top of page
Search
elliottbuley057jif

ETOS Download







































With all of the recent news coming out about data breaches, it’s worth stopping for a minute to assess your security. Step one is to take an inventory of what you have access to - including any machines, browsers, network shares, mobile devices, individual user accounts—and then assess what you can do about it. If you don't feel like creating a full-blown company security policy with accompanying documentation and training plans on how to make your employees aware of your policies and procedures - which is an admittedly daunting task - there are other ways in which you can increase the security for your business. First and foremost, get a decent hardware firewall that protects all of your HTTP and HTTPS traffic, such as IPSec-ready hardware VPNs from companies like Juniper. Any time you're operating on untrusted networks, be aware that you're at risk of the Bad Guys trying to get access to your data. Another thing you can do is enable HTTPS on every server and client in your network. Thus, even if someone sniffs your data during transmission between server and client, they won't be able to see anything useful since the data is encrypted.Digital SignaturesOne thing that’s not encrypted in an HTTP transaction is the digital signature. A digital signature is the portion of an HTTP transaction that includes information about the client making the request. That’s actually what makes it possible for network devices to determine who should receive different pages on your website. Every time someone accesses a page on your site, their browser displays a certificate that identifies them. That’s what you use to make sure that only authorized clients are given access to data on your servers. The problem is that it can't really identify users if they're maliciously spoofing an address. Consider a scenario where a Bad Guy has planted a Trojan on your network that can listen in on traffic between clients and servers, and then re-route it through the Bad Guy's system. In this case, the certificate will display the address of the Bad Guy’s machine rather than your machine. In fact, if you send an HTTP packet to a hacker who isn't running an active listening service, he'll have no idea you're talking to him - unless he's using his own sniffer. But if he is running an active sniffer, then that means that his malware has already infected your system or at least has compromised a machine that’s part of your network. The only way for this Trojan to be effective is if it can slip past your firewall, which would mean that the Bad Guy has compromised a machine on your network. The only two ways this can happen are if the Bad Guy has access to your router or if he's already installed his Trojan on one of the machines in your local area network (LAN). If he’s using an active sniffer—such as Firesheep or BurpSuite—any machine connected to the same LAN will see the hacker's IP address alongside yours. That means that there's no way of knowing whether you're talking to him or not. And that means that your digital signature is completely worthless. eccc085e13

0 views0 comments

Recent Posts

See All

Comments


bottom of page