Week 13 Summary and News Article
Week 13 Summary
Network security is inherently difficult and there are many reasons for that. Protocols are often insecure, software is frequently vulnerable, and educating end users is time-consuming. Security is labor-intensive, requires specialized knowledge, and is error prone because of the complexity and frequent changes in network configurations and security-related data. Network administrators and security analysts can easily become overwhelmed and reduced to simply reacting to security events. A more proactive stance is needed.
This introductory paper on Intrusion Prevention System (IPS) describes some of the basic evasion techniques that can be used to successfully evade detection. The following are some of the different approaches and techniques that can be used when it comes to an IPS evasion; Obfuscation, encryption and tunneling, fragmentation and protocol violations. Organizations mostly use firewalls and Intrusion Prevention System (IPS) to protect its network infrastructure.
Although IPS is an excellent evasion technique, internet service providers have fallen to manipulation of payload, traffic flow and header files thus rendering green light for all traffic to pass through using attacker shell access among other techniques. Luckily there are multiple tools that can be used of researching evasion, few of the more known ones are Snort, Wireshark, HxD and Evader.
Lastly, one must manage expectation when it comes to IPS goals and objectives; it is not your organization’s next silver-bullet protection. It needs to be used in conjunctions with other best-of-breed tools. Also, one should never just rely on the default settings from the vendor supplying the IPS. The vendor will set the IPS to work for the majority of their clients but the vendor does not have the blue-print to your network so it recommended to look deeply at the settings, keep track of your own assets and of which services are in use. This can assist in designing a truly customized IPS security profile that can meet your organization needs and objectives. Finally it is recommended to block Null sessions (unless you need them) and keep an eye on your IPS alerts.
News Article: JPMorgan Hackers Breached Anti-Fraud Vendor G2 Web Services
This week’s interesting article shows how money laundering is such a key component of cyber crime operations; hacking is no longer used for quick gains, it is a sustainable growth, hacker business model. This week, the model which has been unsealed and the federal indictments served against four men accused who made big gains and stole tens of millions of consumer records from JPMorgan Chase and other brokerage firms among other unnamed victims. For further information regarding this article, please click on the link below.