Category Archives: Network Security

Who’s managing information security in your city?

1
Filed under Network Security
Tagged as , , ,

There was something shocking in my local suburban newspaper today. I opened up to page two and behold…an article that touched on information security! Specifically, the article was about how a small municipal court system in my area had a PC that was infected by an email “virus”. This virus caused a “hard drive to shut down”. Shut down I would assume means the MBR was corrupted or the PC was so bogged down with malware that it had to be rebuilt. Don’t worry, it gets better. The reporter goes on to say that an employee opened an email that had something to do with Nigeria and winning money. Hmmm…Sinowal Trojan perhaps? Regardless, the reporter goes into details from the interview he did with the city “IT manager”. Here are some quotes from the article:

“The court computer system has a small firewall, he said, but the anti-virus on the computer was either non-existent or never upgraded.”

“The IT manager has been trying to bring the city computer systems up to speed. There hasn’t been a system-wide upgrade in years.”

“The employee opened the email because there’s no formal training.”

“One of his goals is to work out a way he can send out software updates, especially anti-virus, to all city computers at night when they aren’t in use.”

I like this one the best…

“The main issue is spending the money for software, licenses and equipment. It’s pretty down-to-earth-basic, he said. “You’ve got to start throwing money around to get it to work.”

Huh? Throw money at the problem…classic. Multiple levels of FAIL right? Oh, if you haven’t figured it out yet…read those quotes again. What would a hacker think about after reading this newspaper article? This court/city computer system is a target rich environment to say the least!

While we could talk all day about how the city could implement a better more cost effective solution to the issues, there are two main problems that I see:

Be careful what you say to the media after an incident
The IT manager gave out way too much information to the media about the problems the city is facing with IT security issues. Just by reading this article someone with bad intentions and a bit of technical skill now knows that the city employs non security aware people and the entire network probably hasn’t been patched in years. This would be even more scary if police and fire computer systems were on the same network! However, the article did point out that police and fire systems are on a separate network. Yet, things don’t look good for the police and fire networks if this same IT manager is running those as well! :-/ Local city government should carefully review all media requests for information about an incident.

Local cities, municipal court systems, fire and police networks are left for dead
This doesn’t surprise me but just like a lot of small businesses, small city governments or suburbs don’t spend the money or have the staff to keep systems patched or up-to-date. Especially in a recession! Your IT guy or contracted support is an easy thing to cut for a city. I would think that most city networks are in worse shape then some home PC networks because of outdated equipment, knowledge and lack of funds. Case in point, I wrote about a potentially dangerous vulnerability that was found on another local city network last year. Luckily this city took the vulnerability seriously, resolved the issue and hopefully improved their security.

Imagine the problems that could happen if police, fire and court systems were breached or compromised. Critical infrastructure like police and fire networks are at serious risk with unsecured systems that are not maintained. As a citizen that lives and works in these cities you should question your local city government about how they maintain and manage their networks. I have an email en route to the mayor of this city that will hopefully help them with some ideas and suggestions to get them back on track. However, I think we may only be scratching the surface of the problem. Lets hope your city takes computer and network security more seriously.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • Digg
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

Defending against brute force ssh attacks

Filed under Network Security

Found a good article today on how to properly defend against brute force ssh attacks. I knew that iptables was one method to do it but there are many others. Take a look at this article for methods like:

* Strong passwords
* RSA authentication
* Using ‘iptables’ to block the attack
* Using the sshd log to block attacks
* Using tcp_wrappers to block attacks
* Using knockd

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • Digg
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

OSSEC HIDS – Open Source Security

Filed under Network Security

Looking for a free, open source host based IDS which also runs on Windows and Linux? Check out OSSEC:

OSSEC HIDS – Open Source Security

I will be installing this in a few days to give you my review. It look very promising! Kinda like Cisco CSA for the masses…hmmm..here is a good review on OSSEC as well:

Linux.com Review

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • Digg
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

Proxy Sites Offer Secret Passage to Myspace

Filed under Network Security

Scary things those pesky proxy servers…Not only is this a problem for college networks but it is a major issue for corporate IT security as well. The majority of corporate networks are now starting to block Myspace. Especially with the recent “Flash banner ad Worm” that hit Myspace not long ago. These proxy sites allow users to basically bypass any web filtering that is installed at the gateway. There are hundreds of these sites and more poping up all the time. Products like Websense and SurfControl can help, however, these sites only get blocked when the products blocked lists get updated or the administrator manually adds the site(s) to a blocked list.

Slashdot | Proxy Sites Offer Secret Passage to Myspace

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • Digg
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS