Network Security

Aug 11 2009   6:40AM GMT

Manage Engine releases Netflow Analyzer 7.5

Posted by: Yasir Irfan
Networking, Manage Engine Netflow Analyzer 7.5, Cisco IOS, Cisco Netflow, NetFlow Analyzer, Scrutinizer net flow analyzer, Manage Engine Net flow analyzer, sFlow, Network Monitoring, You Tube, Router Monitoring, Cisco 6500 Netflow, LAN Bandwitdh, Network Security, Custom Net Flow Reports, Netflow Reports, Cisco IOS NetFlow, Monitor, Router, Network, Administration, Network Traffic, Cisco Systems Inc., Netflow, Site-to-Site traffic monitoring, Network Bandwidth Monitoring

 

In one of my past posts, I mentioned about the Scrutinizer netflow analyzer, still I am testing some more netflow analyzers . Manage Engine recently released the latest version of its Manage Engine Netflow Analyzer 7.5.

 

So I though let me try the demo version of Manage Engine Netflow Analyzer 7.5, the new version features a customizable administrator dashboards allows an IT administrator to monitor the critical parts of the network infrastructure.

 

The new  Manage Engine Netflow Analyzer 7.5 ‘s Site-to-Site traffic monitoring capability helps businesses track network traffic patterns between separate physical locations, ensuring business-critical applications have the right amount of bandwidth allocated for maximum performance. This level of understanding is vital for the day-to-day performance of existing applications, as well as for planning infrastructure growth. It is also key to IT departments that chargeback business units for the volume of network traffic generated, and for service providers who bill customers based on volume and speed.

 

Some of the features of Manage Engine  Netflow Analyzer 7.5 are as follows

Network Bandwidth Monitoring Bandwidth Reporting Netflow Monitoring Network Traffic Analysis Site to site traffic monitoring

Application Performance Optimization Network Security Netflow Reporting Automating Reports Customizable Dashboard

 

The Manage Engine Netflow Analyzer 7.5 is worth trying the demo version for 30 days.  The good thing about the Manage Engine Netflow Analyzer 7.5 is the enhanced reporting tool, customizable dash board and ease to manage and install.

Jun 17 2009   7:56AM GMT

Scrutinizer NetFlow analyzer simple and easy to manage

Posted by: Yasir Irfan
Networking, Cisco IOS, Cisco Netflow, NetFlow Analyzer, Scrutinizer net flow analyzer, Manage Engine Net flow analyzer, sFlow, Network Monitoring, You Tube, Router Monitoring, Cisco 6500 Netflow, LAN Bandwitdh, Network Security, Custom Net Flow Reports, Netflow Reports, Cisco IOS NetFlow, Monitor, Router, Network, Administration, Network Traffic, Cisco Systems Inc., Netflow

 

It’s my habit to always  try something new or some interesting. As we have a huge project coming up, hence  I am in the process of testing many windows supported netflow analyzers.  Since I am aware of Manage Engine Netflow analyzer I thought for a change let me start over with Scrutinizer netflow analyzer.

I just went to the Scrutinizer web site and downloaded the latest Scrutinizer netflow analyzer; there support seems to be good, the moment I downloaded the  Scrutinizer netflow analyzer;  I received an email offering a trial key with few faqs of the Scrutinizer netflow analyzer.

  Continued »

Nov 26 2008   5:59AM GMT

What is Dynamic ARP Inspection (DAI) ?

Posted by: Yasir Irfan
Network Security, DHCP, Switches, Cisco, ARP, Switching, Cisco Tips, Cisco Learning, DHCP Snooping, Dynamic ARP Inspection, DAI, Security Features, IP to MAC

Dynamic ARP inspection is a security feature which validates ARP packet in a network. Dynamic ARP inspections validates the packet by performing IP to MAC address binding inspection stored in a trusted database (the DHCP snooping database) before forwarding the packet. Dynamic ARP intercepts, logs, and discards ARP packets with invalid IP-to-MAC address bindings. This capability protects the network from certain man-in-the-middle attacks.

Dynamic ARP inspection ensures that only valid ARP requests and responses are relayed.

The switch performs these activities:·        

Intercepts all ARP requests and responses on untrusted ports ·        

Verifies that each of these intercepted packets has a valid IP-to-MAC address binding before it updates the local ARP cache or before it forwards the packet to the appropriate destination·        

Drops invalid ARP packets

Nov 20 2008   7:54AM GMT

What is Dynamic Host Configuration Protocol (DHCP) Snooping?

Posted by: Yasir Irfan
Network Security, Security, DHCP, Switches, Cisco, Switching, Cisco 2960, Cisco 6500, Cisco Tips, Cisco 3560, Cisco 3745, Cisco Systems, Cisco 6500 Series Catalyst Switch, Cisco 6503, Cisco Catalyst 6503-E Switch, Cisco Catalyst 6506-E Switch, Cisco Catalyst 6509-V-E Switch, Cisco Catalyst 6509-E Switch, Cisco Catalyst 6513 Switch, DHCP Snooping

Dynamic Host Configuration Protocol (DHCP) Snooping is a security feature which filters untrusted DHCP messages, this security feature can protects the devices on the network from associating with an unauthorized DHCP server. When the Dynamic Host Configuration Protocol (DHCP) Snooping feature is enabled on a Cisco Switch , the Cisco Switch builds a table of MAC address, IP address lease time , binding type and interface information. In coming posts I will try to explain to how to enable and configure the Dynamic Host Configuration Protocol (DHCP) snooping security feature in a Cisco Switch.

Aug 12 2008   6:56AM GMT

Juniper Networks launches Network and Security Manager (NSM)

Posted by: Yasir Irfan
Network Security, Security, Switches, Routers, NSM, Juniper, Network and Security Manager

Juniper Networks is expanding its network and security management capabilities across routing, switching and security infrastructure with the launch of the Network and Security Manager (NSM).

The new Network and Security Manager (NSM) offers centralized management for Juniper Networks J-series services routers, EX-series Ethernet switches, Secure Access SSL VPN and firewall/VPN and Intrusion Detection and Prevention appliances, and the newly announced Unified Access Control (UAC) solution.

The Network and Security Manager (NSM) enables high-performance businesses to consolidate and simplify the management of their network infrastructure to increase security, reduce cost and realize operational gains.

 

Overview

Network and Security Manager (NSM) is a powerful, centralized management solution that controls the entire device life cycle of firewall/IPSec VPN, Secure Access (SSL), Infranet Controller (IC), J-series and EX-series switches (JUNOS® software). NSM handles the basic setup and network configuration with local and global security policy deployment for these products. Unmatched role-based administration allows IT departments to delegate appropriate levels of administrative access to specific users, minimizing the possibility of a configuration error that may result in a security hole. NSM can scale from small to large enterprises with NSMXpress and NSM Central Manager as a plug-and-play appliance preloaded with the latest version of NSM software.

Watch how to Manage Your Network Security

Datasheets

• Juniper Networks Network and Security Manager
  
• Juniper Networks NSMXpress
• Juniper Networks Network and Security Manager Central Manager (NSM Central Manager)

Brochures

• Juniper Networks Intrusion Detection and Prevention Solutions

Aug 4 2008   5:26AM GMT

MySpace & Facebook targeted by worms says Kaspersky Lab

Posted by: Yasir Irfan
Network Security, Security, Kaspersky, Internet Security, Facebook, MySpace, Worm

Security company Kaspersky Lab is warning of a new worm that targets MySpace and Facebook users.The worm variants are spread through the popular social networking sites, turning infected machines into zombies - PCs illicitly controlled by hackers to carry out tasks like denial of service attacks.

The Net-Worm.Win32.Koobface.a is activated when a user accesses their MySpace account, and is spread when it automatically comments on linked friend’s sites. Facebook is targeted by Net-Worm.Win32.Koobface.b, which sends messages to the infected user’s contacts through the Facebook site.

Both worms then direct would-be victims to a bogus Youtube link, where they will then receive a message telling them that they need to install the latest version of Flash Player. Instead of downloading the latest version of Flash Player however, the link then installs the worm, which installs the Facebook version of the worm if the user visited the site from MySpace, and vice versa, to increase the infection rates from the worm.

Do access Kaspersky web site for more information.

Jul 8 2008   8:20AM GMT

Sample I.T. Security Policy - Remote Access Security

Posted by: Yasir Irfan
Networking, Network Security, Security, Servers, Microsoft Windows, Cisco, Policies, Network Documentation Policy, Network Policies, Server Security, Remote Access Secuirty

Finally we are almost proceeding towards the completion of the Sample I.T Security policy, we have just two more topics to cover. Coming days I will try to complete that, here we are with Remote Access Security

 

REMOTE ACCESS SECURITY 

“IS” CONSIDERED THE FOLLOWING:

1. RAS server provides the most secure method for remote access to the network if it is reburied.

2. Never allow client computers on the network to answer remote access connections.

3. Organize all remote access servers in a centrally controlled location.

4. Servers have no need to originate dial-out connections (Except when using telephone lines as low cost WAN connections, but these connections should be relatively permanent).

5. To simplify security administration, allow only one method of remote access into the network.

6. Remote access control procedures must provide adequate safeguards through robust identification, authentication and encryption techniques.

7. Carefully consider the wisdom of providing cellular telephones and modems for use with laptop computers. This technology isn’t usually justified considering the relatively modest increase in productivity compared to the cost and the security risk of a lost laptop.

8. Consider using only the NetBEUI protocol for remote access to limit the extent of intrusions on the network.

9. Control the distribution of remote access software on the network. Never allow client computers to run remote control software. If remote control software is necessary, run the software from centrally controlled computers or thin-client servers.

10. Disable dial-in networking, except in the cases of trusted individuals or to special computers,because dial-in networking can bypass regular network security.

11. Encourage an easy-to-use (but secure, of course) method for users to indicate when they need remote access, for how long, and to which phone number. Base the dial-in permissions on these requests. Always verify the request verbally with the user to ensure that it’s not a spoof.

12. Gather contact information for the telephone companies as soon as possible so that it is on hand if dial -up hacking attempts are discovered.

13. If possible, use external modems to answer RAS connections. They can be powered off when no RAS activity is anticipated, and they allow manual disconnection if necessary.

14. If remote access is required only occasionally, set the Remote Access Server service to start manually, then use the services control panel to start the service when needed and stop it when it is no longer in use.

15. Revoke dial-in permissions for users during periods when they are not necessary, and invoke them when the user is away from the office or working from home for a period.

16. Thin client and remote control software can be more secure than remote access software in certain circumstances. For instance, an entire database could be copied down using remote access software, but that same data would be extremely difficult to extract using remote control software configured to disallow file transfers.

17. Tightly control user-based remote access permissions. Allow only those users who have an immediate need to log in remotely.

18. Use alarming software to detect numerous attempts at password guessing over dial-up networks. Use the standard performance monitor to detect this activity, or purchase third party alarming software.

19. Use callback security. Without callback security, tracing RAS based intrusion attempts is very difficult.

20. Use external modems that have on/off switches for those machines that have remote access software installed. Only turn on a modem when a user calls in and requests a remote control connection.

21. Use hard-coded callback security for all remote users that don’t normally travel, to prevent their account from being exploited from unknown locations.

22. Use Microsoft encryption when possible.

23. Use the Point-to-Point Tunneling Protocol for all Internet connections allowed into the network, or some third-party software that performs the encrypted tunnel function in concert with the firewall.

 

 

Jun 28 2008   5:24AM GMT

Sample I.T Secuirty - Network Security

Posted by: Yasir Irfan
Networking, Network Security, Security, Microsoft Windows, Switches, Cisco, Routers, Policies, DataCenter, Network Documentation Policy, Network Policies

We are continuing our series on Sample I.T Security Policy, so far we have covered Physical, Human, User Secuity and Client. Today lets concentrate on Network security which is as follows

5‐NETWORK SECURITY
“IS” CONSIDERED THE FOLLOWING:
1. The network must be designed and configured to deliver high performance and reliability to meet the needs of business whilst providing a high degree of access control and range of privilege restrictions.
2. Inappropriate control over access to the network will threaten the confidentiality and integrity of Organisation data.
3. Apply Strong monitor and management utilities in Organisation network.
4. Never communicate between Organisation units over the Internet without using some form of encryption.Unencrypted packet headers contain valuable nuggets of information about the structure of the internal network.
5. Always use encrypted communications for data that flows over public networks like the Internet.
6. Locally control and administer all security services for the network.
7. Make telecommunications security an integral part of the network security if the network can be accessed via modems.
8. Use leased lines rather than encrypted tunnels whenever practical.
9. Monitor and Audit the logs for the internal routers and switches.
10. Install fiber cables instead of UTP cables.
11. All speed dialing facility create information security risks as confidential customer contact information can be accesses just by pressing telephone keys.

I.S issues concerned:
• Sensitive information may be stolen because caller masquerade as you over the
telephone
• Secure or unlisted phone numbers may be acquires from your stored information.
• Secure or unlisted phone numbers may be acquired from global information stored in PBX.

Yasir
Personel Website: www.yasirirfan.com