Library items tagged: security

The statistics provided by Jisc's Janet network CSIRT require a degree of interpretation. Often the numbers are influenced more by the team's activities than they are by external influences. For example: an increase in the number of malware incidents may indicate increasing infections, but it is just as likely to be due to increased detection rates by CSIRT.
Anonymous
PB/INFO/067 (05/07) Security was a major requirement in the design of eduroam, to ensure that organisations that provide visitor facilities, and the guests who make use of them, are not exposed to additional risks outside their control. eduroam should present fewer risks than the existing ad hoc arrangements for guest users. This factsheet explains the security measures within eduroam and how organisations can use them to protect their own security.
There has been a resurgence of "fake" websites that infringe upon the intellectual property of our customers. Their name and brand may be misused, the design of their site may have been copied, or the website may be trying to masquerade as them. In some cases the legitimacy of the organisation running the site may be in question.
In the real world a firewall is a solid barrier between a precious asset on one side and a hazard on the other. For example, we hope that there is a firewall between the passengers in a car and the petrol tank. A network firewall performs exactly the same role, protecting an asset inside the firewall from a hazard on the outside. Firewalls are often used to protect an organisation from hazards on the Internet but they can, and probably should, also be used within an organisation to separate different departments, working areas or networks.
PB/INFO/016 Most computer users will have been very grateful for the existence of backups. Although they are often seen as a way to recover files lost due to typing errors or misplaced mouse clicks there are other reasons to make and keep secure copies of files. However each of these purposes creates different requirements for the backup and recovery system, so it is important to be clear which purpose is involved and choose an appropriate backup strategy and technology to deliver it.
Isolated individual computers are relatively secure as long as their physical well-being is ensured and regular backups are carried out to protect the integrity of the data held. However, once computers are connected to a LAN or WAN, they become exposed to threats which may jeopardize their proper operation and the safety and privacy of the data held.
Open relays allow any combination of origin and destination address, and are frequently abused by advertisers and others to distribute UBE. This will usually overload an organisation's mail server, affecting its ability to handle legitimate mail, and often leaves the organisation with a flood of complaints and error messages to deal with. Sites that are frequently abused as relays may be added to blacklists used by many network operators and ISPs to reject all e-mail and other traffic. Advice on preventing relaying is available from the MAPS website:
Many organisations are looking to have some form of penetration testing performed on their systems. This may simply be to evaluate existing security measures and to find gaps where security needs improvement, but increasingly it is performed to comply with security standards when connecting to public sector networks or processing payment details.
Anonymous
[1] Microsoft TechNet - Source Address Spoofing: http://www.microsoft.com/technet/security/sourcead.asp [2] ZoneAlarm: http://www.zonelabs.com/ [3] Snort - the Lightweight Network Intrusion Detection System: http://www.snort.org/ [4] Armoring Linux: http://www.spitzner.net/linux.html
Anonymous
In this particular incident, the initial tip-off led directly to the departmental network containing the compromised hosts. This information is not always so readily available, since IP spoofing can also be used to simulate traffic from machines on many different networks. Such a situation could be handled by repositioning the network monitor on the backbone (at M’ in the diagram, for example), and again examining the source MAC addresses of attack packets (but note that performance is likely to be a concern, with monitors dropping traffic at gigabit speeds).