General Article discussing the State of Network Security



  • Nice read on the state of Network Security

    Ethernet Summit Internet and network security is bad, and it's going to get worse before it gets better. To make it better, CIOs and IT admins need to rethink the way that they approach protecting their networks from hackers and other miscreants.

    Read more
    http://www.theregister.co.uk/2013/05/24/network_security_is_bad_and_its_going_to_get_worse/



  • Quite scary!



  • Indeed.  An installation of Snort revealed threats unknown to my A/V and Firewall software.  The #1 penetration vector…human error, human carelessness, human ignorance.  Trick a human, and you are in.  Plain and simple.



  • Snort only captures Some of the Basic well known exploits. ( It is not a Anti Virus Program )  …....... It's certainly better than having no IDS/IPS system by far, but their are many dangers that will pass thru which no rules exist to detect the exploit being used. This is where you write your own custom rules to take it to a higher security level.

    It is imposable to catch every curve ball coming at you. One thing you have to keep in mind is if you are targeted by a well rounded determined hacker cracker the odds are against you, and will most likely blow you a New HOLE!  :'(



  • Has anyone got any stories of being hacked? And how did they know they was getting attacked?



  • @craigduff:

    Has anyone got any stories of being hacked? And how did they know they was getting attacked?

    I keep wondering the same thing… I have Snort, HAVP, SquidGuard, pfBlocker and the pfsense firewall all running on a nice machine that can take way more than I throw at it, but I am not sure if I would recognize an attack if there were...

    Look in Snort's logs once in a while?  Doesnt look to effective to me..

    Perhaps an idea for a new package at some point?  An attack monitor app that warns you if there is something serious going on..



  • I'm sure there are some security monitoring improvements that could be made on the base platform and packages that would not hinder there service based model.

    As for securing and setting up a firewall or tech support this is something they get payed to do …. in the free forums you can find independent users sharing some of there knowledge, and basic stuff in the online Pfsense doc's, but in some cases you have to find other sources online to fully understand implementing and maintaining a security protocol on your firewall.

    If you have the funds $$$$ the Pfsense Service crew can do it for you and maintain it.


  • Netgate Administrator

    It really completely depends on what sort of network you are looking at. For home or small businesses you are are very unlikely to see anything other than automated probes from botnets. Real hackers using interesting new techniques and such are unlikely to target such a network. It's just not economic. Although security through obscurity has never been a good policy.  ;)

    Just remember that the biggest security threat you are likely to encounter are your own users so keep telling them not to click on random links in emails. Then assume they probably will click on them anyway so segregate your network to minimise the exposure.

    Be interesting to hear any stories though.

    Steve



  • From my experience nothing major has happened yet but I remember one day going through my contacts on my local server (horde groupware) I saw a strange name (cant remember exactly but it looked like mike_whatever_002).  I did not add this entry myself so I started searching how it could have ended up there.

    Found out it somehow got added to my galaxy phone in google talk (which I have never used in my life… and now is deactivated) then android replicated the contact in my contacts which then got synced to my server..

    I consider the android phone a major security loophole and I am looking to segregate it from the rest of my static machines.

    BTW is it possible to run the services that I currently run on the wan side also on the lan side to analyze the  traffic coming in &out of each machine?

    What kind of horsepower do you need??



  • Do you mean using something like Darkstat as a package? That is pretty cool to check what people are up to.



  • @craigduff:

    Has anyone got any stories of being hacked? And how did they know they was getting attacked?

    The reason you don't hear reports on the board is most users never realize there network has been compromised. And if a user did find out, most users are reluctant to speak of it.

    I'm sure there are even users posting problems there network is having and not even realize it is due to there box being cracked open.

    If we had more public servants like IT Policeman than Policeman on the road looking to meet there assigned quota for citations a lot of the security issues would fade away.


  • Netgate Administrator

    @Clear-Pixel:

    if a user did find out, most users are reluctant to speak of it.

    Yes, and it's a real problem. People don't talk about it, especially large organisations where this might affect their public image, and consequently the same attacks are used multiple times because others can't learn from their experience. Look at how much praise The Onion's IT crew got for fully detailing their recent security breach.

    Steve



  • In your opinion are big corporates running pfsense? Or do you think companies are now swaying more towards an open source solution? When i have worked for big companies in the city they all seem to be running Cisco or Juniper etc… Iv been a pfsense fan now for 3 years now and love it! And would always implement pfsense when i can.



  • @craigduff:

    In your opinion are big corporates running pfsense? Or do you think companies are now swaying more towards an open source solution? When i have worked for big companies in the city they all seem to be running Cisco or Juniper etc… Iv been a pfsense fan now for 3 years now and love it! And would always implement pfsense when i can.

    For basic filtering and routing Pfsense does a great job ….. add in the fact it has many useful plug-ins its a Ideal Platform for home or small businesses with micro budgets.

    But if your top priority is security, corporations will use Cisco, Juniper ...etc. because you have more security options but they may use Pfsense as DMZ's etc.....behind them to save a few dollars. If security isn't there top priority I suppose some corporations may use them on the front line of defense to save some dollars.

    If your a true security expert and spend 8 hours a day 7 days a week managing a pfsense Firewall I suppose you could by using snort and the firewall filters maintaining a set of custom rules to defend the network. It would be a never ending process new rules every day being added. But this is why you subscribe to a professional security firm selling subscriptions which allow you accesses to there custom rules for just a few thousand dollars a year.

    One of the nice things about Pfsense is the fact you pick your own hardware ..... Old computer you just retired, or buy a new state of the art computer system.