How Computer Network Security Hackers Can Cripple Your Business

by

Best Network Security Agency MumbaiAs a Risk Consulting Company based in Mumbai, we are often called upon to asses the risk to a company’s network security from hackers and suggest solutions to prevent intruders from accessing a company’s communications systems. When we talk about the communications and internet security of a company we are basically talking about Network Security.

Network security goes hand in hand with Computer Security

These days it is hard to separate the two. Everything, from electronic hotel door locks to cellular telephones to desktop computers, is attached to networks. As difficult as it is to build a secure stand-alone computer, it is much more difficult to build a computer that is secure when attached to a network. And networked computers are even more pregnable; instead of an attacker needing to be in front of the computer he is attacking, he can be halfway across the planet and attack the computer using the network. A networked world may be more convenient, but it is also much more insecure.

These days it’s pretty much impossible to talk about computer security without talking about network security. Even something as specialized as the credit card clearing system works using computer networks. So do cellular telephones and burglar alarm systems. Slot machines in casinos are networked, as are some vending machines. The computers in your kitchen appliances such as the smart refrigerators will soon be networked, as will the ones in your car. All computers a and home entertainment and utility gadgets and devices will eventually be networked.

Lots of different types of networks are out there, but I’m going to be talking about the Internet protocol: TCP/IP. Networking protocols seem to be converging on the Internet, so it makes the most sense to talk about the Internet. This is not to imply that the Internet protocols are more insecure than others — although certainly they were never designed with security in mind — only that there are more good examples. Later, I talk about the fundamental dilemma of choosing a common protocol that is widely attacked by hackers, and hence whose security is constantly improving, or one that is obscure and little-known, and is possibly even less secure.

HOW COMPUTER NETWORKS WORK

Computer networks are bunches of computers connected to each other. That is, either physical wires run between computers — wires in an office LAN, dedicated phone lines (possibly ISDN or DSL), dial-up connections, fiber optic, or whatever — or there is an electromagnetic connection: radio links, microwaves, and so forth.

Simply, when one computer wants to talk to another, it creates a message, called a packet, with the destination computer’s name on it and sends it to the computer over this network. This is fundamentally unlike telephone conversations. When Alisha wants to call Sunil, she tells the phone company’s computer network Bob’s network name (commonly known as his telephone number) and the network hooks up different communications circuits — copper wire, satellite, cellular, fiber, whatever — to make an unbroken connection. Alisha and Sunil talk through this circuit until one of them hangs up. Then, the telephone network disassembles this connection and lets other people use the same pieces for other phone calls. The next time Alisha  calls Sunil, they will be connected through a completely different set of links. (Well, mostly different; the line between the telephones and the first switches will be the same.)

Computers don’t use circuits to talk to each other. They don’t have conversations like people do — they send short data packets back and forth. These packets are broken-up pieces of anything: e-mail messages, GIF’s of naked ladies, streaming audio or video, Internet telephone calls. Computers divide large files into packets for Best Computer Security Risk Company Firm Mumbaieasier transmission. (Think of a ten-page letter being divided up and mailed in ten different envelopes. At the recipient’s end, someone opens all the envelopes and reassembles the letter in its proper order. The packets don’t have to arrive in order, and they don’t have to travel along the same route to their destination.)

These packets are sent through the network by routers. There are bunches of protocols — Ethernet, TCP, whatever — but they all work basically (for large values of “basically”) the same way. Routers look at the addresses on packets, and then send them toward their destination. They may not know where the destination is, but they know something about where it should go. It’s sort of like the postal system. A letter carrier visits your house, takes all of your outgoing mail, and brings it to the local post office. The post office might not know where 173 Sea Wind Heights, Ashutosh Lane, Bandra is, but it knows that it should put the envelope on the truck to the airport. The airport postal workers don’t know either, but they know to put the letter on a plane to Mumbai. The Mumbai post office knows to put the letter on a truck to Bandra. The Bandra post office knows to put the letter to Carter Road. And finally, the local Carter Road post office knows where the address is, and a letter carrier delivers it.

What You Need To Know About IP Security

It’s not hard to see that any network built on this model is terribly insecure. Consider the Internet. As those packets pass from router to router, their data, sometimes called their payload, is open to anyone who wants to read it. The routers are only supposed to look at the destination address in the packet header, but there’s nothing to stop them from peeking at the contents. Most IP packets in the world go over just a handful of high-speed connections between lightning-fast routers, known as the Internet backbone. All packets between distant points, the United States and Japan, for example, go through only a few routers.

Best Top Computer Security Consultants It’s hard for an individual hacker to monitor the entire Internet, but it’s easy for him to monitor a small piece of it. All he has to do is to gain access to some computer on the network. Then he can watch all the packets going through, looking for interesting ones. If he gets access to a machine close to Company A, he will probably be able to monitor all the traffic in and out of that company. (Of course, by “close to” I mean “near on the network,” and not necessarily physically near.) If he gets a machine nowhere near Company A, he might see little (or none) of that company’s traffic. If he’s a quintessential hacker and doesn’t care what company he eavesdrops on, then it doesn’t really matter.

Packets with passwords in them are particularly interesting. Password sniffing is easy, and a common Internet attack. An attacker installs a packet sniffer designed to steal usernames and passwords. All the program does is collect the first two dozen (or so) characters of every session that requires a login and save them for the attacker. These characters almost certainly contain the username and password (usually the unencrypted password). Then the attacker runs a password cracker on the encrypted passwords, and uses those passwords to break into other computers. It’s difficult to spot because password sniffers are small and in conspicuous. And it can snowball. Once you have broken into one machine, you can install a password sniffer on it and get even more passwords. Maybe you can use those passwords to break into other machines. And so on.

Not only is eavesdropping possible, but active attacks are also possible . . . easier, actually. In most communications systems, it is far easier to passively eavesdrop on a network than it is to actively insert and delete messages. On the Internet, it is reversed. It’s difficult to eavesdrop. However, it’s easy to send messages; any self-respecting hacker can do that. Because communications are packet-based, and they travel along many different paths and are reassembled at the destination, it’s easy to slip another packet in with the rest of them. Many, many attacks are based on blindly inserting packets into existing communications channels.

What is IP Spoofing

It’s called IP spoofing, and it’s easy. Packets have source and destination information, but an attacker can modify them at will. An attacker can create packets that seem to come from one site, but don’t really. Computers on the Internet assume that the “from” and “to” information is accurate, so if a computer sees a packet from a computer it trusts, it assumes that the packet is trusted. An attacker can take advantage of this trusting relationship to break into a machine: He sends a packet purporting to come from a trusted computer in the hope that the target computer will trust the packet.

There are routing attacks, where an attacker tells two points on the Internet that the shortest route between them goes through his computers. This makes eavesdropping on a particular node easier. This section could go on and on; whole books have been written about attacks against the Internet.

The solutions to these problems are obvious in theory, but harder in practice. If you encrypt packets, no one can read them in transit. If you authenticate packets, no one can insert packets that pretend to come from somewhere else, and deleted packets will be noticed and reacted to.

In fact, several solutions encrypt packets on the Internet. Programs like SSH encrypt and authenticate shell connections from a user on one machine to a computer across the network. Protocols like SSL can encrypt and authenticate Web traffic across the Internet. Protocols like IPsec promise to be able to encrypt and authenticate everything.

What is DNS Security

The Domain Name Service (DNS) is basically a large distributed database. Most computers on the Internet — nodes, routers, and hosts — have a domain name like “brokenmouse.com” or “anon.penet.fi”. These names are designed to be remembered by people, and are used to build things like URLs and e-mail addresses. Computers don’t understand domain names; they understand IP addresses like 208.25.68.64. IP addresses are then used to route packets around the network.

Among other things, the DNS converts domain names to IP addresses. When a computer is handed a domain name, it queries a DNS server to translate that domain name into an IP address. Then it knows where to send the packet.

The problem with this system is that there’s no security in the DNS system. So when a computer sends a query to a DNS server and gets a reply, it assumes that the reply is accurate and that the DNS server is honest. In fact, the DNS server does not have to be honest;it could have been hacked. And the reply that the computer gets from the DNS server might not have even come from the DNS server; it could have been a faked reply from somewhere else. If an attacker makes changes in the DNS tables (the actual data that translates domains to IP addresses and vice versa), computers will implicitly trust the modified tables.

It’s not hard to imagine the kinds of attacks that could result. An attacker can convince a computer that he is coming from a trusted computer (change the DNS tables to Companies in Mumbai Who Do Computer Security Risk Consultingmake it look like the attacker’s computer is a trusted IP address). An attacker can hijack a network connection (change the DNS tables so that someone wanting to connect to legitimate. company.com actually makes a connection with evil.hacker.com). An attacker can do all sorts of things. And DNS servers have a viral update procedure; if one DNS server records a change, it tells the other DNS servers and they believe it. So if an attacker can make a change at a few certain points, that change can propagate across the Internet.

In one attack in 1999, someone hacked the DNS system so that traffic to Network Solutions — they’re one of the companies that register domain names — was redirected to other domain-name registration companies. A similar attack, from 1997, was a publicity attack. This was before domain registration was opened up for competition. Eugene Kashpureff, owner of the alternative AlterNIC, redirected Network Solutions traffic to his site as a protest. He was arrested and convicted, and received two years’ probation.

In 2000, RSA Security’s homepage was hijacked by spoofing the DNS tables. This is not the same as breaking into the Web site and defacing the page. The attacker created a fake home page, and then redirected legitimate traffic to that faked page by manipulating the DNS records. The hacker did this not by cracking RSA’s DNS server, but the DNS server upstream in the network. Clever, and very easy. DNS record spoofing is a trivial way to spoof a real Web site crack. And to make matters worse for the hijacked site, the hijacking misleads people into thinking intruders cracked the Web site at Company A, when intruders actually cracked the DNS server at Company B.

These problems are serious, and cannot easily be fixed. Cryptographic authentication will eventually solve this problem, because no longer will computers implicitly trust messages that claim to come from a DNS server. Currently people are working on a secure version of the DNS system that will deal with these issues, but it’s going to be a long wait. I will talk about Cryptographic authentication in the next post.

You can keep track of our daily blog posts by entering your email id below. Whenever a new post is published on our blog, you will receive a snippet of it in your email inbox and you can choose to click on a link in your email inbox to read more.

Enter your email address:            Delivered by FeedBurner

 If you would like us to assess the safety and security of your computer’s network from external as well as internal attackers, feel free to give me a call us for a consultation on this number – +91 98206 07875 

Author Bio

Amit Sen, a commercial pilot by training, has over 15 years experience in the space of corporate investigations, handling Copyright & Trademark infringement cases, Pre – employment verification Industrial Espionage investigations, Asset & Net – Worth assessment assignments and vendor / supplier verification cases, among others. Co-founder of Alliance One Detectives – which is the best home security consultants in Mumbai. Apart from specializing in home security, Amit has also successfully completed assignments in a wide range of sectors, including the machine tools industry, pharmaceutical industry, hospitality sector, specialized equipment (Oil & natural gas sector, aviation industry etc.), telecom industry & the IT & ITes sectors. These cases have all involved both offline and online investigations.

Article edited and co-written by Atin Dasgupta who is the co-founder and marketing head of Alliance One. Read more about Atin here.



[tell-a-friend id=”1″ title=”Tell a friend”]

How The Internet Was Created

by

The History Of The Internet

Best Private Investigators For Researching Fraud Mumbai IndiaIn the 1960s, physicists had realized that the electromagnetic pulse from a high-altitude nuclear explosion would disrupt, and quite possibly destroy, electrical systems in a large area. Any centralized  communication network such as the phone system that the United States (and the rest of the world) used would be in trouble. RAND researcher Paul Baran went to work on this problem. Since the frequency of AM radio stations would not be disrupted by the blast, Baran realized the stations could be used to relay messages. He implemented this using a dozen radio stations.

Meanwhile, using digital networks, Donald Davies of the United Kingdom’s National Physical Laboratory found another solution to the problem. Davies solved Baran’s problem while trying to address a completely different question. Davies was interested in transmitting large data files across networked computers. The problem is different from voice communications. Data traffic is bursty: lots of data for a short time, then nothing, then lots again.

Dedicating a telephone circuit to a data transfer did not make a lot of sense; the line would just not be used to its full extent and, unlike with voice, a small delay is not a major issue in transmitting data files. Both Baran and Davies hit upon the same solution. Redundancy in the network-multiple distinct ways of going between the sender and the recipient-was key. Such redundancy is surprisingly cheap to obtain.

Say a network has redundancy 1 if there are exactly enough wires connecting the nodes so that there is one path between any two nodes; if there are twice as many wires, call that redundancy 2, and so on. Trying experiments on more traditional communications networks, Baran ran simulations and discovered that with a redundancy level of about 3, “The enemy could destroy 50, 60, 70% of the targets or more and [the network] would still work. The design resulted in a highly robust system.

The distributed networks that Davies and Baran had independently invented were to be even more decentralized than decentralized networks of earlier efforts. Network redundancy meant that paths might be much longer than the typical PSTN communication. Thus the communications signal had to be digital, not analog. That turned out to be a tremendous advantage. There was no need for the entire data transfer to occur in one large message; indeed, efficiency and reliability argued that the message should be split into small packets. The idea was that when the packets were received the recipient’s machine sent a message back to the sender saying, “OK; got it.” If there was no acknowledgment, after a short period, the sender’s machine would resend the packet. Of course, because the packets traveled by varied routes, they might arrive out of order.

But the packets could be numbered, and the receiving end could simply sort them back into order. One of the striking things about this proposed network was that while
the network itself was to be extremely reliable, individual components need not achieve that same level of reliability. Instead the network depended on “structural reliability, rather than component reliability.”

The Beginnings of Peer to Peer Networks

Small amounts of redundancy led to vastly increased reliability, a result surprising to the engineers. The Internet’s decentralized control meant all machines on the network were, more or less, peers. No one computer was in charge; the machines were more or less equal and more or less capable of doing any of the communication tasks. A computer could be the initiator or recipient of a communication, or could simply pass a message through to a different machine. This is the essence of a peer-to-peer network, and very much the antithesis of the telephone company’s hierarchical model of network communication.

In Britain, the telecommunications establishment supported Davies, but in the United States Baran received a chilly reception from AT&T.  Baran was turning all the ideas  that AT&T had used to manage their system upside down. While scientists at the research arm of AT&T were quite excited by Baran’s work, corporate headquarters  viewed that approbation as the reaction of head-in-the-cloud scientists and refused to have anything to do with Baran’s packet-switched network. The odd thing about  all this was that the new network was not actually a new network at all. Baran had built his network on top of the existing telephone network built by Alexander Graham Bell and his successors. It “hooked itself together as a mesh, simply connecting everything in new ways.

Scientific and technological ideas often emerge when the time is ripe, and Baran and Davies were not the only ones to be considering packet switched networks. (The actual  term packet is due to Davies, who wanted to convey the idea of a small package.) In 1961, Leonard Kleinrock, then a graduate student at MIT, published the first of a  series of papers analyzing the mathematical behavior of messages traveling on one-way links in a network. This analysis was critical for building a large-scale packet – switched network.One could say, only partially tongue in cheek, that the Internet is due to Sputnik, the Soviet satellite that in 1957 startled the United States out of its scientific complacency. In response the U.S. government founded the Defense Advanced Research Projects Agency (DARPA), a Department of Defense agency devoted to developing advanced technology for military use.

The Internet grew out of an ARPANET project and was perhaps the most important civilian application that came from DARPA. In 1966 DARPA hired MIT’s Lawrence Roberts to build a network of different computers that all communicated with one another. This would be a resource-sharing network. Each individual system would  follow its own design with the only requirement being that the various networks be able to “internetwork” with one another through the use of Interface Message  Processors (IMPs). Designing the IMPs fell to a Cambridge, Massachusetts, consulting company, Bolt Beranak and Newman (BBN), one of whose researchers, Robert  Kahn, moved to DARPA. Kahn realized that only the IMPs would need a common language to communicate, and this greatly simplified the entire scheme. The other machines within the individual networks would not need to be transformed in any way in order to communicate with the rest of the system.

These principles made so much sense that forty years later they still govern the Internet:

•Each individual network would stand on its own and would not need internal changes in order to connect to the internetwork.

• Communications were on a “best-effort” basis. If a communication did not go through, it would be retransmitted.

• The IMPs would connect the networks. These gateway machines (now known as routers and switches) did not store information about the packets that flowed through them, but simply directed the packets.

Note: Feel free to republish this article on your own blog or website but please copy paste the below ‘Author Credits’ and include it at the bottom of your post or page. Thank you. 

Author Bio

Amit Sen, a commercial pilot by training, has over 15 years experience in the space of corporate investigations, handling Copyright & Trademark infringement cases, Pre – employment verification  Industrial Espionage investigations, Asset & Net – Worth assessment assignments and vendor / supplier verification cases, among others. Co-founder of Alliance One Detectives – the best private investigation detectives Mumbai, Amit has successfully completed assignments in a wide range of sectors, including the machine tools industry, pharmaceutical industry, hospitality sector, specialized equipment (Oil & natural gas sector, aviation industry etc.), telecom industry & the IT & ITes sectors. These cases have all involved both offline and online investigations.

Article edited and co-written by Atin Dasgupta who is the co-founder and marketing head of Alliance One. Read more about Atin here.



[tell-a-friend id=”1″ title=”Tell a friend”]

The History and Technology of Landline Telephones

by

Best Mumbai Investigators Detectives Phone NumbersI have three telephones on my desk: a slim beige push-button model with redial and speed-dial buttons purchased in the late 1990s, a squat black  1950s “Modern Telephone with letters along the dial and a real bell  inside, and a smartphone. One phone is for my work  line, one for my home line, and one for travel. Yet despite the diversity of  devices and the half century that separates their manufacture, all work over  the same network, commonly called the Public Switched Telephone Network or PSTN. While everyone knows that Alexander Graham Bell invented the telephone, his more important work was the development  of the network.

A telephone by itself is not worth much; its value lies in its ability to connect its user with others. The Internet’s broad functionality stretched the meaning of communications network. I would like to outline here the history and technology of the Landline telephone with two purposes in mind: explaining how it is that the network supports such a broad set of applications, and developing an understanding of why securing the network is so hard.

The Telephone Network

The first device to rely on a networked system was the telegraph. The telegraph functioned very differently from the telephone. For one thing, the telegraph was not for use by unskilled people; only experts (who knew Morse code among other things) could use the system. As a result, although  telegraphs were quickly taken up by businesses and other institutions, they were not for home use. Nonetheless the networks for the two communications systems are similar. Both are also similar to a network with a completely different purpose: the railroad. Such a similarity should not be surprising; the telegraph was not only modeled on the railroad, in many parts of the world early telegraph  networks and railway systems were inseparable.

Telegraph wires traveled along railroad rights of way, railroad stations served as telegraph offices, and the telegraph was used to let stations up the line know when the train would be in. Telegraph networks were “decentralized”: networks with hubs or clusters and with some, but limited, connectivity between the hubs. Decentralized networks look like railroad connections between major cities and the suburbs. There are railway connections between a city and its suburbs, and between the cities, but typically there are no direct connections between one city’s suburbs and another’s.

Initially networks were quite local. The subscriber would ring the local switch and tell the operator the name of the party with whom they wanted to speak. The first switches were manual, consisting of panels with jacks and cables between them. (Remember scenes from old black and white films featuring women inside telephone exchanges switching cables!) The operator would ring that party and then connect the two lines on the switchboard via patch cords. While the original operators were teenage boys, their antics soon made clear that more responsible people were needed, and young women became the telephone operators of choice across the world.

A undertaker from the American State of Missouri designed the first automated telephone switch.”We tend to think of a phone number as the name of the phone at a particular location, but it is actually something else entirely. As Van Jacobson, one of the early designers of Internet protocols, once put it, “A phone number is not the name of your mom’s phone; it’s a program for the end-office switch fabric to build a path to the destination line card.

Centralized versus decentralized networks.

For example, take our office board line number: 022-401-09656. The first three digits-the area code-establish the general area of the phone number; in this case it is Mumbai. The next three digits, normally called the telephone exchange, represent a smaller geographic area. In our example the last four digits are, indeed, the local exchange’s name for the phone. Taken as a whole, the set of ten digits constitute a route description; the switching equipment within the network interprets that information much like a program and uses it to form a connection

The first thing a modern telephone-and I will start by describing just landline phones-must do is signal that it is “off hook” and thus ready to make a call. This happens when the receiver is lifted, which closes a circuit, creating a dial tone and signaling the central office (the local phone exchange). Then the subscriber can dial the phone number she wishes to reach (“dial,” of course, being an anachronism from the era of rotary telephones). When the central office receives this number, its job is to determine where to route the call. If the call is local-that is, within the same area code-then the switches at the central office need to determine which trunk line, or communication channel, should be used to route the call to an appropriate intermediate telephone exchange. This new exchange repeats the process, but this time connects to the recipient’s local exchange. Since the first three digits denote the local exchange and are thus unnecessary, only the last four digits of the number are transmitted. The local exchange determines if the recipient’s line is free; if so, it “rings” the line. If the recipient answers, her receiver closes a circuit to the local exchange, which establishes the call.

The speakers have a fixed circuit for the call, the one that was created during the call setup.This is, of course, a simplified example: the call did not use an area code, let alone an international code. The other simplification is that the call described above had only two “hops”- that is, it only went through two telephone exchanges.The key goal of the network design was to provide quality of voice service. Engineers needed to factor in that each time a call goes through an exchange, it needs to use a repeater to amplify the voice signal. Passing through a repeater causes the signal to change slightly. Thus the network needed to minimize the number of times a call would go through an exchange.

The telephone company limits calls to five hops, after which it deems the degradation in voice quality unacceptable. Digital signals do not face this problem and thus can travel through an arbitrary number of repeaters. This small engineering difference leads to a remarkable freedom in system design. Messages can traverse an arbitrarily long path to reach a destination, enabling a more robust network. The telephone system is built from highly reliable components. The telephone company believed in service that allowed a user’s calls to go through ninety-nine times out of a hundred. Since central office switches served ten thousand lines, this meant “five 9s” reliability (otherwise the 1 percent blocking could not be satisfied). Of course, more than central office switches are needed to service a call that travels between two destinations with different central offices.

At the height of the Cold War, some engineers began thinking about reliability differently. After all, you might care less about talking to a particular person at a particular moment than about getting the message through eventually. That is, presuming the other party is in and willing to answer the phone, you might not be concerned about always being able to connect each time you dialed, but you might want to ensure that the message you are attempting to send eventually gets through. This was the problem that the designers of the Internet tried to solve.

Note: Feel free to republish this article on your own blog or website but please copy paste the below ‘Author Credits’ and include it at the bottom of your post or page. Thank you. 

Author Bio

Amit Sen, a commercial pilot by training, has over 15 years experience in the space of corporate investigations, handling Copyright & Trademark infringement cases, Pre – employment verification  Industrial Espionage investigations, Asset & Net – Worth assessment assignments and vendor / supplier verification cases, among others. Co-founder of Alliance One Detectives – the best private investigation detectives Mumbai, Amit has successfully completed assignments in a wide range of sectors, including the machine tools industry, pharmaceutical industry, hospitality sector, specialized equipment (Oil & natural gas sector, aviation industry etc.), telecom industry & the IT & ITes sectors. These cases have all involved both offline and online investigations.

Article edited and co-written by Atin Dasgupta who is the co-founder and marketing head of Alliance One. Read more about Atin here.



[tell-a-friend id=”1″ title=”Tell a friend”]

Copyright © 2012 Company. All rights reserved. Privacy & Terms

A Web 3.0 Website designed by Leveljam Interactive Mumbai