Network Security Audit – The Benefits

Network security audit, also known as network security assessment, refers to the process of determining the security shortcomings on your network. The process is critical for a business because sensitive or critical information on a network cannot be adequately protected if you do not know what type of vulnerabilities or security holes exist on the network.

Security auditing and assessing of your network is not a one-time event. Security assessments should be ongoing because networks are constantly changing as new devices are added, configurations are changed, and software is updated. With any type of security assessment, the network layout must first be determined. The network security audit must accurately determine the extent or topology of your business network. This is includes the type of devices, the operating system in use on the devices, and what updates that have been applied. Also, you must determine what the critical information assets are and where they are located on the network.

Without this information, a network security audit is of little value because you cannot be sure to have completed a security assessment of the whole network or that you have evaluated the most critical components of the network where the most sensitive information is stored and accessed. Of course, there is much more to performing a network security audit, but these few elements are essential to make a proper evaluation of your corporate network’s security.

Benefits of Network Security Audits

Network security audits help identify vulnerabilities on your network and network devices including:

• Running services – Any service that is running on a network device can be used to attack a system. A solid network security audit would help you identify all services and turn off any unnecessary services.

• Open ports – A network security audit will help you identify all open ports on network devices and, just like running services, all unneeded ports should be closed to eliminate the possibility of being used to attack a network device.

• Open Shares – Any open share can be exploited and should not be used unless there is some essential business purpose for it.

• Passwords – Assessments/audits should evaluate the enterprise password policy and ensure that the passwords used on the network devices meet the business password policy of password strength, frequent change, and other requirements.

• User Accounts – During the audit, you must determine which user accounts are no longer being used so they can be removed or disabled. Unused user accounts allow for someone from inside or outside the network to attack and take over the account or may be an indication of a successful attack of the network.

• Unapproved Devices – Unapproved or unknown devices such as iPods, Smart Phones and Wireless Access Points installed on your network must be detected in an audit. Any or all of these, as well as other devices, can be used to attack the network or steal data off the network.

• Applications – The type of applications being used on a system should be identified during this process. If any dangerous applications are found running on a system, they should be removed. Also look for software programs that run automatically because they can be an indicator of a malware infection.

Security audits should be done on an ongoing basis. Without recurring security audits or assessments, these new vulnerabilities may not be discovered and patched to keep the computer system secure. Also, such audits should not be done manually because if administrators fail to apply certain scans, vulnerabilities in the operating systems or in installed applications can be exploited.

Using vulnerability scanners makes the task of a security audits or assessments much easier and safer. These tools automate part of the process and allow administrators to analyze the results and determine what issues should be addressed first and in which priority the other security issues should be handled.

By identifying these types of vulnerabilities on an ongoing basis, you will be adding an extra layer of protection to your network. Because network security applications and services are constantly being updated, it is of great importance to apply one of the latest security scanners and use it on an ongoing basis, together with the expertise of knowledgeable security staff to evaluate the status of your network security.

About The Author

This guest post was provided by Sean McCreary on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. More information: GFI network auditing software

Top 5 Security Tips To Protect Your Computer From USB Viruses

With increasing anti-virus security in place against email-aware viruses and malware, hackers are turning their attention to less well-defended routes such as USB drives. This is the latest method that’s used by hackers to torment innocent users. However, there are ways you can protect your computer from USB and Pen drive viruses.

1.Block USB Viruses

Invest in an excellent anti-virus program that has built in USB virus scan and remover. These anti-USB virus scan programs not only protect your computer from USB Autorun viruses but can also clean worms, Trojans and viruses in your USB memory sticks.You can try anti-virus programs for USB virus such as USB Virus Scan, USB Drive Antivirus and so on.

2.Disable Your Computer’s Autorun Feature

When you plug in a USB drive stick into your system, the Autorun feature initiates automatically. If your USB contains any virus programs, it’ll use the Autorun feature to infect your computer. To protect your computer, disable the Autorun feature.You can disable the Autorun feature via the Control Panel.
Alternatively, you can use antivirus software to disable and enable the Autorun feature whenever you want. Additionally, these USB blocking softwares allowsystem administrators to specify which removable storage drives users can access.

3.Update Your Device Driver

Keeping your USB device driver updated is a good way to ensure greater stability for your USB drives. While this won’t help eradicate USB viruses, USB device drivers are constantly updated to block viruses and deliver timely warnings. You can update your USB device drive from your Windows Computer Management feature in the Control Panel.

4.Use USB Firewall Software

USB firewalls prevent Windows OS from processing malicious programs when a virus infected portable USB device is opened. USB firewalls monitor only your USB devices, and not your CD and DVD drives. By using USB firewalls, you’ll be enabling a basic level of protection from the autorun.inf viruses that spread from portable USB devices.

5.Always Safely Remove USB Devices

Viruses are sometimes created via damaged documents. If you are transferring a set of files to your USB drive, make sure the transfer is complete before you eject the device. Always use the Safely Remove Hardware feature of Windows OS. This is because partially transferred or damaged files can in turn corrupt other files on your USB drive.

About The Author

Montey likes to write for coupon websites where he shares some useful coupons. He blogs at many coupon blogs where he shares norton coupon codes and godaddy codes.

Stuxnet Worm Installation, Injection, Mitigation And Prevention [Video]

Stuxnet is one of the most popular windows worm, It was discovered back in July 2010 and it has attracted lots of media attention. It was also claimed that Stuxnet worm was originally devloped to target Iranian nuclear plants. Some security experts claim that Stuxnet worm is the most dangerous malware ever created.
While searching on internet related to stuxnet I came across two videos on infosecinstitute.com by Joel langill which probably explains every part of stuxnet, From it's introduction, Installation, and Injection to it's mitigation and prevention.

Part 1: Introduction, Installation, and Injection

Part 2: Mitigation & Prevention

How To Protect Your Webserver From Getting Hacked?

It has been a while since I haven't posted on RHA, that's because I was extremely busy with my university stuff and had absolutely no time for blogging, However today I finally managed to get some time for posting on RHA, In my previous article related to webserver security section I told you some ways which hackers can use to compromise your webserver, However in this article I will tell you how to protect your webserver from getting hacked or being compromised.

Well there are variety of methods you can implement to protect your webserver, but  I will not be covering all of those method because it will take alot of time explaining the concepts.

WebApplication Security

Most of the webservers get compromised due to the vulnerability in their webapplication, some of the most common existing webapplication vulnerabilities are SQL Injection, Cross site scripting, Local file inclusion etc, These vulnerabilities usually due to improper or poor coding of web applications.

How do I find if these types of vulnerabilities really exist in my webapplications?

Well unless you are a penetration tester or have proper information related to these types of vulnerabilities, it is really difficult for you to find these types of vulnerabilities, A better option is to use a vulnerability scanner like Nessus or Acunetix.

Read More About finding a vulnerability in your website - How To Find A Vulnerable Website?

SSL(Secure Socket Layer)

SSL is not really necessary until you are running an ecommerce website or a website where you want the communication to be secure, If you are wondering what is SSL(Secure Socket Layer), Kindly read my article on What is SSL(Secure Socket Layer)

Password Cracking Attacks

As I told you in my previous article that some of the popular password cracking methods include:

1. Brute Force Attacks

2. Dictionary Attacks

3. Rainbow Tables

Here is a simple tip on how you can avoid these types of attacks - Keep Strong passwords, Now what do I mean by a strong password, read my post on How to create a strong password

Use Of Firewalls

Firewalls are usually designed from stopping attackers from evading a website, A firewall is basically a gateway used to allow or deny access, but are firewalls enough to protect your webserver?
The answer is "no", The administrator need to open ports like 80, 21, 25 etc to allow the firewall to give the users access to services like website, email, ftp etc, which leaves these services vulnerable to attackers.

What if some one sends a virus attached with an email through a mail server behind a firewall, The firewall will not be able to block these types of attacks, Hopefully I will explain this stuff related to firewall security in my upcoming articles.


Update Your Webserver Regularly

Vulnerabilities are created and pathed every day, so you need to make sure that you update your webserver and install latest patches and fixes.

Intrusion Detection System

An intrusion detection system (IDS) is used to monitor the entire network, it detects intruders; that is, unexpected, unwanted or unauthorized people or programs on network, If you want to know more about Intrusion detection system kindly read the following post, It will give you a better understanding of IDS

• An Overview Of Intrusion Detection System

Certainly these methods aren't enough too for a total security, however I will continue the series of articles related to webserver security, Moreover I have also finished writing my newset book "An Introduction To Keyloggers, RATS And Malware" which I will be releasing very soon and the best part is that it will be free for all.

What methods do you use to secure your webserver?

Man In The Middle Attack - SSL Hacking

One of the most successful way of gaining information such as passwords,user ids etc in LAN (local area network) is through man in the middle attacks . I will not be going to deep into Man in the middle attacks, but in simple words it can be explained as attacker or a hacker listening to all the information sent in between the client and the server .To prevent these kind of attacks Email providers started using Hypertext Transfer Protocol Secure (HTTPS) It is a combination of the Hypertext Transfer Protocol(HTTP) with SSL (Secure socket layer )protocol to provide encrypted communication between the client and the server .So when a hacker caries out a Mimt attack the victim is cautioned with a invalid SSL Certificate



In this tutorial I will teach how to carry out a successful Mitm attack

Concept :-

We Know that HTTP (Hypertext Transfer Protocol )simply sends all the information through plain text .So if we make the victim use HTTP instead of HTTPS to connect sites like Gmail , Pay pal. we will be able to carry out a successful Mitm attack with out causing any suspicion To do this we are going to use a tool called SSL strip

Read More: What is SSL(Secure Socket Layer)

Thing we Need

1. SSL strip: You can search Google for SSL strip it comes both in windows and Linux versions . I will be using the windows version in this tutorial

2. Ettercap to carry out mitm attacks

Demonstration :-

1. Open SSL strip and fill in all the required information for arpsoof, network ,ssl strip, change data .If you don’t know what to enter simply click auto check . remember to check if HTTPS to HTTP is included in Change data , finally click ok

2. Now select the victim’s IP and click open

3. Now open ettercap go to sniff -unsniffed sniffing and select your network interface and click ok 

4. Now select hosts-scan hosts .Once scanning is completed .Open host list from hosts tab .Now select the IP address of the router as target 1 and the victims IP as target 2

5. Now select mitm-arp poisoning and click ok as shown

6. Finally select start-start sniffing .Now when the victim logs into gmail he will be using HTTP and not HTTPS Hence we are able to get the User id ,passwords as shown below

Counter measures:

1. whenever you perform an online transaction such as Credit card payment, Bank login or Email login always ensure that you Use HTTPS

2. Always check the SSL certificate before doing an online transaction

About The Author

This article is writen by John Jeffery, He is the owner of Hackholic where he writes security related stuffs, If you are interested in writting a guest post on RHA, Kindly read the guidelines here

How to Crack Windows Administrator Passwords

Some times it necessary to know admin passwords in schools ,collages to log in with admin privileges to do various things

There are many way to crack passwords. But in this tutorial I will explain a very basic method using a single tool to crack windows password . This might come handy in places like schools ,collages where you cant use your live Linux cds , usb ..etc because your being watched

Things we need :

1. Pwdump or Fgdump to extract password hashes

In this tutorial I will be using Pwdump

Extracting Password hashes :-

1. Open My computer and go to C:\Windows\system32 . now place the Pwdump file which we download earlier

2. Now open command prompt and navigate to C:\Windows\system32 \Pwdump

Using cd command and click enter

Example :-

Cd C:\Windows\system32 \Pwdump


3. Now you can see a list of Pwdump commands as shown

4. Now enter pwdump - localhost >>“ destination of output file “ (for 32 computers) and pwdump -x localhost >> “destination out put file “(for 64 bit computers )


Example :-

Cd C:\Windows\system32 \Pwdump localhost >> C:\hashes.txt

Cd C:\Windows\system32 \Pwdump -x localhost >> C:\hashes.txt

5. Now open  the Out put  file  you can see the names of the different  users with password hashes Now copy the hashes  corresponding to the admin account

Cracking The Hashes

Considering that we are in school/collage were we cant use tools to crack passwords so as an alternative we are using online password cracking sites

1. Go to online password cracking sites like www.cracker.offensive-security.com , www.onlinehashcrack.com and paste the hash select hash type as LM and click decode

2.By this way we are able to crack windows password using a single tool

Note:- If your not able to crack password hashes online use tools like john the ripper to crack password hashes . You can even copy the hashes and decoded it in your house

About The Author

This article is writen by John Jeffery, He is the owner of Hackholic where he writes security related stuffs, If you are interested in writting a guest post on RHA, Kindly read the guidelines here

SQL Injection Tutorial With Havij

According to a survey the most common technique of hacking a website is SQL Injection. SQL Injection is a technique in which hacker insert SQL codes into web Forum to get Sensitive information like (User Name , Passwords) to access the site and Deface it. The traditional SQL injection method is quite difficult, but now a days there are many tools available online through which any script kiddie can use SQL Injection to deface a webite, because of these tools websites have became more vulnerable to these types of attacks.

One of the popular tools is Havij, Havij is an advanced SQL injection tool which makes SQL Injection very easy for you, Along with SQL injection it has a built in admin page finder which makes it very effective.

Warning - This article is only for education purposes, By reading this article you agree that RHA is not responsible in any way for any kind of damage caused by the information provided in this article.

Supported Databases With Havij

• MsSQL 2000/2005 with error.

• MsSQL 2000/2005 no error union based

• MySQL union based

• MySQL Blind

• MySQL error based

• MySQL time based

• Oracle union based

• MsAccess union based

• Sybase (ASE)

Demonstration

Now i will Show you step by step the process of SQL injection.

Step1: Find SQL injection Vulnerability in tour site and insert the string (like http://www.target.com/index.asp?id=123) of it in Havij as show below.

Step3: Now click on the Analyse button as shown below.

Now if the your Server is Vulnerable the information about the target will appear and the columns will appear like shown in picture below:

Step4: Now click on the Tables button and then click Get Tables button from below column as shown below:

Step5: Now select the Tables with sensitive information and click Get Columns button.After that select the Username and Password Column to get the Username and Password and click on the Get Table button.

Countermeasures: 

Here are some of the countermeasures you can take to reduce the risk of SQL Injection

1.Renaming the admin page will make it difficult for a hacker to locate it

3.Use a Intrusion detection system and compose the signatures for popular SQL injection strings

4. One of the best method to protect your website against SQL Injection attacks is to disallow special characters in the admin form, though this will make your passwords more vulnerable to bruteforce attacks but you can implement a capcha to prevent these types of attack.

About Author: 

This article was written by Muhammad Haseeb Javed. He blogs at his blog http://www.hackthepc.blogspot.com/ , If you are are also looking forward to write a guest post on RHA, read the guidelines here