Web	Compuextra.com

Web Resources
Sponsors:

Links: Volcanoes

What is a Firewall ? by Benjamin Hargis

Simply put it acts as a barrier between your computer and the internet. To protect you from crackers, hackers and malware.

If your running DSL or a cable modem you should employ a firewall, as having a direct connection to the Internet can make you a target to attack.

Firewalls can be hardware or software based. With firewalls you set up ACL's or Access Control lists to allow or deny traffic.

There are three different ways a firewall can block traffic.

1. Packet Filtering- Packets are analyzed against filters in the firewall rulesets. Firewalls will drop packets that are not allowed in the firewall rulesets.

2. Proxy Service- Information from the Internet is grabbed by the firewall and delivered to the requesting service thru the proxy.

3. Statefull packet inspection- looks up criteria against a database of trusted information. To see if the packet contains anything that would allow

or deny it into the network.

Firewalls are customizable allowing you to create your own rulesets you can block IP addresses, specific protocols such as Telnet, FTP, ICMP, UDP, SMTP and many others.

Firewalls can be customized to block specific ports, or even keywords.

There are many software firewalls availiable such as Tiny Firewall http://www.tinysoftware.com/home/tiny2?la=EN That is designed to keep hackers out of your network and block Spyware.

Zone Labs makes ZoneAlarm I like it bcause it has a simple interface allowing home users to configure it easily. http://www.zonelabs.com/store/content/home.jsp

For hardware firewalls there is:

Cisco www.cisco.com There brand is called PIX firewall.

From home users I like D-Link DI-604 this is a inexpensive firewall that works well. Best of all it fits into almost any budget.

Linksys (now part of Cisco) offers a router/firewall that supports VPN and DMZ. www.linksys.com

There are many hardware solutions including setting up a firewall on a *nix box. I like this the best as it gives you the firewall administrator the most control. I personally like OpenBSD for any security applications I would run with Unix, as it is secure. There have been very few exploits against this platform.

I will be writing more articles about firewalls shortly.

Benjamin Hargis CEO

Phuture Networks

http://www.phuturenetworks.com blog http://phuturegenius.blogspot.com

email: ceo@phuturenetworks.com

About the Author

Windows 2000 Security by Benjamin Hargis

I was asked recently to go to a car dealership and do a security analysis on their Windows Server 2000 machine.

This is what I recommend doing to any Windows 2000 machine where applicable.

Make sure that the guest account is disabled. It comes disabled by default.

A problem I notice allot is when I go to companies, lots of accounts are still active for employees who no longer work there. They should be removed when the employee is terminated or leaves on their own accord. Disgruntled employees have been known to wreck havoc.

Group policies can and should be implemented in a Windows 2000 environment and audited to make sure there are no extra accounts or accounts with weak passwords.

Password security is also important; if your password is weak it will be cracked. I have been in companies where your password is your initials. That is to simple. Implement password policies and account lockouts after multiple failed login attempts. WARNING this can create a denial of service attack. Create multiple admin accounts and give them different rights. A strong password policy for administrative tasks.

Run Net Share from the command line to view open shares on your network and shut those down unless needed.

Go into the BIOS and set a user password and disable the ability to boot from a floppy, USB, or CD. People can easily grab the SAM file which is a password hash stored on your system from a Linux boot CD or other tools. Then attempt to crack the hash.

Change the administrator account to a different name. That is usually a crackers first attempt. Rename it to something other than root as well.

Use NTFS on all partitions this gives you more control and security than using the FAT file system.

Make sure that the "Everyone" permission is not allowed on your resources, directories, etc.

Have the last user logged on turned off. This makes it easier for an attacker to guess passwords. There already half way there the have the username.

Apply appropriate access control lists.

Don't forget about the people around you and either lock your workstation when you leave or have a screensaver enabled with a strong password. Insider threats are a reality.

You can enable EFS encryption file system; you can encrypt whole directories as well. I suggest if your really paranoid or smart to look into a utility that allows you to choose different encryption algorithms. I do not like encryption standards that are closed. Meaning we cant see the source code. I prefer open source its easier to look for holes and attacks.

Make backups of all your important files. This is the most important thing I learned in System Administration. Backup, Backup, Backup to something that cannot be overwritten such as a CD-R.

To configure Security Policies use the Security Configuration Toolset you can make your job allot simpler by using snap-ins.

I visited Microsoft's site to see everything they had, I have to say there is plenty of information.

Shut down services that are not needed. The more ports that are open and the more applications running the more avenues of attack.

Restrict access to Local Security Authority only to admin.

Change log in warning to something like. Authorized Personnel only, "all activities are logged and monitored. Violators will be prosecuted to the fullest extent of the law."

Shut down individual ports, that are not used.

I personally like smartcards for two form authentication. I recommend RSA secure ID for machines that need more security.

Enable auditing to track what users and possible intruders are doing on your system.

Everything from login attempts to access of objects can be audited in Windows 2000.

Protect the registry from anonymous access.

Make sure the audit logs are locked down so they cannot be erased, or tampered with. Only the admin should have rights to these files.

Install service packs.

Make sure that your antivirus is up to date with the latest signatures.

Run a Spy-Ware utility.

You can also run an online vulnerability checker such as Shields Up by Gibson Research.

Get automated patch software.

Remember that security is not something that can be finished. Keep up to date.

Benjamin Hargis CEO & MCP

Phuture Networks

Visit us on the web! http://www.phuturenetworks.com Blog: http://phuturegenius.blogpsot.com

About the Author

Easy Computer Tips by Benjamin Hargis

Things you can do to keep your computer running smoothly.

1. Empty your recycle bin, delete the deleted files from Outlook, you can also delete files in your sent folder that are no longer needed.

2. Get rid of those cookies, they can take up alot of space. Marketers also use this information to track your buying patterns.

3. You can delete your Temp files these end with *.tmp you can use F3 in Windows to search for that extension.

4. Run Microsoft ScanDisk at least once a month.

5. Run Microsoft Defrag as well to keep your files in order on your harddrive.

6. Dust, dust is horrible for your system. If you smoke, dust more often, you can purchase canned air from Radio Shack to blow out your case, do it outside.

7. Purchase system utilities software such as Noton System Works or Registry Mechanic to keep your system running optimal.

8. Consider upgrading your RAM if your system is running sluggish.

9. Upgrading your video card can improve your gaming experience.

10. A new processor can do wonders to application performance.

11. Make sure Windows is done shutting down before you power off.

12. Use Anti-Virus Software and update your Anti Virus signatures.

13. If your using DSL or Cable use a firewall.

14. Install the latest drivers for your hadrware.

Benjamin Hargis CEO

Phuture Networks

http://www.phuturenetworks.com

About the Author

I'm a computer secuity consultant for home and small businesses. I started a company called Phuture Networks to help home users and small business owners about computer and network security. During the day I consult Realtors on website design, hosting and search engine optimization for a big company. My interest are computing, UNIX, Linux, Firewalls, programming, embedded systems programming, hardware hacking, learning, reading, playing chess and

Passing The CCNA and CCNP Exams: Setup Mode by Chris Bryant

CCNA and CCNP candidates need to know all about Setup Mode, why a router goes into that mode, and as you'll see, how to get out of that mode. Practicing Setup Mode at work is a good way to get fired, though, so you need to practice this on your CCNA / CCNP home lab or rack rental. In this article, we'll take a look at a Cisco 2500 router going into setup mode and a few tips that will help you pass the exams and excel at your job.

First, why does a router go into Setup Mode in the first place? When a Cisco router boots up, the router looks into Non-Volatile RAM (NVRAM) for the startup configuration file. If such a file is not found, and the router has not been programmed to look to a TFTP server for this file, the router enters setup mode.

The most common reason for a router not to have a startup configuration file is that the file's been erased. We will now erase this file on our 2500 router. As you'll see, the Cisco router warns us about erasing NVRAM and makes us confirm this choice, which it acknowledges with the OK message.

R1#write erase

Erasing the nvram filesystem will remove all files! Continue? [confirm]

[OK]

Erase of nvram: complete

R1#

The router will now be reloaded. There is a slightly misleading message displayed during reboot:

R1#reload

Proceed with reload? [confirm]

00:15:21: %SYS-5-RELOAD: Reload requested

System Bootstrap, Version 11.0(10c)XB1, PLATFORM SPECIFIC RELEASE SOFTWARE (fc1)

2500 processor with 14336 Kbytes of main memory

Notice: NVRAM invalid, possibly due to write erase.

That notice doesn't mean the NVRAM is corrupt or unusable; this message means the NVRAM doesn't have a startup configuration file.

The router will continue to boot and finally present you with this prompt:

--- System Configuration Dialog ---

Would you like to enter the initial configuration dialog? [yes/no]:

Almost every WAN engineer I know answers "no" to this question, because Setup Mode is a long, clumsy way to set up a router (in my humble opinion). We will answer "yes" in order to see this mode in action.

--- System Configuration Dialog ---

Would you like to enter the initial configuration dialog? [yes/no]: y

At any point you may enter a question mark '?' for help.

Use ctrl-c to abort configuration dialog at any prompt.

Default settings are in square brackets '[]'.

Basic management setup configures only enough connectivity for management of the system, extended setup will ask you to configure each interface on the system

Would you like to enter basic management setup? [yes/no]: y

Configuring global parameters:

Enter host name [Router]: R1

The enable secret is a password used to protect access to

privileged EXEC and configuration modes. This password, after

entered, becomes encrypted in the configuration.

Enter enable secret:

% No defaulting allowed

Enter enable secret:

Already, there's something about Setup Mode that you might not like. This mode forces you to set an enable password and an enable secret password. As you continue in this mode, you'll see this mode ask you questions about every single interface on the router, even if you're not planning to use that interface. Using Setup Mode really does get quite old after a while, again in my opinion.

One of the most important things about Setup Mode is knowing how to get out of it without saving the configuration. One way is at the very end of this mode, where you can answer "no" to "Do you want to save this configuration?" I personally never make it that far! Instead of waiting until the end of Setup Mode, we can use the CTRL-C key combination to abort this mode and ignore the changes.

Configuration aborted, no changes made.

Press RETURN to get started!

Setup Mode is not a mode that CCNA and CCNP candidates get a great deal of practice with, but you will be tested on your knowledge about it both in the exam room and on the job. And once you start configuring a router with this mode, you'll be glad you know how to get out of it!

About the Author

Chris Bryant, CCIE #12933, is the owner of The Bryant Advantage , home of free <CCNA and CCNP tutorials. Pass the <>CCNA exam with Chris Bryant!

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100