Computer security

A firewall is basically a software program that allows you full access to the Internet and/or your network, while restricting access to your computer system from outside intrusions.

Internet users are extremely vulnerable to hackers, especially if you have cable or ADSL access to the Internet. You definitely need to protect your computer system.

Once you install a firewall, you'll be amazed at how many attempts to access your computer are blocked by your firewall.

Hackers can directly access your computer system by installing programs such as a key logger that can read every keystroke you make. This information is recorded and sent back to the hacker. Private information such as passwords and credit card numbers can easily be stolen.

A key logger is a small software program that quietly runs in the background. As these programs quite often run in DOS, you will most-likely never realize it's running. However, you can see if a key logger is running by pressing 'control' - 'alt' - 'delete' on your keyboard. This will launch a window that contains a list of all the programs currently running on your system. Review the list and watch for programs you don't recognize.

If you really want to keep your computer safe, I recommend the following:

1) Purchase a good virus program and keep it updated

2) Purchase a good firewall program and keep it updated

3) Purchase a program like Pest Patrol and keep it updated

Pull some random URL from a log, or show them an actual snort signature to see if they really understand what the IDS system (if they are going to be a packet head as part of their job). Most good IDS folks will be able to answer this one. My favorite example is one that everyone has seen for years now, Code Red:

GET /default.ida? NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN

NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN

NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN

NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN

NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN

NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN

%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801

%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%

u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0

Or my other favorite one is NetBIOS, right, unless you see a lot of winnuke anyone running a NetBIOS IDS signature on their network is looking at a mushroom cloud of activity, because windows works that way. This is a good leading question on when this signature would be used, where it would be used, and can give the interviewer a lot of good information on how the person thinks about IDS and what the IDS system is showing them. The leading part of this is that many of the windows vulnerabilities like MS06-040 should be monitored by a NetBIOS rule, and the trick is getting the interviewer down to the point where they are actually thinking about the ramifications and architectures of the rule. As an interview question this one can not be beat, but the interviewer must understand enough about how it works to keep the conversation going, otherwise the interviewer is going to get stuck really quickly if the interviewee knows what they are talking about.

SEM/SIM Security information management questions. If the company has a security information management system, and the interviewee is familiar with the technology already, ask them how they would build out a regex (regular expression) to filter out java script from html code for sites that use a lot of java script. The reason for asking this question, is that even if they can not answer it directly, if they know where to go, or are familiar or comfortable with regular expressions, they can cut just about any script in language of choice to filter data out of very long logs, or other systems. This is a great open door question to asking the interviewee which scripting language they like, how they would use it, and follow on conversations about scripting. The answer to the question is " /<(W*)(SCRIPT|OBJECT|PARAM|EMBED|I?FRAME)([^>]*)>/js"

Microsoft have an on-line database, called the software library, with program fixes for both the NT operating system as well as applications. In Microsoft lingo a patch or program fix is called service pack (SP). There are a number of service packs out, both for different versions of Windows NT as well as applications such as SNA server.

Service packs are cumulative. This means that SP2 contains all of SP1 as well as the fixes introduced in SP2. Service packs often update a great amount of code by replacing major DLLs. Since most large applications (such as back office and development components) bring their own versions of "system" DLLs, service packs has to be applied after each and every "system update", where the term "system update" is not clearly defined. Any action that replaces any component updated by a service pack or hotfix has to be followed by applying latest SP and all hotfixes. Remember that adding hardware often install new software, which may have to be updated by SP and/or hotfix.

Hot fixes are intermediate fixes released between service packs and are not considered fully regression tested, and as such not recommended by Microsoft to be applied unless one really need the feature they provide. Lately, a bunch of security problems have been solved by means of releasing hot fixes.

Another thing on the subject is language or locale. If you are running a non US version of NT, you will not be able to apply all of the hotfixes. Some of them are not language dependent, while others refuse to install on anything else but a US version. If you have the option to do so, run US version of NT at least on your servers. By doing so, you will have the option of installing a hot fix dealing with a security problem immediately when it's released and not have to wait for the next SP to appear. Not to mention that you'd have to wait for the next SP to be ported to your language, which of course may take a while, the time depending on what language you are using.

If you cannot, or do not want to, download software like this from the net, you can contact your local Microsoft representant and ask them about the service pack you need.

Visit Microsofts library of service packs or go directly to their FTP server.

Some types of viruses, such as those written in a high-level language such as Java, MS Word scripting language, Excel macros, etc, will be able to perform some tricks on a NT machine as well.

According to DR Solomon, the MS Word based concept virus spread widely in part because several companies, including Microsoft, have shipped CD-ROMs containing the virus.

Windows NT machines can be affected by other types of viruses if you use, for example, dual boot to run some other type of operating system on the same hardware, e.g. OS/2, UNIX or other version of Windows. When using a coexisting, bootable operating system, if you have a virus in effect that destroy the boot sector or something like that, your NT partition will probably be destroyed as well.