Jedi Star

Many people now days depend on Virtualization of Servers to increase their efficiencies and increase their Management Flexibility. Though it decreases the Total cost it increase the security risks.By 2009 60% of Virtual Private Servers will be subjected to Security Risks than their physical counterparts.

Now lets see what are the Security challenges that we have lookout for:

* Dependency on IP Address: This effects because the IP addresses keep on changing due to migration, creation or cancellation of Virtual Private Servers. This does not help the Traditional Protection Mechanisms.

* Sprawl in Virtual Private Servers: VPS can be easily created from the previous images which are available on the old servers. But the only risk in that is, many of the VPS are not maintained properly and have many security vulnerabilities. These vulnerable VPS serve as a launch pad for attacks on other VPs on the same server.

* Incapability to monitor intrahost traffic: VPS have the concept of “soft switch” which allows VPs to communicate with other VPS on the same hosting server. To monitor these communications we require special tools and also there is limit in availability of these tools.

* Silo approach to security policy: Now what is Silo approach, silo approach is “recommending different diverse solutions with different Kinds of management requirements”. Neil MacDonald an analyst at Gartner has this to say “Most security problems in the virtual world will be introduced through misadministration, mismanagement or just plain old mistakes. The fact that we use different tools in the physical world than the virtual world compounds that problem.”

Now that we know what the limitations that we have with VPS are, we need a completely different approach towards securing VPS. We need a cross-platform which will help us secure both VPS and Physical servers. A cross-platform Security tool for VPS can help to impose direct Security Policies across all the Data Centers and eliminate the Security Benefits that we have with Virtualization.

We also need anywhere deployment of cross-platform virtual security tools anywhere on the network and that to with delegated authority to maximize flexibility. Now what to these virtual security tools do, they write detailed log data to syslog and Windows events log and enable easy integration of the tools with existing management controls.

By eliminating the IP address dependency of exiting security policies, the cross-platform virtual security policies can be enforced regardless of location or platform of the VPS. This helps eliminate the Operating expenses that come with rule changes faced by the Security Administrators. The existing policies enforce and persist on variety of Situations:

1) While moving servers and endpoints within different locations on the network.

2) When Physical servers and Endpoints are converted to VPS.

3) When VPs are migrated from one physical host to another.

The Cross-platform virtual security allocates separate spaces for Physical and VPS into logical security zones and helps protect VPS against Sprawling. It ensures that VPS which are not a member of the security zone cannot communicate with the VPS in the Security Zone and reduces the platform for attacks on VPS.

The cross-platform is based on a P2P architecture that increases scalability to hundreds of thousands of instances. Policy management can be completed by just a few mouse clicks.

The Other Benefits which come with the cross-platform include;

• Elimination of complex situations, that comes with the Silo Approach. It enables protection of hosts through a single console for Data centers.
• Satisfaction of the regulatory body with no reconfiguration of the network.
• Operational costs that come with firewalls and Virtual LAN’s are eliminated.
• It eliminates bottlenecks and single points of failure within the architecture.

The following are the points that you need to consider while considering a cross-platform virtual security solution for Data centers;

• Most of the solutions will support x86 operating systems which are common in VPS environments as well as the less used Solaris, AIX, HP-UX, RedHat, Windows and IP-based non-server devices.

• The solution should be able to enforce security regardless of the IP address of the Server or VPS; this enables security even in case of migrations.
• It should be able to eliminate communication between VPS which are not a member of the same security zone but are on the same physical host.
• It should be able to cope up with growth without introducing bottlenecks.
• Always look out for a Single point security management to increase efficiencies.
• Always look out for solution hat can be enforced at the Host level.
• Always look out for a solution that uses X.509 v3 certificates to ensure that the operator credentials cannot be spoofed.
• The solution should be able to create detailed logs for activity data and should be able to create an audit trail for servers and endpoints as well as administration consoles.

Posted under Network and Security, Virtual Private Server

The hackers wont even spare the People who are working to help us find how we came into existance. They hacked into part of the computer system of the Large Hardon Collider (LHC).

The spokesan of Cern said that the hackers put up a message on the Facility’s Website.

No harm done but this shows that Cern has out all the Money in the Experiment and no money in the Security for the LHC.

The target for the hackers who call themselves “Greek Security Team” was the computer network of the Compact Muon Solenoid Experiment (CMS), a huge detector that analyses data from the particle accelerator.

Now what LHC is trying to do is known almost to everyone by now “The LHC is attempting to recreate the conditions just after the Big Bang, in which the universe was created.”

The CMS website displayed a page with a mocking message, in Greek, which included the line: “We are 2600 – don’t mess with us”.

Now the webpage www.cmsmon.cern.ch is down.

Though the good part is that the computer hacked was not connected to the accelerator itself.

The Cern spokesman James Gillies said “It seems it was not a malicious hack and it was quickly detected and corrected but this sort of thing keeps you on your toes”.

Mr Gillies said the LHC had a general access network and a more restricted access network which controls the sensitive systems.

Though Cern did accept the lack of security.

The number 2600 is often used by the hacking community. It is believed to have originated in the US in the 1960s with the discovery that a tone of 2600Hz played down the line could be used to access restricted parts of the national telephone system.

Posted under Latest News, Network and Security

Its something that we use every day when we use internet.

It Protection for our our PC.

A firewall intercepts all communications between you and the Internet and decides if the information is allowed to pass.

Now we can address the long answer. Lets forget for now the fact that a firewall can be either hardware or software; they both have a similar function. We’ll talk about the differences between hardware and software a lit bit later.

When your computer is connected to the Internet, information flows both into and out of it. For instance, when you surf the web, you send out a request for a web page, and you get back in the page you asked for. When you check your email you send out a request for your email, and you get back in your email messages. Just about every communication on the Internet is bidirectional, or two way.
It is important to note that firewalls are aware of connections. A connection exists between you and your email server when you check your email, and one exists between you and a web server when you browse the web. This connection is what data flows over. Firewalls are aware of connections. When we talk about a in rule or an out rule, we are referring to the direction the connection was created. So when you check your email, you are creating a connection out to your mail server. This requires an out rule in your firewall. When the email server sends data back to you in the connection that you have already created, you do not need an in rule because the connection has already been created.

Most firewalls, by default, will block all traffic both in and out. This is what we call Deny all by default. In this state, it is as if your computer is not even connected to the Internet. While this is a very safe state to be in, it is not very useful. So we have to create a set of rules to tell the firewall what we consider safe and ok. Everything else is by default considered not safe.

Most programs that we want to talk on the Internet with are harmless, and simply request data that we want with information that we consider not private. For these programs, we want a firewall to be completely transparent. In other words, you want to be able to surf the web and check your email even if you have a firewall installed. In order for these programs to be able to work, we have to create an allow rule and we set it to allow both in and out traffic.

As you create rules to allow traffic in and out, you are creating tiny holes in your firewall for the traffic to flow through. That is why many Internet users call creating rules pinholing your firewall. The more pinholes you create in your firewall, the less secure your network becomes, so you should only create as many pinholes or rules as you need to use the Internet to do what you want to do.

Different Types of Firewalls

Hardware Firewalls vs. Software Firewalls

Hardware Firewalls

Hardware Firewalls are usually a router or other similar device. Many modern routers have a firewall built into them. To use the firewall, you must login to your router, usually from inside your network. You can not login from the Internet by default, this would break the security of the firewall. Once you are logged into your router, you find the firewall section and begin creating rules.

Hardware Firewalls are exceptional at blocking intruders and attacks from the Internet and from inside your network. The downside to hardware firewalls is that they are a little more difficult to configure. You have to know the port numbers that you want to block or allow. These can be very difficult to find. We have a large database of port numbers which you can view here. However, once you get a hardware firewall setup, it is the most secure and fastest option out there. In addition, one hardware firewall protects your entire network, so the overall cost is usually lower if you have more than one computer.

Software Firewalls

Software firewalls are applications that you install on each PC on your network. These may be the best option for users with Dial Up or who only have 1 computer on their network. They work by allowing programs to communicate on the Internet by program name instead of by port number. Most of them do offer firewalling by port number, but the default behavior is usually to firewall by program name.

Firewalling by program name means allowing a certain application unlimited access to the Internet. For instance, if your trust Firefox then you add it to your list of allowed applications in your software firewall. Now you can surf the web using Firefox. If you want to add more security, you may decide to block the other browsers on your computer, forcing all users to use Firefox.

The disadvantage of software firewalls is multifaceted. First, you have to purchase a copy for every PC on your network. This can get expensive and can be a maintenance issue. Second, they can impair your computers functionality. Some firewalls are just difficult to configure, and until you configure them correctly, you may not be able to surf the web or check your email. This makes it very difficult to get help.

The biggest problem with software firewalls comes is that they trust applications completely. Once you have told your software firewall that you trust Firefox, Firefox can now do anything it wants to on the Internet. By default, Firefox is a safe program, but there may be some malware out there that will take advantage of it and use it to do their dirty work. Since you have told your software firewall that you trust Firefox, this malware now has the ability to do anything it wants on the Internet as if your firewall was never there. Therefore, software firewalls must be coupled with good antivirus and malware protection.

What does a firewall protect me from?

Firewalls, in general, protect you from malicious Internet attacks. These attacks can come from the outside or the inside.

Outside attacks are people trying to get into your network so that they can take control of your computers, or use your computers to do things on the Internet.

Inside attacks are software that has already been installed on your computer trying connect out to the Internet, usually to get instructions from an Internet hacker.

By blocking both incoming and outgoing traffic, a firewall protects you from both of these kinds of attacks.

What can get through?

Generally, anything that really wants to. If you run a software firewall and allow an application to communicate on the Internet, then a malicious piece of software may be able to piggyback some communications on top of that application. Of course, the malicious software author would have to account for this when they write the malware. This is currently rare making software firewalls pretty effective. If you run a hardware firewall and open up some ports, then any application that wants to can communicate on those ports. The application author would have to predefine that these open ports should be used, which keeps the odds of this happening pretty low.

The important thing to note is that a firewall is not a 100% solution to protecting your computer or network. Security needs to be a holistic approach, and the firewall is simply one aspect of many different things that should be done to keep your network safe.

How different is a firewall from what a NAT router does?

A NAT (Network Address Translation) router is sometimes called a firewall. The truth is, it is less than a firewall in many ways. NAT routers only block traffic one direction; they only block incoming traffic. Firewalls block both directions.

While NAT is an effective barrier against people who want to get into your network, it provides very little configurability. Most NATs do not allow you to create rules based on complex criteria such as time of day, source address, destination address, traffic direction and others.

How can I tell that my firewall is working?

You should test your firewall both incoming and outgoing.

To test your firewall for outgoing functionality, remove the rules for a program such as Firefox and try to surf the web. You should not be able to surf. If you can surf, then your firewall is not blocking outgoing traffic.

To test your firewall for incoming functionality, you should try something like probemyports. This will attempt to connect in through your firewall. If your firewall is working, then probemyports will not be able to connect in and will tell you so.

Does a firewall filter the content of the Internet?

No, most firewalls do not filter the content of the Internet. Their functionality is indiscriminate of the content that is being downloaded. They only block certain applications or certain ports, not certain topics.

Can a firewall protect my kids from the Internet?

No, if you want to protect your kids from online predators, scams, phishing and cyber stalking you need to use other programs. A firewall only blocks certain applications and ports.

Does a firewall block spam?

No, a firewall does not block spam. When you install a firewall, you usually configure it to allow your email program to download your email messages. Spam, or unwanted email, is downloaded by your email program with your other messages. The firewall has no ability to block spam.

What are the adverse effects of running a firewall?

Some applications will not work very well behind a firewall. Many games need lots of ports open to the Internet to function. Streaming video and audio may be affected, as well as Peer to Peer (P2P) applications such as uTorrent, Kazaa, WinMX, Azureus and BitTorrent. Voice over IP (VOIP) may be affected as well.

In addition, some software firewalls may significantly slow down your computer or ever cause it to stop working entirely. A software firewall is a very involved piece of software and it integrates very deeply into the operating system. You should probably backup your personal data files before installing one.

What else should I do to protect my network?

* If you have a wireless network, you should follow our guides about securing it. Open wireless networks are a huge security risk for your computer.

* Keep your computer up to date by using the Windows Update feature built into modern versions of Windows.

* Run AntiVirus software with realtime protection. The different virus scanners may call this something different from vendor to vendor, but the general concept is the same: you want some piece of software running that is always scanning your computer for malware or virus activity.

* Only forward as many ports as you need to.

* Do not keep your sensitive passwords in a file on your computer. If someone hacks into your computer, they will gain access to all of your sensitive data. Passwords should be written on paper in your office.

Posted under Network and Security