The Security Gap – DIY Security World

April 19, 2014

I don’t think i have ever done this but i did originally write up the websites scope to include thought provoking articles. So anyway a quick thought about Security and how it should matter for everyone, not just from an organisational/enterprise level but even the personal/home computer and network security category.

So where am i going with this ? , well not too long ago there was the huge news of the SSL hole that allowed the data to be bled from RAM of a remote server, there was a miscalculation in the code and this allowed the checksum or something to become overlooked. So what was so scary ?, well the fact that in that “bled” data you could possibly discover login credentials of someone who had authenticated before you etc. I’m not very well versed in the technical terminology here but you get the idea. So this was the first instance where Security was in the front of my eyes and i began thinking about it alot more.

Then i read an article about how people use the same passwords or AKA password recycling across many websites and this is (obviously) poor management, because if one account belonging to yourself is compromised, it’s likely the rest of your online world is too. There was also talk of mitigation techniques that could be integrated into the logon process such as OTP (one time passwords) (Is that the correct acronym ? ) which could be sent to your mobile phone instead of emailing a password reset, it’s likely that if your facebook was hacked and they got into your email they have full control, so the use of the OTP would stop them here. Anyway the article goes on and it makes a very convincing argument to do so.

Then, a friend who also works in the IT world had a rant on Facebook, which again highlighted the importance of security when it comes to passwords. Basically the ISP could read back the Password to the caller over the phone after they had passed a few identification questions. He had asked the company to assure him his passwords where hashed and that his personal data was safe but obviously they weren’t too keen to go into specifics because sharing security measures in place can be counter intuitive but nonetheless the concern here is security, as it would only take one clever nerd to discover the ISP’s flaws (if they exist) and recover 100’s if not thousands of company passwords, as they can obviously be unencrypted to be seen in plain text. The theme here again is Security.

Quickly recapping, we got the heartbleed flaw which enabled data to “bleed” out over during remote requests and this could’ve proven chaotic globally. Then the article on OTP and the reasons behind it, Facebook rant and hashing of passwords or in this case not. So right now your thinking “ok, there is obviously alot of security work to do in the IT world” you’d be right and i had complete faith in most “Security Professionals” basically because my skills, while they do involve security and authentication, it is not a speciality point for me whilst working. It’s the Routing and switching side of things i really love but after you read the excerpt below, i’m gonna make a huge effort to master security too and this is why:

Excerpt from an email received from Learning@cisco , dated 18/04/2014

The Cybersecurity Skills Gap Is Worse Than You Think — 
Network World, January 21, 2014
Enterprise Strategy Group (ESG) asked 315 security professionals working at enterprise organizations (i.e., employing more than 1,000 employees) whether they were familiar with multiple types of malware techniques.

  • 50 percent of security professionals are “not very familiar” or “not at all familiar” with command and control communications techniques.
  • 40 percent are “not very familiar” or “not at all familiar” with polymorphic malware.
  • 29 percent are “not very familiar” or “not at all familiar” with zero-day malware.

So that’s just three dot points, which brings us to my point, which here is SECURITY SECURITY SECURITY. If you want it done right, you gotta do it yourself.


Switch IP & Default Gateway Checklist

June 7, 2013
  1. Enter VLAN1 configuration mode using the Interface VLAN 1 global configuration command
  2. Assign an IP address and mask using the IP address ip address mask interface sub-command
  3. Enable the VLAN1 interface using No shutdown interface subcommand
  4. Add the IP default-gateway ip address global command to configure the default gateway

Three most Common Types of Attacks

May 30, 2013

Denial of Service (DoS)

  • Erasers try to harm the host, destroying hardware and files
  • Crashers cause hosts to fail or no longer allow hosts to connect to the network
  • Flooders flood the network with packets to make the network unusable.

Reconnaissance Attacks

  • The goal is to gather information to perform an access attack and causing harm can be a side effect.

Access Attack

  • An attempt to steal data typically for some type of financial gain.

*This topic will definitely be asked in the exam room, make note and have this stuff drilled in


Port Security

April 28, 2013

Switches examine the source MAC address of the received frame, switches can take a few possible options if it discovers that the incoming MAC address on that port is NOT SECURE.

  •  shutdown (the switch shuts down the port and sends a log message and drops the frame/s , also the interface status will read err-disabled you have to run a no shutdown to open the port again) ON BY DEFAULT
  • restrict (drops the frames and transmits a log message but does not shutdown the port)
  • protect (only drops the frames)

When configuring Port security and the source MAC address is unknown switchport port-security mac-address sticky can be used and the switch will use the first mac address learned as the Secure MAC address

 


Basic Switch Security

April 28, 2013

Cisco Switch Defaults

  • All cisco switch ports are open by (DEFAULT)
  • Attempting to trunk (DEFAULT)
  • Remember all ports are in VLAN1

Best practice habits should include

  • Close Unused ports (shutdown command)
  • Stop the port from trunking with (switchport mode access command)
  • Place all unused Ports into an unused VLAN

Remember the switches should be locked away in a secure room and or a cabinet