D A R K W A T E R

:: welcome

:: about us

:: services

:: news

:: knowledge center

:: downloads

:: privacy policy

( ( (-) ) )

- font size +

X light style

X dark style

X save settings

© Darkwater LLC
All rights reserved
Call 970-371-5895

I N F O R M A T I O N  S E C U R I T Y
 

Welcome to Darkwater LLC. In these times of uncertainty and insecurity, we hope to partner with you and help you.

Unfortunately it is impossible to predict every enemy that is lurking about with anything but your best interests in mind. As technology becomes more advanced, crackers are arming themselves with more sophisticated tools. New and powerful programming languages are easier to learn and that makes for many more script kiddies. But they are not your only or most dangerous enemy. Consider the professional information thief, or worse yet, a disgruntled employee.

Our goal is to make you comfortable with the security of the information you keep. To do this, we will team with you to determine your security needs based upon the sensitivity of your data and the value that you place upon it. Then we will aid you in implementing your new security plan and test it once it is in place. Information Security is a daunting task - let us help you.

:: about us - intro  |  :: disciplines  |  :: contact us
 

At Darkwater LLC, our information security experts come from diverse technical backgrounds to bring the broadest and deepest knowledge of security to our customers. Our expertise is in securing information, whether it is data residing in a database on a server, on an internal web site, in documents on a network, or even files on a personal computer - regardless of brand-names, operating system, and network hardware.

 

Our associates have various backgrounds and training in many different areas of IT. Some of our areas of expertise are:

 

Darkwater LLC
1728 26th Avenue Court
Greeley :: Colorado :: 80634-4985
USA

PHONE :: 970.371.5895
FAX :: 360.343.5681
EMAIL :: info@darkwater-llc.com

:: services - intro  |  :: HIPAA  |  :: network  |  :: firewall  |  :: server  |  :: consulting
 

Currently, our services are limited to Colorado and the surrounding states. However, if you need information security services and are outside of our area, we may still be able to help you. Contact us and we will discuss the options.

HIPAA

Get expert security consultation and service to protect your clients' personal health information by implementing the HIPAA Security Rule in your organization. On-site, we will provide a gap and risk analysis, then consult with you to determine the best security solution for you. Do it soon, the compliance deadline is April 21, 2005.
more  >>>

network

Whether you are preparing to set up a new network or already have one that you would like to make secure, we will help you get the most out of your investment by designing, or redesigning, a network that matches your current needs and is scalable to parallel your business growth. We know TCP/IP, SNMP, Novell, AppleTalk, Windows Networks, Active Directory, UNIX Networks, NFS, DNS, DHCP, and VPN (and that's just the tip of the iceberg).
more  >>>

firewall

The Great Wall of China, the castle moat, the fire resistant barrier between the passengers and the engine of an automobile - all of these share the same concept of placing a physical barrier between us and the dangers outside for controlled security. By having us place a firewall between the outside dangers and the system or systems you wish to protect, you gain a great level of control over their security.
more  >>>

server & application

Have us to install and set up your mail server, web server, or application server. After we set it up, we can also secure it for you. Our service covers mail server, web server, ftp server, anti-virus, and firewall setup and configuration.
more  >>>

consulting

We have consultants trained in a variety of areas within IT and they are ready to share their expertise with your organization by providing consultation in the following areas: more  >>>

 

D A R K W A T E R  LLC :: HIPAA Security Services

HIPAA regulations directly affect:

  1. Healthcare providers
  2. Healthcare payers
  3. Healthcare claims clearinghouses

HIPAA also affects business associates who perform services or receive private health information from any of these types of entities. Almost everyone who is involved in healthcare will be affected by HIPAA regulations. The compliance deadline for the Security Rule is April 21, 2005.

The Darkwater LLC HIPAA security compliance project is a beginning-to-end, cafeteria style service that includes the following phases:

  1. planning
  2. current business assessment
  3. gap & risk analysis
  4. remediation
  5. implementation
  6. training & support
  7. compliance continuation

PHASE 1 :: PLANNING

Planning is always the most critical step and is vital to the success of your HIPAA compliance project. Part of the planning phase involves choosing the right team members to organize and implement the project. Once a team has been formed, we will train and lead the team to the end of the project. We will also help you identify both a Privacy Official and a Security Officer to enforce the regulations after the project has been implemented, as required by HIPAA.

Another aspect to any successful project is excellent time and resource management. After explaining the basic HIPAA requirements to the chosen team members, we will partner together to develop a project plan with timelines and budgets for each phase of the project and present it to your management team. These planning tools will enable team members to more effectively manage their time and maintain their other work responsibilities.

<< top

PHASE 2 :: CURRENT BUSINESS ASSESSMENT

This phase is a complex and tedious process of gathering information. We will coordinate the team in order to identify those areas within your organization that must be revised to comply with the security provisions of HIPAA. At the end of this phase, you will have a thorough, documented assessment of business policies, practices, and processes that require change.

Included in this Phase:

This information will be used in the next phase for gap and risk analysis.

<< top

PHASE 3 :: GAP & RISK ANALYSIS

The gap analysis phase of the project is crucial to discovering areas of your business that fall short of HIPAA requirements. Using the information gathered during the business assessment phase, we will work with members of the project team to:

We will assemble a gap analysis report detailing the problem areas as well as the available solutions that pertain to the capture, storage, and transmission of PHI. This report will include comparison of current organizational practices to HIPAA requirements.

Also in this phase we will conduct a risk analysis. This step attempts to bring a qualitative approach to comparing security risks along with the loss of value, credibility, and customer confidence to the cost and effort of remediation. The risk analysis report will make it easy to target the high risks that can be easily, quickly, or cheaply remedied.

At the end of this phase, you will have:

These materials develop into a documented, step-by-step remediation plan to achieve HIPAA security compliance.

<< top

PHASE 4 :: REMEDIATION

Our employees and consultants at Darkwater LLC bring a broad variety of security and management expertise to your organization. We come from all disciplines of information technology and bring decades of background knowledge with us.

It is possible that we may not have all of the exact skills required to complete your HIPAA security compliance project, or it may be that you wish to have other parties involved. In that situation, we will offer to coordinate any additional external resources to provide a seamless project flow so that your project stays on budget and on time.

In this phase, our services provide your organization with:

This is also a test phase before complete implementation of any changes. At this point, we will perform a complete end-to-end walk through and analysis of IT systems and personnel procedures affected by any change, even if it's a change caused by ripple-effect, to hopefully find and fix any glitches in the implementation plan. With this approach we hope to reduce or eliminate any interruption in the normal business of your organization.

<< top

PHASE 5 :: IMPLEMENTATION

Although this is the phase where the changes are put into place, it will be the easiest of all phases. At this point all of the careful planning, organizing, and testing in the earlier phases finally pay off. Without putting enough effort into the preceding phases, this step would be prone to errors and would likely be incomplete, causing many headaches in the future and probably wasted investment in solutions that did not work.

As with the work completed in all phases of this project, each change implemented will be carefully and thoroughly documented.

Key to this project in general and specifically to this phase, is the acceptance of HIPAA changes within your organization. One of the main goals that gave rise to HIPAA was the streamlining of business processes, and of transactions between businesses to reduce overhead, time, and costs associated with conducting business.

However, in doing so we may be adding additional steps in areas previously ignored. One thing to remember when it comes to information security is that we have become lax with computers and technology. Only with the wide acceptance of the World Wide Web, the ease of owning and using a computer, and the recent advances in programming languages has information security become a fast growing concern around the world.

This phase is one of transition that usually causes much apprehension in associates involved. That leads us into the next phase - training.

<< top

PHASE 6 :: TRAINING & SUPPORT

First, it is crucial that everyone in your organization realizes that the benefits of HIPAA overshadow the learning curve that will be incurred initially. Without acceptance of these changes, it will be difficult if not impossible to maintain compliance. We will provide instruction and training that will transition your associates to new policies and best practices regarding information security.

Each individual in your organization that is exposed to PHI must have training in the handling of that information, according to HIPAA. Through documenting this training process, your business will be left with a formal security training guide that can be incorporated into your overall HIPAA training guide. This training will introduce new associates to:

After the changes have been implemented, compliance gaps bridged, and associates trained, we will provide ongoing support and consultation to your business to help you realize the maximum benefit of implementing information security in your organization. By keeping with the same company that stepped your business through the initial changes, you will have the benefit of our combined synergy to implement any further changes without damaging the previous work already completed.

<< top

PHASE 7 :: COMPLIANCE CONTINUATION

No policy is worth it's ink on paper, or bits on disk if it is not followed and enforced. Over time it is common that people forget why things are done the way they are, look for short-cuts, or are not properly trained to begin with. Understanding the risks to your business and the penalties for noncompliance is the reason that we provide continuing compliance audits.

By periodically monitoring and reviewing your policies and practices we can help you ensure that you comply with HIPAA beyond the initial project implementation.

In this ongoing phase, it is necessary that your policies be measured against HIPAA requirements, to ensure that policy changes are not in disagreement with HIPAA. In addition, although the regulations are published as "Final Rules", they are all but final. HIPAA is likely to be updated on an ongoing basis. Those changes may be published as often as once a year.

<< top

For more information on our HIPAA security services, contact us at hipaa@darkwater-llc.com.

 

D A R K W A T E R  LLC :: Networking Services

Our networking services are structured to support small home businesses, large organizations, and every level of network complexity in between.

Be certain that your networking infrastructure reflects your current and future business needs. As a small company, you probably don't have the budget to spend on a large network with the hopes that it will still be the best technology when you grow into it. If you're a large company, updating your current network configuration is no easy feat. Planning the right design early is key to saving money now and in the future.

We can design a scalable network that can grow as your business grows - one that fits your budget today.

One of our certified network engineers will

Before you invest in a new network or a network upgrade, arrange a consultation with one of our Linux, Microsoft, and Novell certified network engineers.

We can help you realize the benefits of being connected.


For more information, or to arrange a consultation, e-mail us at netservices@darkwater-llc.com.

 

D A R K W A T E R  LLC :: Firewall Services

Firewall

By adding a firewall between your network and the Internet, you can block potentially harmful traffic from accessing your networked systems. For added security, consider adding a software firewall solution on all major endpoints within your network (for example, include a firewall on your web server).

Our firewall services help to safeguard your confidential information from being exploited and destroyed or stolen by blocking unauthorized access to your networked systems.

Secure Remote Access

Continue to allow access to critical network systems to your salesforce or telecommuters with a Virtual Private Network (VPN). We can configure VPN to provide secure, encrypted network tunnels through which data can be passed. We offer a variety of custom VPN solutions designed to meet your needs, providing an additional layer of security on top of your firewall-protected network.

Intrusion Detection System

To continue building on the layered approach to security, we can install and configure an Intrusion Detection System (IDS) to complement your firewall. An IDS reports suspicious activities of any would-be attacker and acts as an early warning mechanism so that you can act before there is a successful breach in system security.


Contact us at firewalls@darkwater-llc.com to find out more about our firewall, VPN, and IDS services.

 

D A R K W A T E R  LLC :: Server Configuration Services

Straight out of the box and into your network of information systems, most hardware, operating systems, and applications are not configured for maximum security. Putting these into your network is like asking a stranger to guard your Ferrari with the engine running while you go grocery shopping.

Darkwater LLC provides both system and application hardening services to help protect your information systems from common configuration mishaps that open rifts in the security of your organization.

Our associates implement security "best practices" in configuring your systems and applications for maximum security while maintaining operability. Microsoft, UNIX, and Linux operating systems are covered, as well as major web, e-mail, database, and network applications, and major brands of hardware firewalls, routers, and other security appliances.

Typically, this is an ongoing service which includes:

 

D A R K W A T E R  LLC :: Consulting Services

[ U N D E R  D E V E L O P M E N T ]

We appologize for the inconvenience while this section is being updated. For information regarding our consulting services, please email us at consult@darkwater-llc.com.

 
:: news - intro  |  :: virus top 10  |  :: security alerts
 

In this section you will find portals to other sites concerned with information security. Darkwater LLC is not responsible for the content of these portals. They are here for your information only and may contain copyrighted material.

We hope that you make use of this area. Many viruses and security alerts will be found here before they are officially announced to the general public which may give you an edge against any attacks.

You may also want to see what is in the knowledge center.

 

Source: Sophos Anti-Virus

Virus Map - compliments of Trend Micro: see the top 10 virus list by continent.
 

Below is a list of the top 10 most recently updated vulnerabilities listed on the CERT server.


more  >>>

:: knowledge center - intro  |  :: faq  |  :: seminars  |  :: links  |  :: glossary
 

This area contains helpful information if you are new to security:

 

FAQ (Frequently Asked Questions)

General Questions

What is HIPAA?
Why cant I change the font size or the style of your web site using the font and style buttons on the web page?

General Security Issues

If I am on the net 24hrs a day, will I get hacked?
What is an IP address?
What is a port scan?
How do I know my ports are secured?
What general security precautions should I take?
How can I protect our system from password How can I secure data in transit?
What Does IPSec Do?

Wireless Networking

What are the major security risks to Wireless 802.11b networking?

Firewalls

Why would I want a firewall?
What can a firewall protect against?
What can't a firewall protect against?
Can a firewall protect against viruses?
Which Firewall should I use?
What is the Best Type of Software Firewall?

Intrusion Detection Systems

What is an "intrusion detection system (IDS)"?
Why do I need IDS if I already have a firewall?
What are some common "intrusion signatures"?
What is a Denial of Service attack?
What is a DDoS (Distributed Denial of Service) attack?

PGP and Encryption

Is cryptography (like PGP) legal?
How does encryption work?
What is PGP and where can I get it?
Why do you use the term pass phrase instead of password in PGP?

Web-Related Programming Languages

Are CGI scripts insecure?
What's the difference between Java and JavaScript?
Are there any known security holes in Java?
Are there any known security holes in JavaScript?



General Questions

Q: What is HIPAA?
A: HIPPA stands for Health Insurance Portability and Accountability Act. It is a law that passed in 1996, designed to protect confidential healthcare information through improved security standards and federal privacy legislation. It defines requirements for storing patient information before, during and after electronic transmission. It also identifies compliance guidelines for critical business tasks such as risk analysis, awareness training, audit trail, disaster recovery plans and information access control and encryption. These security standards for information access control and encryption may have the most significant impact on how the medical industry conducts its business. There are more than sixty-eight information security conditions in three areas that must be met to ensure compliance with HIPAA. These areas are:

Q: Why cant I change the font size or the style of your web site using the font and style buttons on the web page?
A: Both the font size changer and the style changer store and retrieve cookies on your computer. These cookies are harmless and only store the font size and the style name on your computer. They are set to persist for 365 days, but ultimately you have control over those cookies. If you choose to not store the cookies, the JavaScript that makes changes to the way the web site is displayed on your PC will not work.

For more information, see our privacy policy.

Altering Presentation Without Javascript or Cookies

It may be possible that you can change the text size without having to set a cookie. If you're using IE5 for Mac, or a Gecko-based browser like Mozilla or Netscape 6+, then you can make use of the "Text Zoom" function of those browsers. On the Macintosh, you can increase or decrease the text size of any site using command-plus or command-minus. ("Command" is the little flower key next to the spacebar.) You can also find a "Text Zoom" submenu in the "View" menu of both browsers.

If you're using Opera, you can use a similar function called "Page Zoom," which is available in the "Zoom" submenu of the "View" menu. It's also part of the default browser interface-- it's the "100%" dropdown menu next to the search boxes near the top right corner of the browser window. Page Zoom will alter the size of both text and images, more like the text zoom function of our site.

Whether you're using Text Zoom or Page Zoom, remember that the choice will persist for at least as long as you have the browser window open-- if not longer-- so you may have to adjust the settings from site to site. The beautiful thing is that the decision to change is entirely in your hands, and nothing can prevent it

Unfortunately, IE for Windows doesn't allow the resizing of text that's been set with a pixel-based size (as it is on our site), so you can't resize text from with the functions of IE/Windows. The "font size" feature of our site gives IE/Windows users the same functionality that other browsers already have built in. The benefit of using our font size and style chooser function is that it is limited to changing the look and layout of our site only and does not affect other sites and by storing a cookie, our site will remember your preference for your future visits.

General Security Issues

Q: If I am on the net 24hrs a day, will I get hacked?
A: The longer your computer is accessible, the higher the chances of an intrusion. This doesn't mean dial up access is safe. An intruder is able to enter your computer through open and accessible ports. This means you have to make sure you don't have any unnecessary open ports on your computer and secure the ones that have to be open (due to services you need to run). If you make sure all your ports are closed or hidden, the length of time you are on line becomes irrelevant.

Q: What is an IP address?
A: IP addresses are analogous to telephone numbers when you want to call someone on the telephone, you must first know their telephone number. Similarly, when a computer on the Internet needs to send data to another computer, it must first know its IP address. IP addresses are typically shown as four numbers separated by decimal points, or dots. For example, 10.24.254.3 and 192.168.62.231 are IP addresses.

If you need to make a telephone call but you only know the persons name, you can look them up in the telephone directory (or call directory services) to get their telephone number. On the Internet, that directory is called the Domain Name System, or DNS for short. If you know the name of a server, say www.cert.org, and you type this into your web browser, your computer will then go ask its DNS server what the numeric IP address is that is associated with that name.

Every computer on the Internet has an IP address associated with it that uniquely identifies it. However, that address may change over time, especially if the computer is

Q: What is a port scan?
A: In order to understand what a port scan is we first need to explain what a port is. Ports are connection portals to a computer. Each TCP/IP communication needs to originate from a port on one computer and go to a port on another computer to establish a connection. There are over 65,000 ports available to a TCP/IP stack on a computer. Certain services use a standard port to establish a connection and other programs may pick up the first port your Operating system assigns to them.

For example if you run a web server on your computer, the www service uses port 80 and listens on it for connection and in turn when people enter your web address in their browsers, their browsers go to your address and try to establish a connection to port 80 of your computer to grab the information you provide.

But here's the important part: If you are not running a service such as www on your port 80, your computer sends a message to their browser, informing them that your port 80 is closed at which point the browser will not be able to connect and gives up.

A port scan is very similar to what your browser does. It's an attempt to reach a certain port in order to determine whether the port accepts a connection. The ports may differ but the process is the same. Port scanners simply determine if the port is listening for connection. In order for hackers to actually establish a connection and run commands on your computer, they need additional tools. What's important to know is that unless you are running a service on a port and your computer is listening for a connection to that port, it would be virtually impossible to connect to that port and the response to the port scan will always be a closed response. This means a single scan of a port or ports by itself can do no harm to you whatsoever even if you don't have a firewall.

However there are certain ports on your computer that will be listening for connection by default. It is possible for you to close some of them such as port 139 which is used by file and print sharing, without a firewall but some can't be closed such as port 135 (The end-point Mapper) unless you have a firewall.

The dangers posed by a listening port could range anywhere from leaking certain information about your operating system to a malicious connection to your computer or a Denial of Service attack.

Q: How do I know my ports are secured?
A: If you don't have a firewall or a Router, chances are that you definitely have one or more insecure ports that can't be closed. The best way to find out is to scan your computer from outside for open ports. DSLR provides two different free port scans. The first thing you should do is to perform a basic port scan of your computer which will give you a fast result. You can also do a more comprehensive scan if you wish to know more.

The next logical step would be to start securing your machine by choosing a software firewall, a router, or both.

Q: What general security precautions should I take?
A: If you are a Webmaster, system administrator, or are otherwise involved with the administration of a network, the single most important step you can take to increase your site's security is to create a written security policy. At a minimum, this security policy should include:

This policy need not be anything fancy. It need only be a summary of how the information system work, reflecting your organization's technological and political realities. There are several benefits to having a written security policy:

Q: How can I protect our system from password cracking?
A: Users are susceptible to a number of attacks, such as dictionary password guessing. In Windows NT, one way to protect against those types of attacks is to set the number of failed logins before disabling the account temporary or until the system manager manually enables it again. The following are some other steps that can be taken:

Q: How can I secure data in transit?
A: The answer is encryption (and encrypting data also provides an extra layer of security against intruders who do manage to get into the network). With Microsoft operating systems prior to Windows 2000, encrypting data required third party software. Now encryption capabilities are built into the OS. These include the Encrypting File System (EFS) and Internet Protocol Security (IPSec).

The type of encryption you need to use depends on the state of the data. File encryption can protect data residing on disk, but does not protect that data when its in transit over the network. If you dont believe this, send an EFS-encrypted file across the network and capture the packets in transit. Youll see that the data is readable. IPSec is needed to encrypt to protect data from IP network sniffers.

Q: What Does IPSec Do?
A: IPSec is designed to provide authentication (verification of the identity of the sender), integrity (assurance that the data was not changed in transit) and confidentiality (encryption of the data so that it cant be read by anyone who doesnt have the correct key).

Because it operates at the network layer of the OSI model (Layer 3), IPSec has an advantage over SSL and other methods that operate at higher layers. Applications must be written to be aware of and use SSL, while applications can be used with IPSec without being written to be aware of it. Thus encryption occurs transparently to the upper layers.

IPSec protects only IP-based traffic; it is of no use to other network layer protocols such as IPX. There are also some types of IP traffic (such as Kerberos) that are not protected by Microsofts implementation of IPSec by default. Microsoft calls these exemptions.

Wireless Networking

Q: What are the major security risks to Wireless 802.11b networking?
A: Here is the list of main known security risks with 802.11b:

Firewalls

Q: Why would I want a firewall?
A: The Internet, like any other part of society, is plagued with the kind of vandals who enjoy the electronic equivalent of writing on other people's walls with spray paint, tearing their mailboxes off, or just sitting in the street blowing their car horns. Usually, a firewall's purpose is to keep these people out of your network while still letting you get your job done.

Q: What can a firewall protect against?
A: Normally firewalls are configured to protect a system against unauthorized and unauthenticated logins from the outside world.

Some firewalls permit only email traffic through them, thereby protecting the system against any attacks other than attacks against the email service. Other firewalls provide less strict protections, and block services that are known to be problems. Some firewalls block selected incoming and outgoing traffic based on rules provided by the user.

Firewalls are also provide a single point where security and audit can be imposed Firewalls provide an important logging and auditing function; often they provide summaries to the administrator about what kinds and amount of traffic passed through it, how many attempts there were to break into it, etc.

This is an important point: providing single point can serve the same purpose on your network as a guarded gate can for your site's physical premises. That means anytime you have a change in levels of sensitivity, such a checkpoint is appropriate.

Q: What can't a firewall protect against?
A: Firewalls can't protect against attacks that don't go through the firewall. A firewall must be a part of a consistent overall organizational security architecture. Also if a site has classified data it should not be hooked up to the Internet and should be isolated from the rest of the corporate network.

Another thing a firewall can't protect you from people inside your network. Floppy disks are a far more likely means for information to leak from your organization than a firewall! Users who reveal sensitive information over the telephone are good targets for social engineering; an attacker may be able to break into your network by completely bypassing your firewall, if he can find a helpful employee inside who can be fooled into giving information.

Q: Can a firewall protect against viruses?
A: Firewalls can't protect very well against things like viruses. There are too many ways of encoding binary files for transfer over networks, and too many different architectures and viruses to try to search for them all. In other words, a firewall cannot replace security-consciousness on the part of your users. In general, a firewall cannot protect against a data-driven attack--attacks in which something is mailed or copied to an internal host where it is then executed.

Organizations that are deeply concerned about viruses should implement organization-wide virus control measures. Rather than trying to screen viruses out at the firewall, make sure that every vulnerable desktop has virus scanning software that is run when the machine is rebooted. Blanketing your network with virus scanning software will protect against viruses that come in via floppy disks, modems, and Internet. Trying to block viruses at the firewall will only protect against viruses from the Internet--and the vast majority of viruses are caught via floppy disks and email.

A strong firewall is never a substitute for sensible software that recognizes the nature of what it's handling--untrusted data from an unauthenticated party--and behaves appropriately. Also if from a trusted source (read friend) it may not always be reliable.

Q: Which Firewall should I use?
A: This is a question with no straight answer. It is extremely important that you know your limits, strengths and weaknesses. There are several Firewalls in the market that are considered quite secure, however they are geared toward different users. Some need more user intervention and some need less. Some need more knowledge to use and secure and some need less. Some provide more flexibility which is not necessarily more security and some provide less flexibility which again is not necessarily less security.

The important point is that you need to find out which one works best for you. Using a firewall that needs extensive configuration for a person who doesn't have the knowledge or desire to spend the time learning or configuring could be a disaster waiting to happen no matter how secure that firewall may be. By the same token assuming a firewall is so simple to use that you can set it and forget it could have similar results.

So start simple and move up to more complicated firewalls if you wish or stay with the simple one if it works for you. It's up to you. However if you decide to move to the more complicated, don't forget to protect yourself while you are learning. Using a firewall that you are comfortable with, alongside the one you're trying to learn will assure that you are secure while testing the waters. Remember, the time you spend thinking which firewall to use, is the time your computer stays wide open. Choose a simple firewall and protect yourself and you will have all the time to explore your other options.

Q: What is the Best Type of Software Firewall?
A: There are two basic software firewalls: rule based and non rule based. Non rule based are the easier of the two to install and configure. While rule based offer the most flexibility.

These so called "set it and forget it" firewalls, like Zone Alarm provide very good inbound and outbound packet and application filtering allowing only the traffic that you want/authorized. The drawback is the in some cases, it is an all or nothing proposition. You either allow an application to access the internet or your system, or you don't.

Rule based firewalls on the other hand, like Kerio or Norton Personal Firewall offer you the ability to not only control what applications and services are granted access, but through what ports and what direction (in, out or both).

Another consideration is whether you want/need added functions such as ad, cookie, pop-up blocking and privacy measures. Many want a firewall to be just that, a firewall no more, no less. So, after weighing the options against your current needs and skills, you should choose the firewall that works for you.

Intrusion Detection Systems

Q: What is an "intrusion detection system (IDS)"?
A: An intrusion is somebody attempting to break into or misuse your computer system. This can be something as severe as stealing confidential data or misusing your email system for spam. An "Intrusion Detection System (IDS)" is a system for detecting such intrusions. Broadly speaking there are 2 types of Intrusion Detection Systems:

  1. Network intrusion detection systems (NIDS) - Monitors packets on the network wire and attempts to discover an intruder by matching the attack pattern to a database of known attack patterns. A typical example is looking for a large number of TCP connection requests (SYN) to many different ports on a target machine, thus discovering if someone is attempting a TCP port scan. A network intrusion detection system sniffs network traffic, by promiscuously watching all network traffic.
  2. Host based intrusion detection system (HIDS) - A host based intrusion detection system does not monitor the network traffic, rather it monitors whats happening on the actual target machines. It does this by monitoring security event logs or checking for changes to the system, for example changes to critical system files or to the systems registry. Host based intrusion detection systems can be split up into:
    • System integrity checkers - Monitors system files & system registry for changes made by intruders (thereby leaving behind a backdoor). There are a number of File/System integrity checkers, such as "Tripwire" or LANguard File Integrity Checker.
    • Log file monitors - Monitor log files generated by computer systems. Windows NT/2000 & XP systems generate security events about critical security issues happening on the machine. (for example a user acquires root/administrator level privileges) By retrieving & analyzing these security events one can detect intruders.

Q: Why do I need IDS if I already have a firewall?
A: Some reasons for adding IDS to your firewall are:

Q: What are some common "intrusion signatures"?
A: There are three types of attacks:

  1. Information gathering:
    • Network mapping - ping sweeps
    • Attackers will usually check which IP addresses are active by sending an ICMP ping packet and expecting a reply. Similarly some tools make use of SNMP, TCP/IP and other protocols to ping a host to see it its up.
    • DNS zone transfers
    • E-mail recons
    • TCP port scans - Enumeration of services
    • Enumerating open TCP ports on a target machine is very important in an attack since this allows hackers to find exploitable services. Attackers will most of the times make use of stealth scans to try avoid being discovered at this early stage of the attack. Scans can be either sequential, randomized, or configured lists of ports.
    • UDP port scans - Enumeration of services
    • Due to the design of the UDP, scanning this protocol is considerably slower and produces a lot of false positives. This is due to the fact that UDP is a connectionless protocol which means that when a port is open it does not have to send a confirmation that the UDP packet was received. Most UDP implementations send an ICMP destination packet unreachable message when the port is closed. Firewalls should be configured not to respond with ICMP destination port unreachable this would give a hard time to hackers using traditional UDP scanning. Apart from this many machines throttle ICMP messages, which means that scanning such machines is a very slow process.
    • Indexing of public web servers to find web server and CGI holes.
      • OS fingerprinting
        • One method to identify the target Operating System is to send illegal or ambiguous packets. Although protocol definitions (RFCs) usually define how a machine should reply to data that its expecting, these same standards do not always take in consideration illegal packets. The result of this is that each Operating System responds uniquely to invalid inputs and therefore hackers can guess the remote Operating System without being caught using normal System logging.
        • Another method to discover the Operating system of a target include Banner Grabbing which consists of analyzing responses by services running on the victim server.
  2. Account scans
    Attempts to log on to:
    • Accounts with no password set
    • Accounts with password same as username, or "password"
    • Default accounts that were shipped with the product
    • Accounts installed with software products
  3. Denial of Service

Q: What is a Denial of Service attack?
A: A Denial of Service (DoS) attack is an attempt to prevent legitimate users of a service from accessing that service. DoS attacks usually make use of software bugs to crash or freeze a service, or bandwidth limits by making use of a flood attack to saturate all bandwidth.

Q: What is a DDoS (Distributed Denial of Service) attack?
A: A Distributed Denial of Service consists of launching a Denial of Service attack from a good number of sites against a single host. Such an attack is generally more effective to bring down huge corporate sites than DoS attacks. A typical DDoS attack consists of master, slave and victim master being the attacker, slave being the compromised systems and victim of course being the attackers target. Once the attacker sends out a specific command to the slave or zombie systems, the attack is launched.

PGP and Encryption

Q: Is cryptography (like PGP) legal?
A: The use of cryptography is regulated by a complex web of national and international laws. In some countries, such as the United States, it is legal to use strong cryptography but software that implements it cannot be exported. In other countries, such as France, it is illegal to use strong cryptography at all.

Recently the United States loosened the export restrictions slightly, allowing Web browsers to be used for strong encryption when communicating with financial institutions or when an American-owned company overseas needs to browse its home office's Web site. Server certificates that allow for these specific exemptions can be obtained from VeriSign through its "step-up" program.

Q: How does encryption work?
A: Encryption works by encoding the text of a message with a key. In traditional encryption systems, the same key was used for both encoding and decoding. In the new public key or asymmetric encryption systems, keys come in pairs: one key is used for encoding and another for decoding. In this system everyone owns a unique pair of keys. One of the keys, called the public key, is widely distributed and used for encoding messages. The other key, called the private key, is a closely held secret used to decrypt incoming message. Under this system, a person who needs to send a message to a second person can encrypt the message with that person's public key. The message can only be decrypted by the owner of the secret private key, making it safe from interception. This system can also be used to create digital signatures that cannot be forged.

Most practical implementations of secure Internet encryption actually combine the traditional symmetric and the new asymmetric schemes. Public key encryption is used to negotiate a secret symmetric key that is then used to encrypt the actual data.

Since commercial ventures have a critical need for secure transmission on the Web, there is very active interest in developing schemes for encrypting the data that passes between browser and server.

Q: What is PGP and where can I get it?
A: PGP or Pretty Good Privacy is a system which uses public/private keys as a means for encryption and message verification via signatures. By using the public key of your recipient, you can encrypt a message (or file) so only the intended receiver can read the message. As well, by using your own private key, you can create a signature which can not be faked which serves as a means of authenticating a message and detecting forged messages. The freeware version of the program can be downloaded at http://web.mit.edu/network/pgp.html.

Q: Why do you use the term pass phrase instead of password in PGP?
A: This is because most people, when asked to choose a password, select some simple common word. This can be cracked by a program that uses a dictionary to try out passwords on a system. Since most people really don't want to select a truly random password, where the letters and digits are mixed in a nonsense pattern, the term pass phrase is used to urge people to at least use several unrelated words in sequence as the pass phrase.

Web-Related Programming Languages

Q: Are CGI scripts insecure?
A: CGI scripts are a major source of security holes. Although the CGI (Common Gateway Interface) protocol is not inherently insecure, CGI scripts must be written with just as much care as the server itself. Unfortunately some scripts fall short of this standard and trusting Web administrators install them at their sites without realizing the problems.

Q: What's the difference between Java and JavaScript?
A: Despite the similarity in names, Java and JavaScript are two separate entities. Java is a language designed by Sun Microsystems. Java programs are precompiled into a compact form and stored on the server's side of the connection. HTML documents refer to the mini-applications known as Java "applets" by incorporating <APPLET> tags. Browsers that support the <APPLET> tag (Netscape Navigator 2.0+, Microsoft Internet Explorer 3.0+, Sun's HotJava, and Opera for example), download the compiled Java applications and execute them.

JavaScript is a series of extensions to the HTML language designed by the Netscape Corporation and understood by Netscape Navigator versions 2.0 and higher, as well as by Microsoft Internet Explorer version 3.0 and higher (where it is called "JScript"), Opera, and nearly all other graphical web browsers. It's an interpreted language designed for controlling the browser; it has the ability to open and close windows, manipulate form elements, adjust browser settings, and download and execute Java applets. Although JavaScript has a similar syntax to Java, it is quite distinct in many ways.

Q: Are there any known security holes in Java?
A: Because Java applets execute on the browser's side of the connection instead of on the server's, move the security risk squarely from the server to the client. Is there anything for the client to worry about?

Several failsafes are built into Java to prevent it from compromising the remote user's machine. When running as applets, Java scripts are restricted with respect to what they are allowed to do by a "security manager" object. The security manager does not ordinarily allow applets to execute arbitrary system commands, to load system libraries, or to open up system device drivers such as disk drives. In addition, scripts are generally limited to reading and writing to files in a user-designated directory only (the HotJava browser allows you to set this directory, while Netscape disallows all file manipulation).

Applets are also limited in the network connections they can make: An applet is only allowed to make a network connection back to the server from which it was downloaded. This is important for reasons discussed below.

Finally, the security manager allows Java applets to read and write to the network, read and write to the local disk, but not both. This limitation was created to reduce the risk of an Applet spying on the user's private documents and transmitting the information back to the server. Since the Netscape implementation disables all local file manipulation anyway, this restriction is currently moot.

Q: Are there any known security holes in JavaScript?
A: JavaScript has a more troubling history of security holes. Unlike the Java holes, which potentially can change data on the user's disk, JavaScript holes generally involve infringements on the user's privacy. Although many bugs have been closed, others keep popping up.

 

Other Resources to Security and Privacy Issues

HIPAA http://www.hipaadvisory.com/news/
http://www.rx2000.org/KnowledgeCenter/hipaa/hipfaq.htm
http://www.hospitalconnect.com/aha/key_issues/hipaa/
http://www.smed.com/hipaa/overview/fastfacts.php
http://www.hipaaplus.com/abouthippa.htm
http://aspe.hhs.gov/admnsimp/
ID Thefthttp://www.consumer.gov/idtheft/
http://www.usdoj.gov/criminal/fraud/idtheft.html
http://www.ssa.gov/pubs/idtheft.htm
http://www.privacyrights.org/identity.htm
http://www.idtheftcenter.org/
Online Privacy Alliance http://www.privacyalliance.org/
Internet Storm Centerhttp://isc.incidents.org/
CERThttp://www.cert.org/
NISThttp://www.nist.gov/
 

Jan 28, 2004
Developing an Anti-Spam Plan     Presented by Peter Coffee and Cameron Sturdevant
Sponsored by MailFrontier
Join eWEEK technology experts, Peter Coffee and Cameron Sturdevant as they discuss the scope of the Spam problem and recommend solutions based on your different needs. You'll also hear about the latest and greatest anti-spam tools and techniques!
more  >>>

Jan 29, 2004
Choosing the Right Backup and Recovery Solution     Presented by Frank Derfler
Sponsored by NCT
More and more, companies are looking for a mix of technologies and approaches to achieve the right levels of recoverability and availability within the enterprise. For most companies, one size does not fit all. This eSeminar will explore the different approaches to recovery, as well as highlight key decision-making criteria clients should consider.

By participating in this eSeminar, you'll know more about:


more  >>>

 
A-C   D-F   G-I   J-L   M-O   P-R   S-U   V-Z
 

A through C

adware - Any software application in which advertising banners are displayed while the program is running.
more  >>>

AES (Advanced Encryption Standard) - An encryption algorithm for securing sensitive but unclassified material by U.S. Government agencies.
more  >>>

AUP (Acceptable Use Policy) - A policy that a user must agree to follow in order to be provided with access to a network or to the Internet.
more  >>>

certificate authority - A trusted third-party organization or company that issues digital certificates used to create digital signatures and public-private key pairs.
more  >>>

cipher - Any method of encrypting text to conceal its readability and meaning.
more  >>>

cracker - Someone who breaks into someone else's computer system, often on a network; bypasses passwords or licenses in computer programs; or in other ways intentionally breaches computer security.
more  >>>

cryptography - With relation to computer security, cryptography is most often associated with scrambling plaintext (ordinary text, sometimes referred to as cleartext) into ciphertext (a process called encryption), then back again (known as decryption).
more  >>>

 

D through F

DDoS (Distributed Denial-of-Service) - An electronic assault in which many compromised systems are made to flood a target with requests and overwhelm its capacity.
more  >>>

Digital Certificate - An attachment to an electronic message used for security purposes. The most common use of a digital certificate is to verify that a user sending a message is who he or she claims to be, and to provide the receiver with the means to encode a reply.
more  >>>

Digital Signature - Like a written signature, the purpose of a digital signature is to guarantee that the individual sending the message really is who he or she claims to be.
more  >>>

DMZ (DeMilitarized Zone) - A computer host or small network inserted as a "neutral zone" between a company's private network and the outside public network.
more  >>>

firewall - A program or group of related programs that protects the resources of a private network from users from other networks. Some firewalls are hardware based.
more  >>>

flaming - Giving someone a verbal lashing in public. Unless in response to some rather obvious flamebait, flaming is poor netiquette.
more  >>>

 

G through I

hacker - A term used by some to mean "a clever programmer" and by others, especially journalists or their editors, to mean "someone who tries to break into computer systems."
more  >>>

hoax - A virus hoax is a false warning about a computer virus.
more  >>>

IDS (Intrusion Detection Systems) - A security technology that attempts to detect incoming hacker attacks by looking for known patterns of attack.
more  >>>

IPsec (IP Security) - A protocol for securing IP network traffic through encryption.
more  >>>

 

J through L

jolt - A denial of service (DOS) attack or a super-caffeinated soft drink.
more  >>>

Kerberos - A secure method for authenticating a request for a service in a computer network.
more  >>>

klez - An Internet worm that launches automatically when a user previews or reads an e-mail message containing Klez on a system that has not been patched for a vulnerability in Microsoft Internet Explorer mail clients.
more  >>>

link encryption - The process of encrypting information at the data link level as it is transmitted between two points within a network.
more  >>>

logic bomb - In a computer program, a logic bomb, also called slag code, is programming code, inserted surreptitiously or intentionally, that is designed to execute (or "explode") under circumstances such as the lapse of a certain amount of time or the failure of a program user to respond to a program command.
more  >>>

LUHN - A simple algorithm used to validate the number on a credit card.
more  >>>

 

M through O

macro virus - A computer virus that "infects" a Microsoft Word or similar application and causes a sequence of actions to be performed automatically when the application is started or something else triggers it.
more  >>>

mail bomb - The sending of a massive amount of e-mail to a specific person or system.
more  >>>

MD5 - MD5 is an algorithm that is used to verify data integrity through the creation of a 128-bit message digest from data input.
more  >>>

NAT (Network Address Translation) - Simply put, NAT hides the IP addresses of PCs so that all outgoing traffic seems to come from the same address, but it's possible to bypass a firewall-free NAT device. NAT is not a firewall.
more  >>>

netiquette - Network etiquette.
more  >>>

 

P through R

PGP (Pretty Good Privacy) - A popular program used to encrypt and decrypt e-mail over the Internet.
more  >>>

phreak - Someone who breaks into the telephone network illegally, typically to make free long-distance phone calls or to tap phone lines.
more  >>>

ping of death - Hackers seek vulnerabilities through port scanning. Each IP address has more than 65,000 ports through which applications can communicate.
more  >>>

port scanning - Hackers seek vulnerabilities through port scanning. Each IP address has more than 65,000 ports through which applications can communicate.
more  >>>

private key - An encryption/decryption key known only to the party or parties that exchange secret messages.
more  >>>

public key - A known, shared key.
more  >>>

PKI (Public Key Infrastructure) - Enables users of a basically unsecure public network such as the Internet to securely and privately exchange data and money through the use of a public and a private cryptographic key pair that is obtained and shared through a trusted authority.
more  >>>

Registration Authority (RA) - An entity that verifies user requests for a digital certificate and tells the certificate authority (CA) to issue it.
more  >>>

RSA - The most commonly used encryption and authentication algorithm.
more  >>>

 

S through U

script kiddie - A derogative term, originated by the more sophisticated crackers of computer security systems, for the more immature, but unfortunately often just as dangerous exploiter of security weaknesses on the Internet.
more  >>>

security appliance - No longer just firewalls, most of the devices in the range of $400 to $900 are referred to as security appliances. This change in nomenclature was inspired by the addition of virtual private networks (VPNs) and other features.
more  >>>

spam - Unsolicited e-mail on the Internet.
more  >>>

SPI (Stateful Packet Inspection) - SPI examines the content of packets (rather than just the source and destination addresses and ports) to determine whether to grant a remote computer access to your network.
more  >>>

spyware - In general, spyware is any technology that aids in gathering information about a person or organization without their knowledge.
more  >>>

trojan - In today's computer world, a trojan horse is a malicious, security-breaking program that is disguised as something benign, such as a screen saver, a game, or some other valuable program.
more  >>>

 

V through Z

virus - A piece of malicious code that causes undesirable events by infecting files, system/boot records, or applications.
more  >>>

worm - A malicious file or piece of code that replicates itself over a network, reproducing until it has consumed system resources.
more  >>>

:: downloads - intro  |  :: library  |  :: free viewers  |  :: security software
 

Download FREE technical security documents and security policies.

The free file viewers available here are provided as-is, and are not supported by Darkwater LLC. They are freely available from the Internet by their respective owners. The original license agreements apply.

Links to security related software downloads.

 

Our library of security policies, technical papers are provided in two formats - Adobe PDF and Microsoft Word. Viewers for the files can be downloaded from the free viewers section.

.pdf .doc Securing Your PC
.pdf .doc Home PC Security Guide
.pdf .doc 10 Tips For Creating A Network Security Policy
.pdf .doc Now More than Ever, Cybersecurity Audits Are Key
.pdf .doc Good Passwords

For your security, our documents do not use Microsoft macros.
 
typeplatformfile namesize support
PPTWindows PPView97.exe2826 kb Microsoft
PPT Mac PPT98VW.hqx 6545 kb Microsoft
DOC Win 3.x wdvw9716.exe 2266 kb Microsoft
DOC Win 95/98/NT wd97vwr32.exe 3860 kb Microsoft
XLS Win 95/98/NT xlViewer.exe 3813 kb Microsoft
PDF ALL Adobe Adobe

For Mac OS X, Solaris, and Linux users, try using OpenOffice. OpenOffice 1.0 is the free open-source version of Sun's popular commercial product, StarOffice 6.0. OpenOffice and StarOffice are both also available for Microsoft Windows 95, 98, NT, 2000, ME and XP, and can be used as an alternative to Microsoft Office. It is capable of reading and creating documents in MS Word, PowerPoint, and other popular Microsoft formats.

See http://www.microsoft.com/office/000/viewers.asp for more details on Microsoft Office converters and viewers.

 
Over 300 tools for Intrusion Detection, Assessment, and Defense FREE at http://www.whitehats.com/cgi/tools/.

Tripwire is a good intrusion detection software which can be found at http://www.tripwire.com/downloads/.

On UNIX systems, the program COPS is useful for making sure that permissions are set correctly on system files (to discourage tampering). Look at http://www.fish.com/cops/.

For a freeware network IDS there is Snort which runs on Linux. It is an effective network based intrusion detection system. Snort does require a fair amount of both Linux and networking knowledge. Look at http://www.snort.org/.

For firewalls, system hardening tools, intrusion detection systems, log monitoring and reporting tools, scanning tools, network sniffing tools, password checkers/crackers, and free operating systems look at http://www.yacc.co.uk/free.security/.

PGP, an encryption program (free for noncommercial use) can be obtained at http://web.mit.edu/network/pgp.html.

GnuPG is an alternative to PGP and is free for both personal and commercial use. For downloads, go to http://www.gnupg.org/.

P R I V A C Y  P O L I C Y
 

Our Privacy Policy

As an information security company, we have dedicated ourselves to an industry which honors and respects the need for protecting and appropriately managing any type of information, and especially that which is personally identifiable such as your name, address, phone number, or e-mail address.

Although you are welcome to visit our site without supplying any personal information, we do monitor web site traffic for marketing purposes and to ensure that our site is not being misused or abused. The type of information that we may track includes your IP address, Internet domain, host names, browser software, operating system, the date and time you visited our site, and potentially which pages you visited. We guarantee that this information is used for our security monitoring and for our marketing purposes only.

If you choose to provide us with your personal information either through e-mail or via the web, we will not sell or willingly give that information to any third party and will take reasonable and appropriate steps to protect that information from unauthorized parties. Darkwater LLC strives to comply with all applicable privacy laws.

If you have any comments or questions regarding our privacy policy, please direct them to privacy@darkwater-llc.com. We will make every reasonable attempt to address any issue to the best of our abilities.

Your Consent

By using this Web site, you agree to the terms of our privacy policy and consent to the collection and processing of any personal information for the purposes given above. Should our privacy policy change, we will post the changes or the new privacy policy on our web site.

Privacy Policy last updated: February 10, 2003

This site uses JavaScript extensively. If you see this message then you probably have disabled JavaScript in your browser. Please enable JavaScript for this site and click here to continue.