13 ways to penetrate your NETWORK...

• Default Accounts: When an operating system is installed, default accounts are installed on the system. This makes it easier for hacker they already know the user name they only have to guess the password.
• Accounts without password. No comment!
• Password Cracking: Huge dictionary of known passwords are used to find out which is your password.
• Default passwords to system account found in most operating system, applications, ...: Those are well known and makes it easier for hacker.
• Mass dialing is the dialing of your entire phone number range to identify modems port. This technique allows hacker to find a backdoor in your network.
• Trust Relationships are often used to simplify communications between systems. If one system is compromised, all the systems are.
• Employees dialling Out/Using the Internet: Whilst connected to the internal network and they also connect to the Internet (dialling out to an ISP) and create a backdoor in your secure network.
• Routers: Are the default password still in use? Do they help hackers or you?
• Netbios Scans: Netbios runs on most windows systems (Windows 9x, NT, 2000). Using a Netbios scanner, a hacker can identify the type of account (normal user, administrator, server) and check for blank passwords or accounts with a password equal to the account name.
• Packet Capturing/Network Sniffing: Hacker uses widely available/free tools to collect actual data passing through a certain portion of a network.
• Keystroke Logging; There is a few freeware packages available that logs your keystrokes. Enabling hackers to see what you type like username, passwords, ...
• Vulnerable Services: Some services like telnet, ftp do not encrypt passwords.
• Email Capturing: The text in your email is not normally encrypted and can be viewed by anybody.

What is the scope of the problem?

Hacker using your site to hide their track - whilst they attack another company; Hacker roaming around your company to collect information; Virus; Theft; Your staff surfing the Internet instead of working; ...

The following diagrams are from the DTI report on Computer Security published in 2000:

Breaches In Security

Unauthorized Activity *Seriousness* Of Breach

Questions you should ask your SECURITY MANAGER

Click here to get your check list.

What is the solution?

The solution starts with a good network design backed by a company wide security policy.

However, there is no final/comprehensive solution. New problems are being discovered daily. This is a challenge that needs to be addressed on a regular basis. Hence, why it can be more cost effective to use a specialist company like business force ®.

NETWORK DESIGN & SECURITY POLICY	PROTECTION & DETECTION SYSTEMS	APPLICATION & TOOLS
Educating users about security issues & enforcement through rules. Design & implementation of de-militarized zone, network filtering and alert/detection system Regular Audit of your IT Infrastructure	Cisco Secure PIX FireWall appliances Linux's proven Firewall solution Software FireWall solution Cisco Secure Intrusion detection System	Encrypted/Signed email facility Encrypted disk volume(s) Anti Virus detection Email 'Spam' detection/filtering Enforcing acceptable usage policy
Click here to find out more	Click here to find out more	Click here to find out more

---

Network Design & Security Policy

Our Trainer and Senior Network Consultants can:
Education & Trainig

Educating your staff through regular training; click here to learn more about Security Fundamentals

Help you formulate Security Policies and Acceptable Usage Policiessuitable for your company; click here

Design

Design a secure and reliable network based on "best practices"; or

Validate your proposed/existing design and advise you accordingly;.

Audit

Review your existing network infrastructure and produce an Audit document that will enable you to see the weak areas and what needs to be done; click here

Consultancy is charged on a per day basis and starts from £700 + VAT.

---

Protection and Detection System Solutions

Any company with a permanent (and to a lesser extent with a dial up) connection to the Internet is at tremendous risk from ‘hackers’. This has been made worst over the last few years by the proliferation of free and widely available tools which enable people with little knowledge to detect weak security point(s) in a company infrastructure.

This has created a new market in the industry and every months new products are being released promising plug & forget with complete peace of mind (?) capability. However, like all new products they are likely to have software defects. Hence, we only recommends the use of tools that have been around for years and which have a proven track record at defeating attacks.

For businesses, we have 3 recommended firewall solutions which have the following benefits:

1. The Cisco Secure’s PIX Firewall hardware appliances provides:

Firewall service based on purpose-built security appliances that deliver unprecedented levels of security, performance and reliability.,

Load balancing - Application(s) may need some design changes.

Filtering policy.

Built-in Intrusion Detection System and the Cisco Secure Intrusion Detection System available as an option

Price starts around £299 for PIX-501 (hardware supply only)

Typical SME installation for PIX-506E from 1,999 + VAT include installation and onsite configuration.

Training is available at £350 + VAT per 1/2 day

2. The Linux based proven firewall solution provides:

Firewall service,

Intrusion Detection System and

Filtering policy.

Graphical management tools

Price from £2,999 + VAT include a Compaq Proliant DL3x0, installation and onsite configuration.

Training is available at £350 + VAT per 1/2 day

3. Software based Firewall solution for individual using the MS-Window platform which have the following benefits:

Firewall service,

Some filtering policy - some software may require manual configuration.

Graphical management tools

The following products have successfully completed ICSA Labs PC Firewalls tests and have been granted ICSA LABS PC FIREWALL CERTIFICATION and can be purchased from us:

Network Associates, Inc.	McAfee Desktop Firewall & McAfee Firewall
Symantec Corporation	Norton Personal Firewall 2002

Note: Click here for more information on ICSA Certified Personal Firewalls.

---

Application & Tools

1. Encrypted/Signed email facility Solutions
The worldwide standard for email authentication and encryption is PGP which is used by million users worldwide.

Email authentication can be used whether or not the receiving party has PGP software installed on their computer.

However PGP's email encryption is only available if the sender and receiver of the email have PGP software installed on their computer. When security of information is paramount and the destinator has no specialise software an alternative solution is required, see the ZixIT section.

You will need to buy a license to install and use PGPmail and PGPfile Encryption., contact us for prices

Message Privacy for Email, File Attachments and ICQ Instant Messaging

PGPfile encrypts, decrypts, signs and verifies files for either email or secure storage on your computer.

PGPicq secures instant messaging communication.

PGPicq encrypts, decrypts, signs and verifies instant messages exchanged with over 41 million users worldwide.

PGPwipe and Free Space Wiper functions delete files by erasing their content completely from your computer.

2. Secure Hard Disk Encryption
The best product available today is SecurStar's DriveCrypt - Secure Hard Disk Encryption, contact us for prices.

3. Anti Virus Detection
We sell Network Associates, Computer Associates and Symantec products, contact us for prices.

4. Email 'Spam' detection/filtering
We sell MimesSweeper, contact us for prices.

5. Enforcing acceptable usage policy
We provide a remote network monitoring service that provide you with monthly report showing who is spending the time on the Internet and what they sites are being visited, contact us for prices.