So what are Intrusion Detection Systems
Intrusion Detection System (IDS) are becoming a very important part of any strategy for enterprise
security. But what are Intrusion Detection systems? CERIAS, The Center for Education and Research in Information Assurance and Security, defines it this way:
“The purpose of an intrusion detection system (or IDS) is to detect unauthorized access or misuse of a computer system. Intrusion detection systems are kind of like burglar alarms for computers. They sound alarms and sometimes even take corrective action when an intruder or abuser is detected. Many different intrusion detection systems have been developed but the detection schemes generally fall into one of two categories, anomaly detection or misuse detection. Anomaly detectors look for behavior that deviates from normal system use. Misuse detectors look for behavior that matches a known attack scenario. A great deal of time and effort has been invested in intrusion detection, and this list provides links to many sites that discuss some of these efforts”(www.cerias.purdue.edu/about/history/coast_resources/intrusion_detection/)
There is a sub-category of intrusion detection systems called network intrusion detection systems (NIDS). These systems are looking for suspicious activity and monitor the packets. Network intrusion detection systems can monitor many computers at a time over a network, while other intrusion detection systems may monitor only one.
Who wants to breaking into your system?
One common misconception of software hackers is that it is usually people outside your network who break into your systems and cause mayhem. The reality, especially for corporate workers, is that insiders can and usually do cause the majority of security breaches. Insiders often impersonate people with more privileges then themselves to gain access to sensitive information.
How do intruders break into your system?
The simplest and easiest way to break in is to let someone have physical access to a system. Despite the best of efforts, it is often impossible to stop someone once they have physical access to a machine. Also, if someone has an account on a system already, at a low permission level, another way to break in is to use tricks of the trade to be granted higher-level privileges through holes in your system. Finally, there are a lot of ways to gain access to systems even if one is working remotely. Remote intrusion techniques have become harder and more complex to fight.
How does one stop intrusions?
There are several Freeware/shareware Intrusion Detection Systems as well as commercial intrusion detection systems.
Open Source Intrusion Detection Systems
Below are a few of the open source intrusion detection systems:
AIDE (sourceforge.net/projects/aide) Self-described as “AIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire. It does the same things as the semi-free Tripwire and more. There are other free replacements available so why build a new one? All the other replacements do not achieve the level of Tripwire. And I wanted a program that would exceed the limitations of Tripwire.”
File System Saint (sourceforge.net/projects/fss) – Self-described as, “File System Saint is a lightweight host-based intrusion detection system with primary focus on speed and ease of use.”
Snort (www.snort.org) Self-described as “SnortĀ® is an open source network intrusion prevention and detection system utilizing a rule-driven language, which combines the benefits of signature, protocol and anomaly based inspection methods. With millions of downloads to date, Snort is the most widely deployed intrusion detection and prevention technology worldwide and has become the de facto standard for the industry.”
Commercial Intrusion Detection Systems
If you are looking for Commercial Intrusion Detection Systems, here are a few of these as well:
Tripwire
Touch Technology Inc (POLYCENTER Security Intrusion Detector)
Internet Security Systems (Real Secure Server Sensor)
eEye Digital Security (SecureIIS Web Server Protection)
Remove Blackworm Virus
Blackworm is a nasty internet worm which can delete DOC, XLS, MDE, MDB, PPT, PPS, RAR, PDF, PSD, DMP, and ZIP files. In addition to Blackworm, the worm has been named Kama Sutra, Blackmal, MyWife and Nyxem. This worm started on the 3rd of February and has been programmed to attack an infected computer on the 3rd of every month thereafter. So far it has been estimated that over 300,000 computers all over the world have been infected. Besides destroying those types of files, the worm also tries to disable anti-virus software so that it stops updating. It can also disable the keyboard and mouse of infected computers. Some Internet users have already lost important files after becoming infected by the Blackworm mainly because the clock time on their computer was wrong.
Like many Internet worms, Blackworm attempts to spread by mailing itself to contacts in a user’s address book. The e-mails containing the worm can have a wide variety of subject fields and attachment names. The worm also tries to add itself to the auto-start programs in the Windows registy. Once a computer in a network has been infected, Blackworm will try to infect all other systems in the network.
To prevent getting infected by Blackworm you shouldn’t open attachments or click on Web links within these e-mails, especially if these e-mails have a porn-related subject line. Use caution before opening any e-mail attachments, even if you know the sender. You should also backup any important files that you want to preserve. Most antivirus products will detect Blackworm assuming the worm hasn’t disabled the antivirus software. Because of this, it is important to frequently update your antivirus software. It is also recommended to scan your computer for viruses and use a firewall. To prevent the worm from spreading to other computers in a network, you should use strong passwords on all the users accounts.
Spyware Remover Protect Your Computer from Spyware
Spyware – this is one of the biggest threats to security and privacy in the internet today. Spyware intrude, break and enter our computers and pose a great threat especially with more malicious spywares. Leaving a home or business computer unprotected from spyware is just like leaving the front door open to intruders. The internet was not designed with security checks in place, that is why spywares have spread unchecked and now pose a big threat to the security and privacy of millions of internet users all over the world. Roughly 90% of computers today are infected or are vulnerable to spyware. It is more important more than ever to make sure spyware protection is in place in the form of spyware removers.
To combat spyware, it is important to understand what a spyware is. The term spyware covers a wide variety of malicious software that is designed to intercept or take partial control of the operation of a computer without the informed consent of the owner or user. The term spyware implies software that stealthily keeps an eye on the user; however, it has come to refer to software that undermines a computer’s operation without the owner or user knowing it. Spyware, adware and other malware will exploit the vulnerability of a computer usually for commercial purposes.
Spyware programs embed themselves into the computer and monitor the user’s internet browsing activities, spy on confidential information such as credit card info, send annoying pop-up advertisements and slow down your computer’s performance. Other consequences of spyware infestation include hijacked browsers resulting to reset home pages, changed search results, spam emails, toolbars added to the browser without consent and many more. In such cases, a spyware remover is necessary to clean up the system from all spyware programs and hidden malware.
A spyware remover is a necessary and worthwhile investment to keep any computer system free from spyware programs that could wreak havoc in it. Every computer must be well equipped to combat spyware and its effects. As the threat of spyware worsens, there is a variety of techniques available to counteract it. Spyware removers and other anti-spyware programs are available that help stem the threat of spywares. These spyware removers are designed to remove or block spyware. There are a number of spyware removers available, some are free while others require payment.
Some of the most popular spyware removers include Lavasoft’s Ad-Aware SE and Spybot – Search and Destroy. These spyware removers are effective tools for removing and intercepting spyware programs. Microsoft has also offered its own spyware remover dubbed Windows AntiSpyware Beta, which is currently released as a free download for users of Windows XP, Windows 2000 and 2003. Anti-virus firms have also introduced spyware remover functions in their respective products.
There are two ways in which a spyware remover can combat spyware. Real time protection prevents spyware from being installed. Scanning and removal inspects the contents of the computer’s files and removes files and entries, which match a list of known spywares. Most spyware removers today combine the two approaches. Spyware remover, just like anti-virus software require regular updates of its database of threats as new spyware programs are released all the time. The best spyware program protects the computer from any intrusive spyware and prevents it from being installed as well as keeps the system free from any trace of spyware programs.
Home Wireless Network Security Issues
Running a business from home has its advantages, including no commute, a more accommodating work schedule, fresh coffee and home-cooked meals at any time you want.
But running a business from home using a home wireless local area network (WLAN) with your computer may lead to thievery of confidential information and hacker or virus penetration unless proper actions are taken. As WLANs send information back and forth over radio waves, someone with the right type of receiver in your immediate area could be picking up the transmission, thus acquiring access to your computer.
Here is a list of things that you should consider as a result of implementing a home wireless network setup used your business:
Viruses could be loaded onto your laptop which could be transferred to the company’s network when you go back to work.
Up to 75 per cent of home wireless network WLAN users do not have standard security features installed, and 20 per cent are left completely open as default configurations and are not secured, but are made for the users to have their network up and running ASAP.
It is recommended that home wireless network router/access point system setups be always done though a wired client.
Always change the default administrative password on your home wireless network router/access points to a secured password.
Enable at least 128-bit WEP encryption on both card and access point. Change your WEP keys periodically. If equipment does not support at least 128-bit WEP encryption, consider replacing it. Although there are security issues with WEP, it represents minimum level of security, and it should be enabled.
Change the default SSID on your router/access point to a hard to guess name. Setup your computer device to connect to this SSID by default.
Setup router/access points so as to not broadcast the SSID. The same SSID needs to be setup on the client side manually. This feature may not be available on all equipment.
Setup your home wireless network router to block anonymous internet requests or pings.
On each computer having a wireless network card, network connection properties should be configured to allow connection to Access Point Networks Only. Computer to computer (peer to peer) connections should not be allowed.
Enable MAC filtering. Deny connection to wireless network for unspecified MAC addresses. MAC or physical addresses are accessible through your computer device wireless network connection setup and they are physically written on network cards. When adding new wireless cards / computer to the network, their MAC addresses should be registered with the router /access point.
Your home wireless network router should have firewall features enabled and demilitarized zone (DMZ) feature disabled. Periodically test your hardware and personal firewalls using Shields Up test available at www.grc.com. All computers should have a properly configured personal firewall in addition to a hardware firewall.
Update router/access point firmware when new versions become available.
Locate router/access points away from strangers so they cannot reset the router/access point to default settings. Also, locate router/access points in the middle of the building rather than near windows to limit signal coverage outside the building.
You should know that nothing is 100%. While none of the actions suggested above will provide full 100% protection, countermeasures do exist that will help. The good collection of suggested preventative actions contained herein can help you deter an intruder trying to access your home wireless network. This deterrant then makes other insecure networks easier targets for the intruder to persue.
