Coming to this issue we have Network Security in Tool Gyan which will put light on how to set up a secured network, Who wants to be a Millionaire in Tool Gyan, check out yourself of what exactly its all about ;)TOR in Mom's guide for all those who thought 'It sounds very complicated to use, I’m not a hacker! I can’t use it!' by our Author- Federico from Italy.
Issue26 – Mar2012 | Page-3Network Security Though we will not deal with the layers in depth, the basic building blocks of a network are the router which is part of theIntroduction core layer, firewall and switch which are part of the access layer. Along with these weComputer Networks are the back bone of all have supporting aggregation modules suchorganizations which rely on Information as IDS/IPS, antivirus, etc. Before we beginTechnology (IT) and are the primary entry on network design and security, let’spoint for users to access the Information understand the basic network components:resources of an organization. Networkstoday are no longer limited within the Routerphysical location of an organization, but are In simple words, router is a network devicerequired to be accessible from anywhere in which connects two different networks.the world which makes it vulnerable to Perimeter router or the Edge router isseveral threats. placed in the outermost layer of the networkIn a recent survey conducted by the and forms a part of the core layer of theComputer Security Institute (CSI), 70 network architecture and serves as the verypercent of the organizations polled stated first line of defense. It is responsible forthat their network security defenses had forwarding IP packets to the networks tobeen breached and that 60 percent of the which it is connected. These packets can beincidents came from within the inbound requests from Internet clients toorganizations themselves. Organizations Web server, request responses, or outgoinghave realized that having a secure network requests from internal network. The routerinfrastructure is critical to safeguard their can also be configured to blockIT assets. unauthorized or undesired traffic between networks. The router itself must also beNetwork design can vary from one secured against reconfiguration by usingorganization to the other but, it is secure administration interfaces andrecommended to use the layered design ensuring that it has the latest softwareapproach – core layer, aggregation modules patches and updates applied.and the access layer. These layers compriseof hardware necessary to control accessbetween internal and external resources.
Issue26 – Mar2012 | Page-4Firewall attempts, or in worst-case scenarios, the source of an attack.A firewall is often imagined as a wall ofdefense in a building which prevents Switchspreading of fire from one part of thebuilding to another. In a network world a A network switch is a device which enablesfirewall is a device primarily used to protect networked devices to talk to each otherthe boundary of an organization’s internal efficiently. The main purpose of using anetwork while it is connected to other switch in a network is to segment thenetworks. The role of the firewall is to block network into logical pieces. The networkall unnecessary ports and to allow traffic devices which are part of the networkonly from known ports such as port 80 for segment are connected to the switch andall HTTP traffic, port 25 for SMTP traffic any communication to these devicesand in some cases known network happens through the network switch. Somesegments. amount of security is built into the switch to prevent packet sniffing by intrudersUnfortunately the hackers have become so between networks. A switch can forwardsmart these days that they manage to get packets to a specific host or a networkthrough the firewall through the permitted segment, rather than sharing the data withports and try to compromise the IT assets of the entire networkan organization. Thus firewall cannotevaluate the contents of “legitimate” packets The second most important factor in theand can unknowingly pass through some network design is the networkattacks to the inside network. segmentation. Having a flat network allows an intruder to gain easy access toHence these days most organizations deploy organizations critical assets. Network isIntrusion Detection System (IDS) which segmented logically with the help ofhave the capability to monitor network network devices such as routers and switchtraffic and logs any unauthorized access and access between these zones is controlledattempts and suspicious network patterns by a firewall.and report them to network administratorsat the earliest. But again, there is a problemif the administrators are not able to takeimmediate action, though the attack isdetected it is not stopped.To prevent such malicious activities,Intrusion Prevention Systems (IPS) wereintroduced in the network architecture.When any such malicious activity isdetected an IPS can block such traffic andnotify the administrators. Coupled withIPS/IDS, the firewall is a useful tool forreventing attacks and detecting intrusion
Issue26 – Mar2012 | Page-5Let’s understand the network design aspects for detecting and preventing networkwith the help of the above diagram. Though intrusions. Further a switch is used tothis is not a full-fledged network diagram of segment the network into different logicala typical organization network, it does segments.provide the basic understanding of network In most organizations we see their dataarchitecture with more focus on the center network segmented into the DMZperimeter security. As depicted above and Internal zone. DMZs are used toperimeter router is the outermost network separate Internet facing devices such asdevice exposed to the external world with a Web servers, Mail Gateway, Domain Namepublic interface, followed by an optional Servers Proxy server. DMZ allows inboundnetwork switch or directly connected to a or outbound traffic to be initiated to or fromfirewall interface which allows traffic only the internal network without revealing theon specific ports. An IDS/IPS device is actual details of the internal network. Thisconnected in line with the network firewall
Issue26 – Mar2012 | Page-6adds an additional layer of security and appears the genuine client or theprovides a certain extent this assumption server. This results in either theholds good, if network paths are configured server or the client being tricked intoproperly. There should not be a direct path thinking that the upstream host isto internal network should one of the the legitimate and share confidentialdevices in the DMZ be compromised. information. Denial of service – is the act ofInternal zone mainly comprises of denying legitimate users access toinfrastructure required to support business required resources. Attackers denyapplications. There can be more logical service by flooding the network withseparations in the internal network based traffic and throttle the availableon customer needs such as a separate DB bandwidth and resources.segment which is also a mandate by fewregulations. As attacks are evolving and becoming more mature, the security solutions to preventHaving understood the network them are also evolving. As you might havecomponents and the basic layout of a seen so far, organizations use collection ofnetwork let’s focus on the need for security. layered security devices such as firewalls, intrusion detection systems, antivirus, etc.An intruder usually looks for poorly But managing all these devices individuallyconfigured network devices to exploit. Some is a complex process. This led to theof the most common network vulnerabilities evolution of Unified Threat Managementwhich intruders exploit are default Solutions (UTM). UTM systems are bundledinstallation settings, open access controls, with many security features and capabilitiesunpatched devices and easy access to such as intrusion detection and prevention,network devices. Some of the most common Anti-Virus solution, e-mail spam filteringNetwork threats are: and Web content filtering, functions of a firewall, integrated into a single appliance. Information gathering – information about network design, system Though UTM is still in its evolution stage, it configuration, and network devices has managed to be of much use to smaller is gathered and an attack is planned organizations and still a long way to be of later. much use to larger organizations. UTM Packet Sniffing – Intruder monitors device face the challenge of performance data packets using network sniffers with a significant consumption of to read all clear text information and bandwidth as they analyze more and more may steal some confidential data. But security experts believe that UTM information in clear text. is here to stay and hope to see a more Spoofing – where the original source mature UTM in future. of attack is spoofed to appear as a trusted source and can cause a denial of service attacks. Session hijacking - also known as man in the middle attacks in which an intruder uses an application that
Issue26 – Mar2012 | Page-7Network design is an evolving process,organizations must never sit back and relaxonce the initial network setup is complete.Networks must be monitored continuouslyand improve security from time to time.Security can mean different to differentorganizations and must take appropriatemeasures to secure themselves. Justremember we are never alone in this world,we always have company. Pradeep A. R. Pradeep_ar@infosys.com Pradeep works as an Infrastructure Security consultant with Enterprise Security and Risk management –Cloud practice, Infosys Ltd. Pradeep is currently working on Security Information and Event Management & Data loss prevention solutions. As a security enthusiast, Pradeep intends to become a cyber-forensic professional.
Issue26 – Mar2012 | Page-8Who wants to bea MillionaireEveryone wants to be Millionaire and thisarticle is just going to tell you how you canbecome one. The Web 2.0 has opened lots ofopportunities and possibilities along withlots of security issues. One of the populartechnology is “Flash” along with its neverending security issues. People laugh whenthey hear the terms “Flash” and “Security”together. Industry experts say that Flash isactually moving the ball towards ease of useand functionality and thus compromises onsecurity. Here we are actually trying to show you the security issues related with Flash applications and how you can test or exploit them for fun and profit.
Issue26 – Mar2012 | Page-9Let’s get our lab ready, all that you needed it and point it to the folder where we haveare: extracted Who Wants to Be a Millionaire.zip. 1. OWASP Mantra Security Framework - http://www.getmantra.com/ Just below the menu button you can see 2. Who wants to be a Millionaire flash your HTTP server IP address and URL. game - Paste it onto Mantra address bar. http://sourceforge.net/projects/vulfa 3. HTTP File Server - Step 2: http://www.rejetto.com/hfs/ Get failed in the game somehow. We knowNow call up your bank and make all the it’s hard for you, but do it. Once you failarrangements in advance to transfer this game will ask you whether you would like tohuge amount, don’t blame us at the end for replay the game or not. Before clicking onnot informing you ;) “Replay” go to OWASP Logo Tools Application Auditing Tamper DataStep 1: Step 3: Now go back to the game and press on “Replay” button. Tamper Data will come up with a pop upExtract the contents from the archives. We asking you to tamper the request or not.want a HTTP server to properly run the Click on “Tamper” button.game. HFS will serve this purpose, just run
Issue26 – Mar2012 | Page-10Step 4: Now all you have to do is to go ahead with playing the game. All the answer keys are there in the POST_DATA. You can use the search feature of your note taking application to find the correct answer easily. In the above screenshot, EditPad is used for taking the notes in Mantra itself and “Find” feature of Mantra helps to easily find out the answer. You can also watch it at - http://youtube.com/watch?v=aPk5vCqh- 2k Happy Hacking!!!Copy the POST_DATA and paste it into anynote taking application like Notepad.Step 5: Abhi M Balakrishnan email@example.com An electronics hobbyist turned security evangelist who is working as an information security consultant to put food on table and roof over head.Abhi M has performed several security consulting assignments in the area of penetration testing, code reviews, web application assessments, security architecture reviews etc.
Issue26 – Mar2012 | Page-11Protect your privacyonline with ‘TOR’What is Tor? TOR works exactly like this router system, but then there’s the onion. Well an onionLet’s begin with what Tor means: The Onion is… an onion! But the reason TORRouter. A router is a device that handles developers used the onion metaphor isyour request to go from your home, office, because when you pass inside the TORmobile connection to a website or a web router system to get to you requestedservice. If you write in your browser URL website, you send your data inside multiplebar http://chmag.in/and hit return, you’ll levels of encryption, exactly like sendingsend your request to your ISP router, which them inside the layers of an onion!will send the request to another router andso on, until you reach the CHMag ISP So you “launch” this onion inside the Torrouter, and finally get your page back. Every network and it’s decrypted at every hop itone of these steps is called a “hop”. makes, until it reaches the final destination you’ve requested.
Issue26 – Mar2012 | Page-12The Tor Wikipedia page has a great image that he can read and then it passes theshowing how Tor works: onion to the next hop.Electronic Frontier Foundation “How Tor Works” – licensed CC Attribution 3.0But there are a lot of people inside As you can see in the “How Tor Works”there! Shouldn’t it be defending my image only the last step, from the so calledprivacy? exit node to the webserver is actually sent in clear text. This has to happen since the last node must know what to ask and toIt may sound strange, but it does defend who. But your privacy is still safe becauseyour privacy. even “sniffing” (means intercepting packages sent over the net), the exit nodeFirst of all, when using the traditional router cannot know who has requested the page,network, you still pass on a lot of routers, and nobody can identify you. The serverbut every request you make can be owner will see the IP address, the numberintercepted, read, and modified. That’s that identifies you as unique on thebecause everyone who controls that “hop” Internet, from the exit node only. We’ll seecan see what you’ve requested, where you’re how simple it works later on.going and what you’re doing.Inside the Tor network this can’t happen. Since the Tor network usage is absolutelyBecause the path is chosen randomly, every free of charge, every peer that connects,“hop” can just decrypt the small onion layer including you, became a member of the
Issue26 – Mar2012 | Page-13network and starts passing “onions” over And now you’re just on click away from yourand over. But don’t worry, you won’t be safe browsing. Double click “Start Torenabled to be an exit node, if you want to Browser.exe”, and Tor will start connecting.serve as the last hop you can, but this is an Within a few second you’ll see this window:optional setting that must be explicitlyenabled.It sounds very complicated to use, I’mnot a hacker! I can’t use it!Well, you’re right, Tor is a very complicatedproject. But the developers are doing anincredibly amazing work to make itaccessible to everyone, so you can use it!And it’s extremely easy!Tor has a side project named “Tor BrowserBundle”, which is a no-installation tool thatallows you to surf safely and defend yourprivacy online with just one click! As saidthis is an installation free program, and thatmeans you can copy it on a USB key, bring itwith you and use it on every system youwant, even in hotel or internet cafésworkstations. You really don’t need to worry about all the buttons and the funcions inside the VidaliaJust download it from the project page: Control Panel, you just need to see thosehttps://www.torproject.org/projects/torbro words “Connected to the Tor network!”.wser.html.en, where you’ll find versions for And that means that you’re now protected.Windows, Mac OS X or Linux. But the magic doesn’t end here, becauseOnce downloaded, extract the .exe archive after the Tor connection has beenwherever you want and you’ll find this set of established, a special version of Firefox,icons: included in the bundle, will automatically open up, with this page:
Issue26 – Mar2012 | Page-14And you’re done! If you keep using thisFirefox window you’ll be channeled insidethe Tor network and surf anonymously andsafe. Want to give it a shot? Go tohttp://whatsmyip.net/ from both the Torbrowser and the browser you used beforeand you’ll see that the IP addresses aredifferent. You are actually using the IP fromthe exit node, as explained before. If youwant to stop using it, all you have to do isclose the browser window, the Vidalia panelwill also close and the connection with theTor network will end.So it is that easy. From now on if you wantto defend yourself, don’t forget to use Torbrowser, and bring it everywhere you go.You have learned that is not as complicatedas you thought, in fact it’s not complicatedat all! This is just the beginning of a lot ofservices that are available within the Tor Federicoproject, but this first step is all you have to firstname.lastname@example.org to be safe and sound.Happy privacy and safe browsing everyone! Federico “glamis” Filacchione, born and living in Rome - Italy, he is a security professional with more than 10 years of experience. He tries constantly to spread security awareness, explaining that security is not a simple tool, but thinking to the same old stuff in a totally different way (and it’s not that hard!). You can read his thought (in Italian) on http://glamisonsecurity.com, follow him @glamis on Twitter
Issue26 – Mar2012 | Page-16Section 66A - IncidentsSending offensive 5-6 pc of spam e-mails originate from Indiaor false messages - The share of spam e-mails originating from India is about 5-6 per cent of the total worldwide spam email traffic. FB effect,As we have discussed in the earlier articles, Bangalore: IIMB girl kills self for boyfriend.under the amended Information Technology Girls friend charged with abetment toAct, Section 66 has been completed suicide as well as under the provisions of theamended to remove the definition of Information Technology Act. MaliniMurmu,hacking. Amendments also introduced a 22, a first year MBA student from theseries of new provisions under Section 66 prestigious Indian Institute of Managementcovering almost all major cyber-crime (IIM), Bangalore allegedly committedincidents. From this article onwards we will suicide after her boyfriend dumped her andlook at those sections. made the announcement on Facebook.Police sources say Malini leftWith internet and telecommunication behind a suicide note saying she was killingvirtually controlling communication herself since her boyfriend left her.amongst people, amendments in the Investigations revealed that on the day sheInformation Technology Act, 2000 (IT Act) killed herself, Malini and her boyfriend hadhave made it clear that transmission of any an argument which led to the breakup. Latertext, audio or video that is offensive or has a her boyfriend left a post on Facebookmenacing character can land a sender in saying, "Feeling super cool today, dumpedjail. The punishment will also be attracted if my new ex-girlfriend, Happy Independencethe content is false and has been Day".transmitted for the purpose of causingannoyance, inconvenience, danger or insult.
Issue26 – Mar2012 | Page-17The Law 1. Sending offensive or menacingSection 66A of the IT Act is a relevant messages sent by using electronicsection which penalizes ‘sending false and communication means.offensive messages through communication 2. Sending false messages to cheat,services’. The section reads as under – mislead or deceive people or to causeAny person who sends, by means of a annoyance to them.computer resource or a communication While proving false message is relativelydevice,— easy, but the real question is ‘What a) Any information that is grossly constitutes an electronic message to be offensive or has menacing character; offensive or of menacing character?’ Indian or law has not defined anywhere the meaning b) Any information which he knows to of ‘offensive’ or ‘menacing’. As per the laws be false, but for the purpose of of general English, a person receiving causing annoyance, inconvenience, message should find that to be offensive to danger, obstruction, insult, injury, apply this provision, so its interpretation criminal intimidation, enmity, becomes relative and differs from person to hatred or ill will, persistently by person. making use of such computer resource or a communication device, Cyber-crimes like, intentionally sending c) Any electronic mail or electronic SPAM messages, phishing emails, mail message for the purpose of threatening messages, etc. can also be causing annoyance or inconvenience punished under this section. This section is or to deceive or to mislead the also applied along with Section 67 or 67B addressee or recipient about the which is related to cyber and child origin of such messages. pornography respectively.Punishment -Imprisonment for a term which may extendto three years and with fine.ExplanationFor the purpose of this section, terms“electronic mail” and “electronic mailmessage” means a message or informationcreated or transmitted or received on acomputer, computer system, computer SagarRahurkarresource or communication device including email@example.com in text, images, audio, videoand any other electronic record, which may He is a Law graduate, a Certified Fraudbe transmitted with the message. Examiner (CFE) and a certified Digital Evidence Analyst. He specializes inThe section covers two different acts – Cyber Laws, Fraud examination, and Intellectual Property Law related issues.
Issue26 – Mar2012 | Page-19EtherApe – GraphicalNetwork Monitoring Doesn’t it look cool? Go, ahead give a try and let us know what you think of the new version.Hello readers, we are back again with a newrelease, Matriux Krypton v1.2 at Now coming to this months’ article onnullcontritiya,Goa 2012. Thank you for your EtherApe, which is an open source graphicalsupport throughout these years that we are network monitor for Unix systems. Itable to bring in the bigger and better displays the network activity graphicallysecurity solutions. This version includes with host and link sizes shrink and growsome great features with 300 powerful accordance with the traffic activity.penetration testing and forensic tools. The Protocols are color coded. Some features ofUI is made more elegant and faster. Based EtherApe include:-on Debian Squeeze with a custom compiledkernel 2.3.39-krypton Matriux is the fastest Network view can be modified bydistribution of its kind and runs easily on a applying filtersp-IV with as low as 256MB RAM and just Can read traffic from file along with6GB HDD. Included new tools like reaver- the networkwps, androguard, apkinspector, ssh server A variety of protocols, packet typesand many more. Installer (MID) is made and frames are supported.more easy this time. Clicking on any link or node will provide additional information regarding the protocols and traffic information Handles traffic on Ethernet, WLAN, VLAN plus several other media and encapsulation types Output can be exported into a XML file supported from version 0.9.11 EtherApe can be found in Matriux Arsenal under Arsenal Reconnaissance EtherApe (root)
Issue26 – Mar2012 | Page-20Or simply fire up EtherApe by typingEtherApe in terminal.Note: Remember that EtherApe requiresroot permission to run, else you will get anerror “No suitable Device found”. When you start EtherApe, you may or may not see traffic depending on whether thereTo start monitoring the network select the is traffic actively passing through yournetwork interface from the Menu Capture network. (Here I pinged Google and openedInterfaces. Matriux Forums in a browser to generate some network activity). Also the data regarding this network activity can be viewed from Menu View Nodes/Protocol.This will start reading the network datafrom the interface selected and displays thenetwork in graphical representation. Showing the activity at the nodes.
Issue26 – Mar2012 | Page-21 monitor the network and can be used for monitoring the network activity and their protocols. Go ahead and run EtherApe to see the visual beauty of the network ;) Happy Hacking Reach us at:- firstname.lastname@example.org @matriuxtig3r www.facebook.com/matriuxtig3rShowing the activity with respect toprotocols, this data is useful in many ways Also if you are interested in supportingto trouble shoot network or check for Matriux project as a Developer/Contributorunwanted traffic etc. or any other forms such as feedback you are welcome to write to us!Also clicking on any link/node in thenetwork map will display the activity at thatnode/link. Team Matriux http://matriux.com/You can also configure EtherApe from thepreferences in the menu.ConclusionEtherApe can also read a tcpdump file thatwill allow us to capture network traffic to afile and analyze that traffic later or in offlinemode. Reason being, using EtherApe as rootis not recommended to remotely monitorthe network as you run a risk oftransmitting the root information over thenetwork. EtherApe is a great tool that can