This is a continuation of the previous article "Viruses & Spyware: the current threats", which will illustrate the processes that are generated beyond the ports in terms of computer security.
By: Oswaldo Callegari*
There are two exciting technologies in the field of computer security that caught my attention powerfully. One of them is the tracking of an address on the Internet and the other is the detection of the origin of the email.
To do this, we analyze the following diagnostic tools, such as Visual Route 8.0 (VR), an integrated tool that allows you to control bottlenecks on the Internet. This product helps administrators and technical support reduce costs and improve customer satisfaction by solving connectivity issues.
Within the Internet protocol it is possible to use multiple protocols to perform follow-ups, including ICMP, UDP and TCO, which provide many possibilities for IP routing reports.
Users can quickly validate the availability of a large number of IP service applications such as POP3, FTP, SMTP and DNS, adding in turn the standard HTTP service. VR allows network administrators to see precisely what it's like and where two-point traffic over the Internet is occurring. Several well-known tools are integrated, such as traceroute, ping, whois and reverse DNS.
The results are shown on a world map and the segments of each process with the respective times. VR has a unique ability to identify geographic locations of IP addresses, going through ip providers in between. It provides key information to determine the threat levels of a hacker's attack or investigate a suspicious element or an intruder on the network.
Main features
- Improved tracking capability: Provides new intelligent tracking using multiple protocols such as ICMP, UDP and TCP to reach more targets with greater accuracy.
- A physical world map with zoom: It offers the possibility of visualizing the route of a check by means of a map with approach and distance from the contained nodes.
- Control of IP ports and services: Allows administrators to easily validate the availability of POP3, FTP, SMTP and DNS ports.
- Updated GEO-IP database: More IP locations that ensure more accuracy.
- New display options: Provides more flexibility in reporting.
Another no less interesting tool is Caller IP™. Its operation is very similar to the well-known Caller ID ™. It allows the detection of intruders on the computer and works in parallel with existing firewalls. Suspicious connections can be identified, tracked and their origin detected.
It performs a meticulous control on the ports that remain open, these often allow the so-called access through a backdoor where hackers can access the machine.
A Trojan virus can thus extract sensitive information, these ports allow to expose a number of vulnerabilities. CallerIP monitors connections on a computer in real time, showing the country of origin and the process being used at the time, which are usually indicators of suspicious activity.
Additional information such as domain name or Internet provider is displayed. Commercial websites can be affected by Trojans that steal information from visitors, after which credit card identities, personal data, etc. can be stolen.
On one occasion it was the case that a commercial site was hacked by a Trojan that stored the information that was emitted by the keyboards and forwarded to a site in Russia, with this tool it was possible to detect the origin and notify the local provider of that country to take the measures to cancel that user who was actually a hacker. When an alert occurs in a service CallerIp displays on the screen the illegal activity that is being generated.
Tracking the origin of an email
It is possible that this subtitle is the desire of every user. Know where an email comes from that at first glance has an unknown origin, for this we make the technical comment of a tool that performs this unique procedure.
EmailTrackerPro: This application allows you to follow the path of an email to its place of origin. Similar to Visual Ware, you can visualize on a map the position and country of origin.
How is this process carried out? When an email is received, inside the header you can see information from the source that is not entirely readable to the naked eye, but this tool processes this header and routes its start over the Internet.
Next security threats for 2010
Here are the ten most important security trends of the coming year:
1. Mobile devices: Encryption on mobile devices is going to be mandatory in government-related companies or government agencies. Executives concerned about their information being made public are going to request that mobile data be encrypted and protected.
2.The theft of smartphones / pda will grow rapidly, the ideal combination of their resale value plus the information contained in them make the number of thieves who are dedicated to this increase. We can infer that there is a tendency to encrypt data initially in the face of these threats.
3.Government Actions: Governments are accelerating processes to penalize those companies that do not apply security to confidential information.
This speaks clearly of the imperative need for personal data to be protected. Governments are beginning to apply these laws within a context endorsed by organizations such as SANS, which allow the incorporation of safety techniques through the experience of testing laboratories and real-life case studies.
4. Targets of attacks:
a.Targets of attacks, in particular government agencies, will prevail.
b.In the last three years they have proven their effectiveness, highlighting the failures in federal defense activities (Case USA).
c.Other antagonistic and terrorist groups with knowledge of such vulnerabilities may expand the number of attacks on commercial entities or strategic enterprises.
5. Cell phone worms:
These worms will attack at least 100,000 cell phones, jumping from one phone to another over wireless data networks.
b.Cell phones come with more and better operating systems, this makes a fertile field for inoculators of advertisements by means of ad-ware viruses.
6.Voice over IP: This technology will have massive attacks, given that at present the defensive measures to be applied are not very well known.
Attack techniques:
7. Spyware (attack by propaganda) will be constantly growing: The developers of this technique will make a lot of money for the various forms of distribution, let's call it threats and its incredible composition of distribution centers worldwide.
8. No day without vulnerabilities: This is the global landscape of computers that are going to be infected. It reveals an uncertain prognosis.
9. Most bots will come with rootkits.
a.Rootkits modify the operating system to hide the presence of the attack and make its uninstallation impracticable without reinstalling the operating system from 0.
Defense strategies:
10. Network access control is going to become more common and growing in sophistication. The defense of portable equipment increases in parallel with the defenses established by organizations in the test of each mobile equipment and the protection of their internal networks.
We can also say that the digital signature and or the processes related to it are in a constant growth, with a single concern to know who is the one who sends us information or what type of sites we are browsing.
Authenticate or not authenticate
When it comes to authenticating, companies developing products are increasingly attaching different security models, in terms of the level of security, password robustness and new gotchas.
The user must authenticate every time he starts his computer, however, once the session is started there are vulnerabilities that can use that access in the time that the person went to lunch and left the computer alone.
A good idea recommended by professionals is that the system closes the startup and is waiting for a new username and password, this for the purposes of the operator is tedious, since to restart the logon the system must load several initial applications, taking a considerable time to connect to the company's network.
In a local network you can predict who is on the same network, but using the Internet you do not know if it is true that the server or computer on the other side is valid.
To do this, browsers use SSL. A system that provides authentication and privacy of information between endpoints over the Internet through the use of cryptography. Developed by Netscape, SSL version 3.0 was released in 1996
Companies such as Visa, MasterCard, American Express and many major financial institutions have approved SSL for internet commerce.
SSL operates in a modular way: its authors designed it extensible, with support for forward and backward compatibility, and negotiation between the parties (User to user).
The SSL protocol exchanges records; optionally, each record can be compressed, encrypted, and packaged with a MAC message authentication code.
When the connection starts, the logging level encapsulates another protocol, the handshake protocol. The customer sends and receives several structures of this type:
- Sends a ClientHello message specifying a list of cipher suites, compression methods, and the highest ssl protocol version allowed. It also sends random bytes that will be used later (called a Customer Challenge ). It can also include the session ID.
- It then receives a ServerHello record, in which the server chooses the connection parameters from the options previously offered by the client.
- When the connection parameters are known, client and server exchange certificates (depending on the selected public encryption keys). The server may require a certificate from the client, so that the connection is mutually authenticated.
- Client and server negotiate a secret (symmetric) key commonly called a master secret, possibly using the result of a Diffie-Hellman exchange, or simply encrypting a secret key with a public password that is decrypted with each other's private password.
These definitions on Wikipedia clarify the process a bit, in successive articles we will show the Diffie-Hellman exchange and a successful case study.
*The companies and or products mentioned are registered brands and products of their respective companies. If you wish, you can write to the author at [email protected]
