminals only want data off of your machine. In fact that's not true at all. Hacker, criminals and terrorists all want your machine its self. Your PC if not secured, can be EASILY and HAPPILY used for the following;
- BOT installation, used by hackers for sending SPAM and sourcing DDoS attacks.
- Used by criminals as a "jump host". In this scenario criminals access your machine before attacking another location. This helps them cover their tracks in the case of a forensics investigation. In many cases they will use several jump hosts, at least one of which is in a foreign country that doesn't work well with US police investigators. Using this technique makes it almost impossible to catch cyber criminals.
- Keystoke logger installation. This allows attackers to see exactly what you type on your machine before it is encrypted. So if you go to a website and purchase something with a credit card, they have a copy of your username and password, credit card number, bill to and ship to addresses. etc.

At this moment in time my hot point is an article last week that terrorists plan to attack financial communities on the web. This task is enabled by people who believe they have nothing on their computer that anyone wants. The only way terrorists could possibly get enough bandwidth to launch devastating DDoS attacks against the banking system is to compromise thousands of computers with BOT's and then send a command for these computers to all launch an attack at the same time.

Any guesses whose machines they will use? You guessed it - the user who doesn’t believe they have anything a hacker wants!!!

To mitigate this and many other problems. Make sure you have at minimum of a personal firewall, current patches for your Operating System and up to date virus protection from a reputable vendor.

Monday, December 4, 2006

Welcome to the Security 1A Blog

Hey Everyone,

My name is Greg Abelar. I'm a Security Architect/Engineer for Cisco Systems and an author of two books dedicated to helping folks deploy proper security when they are setting up internet connectivity.

This blog is being setup to discuss internet security issues for both the intermediate and the advanced internet user. I’ll be posting several messages over the next few weeks, that will hopefully provide a platform for security discussions and help you to understand the “real” risks you face when you use the internet.

Please revisit my site in the next few days and feelfree to participate in on-going security discussions.