Domain Isolation

Domain isolation is to mitigate the threat posed by unauthorized access to a trusted computer by an untrusted computer. Domain isolation provides better security when it comes to unauthorized access. IPSEC (Internet Protocol Security) protocol is the best one to be used in this scenario, making your Domain and Domain member servers communicate to the computers you trust. Using IPSec we can filter the traffic to our domain controller and thus making it more secure. IPSEC uses the encryption algorithms like DES or 3DES and integrity algorithms like MD5 or SHA-1.

Traffic from servers like RADIUS server to domain server should be IPSEC in order to protect the communication between them. Since, RADIUS server is used to authenticate the DIAL-IN users against the Active Directory making it more prone to Sniffing attacks. IPSEC allows to encrypt the communication between RADIUS server and Domain making it hard for someone to easily understand the packets being traffered.

Few Things to consider:

1. Ensure that inbound network access to a trusted domain member on the internal network requires the use of another trusted domain member.
2. Allow trusted domain members to restrict inbound network access to a specific group of domain member computers.
3. Focus network attack risks on a smaller number of hosts, which provides a boundary to the trusted domain, where maximum risk mitigation strategies (such as logging,  monitoring, and intrusion detection) can be applied more effectively.
4. Focus and prioritize proactive monitoring and compliance efforts prior to an attack.
5. Focus and accelerate remediation and recovery efforts before, during, and after an attack.
6. Improve security by adding strong per-packet mutual authentication, integrity, anti-replay and encryption.

IPSEC is one of best options when it comes to securing communication between two computers / servers.

Security Tips 2

Hi All, in another bolg i would let you know further on how you can secure your workstation.

 

Want UAC in XP? To exercise least privilege in XP, don’t put users in the local admins or power users groups. This is a good idea in Vista also since users in the administrators group can just click “Continue” when prompted to execute viral code. Any virus that attacks the user will run in the context of the user, which doesn’t allow changes to the system if they’re running with least privilege.

 

In other to secure your desktop, rename the administrator account to something uncommon and which you can remember when required. Also, keep disable GUEST account on your system. Some codes can really take advantage of this user and can play with your desktop.

 

A little understanding of what you are trying to execute on your system can save you from a formatted hard drive. Mostly people execute some program without knowing what it is and later end up cursing Microsoft. If you can’t decide on what you have to download and what not to then How can Microsoft decide on your behalf….

 

Always download the software from its official website and donot download it from any other link until and unless directed from the official websites. What hsppens is that i know the vulnarabilities in a software and i download it from internet…i can add my own files into the package and could upload it to the internet for download. people downloading that pakage would not come to know that they have just downloaded the package containing some unwanted files. When executing those files also gets exceuted and make your computer vulnerable in their own way. So, always try to download the software from its official website.

 

freeware softwares available on internet may be a honeypot so be aware what you are downloading and what is this software going to do. If you see something suspicious aout the working…lets say if you downloaded some software to format your floppy drive….and if you see that utility trying to connect to internet..that means you just downloaded a HoneyPot. Someone designed that utilty to get access to your computer remotely. Softwares can do multiple stuffs at same time so, you need to be very specific about what you are doing.

 

Safety is better than sorry !!!!!

MD5 Encryption Working

Hey everyone….check this cool link which shows you how MD5 encryption works http://nsfsecurity.pr.erau.edu/crypto/md5.html . Its really amazing for all who dont know how MD5 works in background.

Security Tips 1

hey everyone….thanks for reading my blogs. My key focus is security so i mostly bolg on security. In this blog i will let you know how you can make your desktop more safe when you connect your home computers on internet.

 

1. Always make sure you have de-selected the File and Print Sharing option on the interface connected to internet. What this does is that it allows others to connect to you computers remotely. Since, you are on internet and you really dont need this service. So, dont select this option when connecting to internet

 

2. Be aware of Phishing attacks, this is a technique through which an attacker will send you a webpage in an email or may be in the form of a weblink. This web page could be an advertiseent which guides you to some other page or may be a bank webpage asking you to enter your credentials. Donot enter your credentials until and unless you specifically know what you are doing. on internet things may not be what they appear.

 

3. Always update you Windows through microsoft update servers. use http://update.microsoft.com for updating your computers.

 

4. Use antivirus in your computer like Microsoft OneCare and Microsoft Defender or may be any other. Also, regularly update the antivirus software so that you can have updates signatures for latest viruses.

 

I will keep updating my blog with some more ways you can make your computer safe and updated

IP Spoofing

Ip Spoofing is a type of attack in which attacker gains access to packet headers and changes the source address on the packet with its own IP address. Now think about a scenario that you sent a request for www.microsoft.com and an attacker sniffing through the path got to know about the packets. He will intercept and could modify the packets as per his own need. It is used to gain unauthorized access to computers indicating that the message is coming from a trusted host. To engage in IP spoofing, a hacker must first use a variety of techniques to find an IP address of a trusted host and then modify the headers so that it appears that the packets are coming from that host.

 

 

How to Protect?

 

On your firewalls external interface you should always deny any packets which has a private IP address in the source because there is no way these IP addresses can be routed as these are non-routable IP addresses

Protecting against Brute Force Attack

Brute force attacke which is also known as Dictionary attack in which attacker uses different set of combinations for username and passwords. Think about having two text files with hundreds of usernames and possible passwords in the other one. They use a brute force attacker application against any such website which requires authentication. Now, think this way that so many requests being generated on your website which can sometimes hang your servers and bring down the website for other users.

 

How to protect?

 

Microsoft Active Directory provides a very nice feature in Group polices as Account Lockout policy. You should always use this policy to lock the account after x number of failed attempts. Now, if attacker uses the brute force to storm into your website the possibility is that the username will get blocked in initial few attempts.

 

You should also apply the policy which says to change the password after x number of days. This policy helps in providing protection against some attacks like someone took control of your SAM database which hold passwords in Hash format. if someone get a SAM file it will probably take him very long time to break that. In case if you have this policy setup then the chances are that by the time an attacker would be able to break the passwords from hash, you would have already changed the password to a new one. lets say 45 days is what u selected and if attacker takes longer than this to break the hash, you are still safe because now he will have to start all over again.

 

Educating the users to use complex passwords everywhere is very neccessary. Its not only user company network which is exploited, it could be your personal email address, your blog password or your online banking password. Complex passwords are very difficult to break. You never know from where the attacker will fetch the information so, you should try to use different passwords everytime you require. If you use same password everywhere and it got broken at any place….then BOOM all the places where you used the same password will get hacked.

 

I was studying an artile on internet and found a study which says that more than 50% of people working in a company can exchange their network passwords in return of a chocolate bar……..Isn’t that amazing !!!!

Microsoft Security

People who think Microsoft does not concentrate on security, check this out guys http://www.microsoft.com/security and then think twice before you say about the security. check http://www.microsoft.com/security/msrc/default.mspx to see how Microsoft checks and investigates for product vulnerabilities

 

Windows XP Sp2 Support getting over

Microsoft is going to stop the support for Windows XP sp2 from January 2008. It’s good time to upgrade to Windows Vista as it has cool features like Aero and many more. It’s highly secure and you dont have to restart the computer after every couple of days. overall, its a very nice product for everyone