When conducting security assessments I have noticed that many organizations neglect one of the most important parts of the network security. The neglect the actual network devices.
Its understandable. The switches and routers are invisible to users and most system administrators. As long as the network works, no one questions it. Not securing network devices physically, technically and administratively puts the entire networks confidentiality, availability and integrity at risk.
Physical Router Security
router security rack
If someone physically access the router, they can break into it and change the password or just erase configuration to cause a denial of service so the first step is to provide physical security of the router. It should be literally locked up so that only essential personnel have physical access to the router. Essential personnel does NOT mean anyone with an admin account, or even anyone with an account on the router. Its should ONLY be your network engineers, the person(s) you call when the network is completely down.
The router should be in a room with limited physical access and in a cage or locked rack with further restrictions on physical access. Remember how important that router is. ALL data goes through it. Your data depends on that routers functionality so protected it accordingly.
Technical Router Security
Basic router security for the enterprise is actually not hard. The hard part is getting the organization to accept that its necessary. The reason its easy is because the router is build for security.
router planes from NSA Router Configuration Security Guide (2005)
A router has three main planes (aka domains): Management, Control and Data planes and each plane can have security.
Management – is for administration, configuration of the router. Remote management is inevitable in enterprise environment.
- using secure protocols like SSH and avoiding telnet
- restrict remote management access to a few machines
- set time out sessions
- use Banners
Control plane – for monitoring, route tables updates, and and dynamic operations happening in the background:
- password protect enable mode and console
- turn on audit logs
Data Plane (aka forwarding plane) – handles packet transiting the router among the networks.
- disable all non essential services (i.e. no http if its not necessary, no snmp if its not used)
- shutdown ports that are not used
There are much more advanced things that can be done (and should be done depending on the
Basic Router security set up on a Cisco (from Cisco.com):
HOSTNAME.
- Router>enable
- Router#configure terminal
- Router(config)#hostname router_security_enterprise
USERS
- router_security_enterprise(config)#service password-encryption
- router_security_enterprise(config)#enable secret “PASSWORD”
- router_security_enterprise(config)#username “USER” privilege 15 secret “PASSWORD”
SSH
- router_security_enterprise(config)#ip domain-name “your.domainname”
- router_security_enterprise(config)#crypto key generate rsa modulus 1024
- router_security_enterprise(config)#ip ssh version 2
- router_security_enterprise(config)#ip ssh authentication-retries 3
- router_security_enterprise(config)#ip ssh time-out 120
HTTPS
- router_security_enterprise(config)#ip http authentication local
- router_security_enterprise(config)#no ip http server
- router_security_enterprise(config)#ip http secure-server
LINE VTY
- router_security_enterprise(config)#line vty 0 4
- router_security_enterprise(config-line)#login local
- router_security_enterprise(config-line)#transport input ssh
- router_security_enterprisec(config-line)#exec-timeout 3
- router_security_enterprise(config-line)#exit
LINE CONSOLE
- router_security_enterprise(config)#line console 0
- router_security_enterprise(config-line)#login local
- router_security_enterprise(config-line)#exec-timeout 3
BANNERS
- router_security_enterprise(config)#banner login ” MESSAGE “
- router_security_enterprise(config)#banner exec ” MESSAGE “
ACCESS LOG
- router_security_enterprise(config)#login block-for 10 attempts 3 within 20
- router_security_enterprise(config)#login delay 10
- router_security_enterprise(config)#login on-failure log
- router_security_enterprise(config)#login on-success log
ACL + ACCESS LOG
- router_security_enterprise(config)#ip access-list standard SSH-ADMIN
- router_security_enterprise(config-std-nacl)#remark Admin Management ACL
- router_security_enterprise(config-std-nacl)#permit X.X.X.X log
- router_security_enterprise(config-std-nacl)#exit
- router_security_enterprise(config)#login quiet-mode access-class SSH-ADMIN
- router_security_enterprise(config)#line vty 0 4
- router_security_enterprise(config-line)#access-class SSH-ADMIN in
- router_security_enterprise(config)#exit
DEBUG
- router_security_enterprise#show running-config
- router_security_enterprise#show login
- router_security_enterprise#show login failures
- router_security_enterprise#sh access-lists
Administrative Router Security
Probably the most over looked part of router security is documentation. A lack of updated documentation on the architecture and network scheme is a security concern. Without proper documentation on the network there is a lack of continuity.
Back up and contingency plans should be documented.
Contingency planning also should consider network-connecting devices, such as hubs, switches, routers, and bridges. The BIA should characterize the roles that each device serves in the network, and a contingency solution should be developed for each device based on its BIA criticality. As an example of a contingency strategy for network-connecting devices, redundant intelligent network routers may be installed in a network, enabling a router to assume the full traffic workload if the other router failed. — NIST Special Publication 800-34 Rev. 1, Contingency Planning Guide for Federal Information Systems
Back ups of the router configurations, firmware, and redundant spares should also be documented and protected. Additionally, audits and testing should be conducted by outside or internal units then, reported and documented.
There is a lot more to the physical, technical and administrative protection of routers and switches. Switches can have things port security, 802.1x, VLANS and lot of other things that span a volume of books. We aslo did not even mention routing protocol security which is also a book unto itself.
Here are some good references to good router configurations:
The average network security engineer salary is way above the national average. The national average annual income as of 2012 was $50,017 (with 15% in poverty). The average network security engineer salary is $84000/year.
network security engineer salary against Average American Salary
The reason that network security engineers can make such a good income is the level of expertise required. They often have to have a 4 year degree, IT certifications and a few years experience in the field. The level of technical knowledge required is higher than the average professional skill set even by IT standards. The network security engineer has to have a working understanding of both security & networking bodies of knowledge.
Of course, nothing beats experience but some or the top network security engineer salary “contributing factors” include: CISSP, GCIA, GCIH, CEH. Then there are specific vendor certifications that depend on the product but as of 2014, Cisco certs are strong in the market, Juniper, Checkpoint, Palo Alto or any of the top tier firewalls IDS/IPS and SIEM devices. Any sort of certifications, experience and/or training is relevant with specific devices.
http://www.indeed.com/salary/Network-Security-Engineer.html
references:
data gathered from http://www.census.gov/hhes/www/cpstables/032012/hhinc/toc.htm and wikipedia
http://money.cnn.com/2013/09/17/news/economy/poverty-income/
Network security specialist salary has been going up for high level network security professionals. As the field gets more complex and more assets go online with more exposure to increasing advanced persistent threats, network security professionals have become more in demand for large organization like banks, governments, and corporations.
Network security specialist salaries depends on several factors:
Budget of the organization – The organization looking for the network security specialist has a certain salary range and/or money allocated to the scope of work expected over a certain length of time. The scope and length of time is directly related to the needs of the organization.
Experience – What a network security specialist has done in the past matter more than a piece of paper. Organizations depend heavily on the experience that a potential employee brings to the table. A functional “working knowledge” is necessary. Not just book knowledge.
Degrees & Certifications – While degrees and certifications offer very little proof in how much a new employee can actually DO, it is a great level of assurance for the organization.
One of the best places to find out salary ranges is Glassdoor. Salaries fluctuate overtime so I would highly recommend doing to the site.
http://www.glassdoor.com/Salaries/network-security-specialist-salary-SRCH_KO0,27.htm
-
The average salary for information security analysts was $89,290 in May of 2012. Requirements to Become a Network Security Specialist. According to the U.S. Bureau of Labor Statistics (BLS), employers often require network security specialists to have a bachelor’s degree in a computer-related field (www.bls.gov).
According to Avira, BitDefender and CLEAN MX “http: //sinoevent.asia/webs/webmail.html” is a possible phishing site:
| Avira |
Phishing site |
| BitDefender |
Phishing site |
| CLEAN MX |
Phishing site |
WARNING!
no_reply@web-security.net
Dear Email User,We are undertaking some essential, but extensive maintenance to improve all personal and business email services. During this general maintenance period, all users of active personal and business emails are required to update the email registration data or have the email account automatically suspended indefinitely. We are contacting you because this email was listed for this exercise.To certify that you sincerely own or operate this email address, you are required to sign in with the full email address and valid password for immediate file update before you should further use this email on the internet.
This scam uses the name of UNFPA to promote a scam. UNFPA is a legit organization:
UNFPA, the United Nations Population Fund, promotes the right of every woman, man and child to enjoy a life of health and equal opportunity. The Fund works in partnership with governments, other United Nations agencies, communities, NGOs, foundations and the private sector to raise awareness and mobilize the support and resources needed to achieve this mission. – UNFPA.org
If you see the following email, be advised that this is NOT from the UNFPA:
benoit@unfpa.org
From: The Office of The United Nations,
Republic Of Ghana.
Address: No. 7, 7th Rangoon Close, Cantonments P.O. Box GP 1423, Accra,Ghana.
Our Ref: UNGHANA/UNFPA/OXD1GH/2014
Email:
drbenoitkalasa@qq.comDate: 22/May/2014.
*****24HRS SERVICE*****ATTN: Dear Beneficiary,
Re:Release/Transfer Notice for your due Funds (USD $10,500,000.00).
This letter will definitely be amazing to you because of its realistic value.
Sorry for the inconveniences that was rendered to you in line with your Payment transaction with some corrupts Banks Officials some while ago.
I know that this letter will hit you by surprise, my name is Dr. Benoit Kalasa ,the West and Central Africa Regional Director of UNFPA. We are obliged to inform you that we had succeeded in resolving all related problems that have been hindering your unpaid fund of US$ 10.5Million payments With the help of the International Monetary Fund in conjunction with World Bank Auditors who have rendered a tremendous help to this exercise, Over the weeks ,we have paid the likes of (Mrs.Barbara Duong, Mr.Andrew Dwyer, Mr. George Ewing, Jillian Loux, Mr and Mrs Graeme & Helen Baker etc).
Your Funds were returned to the Government Treasury some while ago because you did not finalize your claim for it, through the right procedure. A week ago,the Presidency and The Federal Executive Council collectively agreed to release the sum of US$10,500,000 to you but to our surprise you sent down your representatives Mr. Tim Parker and Mr. Rowland Gulf to collect this Funds on your behalf, this morning.
Since you sent your representatives to us, kindly give us the authority to enable Guaranty Trust Bank Ghana to transfer your Funds,US$10,500,000 into their secret Account in the middle East.
In receipt of this confidential Letter, you are required to respond immediately to: drbenoitkalasa@qq.com
Officially Sealed,
Dr. Benoit Kalasa
The West and Central Africa Regional Director of UNFPA.
DISPATCHED ON THIS DAY Date: 22nd/May/2014.
information security job description
image from nextgov.com
The position information security analyst is a great opportunity for a security professionals to expand their skill set.
There are many types of information security analysts. Some information security analysts examine the security features of a system, while others might be responsible for analyzing the security features of an entire organizations infrastructure.
Analysts are usually professionals with enough security to provide guidance on security incidents, security features and/or risks in a given information systems environment.
That being said, the term information security analyst is used in many different ways by many different organizations. For example, sometimes organizations call their security professionals “analysts” when they actually do “engineering”. And sometimes they will call security analysts engineers. So take the description below with a grain of salt.
Essentially, an Analyst studies, monitors, computes, considers, contemplates and provides reports, incident handling, responses on existing systems. Or they check on designs proposed developed by others. While engineers, create, design, manipulate install, configure existing and/or proposed systems. There is a lot of overlap so you should always examine the description of the specific job you plan on doing.
Analysts analyze. Engineers build stuff. But of course there can be lots of overlap.
Prerequisites for Typical Information Security Analyst:
If you have a solid understanding of networking, TCP/IP, subnetting, a little bit of server administration, malware identification and lots of system security experience than Information Security Analyst is for you. Organization dealing with the federal government usually desire a BS degree or specific IT certifications.
Basic Job Description of Typical Information Security Analyst:
The Information Security Analyst responsibilities can sometimes include ensuring that system Information Security requirements are reached. Another task might be to provide support for systems engineering life cycle from the specification through the design oof hardware or software, procurement, development, to integration, test, operations and maintenance. Provide analysis, definition, and the recommendation of information assurance and security requirements for advancing Information Security technologies of computing and network infrastructure.
Responsibilities may include but are not limited to:
• Ensure compliance with Configuration Management (CM), Information Security governance, policy, directives, and guidance are followed.
Ensure compliance with certain security policies / standards such as:
- Federal Information Security Management Act (FISMA)
- NIST Special Publications (SP) 800 Series
- Security Technical Implementation Guides (STIGs)
- PCI
- Sarbanes-Oxely Act
- Risk Management Framework for DoD IT
- ISO/IEC 27000
- Health Insurance Portability and Accountability Act (HIPA)
• Conduct Information System Security Engineering activities at the subsystem and system level of design
• Complete Vulnerability scans, Information System Security audits, analysis, risk assessments, vulnerability assessments, intrusion detection/prevention and log monitoring of computing resources
• Computer Network Defense:
- Analyze TCP/IP traffic
- Continuous monitoring of information system security
- Incident handling
- SIEM Analyst
- Data Loss prevention .
- Coordination with computer emergency response team (CERT)
• Certification & Accreditation / Risk Management Framework analysis
• Support C&A Security Test and Evaluation processes
Beware of the email scam going around that falsely uses the name of famous EuroMillion winners, Chris and Colin Weir.
Remember, if it sounds too good the be true it probably is. If Chris and Colin Weir did donate money it would not be via an email asking you for you contact information.
A variation of the Chris Weir Lottery Scam
************************************************************
Dear Beneficiary,
This is a life time opportunity and 100% legitimate. My Wife and I have decided to make sure this is put on the internet for the world to see. You see after taken care of the needs of our immediate family members and friends, we decided to donate £800.000.00 pounds sterling each to other unknown 5 individuals around the world in need, the local fire department, the Red Cross, and some other organizations in Asia, Europe and Africa.because we are on vacation in India, I am happy to inform you that we have forwarded your details over to the management of the City Link Express Courier India.
View Link http://www.bbc.co.uk/news/uk-scotland-glasgow-west-18801698
I am also pleased to inform you that we have issued out a cheque in your name through our attorney, has now been deposited with City Link Express Courier India the Accredited courier company to deliver your bank draft to you in your country. Please remember that the objective of this donation to you is to make a notable change in the standard of living of the less privileged people all around your region before the end of the year 2014.
Recently,i discovered a huge number of double claims due to beneficiary’s informing close friends relatives, attorneys and third parties about their donations. As a result, these close friends, relatives, attorneys and third parties tried to claim the donation sum on behalf of the real recipients thereby causing problems for the courier to deliver the draft. Please be informed that any double claim discovered in the disbursement process, will certainly result to the cancellation of that particular donation, making a loss for both the double claimer and the real beneficiary, as it is taken that the real recipient was the informer to the double claimer about the donation. So you are hereby advised to keep your information’s strictly confidential until your claim has been fully recovered. You are required to make contact with the delivery company as soon as possible, and discuss with them how your cheque would be delivered to your home address in your country and you will be informed about the cost of delivery by the courier company in charge of your certified cheque.
You will need to contact City Link Express Courier India Ltd which is our accredited delivery company.You are to reach them with the information below.
NOTE: You do not have much time to get this done. I advise you act fast and get in touch with Mr Jacob Kr. Sharma of City Link Express Courier India with His contact information stated below:
CONTACT INFORMATION:
CITY LINK EXPRESS COURIER INDIA
No 40, Malya Apartment, Plot No 110, Jawahar Nagar,
Maharashtra, Mumbai-400062, India.
Mr. Jacob Kr. Sharma (Dispatch Officer)
Phone Number: 0091-964-293-3371
CONTACT COURIER E-MAIL: serviceinfo@citylinks.in
You are to contact them with the following information within the next 24hours;
Note This Form Must be filled
1. Full name:
2. Address where you would want the parcel delivered to.
3. Telephone Number/Fax Number.
Please note that upon your contact with Mr Jacob Kr. Sharma you are to provide him with your Donation Code Number [Chris/148/2014/BTB] so that he can verify your identity with the details we sent over to their office earlier on today. Please endeavour to keep us fully informed on all developments with the courier company so that i can also monitor the delivery process through a feedback from you. We look forward to your prompt response, should you have any questions, do not hesitate to contact me as soon as you possibly can.
Your follow up and full cooperation is highly anticipated.
We Wish you Good-luck as you receive your benefit
Regards
Chris and Colin Weir.
Be careful when you download new software. Download from the actual creator of the software as much as possible. Avoid getting software from bittorrents. If you do, at least look at the comments of the bittorrent you plan on downloading.
Search engines such as google are great for finding software, but not always the safest. Its best to get software directly from the organization that created not random sites.
For example, at one time “Joydownload. com” was among the top results for the “Yahoo Messenger” and other apps. But this site may have trojans in it.
Joydownload is a known malware distributions site:
Joydownload scan From VirusTotal:
| Avira |
Malware site |
| Emsisoft |
Malware site |
| Fortinet |
Malware site |
| G-Data |
Malware site |
| Sophos |
Malicious site |
oscp certs
I have a goal of taking the Offensive Security Certified Professional (OSCP). I will attempt it in the next 3 years. I figure it gives me time to study and gain experience programming to do advanced infiltrations on information systems.
I have been doing Information Security analyst work for a while and I enjoy doing it. But I want to see all sides of security not just what an attack looks like from the inside looking out but from the outside looking in.
The main reason I want to attempt the OSCP is for fun. I enjoy puzzles. I want the challenge of it even if I fail miserably.
As certifications go, I think its the future of high-level certifications. Not unlike the Cisco, and Red Hat Certifications, the OSCP takes practical skills to pass. Pure written exams lend themselves to braindumps and crowdsourced cheating. An overwhelming number of “IT professionals” now have lots of certifications with very little experience. The reason I don’t like this is because I don’t like carrying other peoples weight.
Beware of the email scam going around that falsely uses the name of famous EuroMillion winners, Chris and Colin Weir.
Remember, if it sounds too good the be true it probably is. If Chris and Colin Weir did donate money it would not be via an email asking you for you contact information.
Here is the email below***********************************************************************
COLIN CHRIS WEIR
jackmc@embarqmail.com
With Great Honor, the family of Chris and Colin Weir announces
their donation of 800,000.00 Great British Currency to you. Send
Name—
Address—
Mobile #—–
Age—–
Occupation—–
Congratulation to you.
***************************************************************************
The real story of of Chris and Colin Weir:
chris colin donation
But the First Minister did suggest the Prime Minister would be in a “difficult position” if it was judged he did not “try his hardest” in the campaign.
The comments came after it emerged the pro-independence side had received £2.5 million in the past year from EuroMillions lottery winners Chris and Colin Weir.
Both campaigns also claimed a new poll showed the momentum was with them.
In a radio interview, Mr Salmond refused to say that Mr Cameron would have to resign if he became the prime minister who presided over the breakup of the Union.
More from HeraldScottland
