What simple reasonable measures will improve security on your intranet?Measure #1: Have two routers: one for business use and one for all otheruses Measure #2: Have at least one old slow
Trang 1Basic Network Security
Volume 5 in John R Hines’ Computer Security for Mere
Mortals, short documents that show how to have the most
computer security with the least effort
John R Hines N e t + C e r t i f i e d , S e c u r i t y + C e r t i f i e d, Consulting
Security Engineer, LLC
JohnRichardHines@ConsultingSecurityEngineer.com
“Plagiarism is when the author steals from one source; scholarship is when
the author steals from many sources.” Anonymous
"Facts are stubborn things; and whatever may be our wishes, our inclinations,
or the dictates of our passions, they cannot alter the state of facts and
evidence." John Adams
Oholiab's First Law: The Suits' need for computing power expands until allthe Geeks' servers are 100% utilized running database queries and printing
reports during business hours
Corollary to Oholiab's First Law: Development can only access the servers
purchased for development when nobody else wants them
Oholiab's first law of security (Murphy's first law of planning): The
important things are simple
Oholiab's second law of security (Murphy's second law of planning): The
simple things are very hard
Oholiab's corollary to the first and second laws of security: Simple and easy
are not the same thing Fools don't know the difference
Warning: If you’re not smart enough to sort the cow pies from the pearls in
these notes, you do not have permission to read these notes!
Copyright © Consulting Security Engineer LLC All rights reserved 2016
Trang 2ISBN N/A
Version 1.201708212300
Trang 3Suggested reading (when you have time)
Kill Process by William Hertling
Security by Poul Anderson badly formatted but great ideas
Trang 4What is computer security?
What is in these notes?
Networks
Why care about networks?
What do these notes assume you've already done?
What simple reasonable measures will improve security on your intranet?Measure #1: Have two routers: one for business use and one for all otheruses
Measure #2: Have at least one old slow network computer for
non-business (and for friends and family) use
Measure #3: Shutdown the business (secure) router when no one is theoffice
Measure #4: Shutdown the risky (insecure) router when no one should be
on the internet
Measure #5: Do a quick walk about every quarter (when the season
changes) (when TV switches to a different major sport)
Measure #6: Do a quick audit of all computers about every quarter (whenthe season changes) (when TV switches to a different major sport)
Appendices
Appendix I: Network basics
What is a cable modem?
What is a network (computer network)?
What is broadband (wideband)?
Trang 5What is IP (Internet Protocol)?
What is the internet (Internet) (public network)?
What is TCP (Transmission Control Protocol)?
What is WIFI (Wi-Fi) (Wifi) (WiFi) (Wireless networking) (Unboundedmedia)?
What is wired (hard-wired)?
What is wireless?
Appendix II: Common network utilities
What is the command window (command box) (DOS box)?
Ipconfig (IPCONFIG)
Nbtstat
Net (Net services)
Netstat (netstat) (network statistics)
nslookup (Nslookup) (NSLOOKUP)
Appendix III: Why do I care about intranets?
Appendix III: Using ipconfig to find basic network information
How do I open a Command window (Command box) (DOS box)
PowerShell window?
How do I find out what IP and what router my PC is using?
What is a command window (command box) (DOS box) (PowerShellwindow)?
Appendix IV: Use Nmap with Zenmap GUI to find out what your intranetlooks like?
How do I use nmap to find out what my network looks like?
What does Nmap/Zenmap tell me about my home network?
What is Nmap?
What documents are part of this series?
Biography
Trang 6Revision History
Rev Change
1.0 Created and published document
Trang 7Is security a new problem?
No! Security has always been a problem! Even strong men have securityconcerns: "When the strong man, fully armed, guards his own dwelling, hisgoods are safe But when someone stronger attacks him and overcomes him,
he takes from him his whole armour in which he trusted, and divides his
spoils." (Luke 11:21-22)
Criminals form gangs to defeat strong men Captain Grose' 1811 Dictionary
of the Vulgar Tongue (nineteenth century lexicographer) lists 23 occupationsrequired for a complete "gang of misrule" (crime family) My dictionary
gives these as " … For men, there are fourteen roles: (1) ruffler, (2) uprightman, (3) hooker (angler), (4) rogue, (5) wild rogue, (6) priggers of prancers,(7) palliards, (8) frater, (9) jarkman (patricoe) (10) whip jacket, (11)
drummerer (dommerer), (12) drunken tinker (13) swadder (pedlar), and (14)Abram man For women (and children) there are nine roles: (1) demander forglimmer or fire, (2) bawdy basket, (3) morts, (4) autem mort, (5) walkingmorts (6) doxy, (7) dell, (8) kinching mort, and (9) kinching cove." (Buy mybook if you want to know what all these specialties are.) Add hackers andtesters and you have the kind of crime family HP describes in The Business
of Hacking, capable of stealing from the strong as well as the weak
What is security?
The dictionary definition of security is "being free from danger or threat" Experience indicates no one is secure, at least in the dictionary sense
Solomon had a different take on security (or, maybe, on the lack of security):
"The race is not to the swift or the battle to the strong, nor does food come tothe wise or wealth to the brilliant or favor to the learned; but time and chancehappen to them all" (NIV) (Bumper stickers on the back of pickups
summarize Solomon's quote in two words: "Excrement happens".)
Damon Runyon, writer of "Guys and Dolls" offered an amendment to Solon'sadvice: " The race is not always to the swift, nor the battle to the strong, butthat's the way to bet." The way to be secure is to be good and hope to belucky And, (if you've read any of Runyon's other works), the way not to besecure to be not good (unless you're very, very lucky)
So, I suggest a different definition of security that emphasizes our part in
Trang 8keeping ourselves secure: "things done and things left undone that give asmuch control as possible over the future" Be good (the things done), becareful (the things not done), and hope to be lucky
One more quote: "Luck is what happens when preparation meets
opportunity" (Seneca, First Century AD, possibly misattributed) Prepare forMurphy to knock on your door A disaster for the unprepared is an
opportunity for the prepared
What is computer security?
The dictionary says, "measures taken to safeguard code, information, andsystems" A more sensible definition of computer security is "(1) reasonablemeasures taken to safeguard code, information, and systems, (2)
unreasonable measures not taken to safeguard code, information, and
systems, and (3) measures not taken to avoid low-rewards." Unfortunately,reasonable, unreasonable, and low-reward are (like beauty) in the mind of thebeholder
What is in these notes?
I'm going to tell you what I think are reasonable and unreasonable measuresand what are low-reward measures
What is a low-reward measure?
A security measure that that has a small payoff for the inconvenience, moneyand time associated with the measure Most of the measures advocated bysecurity professionals a low-reward measures
What is a reasonable measure?
A security measure that that has a significant payoff for the inconvenience,money and time associated with the measure
Reasonable measures that are not terribly inconvenient for a
non-professional and require little money and time should ALWAYS beimplemented
Reasonable measures that are terribly inconvenient for a
non-professional but require only a small amount of time and money should
be implemented when possible (Maybe hire a professional for a day?)
half-Reasonable measures that are not inconvenient for a non-professionalbut require a small amount of time and money should be implemented
Trang 9when possible (I define a small amount of money as my monthlybusiness cell phone and internet bill You may have a different
definition.)
Reasonable measures that are terribly inconvenient for a
non-professional and require a lot of money should only be implemented ifyou have suspect you are a potential target Warning: If you are (1)involved in politics or social issues, (2) are visible in your communityfor some reason, or (3) have strange family members or neighbors thenyou should suspect you are a target
What is an unreasonable measure?
A security measure that that has become popular wisdom but probably is oflittle value (A few years ago, one argument for switching from a PC to aMac was "Macs don't get viruses." If that was ever true, it isn't now but
many Mac sales people and users still believe it and repeat it to non-Macusers.)
Send me an email at JohnRichardHines@ConsultingSecurityEngineer.com tolet me know when I'm wrong Thanks, John
Trang 10Why care about networks?
If you use the internet, you're on a network If you use the internet at work,
at a library, at a restaurant or whoever supplies the connection (hopefully) has
a professional who takes care of network details for you However, if youuse the internet at home or at your small business, you have a small network(an intranet) in your home If all you have is a direct wired connection to theinternet no WIFI then the intranet is just your cable modem and yourcomputer and your problems are small As soon as you add a router to yourintranet you have (potential) network problems So, you need to know
enough to do basic security stuff
What do these notes assume you've already done?
The notes assume you have read "Computer security: a 15-minute talk" andhave already implemented the security measures described in "Basic
Windows 10 Security" and "Basic Phone and Tablet Security" Also, if youhave a router in addition to your cable modem, they assume you have
implemented the security measures in "Basic Router Security" These noteswill still be useful if you have not implemented the measures above but youwill have holes in your security Caveat emptor! Note: All these notes areavailable as eBooks on Amazon.com Search the Kindle area for "John R.Hines"
Trang 11What simple reasonable measures will improve
security on your intranet?
Warning: This note is in a different format than the previous notes becausethe problems you are resolving are different Note: Remember, these notesare for SOHOs and home users: no fire marshal, no industrial engineer, nosecurity engineer to detect problems before they become disasters
Measure #1: Have two routers: one for business use and one for all other uses
Most SOHOs and all homes have three kinds of users: business users,
business and recreational users, and others (mostly friends, families, andvisitors) Recreational use and "other" use has two securities down sides: (1)
it slows down business use and (2) it frequently brings malware into the
intranet (making security less sure) Most modern cable modems allow you
to attach multiple routers in parallel Take advantage of this by installing agood (fast) router for business use (the safe intranet) and an old (cheap)
router for all other use (the risky intranet) BTW: You can put on your CVthat you've partitioned a network for improved security
Mistake #1A: Not moving computers that do both business and non-business to the risky intranet
Yes, they will be less secure and go slower But, they are on the risky
intranet because they choose to do risky thing Measure #2 will partiallyresolve this problem
Mistake #1B: Not moving friends, family and visitors to WIFI
associated with the risky intranet
Laptops, phones and tablets used by friends, family, and visitors should beassumed to be infected Also, games and data downloads over WIFI willslow down business computers (even when the computers are wired to theintranet) and business phones and tablets
Mistake #1C: Telling friends, family, and visitors that you've put them on the risky intranet
:-)
Measure #2: Have at least one old slow network computer for
Trang 12non-business (and for friends and family) use
All you need on this computer is windows, current antimalware software, and
a browser Yes, it's slow but it's only for browsing on the Internet
Mistake #2A: Not placing this computer on a separate intranet (the risky intranet, if you have one)
Don't ask, don't tell
Measure #3: Shutdown the business (secure) router when no one
is the office
Unless you (or a key employee) like to work late at night, program your
business router to turn off from 8 PM to 6 AM (or, whatever times makesense) When the router is up, bad guys have a pathway to attack your
network You can't avoid that during the day but you may figure there is aproblem when your computer slows to a crawl Why give them access toyour network when no one will see the network slowdown? Also, if a
computer goes zombie, it will on be behaving badly when someone is there tonotice its behavior
What is a zombie (member of a botnet)?
Compromised internet-connected computer whose security defenses havebeen breached and control ceded to some bad guy BTW: A herd or zombies
Measure #5: Do a quick walk about every quarter (when the
season changes) (when TV switches to a different major sport)
Before you start your walkabout, ask yourself, "Have I written an AUP?" Ifnot, make a note to write one Also, verify that you can log in to the cablemodem and the router(s)
Take a pen and a piece of paper (unless you can type quickly on your tablet)
Do you see any devices you don't remember installing or paying for? An
Trang 13employee's workstation or a router buried under a pile of crud? Cables going
to strange places or left where you could trip over them?
Since you're already walking about, check the air flow and temperature ofeach computer, each router and the cable modem (I once discovered mygranddaughter using a router as a coat hook Had to replace the router andhad to retrain the granddaughter since my wife would let me replace the
granddaughter.)
Check your secure place Is the secure information storage container stillthere? Is your information still in the container? Are admin-equivalent userIDs and passwords for ALL the computers, routers and cable modem still inthe box?
What is an AUP (Acceptable Use Policy) (fair use policy)?
S set of rules applied by the owner, creator or administrator of a network,website, or service, that restrict the ways in which the network, website orsystem may be used and sets guide lines as to how it should be used
Alternative: Document stipulating constraints and practices that a user mustagree to for access to a corporate network or the Internet Many businessesand educational facilities require that employees or students sign an
acceptable use policy before being granted a network ID Can be very short Warning: If management hasn't prohibited some form of behavior, it's hard
to fire someone who has behaved incorrectly!
Measure #6: Do a quick audit of all computers about every
quarter (when the season changes) (when TV switches to a
different major sport)
Go to each computer and login as an admin equivalent (You should be anadmin-equivalent on all your computers Otherwise, you can't administer thecomputer If not, you've discovered a potential disaster!) Are there users youdon't recognize? Are the "Guest" accounts? Are there programs you don'tremember buying? Are there games? Is the anti-malware current? Does theanti-malware pop up a warning when you insert a flash drive into a USBslot? (Maybe this should be in your AUP?)
What is an admin-equivalent (admin-equivalent user)?
User who has the same rights as the admin Can make system changes andinstall software
Trang 14What is a standard user?
Cannot modify operating system settings or other users' data Cannot(usually) install software
Trang 15Appendix I: Network basics
What is a cable modem?
Connects a computer or local network (intranet) to broadband
Internet service through the same cable that supplies cable
television service or the cable that supplies more modern services like FIOS or U-verse.
What is an intranet (Intranet) (private network)?
Private network combining existing LAN and WAN technologies and new Internet technologies Has all the features of the Internet Many intranets Typically use 10.x.x.x, 127.x.x.x, 172.16.x.x
through 172.31.x.x or 192.168.x.x Typically connected to the (one and only) internet by a cable modem but may be stand-alone.
What is a network (computer network)?
Connected graph where nodes are computer network nodes and edges are computer-to-computer connections
What is a gateway?
Network node that is an entrance to another network Often a
router.
What is a LAN (Local Area Network) (Local network)?
Hardware and software that turns terminals, workstations, servers, and hosts into a single network environment in a small geographic region like a building Alternative (more modern): A network
segment that may or may not be connected to another network Larger networks are created by "gluing" two or more LANs
together, typically with a router
What is a network address (network number)?
Bit pattern or group of hexadecimal numbers that uniquely
identifies a network node In IPv4, eight hex characters, each pair
Trang 16(except the last) separated by dots (Four bytes.) In IPv6, 32 hex characters, each quad (except the last) separated by colons (16 bytes.)
What is a network device?
Component (hardware) that connects ("glues") computers or other electronic devices together to share files or resources Usually a network node.
What is a network edge?
Single physical connection between two computers Sometimes used a synonym for connection (network connection) Alternative: Cable with connectors at both ends that connects two nodes
What is a network node (computer network node) (network host) (node)?
An addressable device attached to a computer network.
What is a network segment?
Logical group of computers that share a network resource like a router, VLAN, or switch segmentation.
What is a subnet (subnetwork) (network subnet)?
Logical, visible subdivision of an IP network Computers that
belong to a subnet are addressed with a common, identical, significant bit-group in their IP address Note: The practice of dividing a network into two or more networks is called subnetting.
most-What is broadband (wideband)?
Communications medium that provides enough bandwidth to over
a wide frequency to satisfy a typical internet user (at least gigabit speed).
What is a communication medium?
(usually high speed) data transmission that can simultaneously
transport multiple signals and traffic types Typically, coaxial cable (obsolete), optical fiber, radio or twisted pair.