Tag Archive for SNMP

| June 26, 2014
Comments Off on Who’s Hacking Who?

Who’s Hacking Who?

Update – The hacking map function seems to have been shut down – I got an error message “All access to this object has been disabled.

Who's Hacking Who?A new animated map of the Internet created by the U.S.-based computer security firm Norse helps cyber-defenders visualize where hackers are coming from and illustrate just how ubiquitous hacking is around the world according to a recent article by Maya Kosoff from BusinessInsider.

Norse logoSt. Louis-based Norse offers a product call IPViking which displays a map and lists of the countries doing the most hacking, the countries getting hacked the most, and the types of attacks happening. Quartz noted the animated map looks kind of like the vintage video game Missile Command.

Norse, founded by a former intelligence expert with the U.S.’s Department of Homeland Security explained to Smithsonian Magazine how the system works;

attacks shown are based on a small subset of live flows against the Norse honeypot infrastructure, representing actual worldwide cyber attacks by bad actors.

Who's Hacking Who?

BI continues that the map doesn’t show all the hacking going on in the world, it could be a representative snapshot of today’s hacking ecosystem. A snapshot of the stats shows some of the baseline back-and-forth hacking attempts. Today, over 5 hours,

The top attack types:

  1. SSH port 22 – 6,308 attacks
  2. SIP port 5060 – 2,380 attacks
  3. Microsoft-DS port 445 – 2,317 attacks
  4. MS-SQL-S port 1433 – 2,193 attacks
  5. DNS port 53 – 2,182 attacks
  6. HTTP-Alt port 8080 – 2,007 attacks
  7. SNMP port 161 – 1,367 attacks
  8. MS-term-services port 3389 – 1,327 attacks

Internet Attacks

Rank# of Attacks sentAttack OriginsRank# of Attacks receivedAttack Target
112,216China127,667United States
27,827United States
21,161Thailand
32,446Mil/Gov31,077Hong Kong
42,161Netherlands4682Canada
51,899France5655 Portugal
61,351Russia6650Australia
71,331Canada7600Singapore
8717Hong Kong8469Netherlands
9627Thailand9458France
10495Bulgaria10411Bulgaria
Internet Attacks as logged by Norse IPViking on 6-25-14 approx. 11:00 to 16:00

rb-

I have posted a couple of good maps on here before. This map relays a lot of good info while being mesmerizing also. The amount of malicious traffic flying at U.S. sites is staggering. The attacker’s emphasis is on basic network services, SSH, SIP, AD, SQL, DNS, HTTP, SNMP. Attacks on the basic services we rely on reinforce the urgency for U.S. network users to get their basics in order. The U.S. and China are locked in an escalating war about online spying that threatens to devastate business for companies in both countries.

Now for the really scary part. This IPViking map only reveals the tip of the hack-attack iceberg. It only shows penetration attempts against Norse’s network of “honeypot” traps. The real number of hack attempts lighting up interwebs at any given moment is far, far greater than this cool piece of big data mining can ever possibly show.

Related articles
  • A secure cloud can keep an enterprise safe from attack (cloudentr.com)

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , , , , ,
| June 3, 2005
Comments Off on Network Security Layering

Network Security Layering

Network Security LayeringMost companies are prepared for threats to their networks from the outside world. However, security breaches from within the corporation often pose the biggest concern. In this post-Enron world of increased corporate governance, IT managers must deal with both technical and human challenges to meet their companies’ security requirements. New legislative mandates, such as the Sarbanes-Oxley Act, the Health Insurance Portability and Accountability Act, and the Graham-Leach-Bliley Act, also exist.

When considering securing a network, it’s essential to take a holistic approach, from the physical layer to the application layer. Thorough security policies, appropriate authentication mechanisms, and effective user education must complement the technologies implemented within the network.

The security-layering concept allows for variable-depth security. Variable-depth security occurs when each security level builds upon the capabilities of the layer below, resulting in more stringent security moving up through the layers. This can help protect organizations from security breaches that may come from within, as layering provides multiple measures of security controls.

The first security layer: VLANs

At the first layer, essential network compartmentalization and segmentation can be provided by virtual LANs. This allows various business functions to be contained and segmented into private LANs. Traffic from other VLAN segments is strictly controlled or prohibited. Several benefits may be derived from deploying VLANs for small to midsize businesses across the company’s multiple sites. These include the use of VLAN “tags.” VLAN tags allow traffic segregation into specific groups, such as finance, human resources, and engineering. It also prevents the separation of data without “leakage” between VLANs as a required element for security.

The second layer: Firewalls

The second layer of security can be achieved with perimeter defense and distributed firewall-filtering capabilities at strategic points within the network. The firewall layer allows the network to be further segmented into smaller areas, monitors it, and protects against harmful traffic from the public network. In addition, an authentication capability for incoming or outgoing users can be provided. The use of firewalls provides an extra layer of protection that’s useful for access control. The application of policy-based access allows the customization of access based on business needs. Using a distributed firewall approach affords the added benefit of scalability as enterprise needs evolve.

The third security layer: VPNs

Virtual private networks, which offer a finer detail of user access control and personalization, can be added as a third layer of security. VPNs offer fine-grain security down to the personal user level and enable secure access for remote sites and business partners. With VPNs, dedicated pipes aren’t required since the use of dynamic routing over secure tunnels over the Internet provides a highly secure, reliable, and scalable solution. VPNs with VLANs and firewalls allow the network administrator to limit access by a user or user group based on policy criteria and business needs. VPNs give more robust assurance of data integrity and confidentiality, and strong data encryption can be enacted at this layer to provide more security.

The fourth layer: Solid security practices

Best practices by the IT security team are yet another level in a layered network security strategy. This can be achieved by ensuring that operating systems are protected against known threats. (This can be accomplished by consulting with the operating system manufacturer to get the latest systems-hardening patches and procedures.) In addition, steps must be followed to ensure all installed software is virus-free.

Securing network management traffic is essential to ensuring the network. To protect HTTP traffic, it’s preferable to encrypt all management traffic at all times using the IPsec or Secure Sockets Layer protocol. Encryption is a must even if traffic travels on the local-area network.

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , ,