NETWORK DEFENSE AND CONCLUSION SECURITY RISK AND THREATS
IntroductionWe spent a lot of time covering offensive security techniques in this book. We will wrap things up
with a quick discussion on securing your network systems from these types of attacks.
We will briefly cover:
with a quick discussion on securing your network systems from these types of attacks.
We will briefly cover:
● Patches & Updates
● Firewalls and Intrusion Prevention Systems (IPS)
● Anti-Virus/ Network Security Programs
● Limiting Services & User Authority
● Use Script Blocking Programs
● Using Long Complex Passwords
● Network Security Monitoring
● Logging
● User Education
● Scanning your network
● And Finally, using Offensive Security
● Firewalls and Intrusion Prevention Systems (IPS)
● Anti-Virus/ Network Security Programs
● Limiting Services & User Authority
● Use Script Blocking Programs
● Using Long Complex Passwords
● Network Security Monitoring
● Logging
● User Education
● Scanning your network
● And Finally, using Offensive Security
Though no system can be guaranteed to be 100% secure, we can make our systems much tougher to
compromise by using these techniques.
Patches & Updates
Use the latest versions of Operating Systems if it is at all possible. Using outdated Operating Systems
in a network environment with internet connectivity is really not a good idea.
If you are using Windows XP, I highly recommend updating to at least Windows 7. Microsoft’s
Official support for Windows XP (and Office 2003) will come to an end in April, 2014 1. This means
compromise by using these techniques.
Patches & Updates
Use the latest versions of Operating Systems if it is at all possible. Using outdated Operating Systems
in a network environment with internet connectivity is really not a good idea.
If you are using Windows XP, I highly recommend updating to at least Windows 7. Microsoft’s
Official support for Windows XP (and Office 2003) will come to an end in April, 2014 1. This means
it will no longer receive security updates or support.
Make sure your operating systems and all software is up to date. In addition, also make sure Adobe
products, Java, and internet browsers are regularly patched, along with Office software.
Make sure the hardware firmware on all of your devices, especially internet facing devices (Routers,
Switches, NAS, Cameras, Embedded Server Devices, etc), are current and checked regularly.
If you are in a large corporate environment, never place complete trust in automated patching and
updating management systems. Manually check important systems regularly. I have seen multiple
corporate servers error out on automated critical service packs installs, yet the patch management
server displayed that all servers updated without error.
Firewalls and IPS
Always use a firewall, do not attach any systems to a live internet connection without using one.
Firewall your incoming internet connection and also make sure that each individual system is using a
software firewall.
Create an Ingress and Egress Rules policy to monitor or control information entering and leaving your
network. At the simplest level, block communication with nations that you will not be doing business
with. More advanced systems will allow you to control what type of data and protocols are allowed
to enter and leave your network.
Use a Web Application Firewall to protect web application servers. Though these do not guarantee
that you will stop all malicious attacks against your web app. Application security experts highly
recommend that your web apps are securely written and tested for exploit even when a WAF is in
place.
Intrusion Prevention Systems are great, they are even better when used in a Network Security
Monitoring type system (see topic below).
Always use a firewall, do not attach any systems to a live internet connection without using one.
Firewall your incoming internet connection and also make sure that each individual system is using a
software firewall.
Create an Ingress and Egress Rules policy to monitor or control information entering and leaving your
network. At the simplest level, block communication with nations that you will not be doing business
with. More advanced systems will allow you to control what type of data and protocols are allowed
to enter and leave your network.
Use a Web Application Firewall to protect web application servers. Though these do not guarantee
that you will stop all malicious attacks against your web app. Application security experts highly
recommend that your web apps are securely written and tested for exploit even when a WAF is in
place.
Intrusion Prevention Systems are great, they are even better when used in a Network Security
Monitoring type system (see topic below).
Anti-Virus/ Network Security Programs
Honestly, I am torn on Anti-Virus programs. Though they do stop many threats, but in 20 years of
computer support I have also seen them constantly bypassed.
Any determined modern hacker is going to research your company to try to find out what Anti-Virus
program you use. Then they will tailor their exploit code to bypass that brand of AV. If they can ’t find
out what you are running, they will go with one that bypasses most of the big named AVs.
Not all Anti-Viruses are created equal. Some AV/ Internet security programs have gotten very good at
blocking scripting based threats which seem really popular.
Do some homework and find out how the top anti-virus programs fare against current threats, and then
pick one that best meets your company needs.
Honestly, I am torn on Anti-Virus programs. Though they do stop many threats, but in 20 years of
computer support I have also seen them constantly bypassed.
Any determined modern hacker is going to research your company to try to find out what Anti-Virus
program you use. Then they will tailor their exploit code to bypass that brand of AV. If they can ’t find
out what you are running, they will go with one that bypasses most of the big named AVs.
Not all Anti-Viruses are created equal. Some AV/ Internet security programs have gotten very good at
blocking scripting based threats which seem really popular.
Do some homework and find out how the top anti-virus programs fare against current threats, and then
pick one that best meets your company needs.
Limit Services & Authority Levels
Turn off network services and protocols on servers and systems that are not needed. The less attack
surface a server has the better. Microsoft has aided in this over the years by changing their server
product to come with basically nothing running by default, you add services as needed.
Also, take old servers offline as soon as possible. Many times companies will leave an old server
online, in case they need something from it, and over time it is either forgotten or not updated.
Never let everyday users use elevated security credentials for non-administrative tasks. Heavily
restrict “Root” and “Administrator” level use. On a Windows system it is almost trivial to escalate a
compromised administrator account to the god-like “System” level account. This is much more
difficult if the compromised account is just at “user” level.
online, in case they need something from it, and over time it is either forgotten or not updated.
Never let everyday users use elevated security credentials for non-administrative tasks. Heavily
restrict “Root” and “Administrator” level use. On a Windows system it is almost trivial to escalate a
compromised administrator account to the god-like “System” level account. This is much more
difficult if the compromised account is just at “user” level.
System administrators should only use admin level accounts when performing administrative
functions, then switch back to a non-admin account for normal computing functions.