Networking :: What Hackers Know About Your Network

Authors: Maximum article exposure. Publishers: Reprintable article content.

BROWSE ARTICLES

	ArticleBiz.com Home
	Featured Articles
	Recently Added Articles
	Most Viewed Articles
	Article Comments
	Advanced Article Search

AUTHORS

	Submit Article
	Check Article Status
	Author TOS

PUBLISHERS

	RSS Article Feeds
	Terms of Service

What Hackers Know About Your Network - That You Don't!

Home :: Computers & Technology :: Networking
By: Thomas Raef	Email Article
Word Count: 1693	Digg it \| Del.icio.us it \| Google it \| StumbleUpon it

Most firewalls designed for the small business market lack features that most small businesses would benefit from. Many of them have all the technical buzzwords like "deep packet inspection", "spyware prevention", "intrusion detection" and many others, however they don't go into the level of detail needed to be effective.

First, many firewalls that are "designed" for small businesses start with companies that have 100 - 250 users. These might be considered small businesses by the Bureau of Labor Statistics, but for technology purposes companies of this size have their own IT staff (96% do).

Not just one IT person, but an IT staff which means that someone is probably responsible for security. If not, they'll have someone train them in the proper setup, installation and monitoring of security appliances.

The businesses we consider small have anywhere from 3 - 50 PCs. The companies at the higher end of this scale might have someone dedicated to handling IT issues. But this person is usually so inundated with PC support issues that they have little time "left over" to effectively monitor firewall logs. Toward the lower end of this scale, they usually have either an outside person or firm responsible or they have an employee who "is pretty good with computers" who has other responsibilities as well.

Rarely will these small businesses have someone watching the firewall logs on a consistent basis. Someone might look them over if there's an issue, but these logs rotate when filled so the valuable information might be lost before it's ever reviewed.

And that's a shame.

Without reviewing the logs you have no idea what or who is trying to get in with which or what.

An Example Log File Let's review some logs.

This happens to be a log from a client. The columns are labeled accordingly. This report has been cleaned up to make it easier to explain and understand.

Date Time Source IP Source Port Destination IP Destination Port 06/18/2007 12:04:03.416 218.10.111.119 12200 55.66.777.1 6588 06/18/2007 12:16:05.192 41.248.25.147 4925 55.66.777.1 5900 06/18/2007 13:08:02.256 218.10.111.119 12200 55.66.777.1 6588 06/18/2007 13:22:10.224 58.180.199.163 4637 55.66.777.1 2967

What is this showing?

Well the first source IP (Internet) address is from Heilongjiang, a province in China. The destination is our client (mangled to protect the innocent) but the important data is the destination port. That identifies what they're looking for.

Port 6588 can be a few different things. They could be scanning for a Trojan that uses that port. If their scan responds with the typical response of the remote access Trojan, they know they've found an infected system. Port 6588 can also be a proxy server (which we won't describe here) with a recent bug. This bug makes it easy for a hacker to exploit thereby giving them remote access to the system running the proxy server software.

Page 2 of 3 :: First | Last :: Prev | 1 2 3 | Next

Thomas J. Raef has been protecting the informational assets of businesses with 3 to 50 PCs for the last 11 years. His knowledge of computer security has led to numerous speaking engagements in front of thousands of small business owners. e-Based Security was formed to provide businesses with an affordable security system designed specifically for businesses with 3 to 50 PCs.

Article Source: http://www.ArticleBiz.com