"Linux Network Security"
Microsoft has the monopoly of the market and has used an aggressive marketing strategy; many times discounting open source software and other GNU licensed software’s. The major issue being security and the non availability of any company for security updates in case of a security compromise or threat. Linux network security has many single end users shy away from adopting Linux as their operating system. Also cited is the lack of much application software.
Yet when it comes to the enterprises and server software Linux is far ahead of Windows primarily because of the cost factor. The majority of DNS servers and other web hosting servers are Linux based because it is truly stable and secure (can be left for 6 months or more without a hitch, if properly configured). Proper configuration requires an expert on Linux and this is the crux of the matter. Windows Server operating systems are more costly, easier to configure and requires constant administration. Linux seems to have an edge over Windows in the cost and stability factors and Linux network security has to be viewed from the versions of Linux installed. Looking at the various reviews by companies that tested and tried Linux the results are such.
Red Hat scores good for large number of computers on the network and for constant customer support and patches
Novell Linux Desktop 9 too scores well for customer support.
Ubuntu Linux 5.10
SUSE Linux 10
Other versions of Linux are equally good with BSD and its various versions, Digital Unix, and other products from Ximian, Mono and IBM. The Linux kernel is the core of Linux. What does the linux kernel do? If we look at the Linux kernel source code we find that it includes multitasking, virtual memory, proper memory management, TCP/IP networking, shared libraries and demand loading. What is the latest version of Linux kernel? The Kernel has not changed much since 1996 but has had major updates. These are called Vanilla Kernels which are constant updates keeping in mind network security Linux based operating system.
As for the security issue everything depends on the configuration and the setup. The set up of the Linux server and configuration should be such that it does not affect the security of the network.
Saturday, December 1, 2007
Catch Hackers Lure Them to Your Honey pot
The number of attacks has been increasing on the internet. Networks of many companies have been compromised and their losses have been huge. Also the compromise of sensitive information that is causing still larger frauds is the reason why honeypots and honeynets have sprung up.
Honeypots and honeynets have been used to detect insider attacks and automated bots that are used in password and credit card fraud. Working in IPv6 environment these have the ability to capture new and unknown behavior. What is a honeypot? Why are organizations around the world deploying honeynets and honeypots in large numbers? What are the issues in deployment? We attempt to look at a few basics in this article.
Honey Pot
Honeypot is a trap; an electronic bait. It is a computer or network resources (computers, routers, switches etc…) that appear to be a part of the network but have been deployed as a sitting duck to entice hackers. Most honeypots are installed with firewalls. The difference in the firewalls on a honeypot is that it works in the reverse direction. It allows all traffic to come in but blocks all outgoing traffic. Most honeypots are installed inside network firewalls and is a means of monitoring and tracking hackers.
When a honeypot is attacked compromised data is collected about the attacks and the system that has been compromised. This is done with the help of software that permanently collects this data. The data collected is valuable information and is more of a surveillance and early warning tool. It also serves as an aid to computer and network forensics. The amount of information gathered depends on the type of deployment. The latter of the two the research honeypot is more extensive in information and is used by military or government organization
Production honeypot
Research honeypot
Honeynet
Honeynet is an entire network being built in such a way that it entices the black hat community and thus gives valuable information about their methods. It is usually several honeypots in a network framework that is a honeynet. Honeynets are also known as high interaction honey pots and are more useful tools because the amount of data is large and is more specific to network attacks rather than stand alone PC’s.
Honeypots and honeynets have been used to detect insider attacks and automated bots that are used in password and credit card fraud. Working in IPv6 environment these have the ability to capture new and unknown behavior. What is a honeypot? Why are organizations around the world deploying honeynets and honeypots in large numbers? What are the issues in deployment? We attempt to look at a few basics in this article.
Honey Pot
Honeypot is a trap; an electronic bait. It is a computer or network resources (computers, routers, switches etc…) that appear to be a part of the network but have been deployed as a sitting duck to entice hackers. Most honeypots are installed with firewalls. The difference in the firewalls on a honeypot is that it works in the reverse direction. It allows all traffic to come in but blocks all outgoing traffic. Most honeypots are installed inside network firewalls and is a means of monitoring and tracking hackers.
When a honeypot is attacked compromised data is collected about the attacks and the system that has been compromised. This is done with the help of software that permanently collects this data. The data collected is valuable information and is more of a surveillance and early warning tool. It also serves as an aid to computer and network forensics. The amount of information gathered depends on the type of deployment. The latter of the two the research honeypot is more extensive in information and is used by military or government organization
Production honeypot
Research honeypot
Honeynet
Honeynet is an entire network being built in such a way that it entices the black hat community and thus gives valuable information about their methods. It is usually several honeypots in a network framework that is a honeynet. Honeynets are also known as high interaction honey pots and are more useful tools because the amount of data is large and is more specific to network attacks rather than stand alone PC’s.
Subscribe to:
Posts (Atom)