Server security has become vulnerable to the threats in the web environment. Hackers are on the lookout for the web server security breach to enter malicious software that gets installed automatically. It is important to look into the server security issues and provide solutions for optimum server security as it is the backbone of a website and making server security less vulnerable which is our prime responsibility only if we want to flourish without fail in the World Wide Web. There is a need to take heed of the possibilities of a hacking process that poses danger on the server security.
Web applications developed to ease of development and testing procedures offer privileges with no such restrictions and such privileges done on live production server poses a great threat for mischievous users to access it and hack it instantly and harm the server security. Similarly, the privileges on the file and network services by means of the service software can induce a malicious user to access sensitive areas like the website and its database, the web application files, backend data etc, and create a server security breach issue. It is therefore wise on the part of the web master to provide least privileges for utmost server security.
User accounts can also keep certain server security holes as open access for hackers to barge in to pose a threat over the server security. The default user accounts when not in use should be deactivated or other wise it can pose a threat over server security. The names for the administrative accounts should be changed and not to be given to other users so as to guarantee complete server security. Correct authentication and privileges solves half of the problem and server security is guaranteed.
There is the need to get specialized in current security trends on the Internet; gaining experience to enable us to identify potential threats that might bring down your Internet hosts. There are full security auditing services offered for all UNIX-like operating systems (such as Linux, FreeBSD, Solaris etc.) and for all other Internet services. The security auditing should include within itself 24/7 live support, scanners for threat identification and terminating server security threats and errors from its root, periodical check, performance optimization and systematic troubleshooting tactics in case of grievous error occurrences. The scanners installed in the system should scan the web applications and perform advanced server security checks against the open ports and network services as well. The next best thing is also to check which ports are open or not by accessing your ISP Configuration Portscanner and can open only the ports you need for your services.
The expert team performing server security checks should have the ability to customize audits by controlling access to remote systems, comprehensive reporting facilities must be catered in order to ascertain open IP ports and network weaknesses, behavior of port scans, flexibility to schedule audits, give suggestions on newer server security measures implemented for ultimate server security. What more? Many websites offer security seals that perform standard and advanced audits to ensure proper server security making it less hacking prone.
By: Sanjay Kumar
Archive for October, 2009
Server Security- Understanding the Reasons with Possible Error Rectifying Measures
October 26th, 2009Air Defense Will Discuss Hacking the Invisible Networks at the Wireless & Mobile Expo and Conference
October 25th, 2009June 11, 2008 – Toronto, Canada – Air Defense’s Chief Technology Officer, Amit Sinah will discuss Hacking the Invisible Networks at the 2008 Wireless & Mobile Expo and Conference.
Invisible networks are proliferating across the world from hotspots to corporate WLANs to RFID compatibility in the warehouse. While unable to be seen by the naked eye, hackers see these networks as a new opportunity to access corporate data and make considerable profit. If a security strategy isn’t considered as part of the development of invisible networks, companies will find little luxury in their new found flexibility if a data breach occurs.
The session will examine tools that are designed to exploit three of the most popular wireless networks, Wifi, BlueTooth and RFID, and discuss the important wireless security best practices that will help secure the invisible networks.
The presentation will conclude with a discussion of security best practices for countering potential attacks through the different types of wireless communications introduced earlier. Building a layered approach to wireless security is where secure communication begins. Locking down devices and communication between devices is a start; however, organizations must also have visibility into their wireless network to understand where breaches are occurring.
As Chief Technology Officer of AirDefense, Dr. Sinha is responsible for research & development, intellectual property and for steering the strategic technology direction of the company. He formerly served as Vice President and Chief Technologist at Engim, a company he co-founded. He has co-authored over 25 journal/conference papers, contributed chapters to 3 books, and is the inventor of 15 US patents. Dr. Sinha received his S.M. and Ph.D. degrees in Electrical Engineering and Computer Science from the Massachusetts Institute of Technology and his B.Tech. degree in Electrical Engineering from the Indian Institute of Technology.
By: WowGao Inc.
Cisco Security Certificates Mechanism And Its Aspects
October 23rd, 2009Security is always been the major concern for most of the people and there were numerous researches on improving the security. Cryptography has been a major area of research for most of the scientists. Network security is an indispensable part. Customers need to trust the network in order to use it. Thus the users of the network must be well guarded with privacy and security. Confidentiality and integrity must be maintained in order to make people use a network. Cisco security certificates mechanism and its aspects certificates deals with security aspects of a network. In order to authenticate network devices digital certificates are greatly used and they play a major role in authenticating users in a network and one can use it between the network nodes to negotiate IPSec sessions. There are three different ways in which a Cisco device recognizes itself in the network.
The first one is the preshared keys, where two or more devices have same shared secret key and this is used by the peers for authentication. They compute a data and send it in order to authenticate themselves.
The receiver is expected to create the same hash and this does not depend on the preshared key. It is based on the concept of using the same secret in order to build trust. This method looks very similar to olden ways of communication and it is not very scalable.
The other popular method include self-signed certificate where a device is used for this purpose. It generates own certificate and takes ownership of it and signs it to be valid. One has to use this certificate in a limited manner. A very good example which illustrates the usage of this certificate is SSH. One can also find HTTPS access to be a good example and what it requires is all a username and a password. This is the primary requirement in order to establish a connection. One must be aware of the reloading of the persistent self-signed certificates which has the ability to survive reloads. It has the ability to be store in non-volatile RAM. This factor makes it to be persistent. SSl VPN is an excellent example for persistent SSI which has got a nonvolatile RAM. Another popular certificate is the certificate authority in which a third party is used for the validation process. He is used to authenticate the parties that are trying to communicate. Each party is given with a public and a private key.
The public key is employed for the encryption process and the private key is used with the decryption process. Since they are using the certificates, which were generated from the same source they are given assurance of the identities. In order to obtain the digital certificate one can use the ASA device. This is used to obtain the certificate from the third party.
One has to undergo an enrollment process and this can either be a manual or an automatic enrollment process. This method and the digital certificate is based on third party product and the certificate service is vendor based. One has to contact the vendor to obtain more information on this. One or more pre-shared keys are used with Cisco Adaptive security or third parties are involved in providing digital certificates which are used in the authentication of IPSec. Self-signed digital certificates can also be produced which are used with SSH, HTTPS.
The Cisco Adaptive Security Device Manager also uses this for its connections to the device. One can refer the document in order to understand the procedures for obtaining a digital certificate. This document does not include the procedure for the method of enrollment. One can find the use of ASDM and also the final command-line interface in the document.
One can refer various examples in order to get better enlightenment about the things in the Cisco IOS platform. A popular example includes the IOS certificate enrollment. One can also refer to related examples in order to understand about VPN 3000 series.
One must make sure the following rules are satisfied before proceeding to configuration.
Configure your window server.
Then make sure your server support Cisco axa pix version 7. 0
If required install extra dll files, in order to run the Cisco axa in window server.
Try to get the add-on dll as exe extension. These help you to add your Cisco application easily with the window server.
Make sure the date and time zone is configured properly in the window server.
Modules involved
Cisco asa with recent version should be used.
Cisco adaptive manager version should be minimum 5. 0
Window server should contain its certificate to ensure ability to run the program properly.
Added modules – This configuration also used in Cisco pix series also.
Step by step procedure to configure Asdm.
Click on Asdm application panel to choose configuration button.
Try to choose device manager from driver menu.
Enter the domain and the host name properly.
Then after configuration, click the save button.
Configure asa with proper time and date, and make sure the time setting is correct and matches with their time zones. To do the above configuration login in to ntp server.
Click the application panel, choose clock under device administration.
You can now able to see the calendar, choose the correct date and time in the calendar. Click the save button and close the window.
Now let us see how to configure the asa.
In the application panel, choose key pair under the certificate option.
Click add button, you get a pop up that asks you to fill the key name and size of key name.
Click generate key now and close the window.
Let us see the steps to add the network under trust worthy option in server.
Click on application panel and click add.
Here click the edit trustworthy configuration.
Fill the available key pair and give the related Microsoft URL address for the key used in server.
Let us see the steps to configure control retrieval methods.
Make sure you uncheck the directory access protocol.
Enable the simple http protocol by just putting check mark in check box.
Click save button and close it.
By: Ali Bitazar
A Technology Degree Will Secure A Great Career
October 22nd, 2009Now more than ever, information technology is booming. The advancements in the past few years have surpassed anything else in the industry. And this trend is almost guaranteed to continue to rise over the years.
There are many exciting career opportunities that you can get with a technology degree such as network engineering, database management or even becoming a computer technician. Therefore, choosing the technology degree that is best for you is crucial to your future success. There are a lot of qualified colleges and learning facilities that will give you the tools you need.
There is great interest in these types of jobs, so it is important to get the best training. Most institutions that offer a technology degree program will have the necessary hands on training that you need to succeed. They will also be able to work with you to make sure you find the career that is best for you.
If you have a love for computers and technology, then you have a great starting point. The next step is acquiring the skills and tools that are necessary for you to be able to turn that love into a lucrative career. Upon receiving your technology degree, you will be qualified to work in a wide variety of information technology fields.
With the amount of Internet based crimes on the rise, a career working in network security can be a great plan. Hackers are always finding new tricks to get access to secure information. If you worked in network security, you would always have to stay one step ahead of the hackers. This can be a fun and challenging position.
Depending on what course you take, you will be able to obtain recognized certifications such as Microsoft’s MCSE, MCSA, or MCAD. These types of certifications make it much easier to secure that dream job. With a technology degree, you will be trained to earn all kinds of recognized certifications.
If you lean more toward being an entrepreneur, you will learn ways you can start your own technology related business. With a technology degree, you will be able to figure out exactly what business idea is best for you.
This can be anything from making websites for companies, fixing computers or any other kind of independent contracting. The sky will be the limit because you will have such a wide variety of career options to choose from. And since you will have the training and skills that are necessary, you will be able to choose which area of information technology to work in.
It is important to have an understanding of what you are looking for in your career. This way, you will be able to gear your studies in the direction of what career path you want to take. Since there is such flexibility in this industry, it is important to set specific goals. Your instructors will be able to help you make these decisions.
By looking at your skills and strengths, they will be able to send you in the right direction. They will also be able to tell you what types of careers you should avoid. These instructors are always of very high quality who know all there is to know about the ever-changing technology sector.
No matter what type of career you are looking for, a degree will pave the way for your success. Pursuing one of the many technology degree programs now offered is a great investment in your future.
By: Andy West
Why Firewall Security Is Necessary To Protect Your Network
October 22nd, 2009In your car, the firewall sits between the engine compartment and the front seat and is built to keep you from being burned by the heat of the combustion process. Your computer has a firewall, too, for much the same reason – to keep you and your data from being burned by hackers and thieves who are the unfortunate creators of “Internet combustion” and destruction.
The firewall, a “combo” approach of software that regulates and monitors hardware and communications protocols, is there to inspect network traffic and all the “packets” of information that pass through to your inner sanctum, your CPU and hard drives. A firewall will rule out the possibility of harm, or at least greatly minimize, by noting and quarantining potentially harmful “zones” and will either deny or permit access to your computer based on the current set of rules that applies at the time, depending on many (very many) factors.
Basic tasks and settings
The basic task for a firewall is to regulate of the flow of traffic between different computer networks that have different “trust levels.” The Internet is full of countless overlapping zones, some safe and some totally deadly. On the other hand, internal networks are more likely to contain a zone or zones that offer a bit more trust. Zones that are in between the two, or are hard to categorize, are sometimes referred to as “perimeter networks” or, in a bit of geek humor, Demilitarized Zones (DMZ).
Without proper configuration, a firewall can simply become another worthless tool. Standard security practices call for a “default-deny” firewall rule, meaning that the only network connections that are allowed are the ones that have been explicitly okayed, after due investigation. Unfortunately, such a setup requires detailed understanding of network applications and a great deal of time and energy to establish and administer.
Who can do what?
Many businesses and individuals lack sufficient computer and network knowledge to set up a default-deny firewall, and will therefore use a riskier but simpler “default-allow” rule, in which all traffic is permitted unless it has been specifically blocked for one of a number of possible reasons. This way of setting up a firewall makes “mysterious” and unplanned network connections possible, and the chance your system may be compromised becomes much more likely.
Firewall technology had its first growth period in the computer technology revolution of the late 1980s, when the Internet was a fairly new in terms of its global reach and connectivity options. The predecessors to today’s hardware/software hybrid firewalls were the routers used in the mid 1980s to physically separate networks from each other. However small the Internet began, it was ultimately undone by supremely fast growth and the lack of security planning, and therefore there were the inevitable breaches caused by older (”prehistoric”) firewall formats. Fortunately, computer pros learn from their errors, and the firewall technology continues improving daily.
By: Cisco Kits
