Last Articles


Most popular password

Network Information Security: Myths and Realities Omnipotence hackers

Hackers and crackers, or what is good and what is bad?

Chronology of the ARPANET - INTERNET

Protection system in Windows - Fact or Fiction

The basic principles of security

Manager SAM and Active Directory

Administrative boundaries: the forest or domain?

Can you trust a domain that is connected to the Internet?

Идентификаторы защиты (SID)

Why can not I log in as an administrator from any location?

Network security model and resource sharing

Remote attacks on distributed computing systems

Characteristics and mechanisms of implementation of standard remote attacks

Fake ARP-server on the Internet

False DNS-server on the Internet

Substitution of one of the subjects TCP-connections on the Internet

Malfunction host on the network

Mythical remote attacks on the Internet

Dedicated channel communication between objects distributed CS
Network Information Security: Myths and Realities Omnipotence hackers

 Profound misunderstanding of the majority of the inhabitants of problems related to information security in computer systems, over time, shaped a certain myth of the omnipotence of hackers and pervasive insecurity of computer systems. Yes, in part, this myth is true.

  Indeed, modern computer systems and networks of general purpose has serious security problems. However, we emphasize, is a general purpose computing systems. However, where required processing of critical information and ensuring the highest level of security and privacy (eg, military, nuclear energy, etc.), use specialized secure aircraft that (and it is extremely important!) Mainly isolated from the network general purpose (of the Internet, for example).

  Therefore it is necessary to dispel the first myth, which is very popular in fiction, film, and in the media:
cracker can penetrate from outside into the computer system of strategic purpose (for example, in the sun or a nuclear power plant control station strategic weapons). However, we are talking about the impossibility of obtaining unauthorized remote access it from outside. In the event that a cracker from the staff set out to secure Sun damage to this system, it is difficult to abstract to judge how successful it will try.

  As an example, recall the case of the Ignalina nuclear power plant when the local system programmer implemented a computer system soft tab (Trojan horse), which nearly resulted in an accident station.

  However, according to statistics, a security breach Sun's own staff make up about 90 percent of the total number of violations.
Summing up, we do not assert that the critical computer systems are invulnerable, almost impossible for them only to realize a successful remote attack.

  After reading this paragraph, incredulous reader may notice that he had personally seen a note about how the crackers got into the computer the Pentagon or NASA. The thing is that, like any other self-respecting organization, whether the CIA, NSA or NASA, they have their own WWW-or ftp-server located in an open network and accessible to all. And in this case, crackers penetrated in them (and in any case not in secret or closed), using perhaps one of the mechanisms described in this book.

    Is your money safe?

  Another, and perhaps the most stable myth is the myth of universal vulnerability, banking computer systems. Yes, indeed, in contrast to the Sun of strategic purpose, the banks due to competition among themselves compelled to provide convenience and speed of working with clients to provide them with remote access from public networks to their bank computer systems.

  However, firstly, to communicate in this case uses protected kriptoprotokoly and all kinds of network security (Firewall, for example), and, second, second, providing the client with remote access does not mean that the client can directly access the internal banking network. According to experts, foreign bank aircraft (about domestic we are not talking, not yet reached the appropriate level of automation of calculations) are the most protected after the Sun of strategic purpose.

  However, in recent years, some journalists (including domestic) in the pursuit of sensation failed (and not without success, especially based on actual cases occurred Levine) to come up with the myth of universal vulnerability, banking systems.

  The latest example was an article in a weekly newspaper with a circulation of many millions of Arguments and Facts, in the February issue in 1997 by Mr. A. Kakotkinym was printed a wonderful creature called hackers. The general conclusion of this article, to paraphrase a journalist can do the following: Every hacker on the body armor and spare processor.

No need to be a leading authority on computer security, so that, after reading this article, to conclude that it is absolute nonsense from beginning to end (especially funny to read sub-robnosti hacking banking network).

Perhaps, however, that lack of education in this area journalist some people with obscure objectives simply misled (or, not surprisingly, it is something just does not understand).

More interesting, in our opinion, the question is how reliable is actually protected by banking networks, especially in the case when they are provided for remote access from the Internet. Unfortunately, this question, we can not give an exact answer, while specialized security banking BC (naturally, under such systems do not have in mind the operating systems such as Novell NetWare, Windows NT or 95, UNIX, which, although they are often used in the banking environment but specialized really does not) will not be certificated.

The only thing you can guarantee is that with a probability of about 99.9% of such systems would be threatened denial of service, which is discussed below.

Firewall as a panacea against all threats and last myth - a myth about the systems Firewall as the only reliable means of security segment of IP-based networks. Yes, the very essence of Firewall-metal-using the technique is absolutely infallible and logical. Its main tenet is to create a dedicated bastion (bastion host), which will undertake the task of ensuring control and security in the protected network segment and through which the relationship of this segment with the outside world. But it's still valid in theory. In practice to date, all known system Firewall unable to repel the majority of the described remote attacks (as in the protocols and network infrastructure, as well as in telecommunications services)!

Of course, this does not mean that the data reflect the remote attack is fundamentally impossible. Apparently, the thing is that most systems developers Firewall, as often happens with the developers of secure computer systems, hackers have never been and looked at the problem of protecting the IP-based networks are not from the perspective of an attacker, but from a user perspective.
Top 5 most read

The basic rules of safe behavior on the Internet

Manager SAM and Active Directory

You forget your password. What should I do? Part 3

Social engineering as a way of committing crimes in the sphere of computer information

Идентификаторы защиты (SID)
Copyright © 2010 BRV ISTCOM S.R.L.- раскрутка сайта