Microsoft recently released their free anti-virus, anti-malware and anti-spyware program called Microsoft Security Essentials.

Aimed at the consumer and small business market, this application really takes aim at the existing free anti-virus solutions out there, and even some of the pay solutions that consumers and small businesses use. 

The application is built on the same engine Microsoft’s enterprise solution (ForeFront) is built on, and integrates nicely into the operating system.  When I’ve tried other applications, including AVG Free, Avira, and Avast! I’ve always noticed the fact it was there in that my OS seemed to slow down to varying degrees when the software was scanning or downloading updates.

With Microsoft Security Essentials I haven’t noticed any impact to overall system performance.  In addition, the software caught a few things that the other applications mentioned above didn’t catch for whatever reason.

As a general rule of thumb I prefer built-in or integrated solutions simply because I feel there’s a better user experience, things are less intrusive and it just seems to perform better.

The big AV companies like Symantec, McAfee, Kaspersky and others surely must have at least a little trepidation over the fact the Microsoft has released a free anti-virus solution that they charge for.  Will Microsoft’s Security Essentials replace full-blown suites that Norton, McAfee and the others provide?  No, and it’s not intended to.  The others have firewall applications, inbound/outbound mail scanning, instant  messaging scanning, etc., that Security Essentials doesn’t have.  In my opinion however, those are all things you don’t really need in the first place and just slow your system down.  XP, Vista and Windows 7 has a firewall built-in, most people these days sit behind a cable, DSL or FIOS router which has firewall capabilities, and their IP address is masked behind the router’s NAT (Network Address Translation) feature as well.

Microsoft Security Essentials offers real-time scanning and virus, malware and spyware detection, so having an inbound/outbound mail scanner on top of real-time protection seems a bit like overkill to me as well.

What do you think?  Does Security Essentials fit the bill for you and your environment or do the added features offered by one of the bigger companies AV “Suites” fill the needs of your environment?

Network security has been, and will continue to be, a hot topic among information technology professionals.  As a systems or network administrator, you should not only be aware of the need to keep a close eye on security, you should be actively engaged in it every day.  In addition to the tools listed below, you should also be looking at specialized training like Cisco CCNA Security training, Windows or Linux/Unix Security Training.

New vulnerabilities are discovered every day that could allow an attacker to penetrate your infrastructure.  Company data, company secrets, account information, financial data and more is at risk if your network is compromised. 

Here are 10 hacking tools that you should be aware of and use on a regular basis to help you see what the hackers see, and to keep your networks more secure.

Packet Sniffers

1. WireShark (http://www.wireshark.org)

Wireshark is perhaps one of the most widely used (and free) network monitoring / packet sniffing tools out there.  When you download and install, it will also install the WinPcap application.  Once your familiar with WireShark, you’ll be able to sniff your corporate network, trace conversations, identify insecure passwords, etc (especially using additional software like Cain & Abel).

This tools runs on Windows, Linux and Mac systems

2. Kismet (http://www.kismetwireless.net)

Kismet is a very powerful wireless sniffer, often used for “wardriving” (driving or walking around, searching for wireless networks to connect to).  A lot of features in this application including the ability to identity non-beaconing networks (networks that aren’t broadcasting their SSID).  Always a good idea to see how secure (or insecure) your wireless networks are if you have them within your company.  Wireless networks are one of the larger security holes in many networks (and home networks).

This tools runs on Windows, Linux and Mac systems

3. Cain & Abel (http://www.oxid.it/cain.html)

One of the most popular “password recovery” tools for Windows operating systems is definitely one you should be familiar with.  Insecure (i.e. weak) passwords offer little to no defense against a fairly knowledgeable hacker.  If they can can physical access to your network (including attaching to wireless networks) chances are they can sniff the network traffic and crack insecure passwords in a matter of seconds to minutes.  Routinely check your network for the existence of weak passwords using a tool like Cain & Abel to identify user’s who need to strengthen their passwords.

This tools runs on Windows, Linux and Mac systems

4. Metasploit (http://www.metasploit.com)

This tool is geared more toward people who do penetration testing (pen testing), patch installation verification, regression testing, etc.  It’s a framework that allows you to develop tools to test and launch exploits against your system to verify patches, defenses, etc., are working correctly.  A little more learning curve here, but if you really want to take your skills to the next level, this is one tool you should add to your skillset.

This tools runs on Windows, Linux and Mac systems

5. Hping2 (http://www.hping.org)

TCP/IP packet injection and manipulation is again a skill that is a little higher on the food chain, but something you should become familiar with.  Using this tool you can send partial ping packets, IP fragmentation, etc., to test firewalls, discover firewall rulesets, remote OS fingerprinting and more.

This tools runs on Windows, Linux and Mac systems

6. Nikto (http://www.cirt.net/nikto2)

If your organization maintains web servers, or you have a hosted solution that you want to ensure is up to snuff, a tool like Nikto might very well fit the bill.  It is a web scanner that can scan for thousands of potential vulnerabilities, and best of all it’s free and open source.

From the cirt.net website: Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 3500 potentially dangerous files/CGIs, versions on over 900 servers, and version specific problems on over 250 servers. Scan items and plugins are frequently updated and can be automatically updated (if desired).

This tools runs on Windows, Linux and Mac systems

7. Nmap (http://nmap.org)

Nmap is a network mapping tool that can be used by security administrators to scan and test their networks for unidentified servers, hosts with vulnerabilities and/or unnecessarily open ports, etc.  Nmap is a popular tool among security administrators and hackers alike, and has been featured in such Hollywood movies as the Matrix: Reloaded and Die Hard 4: Live free or Die Hard.

This tools runs on Windows, Linux and Mac systems

8. Nessus (http://www.nessus.org)

Nessus is one of the most powerful network scanners available, and most serious security administrators tool of choice.  They have moved from offering a free version to a commercial version, which is potential cost prohibitive to some administrators.  However when you factor in the cost of remediating a hack to your network or infrastructure, potential loss of data, critical systems, and/or reputation it’s a small price to pay.

This tools runs on Windows, Linux and Mac systems

9. Snort (http://www.snort.org)

Snort is an Intrusion Detection System / Intrusion Prevention System (IDS/IPS) that is widely used by security administrators to detect intrusions into their networks. It combines the benefits of signature, protocol and anomaly based inspection and is one the most widely deployed IDS/IPS technology worldwide.  There are a few pre-requisites for installing and running Snort, including Libpcap, PCRE, Libnet and Barnyard.

This tools runs on Windows, Linux and Mac systems

10. Retina (http://www.eeye.com/html/Products/Retina/index.html)

A commercially available network and security scanner from the folks at eEye Digital Security, Retina is a full-featured network monitoring application.  While not free nor open-source, it’s a popular tool used by many corporate and government security administrators.  Retina can also report on compliance with many corporate policies including SOX, HIPAA, GLBA, PCI and others.

Every few years it seems like a massively virulent worm makes its way around the internet, and certainly this year is no exception.  The worm that everyone has been talking about the last few weeks is the Conficker Worm (Conficker.C to be precise, as this is the third variant of this worm).  This little piece of code does a lot to hide itself and takes advantage of a flaw in unpatched Windows systems.  It has the potential to be very nasty and can quickly spread around a network (and beyond) if left unchecked. 

Over 15 million PCs have reportedly been infected, and all of these suspected infections are supposed to kick in and “phone home’” on April 1st.  What happens when all these machines start phoning home?  No one knows for sure since it hasn’t happened yet, but the general consensus is that one goal may be to create a giant distributed computing environment that can be used for many different purposes; from spamming to snooping, collecting data, logins and passwords, sensitive information and so forth.  Another potential use would be a large-scale Distributed Denial of Service attack (DDOS attack).

Most of the Anti-Virus companies out there have been talking about conficker for weeks or more, and offer ways to keep your systems updated.  Make sure whatever anti-virus package you use, you keep updated.  Also install all the latest patches and/or service packs for your operating system (Mac users don’t have to worry about conficker unless you’re running Windows in a virtual machine or dual booting (i.e. bootcamp)).

Another great weapon against worms like conficker is the free DNS service called OpenDNS (www.opendns.com).  We’ve talked about OpenDNS before and how it can keep your browsing safer and more secure.  They’re an excellent service that enables you to fine tune your DNS and control what your users (or children) can and can’t get to.

OpenDNS has been actively updating their blocklist to include all the domains conficker may try to contact.  Worms like conficker, once activated, contact sites on the internet to get further instructions on what do to, where to go, etc.  Conficker.C supposedly generates some 50,000 domain names a day so trying to keep up with your own blocklist by hand would be a daunting, if not impossible task.

That’s one of the beautiful things about OpenDNS, is that they keep those blocklists updated for you.  By blocking access to those domains at the DNS level, you can effectively shut out any possibility (or most possibilities) of the worm actually being able to do anything.

So to protect yourself, some things to consider:

1. Update your anti-virus programs as soon as possible
2. Ensure real-time scanning is enabled on your Anti-Virus programs
3. Install all hotfixes, patches and updates
4. Turn on firewalls if appropriate (at the router or perimeter as well as individual machines – Again, do so where appropriate and make sure doing so doesn’t break any critical applications or connectivity)
5. Utilize a service like OpenDNS that blocks the vast majority of threats like the Conficker worm at the DNS level

Following these steps can go a long way to preventing the spread of worms, viruses and other general nuisances.

If you have a method or tool you use to keep your networks safe, please feel free to share!

Palaestra Training is pleased to announce that we have a new trainer joining the company.  Koren Archibald, a Cisco Certified Instructor and Cisco Security expert will be bringing her vast knowledge and expert training skills to our Cisco CCNA: Security video training series scheduled for release in mid-May 2009.

Koren has been training and consulting in the most dynamic environments for over 10 years. She has worked and trained people across a wide spectrum of industries including government, commercial, secure, and extremely large network infrastructures. Koren is also a Microsoft Certified Trainer and consultant with a remarkable ability to convey information clearly and creatively in a technical environment.

She is the president of Wise Technical Innovations in Norfolk, Virginia and her company specializes in the following:

• Creating Cisco secure environments
• System Center Configuration Manager 2007
• SMS
• Project Server 2007 deployments in multi-site environments.

She is well-known for providing tailored solutions that are a perfect blend of training and consulting and Palaestra Training is excited to be able to provide that perfect blend of technical expertise and engaging presentation skills to our students and customers.

Other certifications Koren holds:

• Cisco Certified Systems Instructor #30837
• Cisco CCNA
• Cisco CCNP
• Microsoft MCSE on 2003, 2000 and NT 4.0
• Microsoft Certified Trainer (MCT)
• MCTS Windows Server 2008 Active Directory & Applications Infrastructure
• MCTS Windows Server 2008 Network Infrastructure & Windows Vista
• MCTS Microsoft Office Project 2007
• IT Project+
• Network +

Internet Safety is an important part of the digital age for anyone that has children old enough to be surfing the internet.  This doesn’t just mean connecting to the internet through the family computer.

There are a multitude of ways to connect to the internet these days, from internet-enabled cell phones, online games, gaming consoles (xbox, xbox360, Wii, PS3, etc).  Additionally, it doesn’t necessarily protect you simply because you have strict rules in your house or you monitor what your children do. 

For example, you might have strict internet usage polices at home, but that doesn’t mean the neighbor’s do as well.  That doesn’t mean your child wont be able to access the internet unrestricted at a friend’s house.  With WiFi hotspots practically everywhere, a child with a laptop can connect virtually anywhere if they exhibit a little persistence.

(more…)

Google just released their entry into the browser space, and it certainly has the makings of a champion. 

Called Chrome, Google’s browser is sleek, very fast, and takes a new approach at browsing the web (from the ground up).

There are a number of technical advancements under the hood, which Google describes in typical Google fashion.

This browser has a number of features that really differentiate it from the other major players (Internet Explorer, Firefox and Safari), including the ability to run each tab independent of one another.

What this means basically is that if one tab hangs it doesn’t hang the whole browser.  This, coupled with a new java virtual machine, V8, combine to make the whole browsing experience very pleasant.

(more…)

If you are the IT manager for a small or medium sized business, school or non-profit (or even just a parent trying to keep your children from coming across inappropriate content), chances are you’ve toiled with cost effective ways to make your network more secure while increasing your users’s browsing speed and reliability.

You’ve also more than likely searched for a way to do all this while blocking access to various categories of websites (i.e. pornography, video streaming, etc) without having to constantly monitor, update and tweak.

(more…)

Lots of websites collect personal information – some are just more obvious when doing it.

There are those sites that ask for personal information up front before granting the user access. Often, site visitors are asked for their name and e-mail address before gaining access. The Internet is a public place, so how anonymous are you? When you visit any web page, you leave traces of where you’ve been. Worse, if you share a computer, someone can see what you’ve been up to online in just a few clicks.

But there is a way to maintain your privacy through erasing the digital footprints that remain after you close your browser.

What’s important? When you want to cover your online tracks, consider removing the following: browser histories, cookies, cache files, AutoComplete information, e-mail trash, and log files created by chat programs and your internet connection. You can delete these items yourself, or install a program to do it for you.

Here are the 8 best ways to cover your online tracks:

1. Remove Most Recently Used (MRU) list

Most programs keep an MRU list showing the last used items. The most recently opened documents list is one of the ones you might be interested in, as it shows the last documents you’ve opened. You can remove or clear the list in one of several ways.

In Windows XP, you can right-click on the Start Menu, choose Properties > Start Menu > Customize > Advanced > Clear List. You can then uncheck “List my most recently opened documents” to prevent it from keeping a list in the future. Another method would be to manually remove it from the registry. Any time you tweak the registry, you run the risk of damaging your system so do so at your own risk.

If you want to remove the MRU from the registry, the key is found at HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer and then remove the key for “Recent Docs”. Again, back up your registry before you make any changes, there is always the risk of damage to your system.

(more…)

No program is a substitute for parental supervision, but some monitoring tools help you control where your children go online.

It’s great to have a tool that complements your shrewd set of eyes, but you still need to teach your children to be cautious when surfing the internet.

(more…)

Anti-virus programs are pretty much an essential component of every Windows PC these days. 

Unless you logged out of Prodigy and went to sleep for the last 20 years, you are more than likely aware of just how prevalent, and how dangerous computer viruses can be.  On the low end they can be annoying either flashing a silly message or slowing your computer down.  On the high side, they could completely destroy your system and its data, or open holes for identity thieves and hackers.

Surfing online without an updated anti-virus  program is like crossing the Grand Canyon on a tight rope.  It’s not a matter of if you’re going to run into to trouble, it’s a matter of when.

(more…)