IT Answers » Platform Security

IT Security

Davemd — Mon, 16 Jun 2008 14:47:43 +0000

With all the talk about security certifications and working in IT security being hot right now and in the future, I was wondering if it would make more sense to try and get the Security + certification before trying to get another IT certification such as the MCSA (Microsoft Certified Systems Administrator)? I’ve heard that most certifications (other than security) don’t mean that much anymore to employers, and that skills now beat having certifications. Also, I noticed for many other security certifications such as the CISSP, the requirements to take the test are very strict, in that you need to have 5 years of experience working in security. How does one get that experience if they’ve never specifically worked in security? What if someone was more of an IT Generalist, or IT jack-of-all-trades where they worked? I think I want to head in the security direction, but how do I do it? For the past couple of years, I’ve worked for a small firm where I am the only one that does all the IT stuff, and security was really never an everyday issue. My job title probably ties more closely to an IT Administrator or Systems Administrator. I appreciate any help and feedback. Thanks very much.

Unknown Threats

Czarleo — Sat, 28 Jul 2007 14:24:28 +0000

Apart from honeypots, what are the different methods to find unknown threats which are prevalent? and how to find methods to mitigate them.

PS: all the vulnerabilities are known to all the n/w administrators and then can take measures to mitigate attacks but this doesnt happen..Hackers are at least 10 steps ahead..So how to find methods to find such unknown threats??

Paranoid about protecting my MAC address–Please read my story

DonBlake — Tue, 24 Jul 2007 14:28:29 +0000

What is the easiest way to protect your MAC address against spoofing? In 2004 I was the victim of a hacker that somehow spoofed my Cable Modem Mac address and used it to cover his identity while serving copyright material thru the internet. I was unsuspecting until my ISP one day suspended my service. I thought it was a normal outage but when I called my ISP I was transfered to their Security Dept. who said they would be sending papers explaining the situation. Some days latter I received an envelope from the Security Department of my ISP detailing the films that this hacker was serving thru the internet using my IP number and MAC address and warning me to desist.

This experience was really scary and frustrating because my only defense was that the times the hacker was logging with my identity I was at my workplace away from my home computer which was the one connected to the spoofed Cable Modem but still not a strong enough defense.

After arguing with the Security Dept. and not getting anybody to sympathize with me, even though I was only getting a warning I decided I couldn’t use the high speed internet (the only choice in my area) and make myself a victim of the hacker so I wrote a letter detailing my ordeal to the Security Dept. naming the people I have talked to and detailing my story and how I was being forced out of their high speed internet service because of another person impersonating me thru my MAC and IP address. I closed my account and had to get back to dial up service.

After a year I got brave enough to reopen my account but this time I rented a modem from the ISP so I didn’t loose my money if somebody spoofed my equipment again. I have been almost three years and the experience hasn’t been repeated. Now I have installed a wireless network at my home in order to connect my daughter’s computer to the internet. I’ve been reading about how to secure it but my previous experience has got me a bit paranoid, specially with the higher vulnerability of Wireless networks.

What would be the best way to protect my MAC address against spoofing? If a person could do it when it was only one wired computer connected with a cable to the Cable Modem how easier it might be now that I have a wireless network? My brother in law says not to worry, that a bolt of lightning doesn’t falls twice on the same spot but I can’t help to feel very paranoid.

Selecting an area within security to start

Secmax — Sun, 24 Jun 2007 16:06:15 +0000

Hi,
I’m studying for an MSc in Information Security from Royal Holloway University of London, I have a B.Engg. degree in computers and a PG Diploma in Networking and Communication as well as the CCSA and CCNA. I’m also studying for the CISSP.

Now, with all these qualifications, could you please tell me which would be the best position for me to apply for in order to get a start, and if I try that position what would my options be when I gain some experience.

Thank you!!

Procedures for a new area.

Millan — Wed, 23 May 2007 22:13:31 +0000

We are a company where we have expirience on network remote administration and now we have open a new area, The area of security. Now I need to start to make new procedures like when a new customer come to us and ask if we can handle the security for his network… I need to know if some one can recommend some standard like ISO, COBIT or something like this in order to make new procedures, questionnaires and all those things.

Thanks a Lot!

computer protection with revert

Dimchik — Thu, 17 May 2007 10:19:38 +0000

I am looking for a solution wich will allow me to revert computers setting back to original each time computer reboots. Basically on reboot computer will earse all files and configurations made in previous session.

malformed packet alert

Carnage6669 — Wed, 10 Jan 2007 01:28:34 +0000

I get this message from my router every 2 minuets or so. I tried blocking to ports that it attacks and the IP but the major issue is that, that IP is a broadcast IP, so i don’t know where it is coming from. What my question is, is how do is stop these alerts (short of removing my e-mail from the router) and what do they mean.

Malformed or unhandled IP packet dropped – ***.***.176.198, 0, WAN – 224.0.0.1 – IP Protocol 2

Critical Error in Security Log

FlyNavy — Thu, 28 Dec 2006 07:08:33 +0000

All,
I mamange a Windows 2003 Small Business Server Network with 9 clients. The server provides all network services. We use Logon/logoff, shared storage, and print server functions. We do not use exchange except for the server reporting tool. We do use about 4 instances of SQL. All clients are Windows XP Professional patched to current standards.
I continually get an error in the security log about a Service ticket request failed. Event ID is 673. It gives the IP of the machine, the ticket options as 0×2, and the failure code as 0×20. The number of failures can range from 3 to 8 in a day for the machines in question.
After some research, it looks like a ticket expiration problem. However, I only get this error on 3 of the 9 machines constantly. All machines are used every day. Most access a network resource every day. The other machines may generate this error once or twice a month. I am concerned that there is a configuration problem with the 3 machines.
I have followed several basic troubleshooting recommendations from Microsoft KB and a few other sources. Nothing helps or describes to me the difference between the 3 machines and the rest.
Any recommendations for either fixing or understanding the difference in the error reports? Thanks for the help.

Moving into the InfoSec role

Kushalp — Tue, 12 Dec 2006 13:36:26 +0000

I work at a company that currently does not have a position dedicated to information security. I come from a background in networking with a good portion of my focus on firewalls and other security related technologies.

I am interested in positioning myself into the role of InfoSec Admin at my compnay and was hoping that i could get some advice on how to sell the position to a reluctant management team. I know where most of our security issues currently are, but I need a more general description of the role and its value in order to justify dedicating a good percentage of my time to it.

Any advice and help would be appreciated.

wireless vlan

9222099 — Tue, 28 Nov 2006 03:04:22 +0000

hi all,
is it possible to have one link from a switch to an access point and split the network into two networks a wireless network from the AP and a wired port for a user connected thru RJ45 and still keep it secured.