Introduction

Wow, with so much going on with regards to network security or the lack there of a book on this topic almost needs no introduction. Less than ten years ago most people didn’t even know what the Internet was or this thing we call email. To take a step back further most people did even have computers at work or home and some even questioned the usefulness. Things have really changed. As I am writing this the thoughts of the ride at Disney World called the Carousel of Progress goes through my mind. Things that we thought was science fiction a decade ago are not only a reality, but an engrained part of our life. Heck, if the dedicated line at my house goes down for more than 30 minutes my wife is screaming at me to fix it. This is truly the age of computers.

Now computers are great from a functionality standpoint when they are standalone devices. If I have a computer in my home with no network connection, than do I really need any computer security? The house usually provides enough security to protect it. But now that everyone is connecting their computers together via the Internet, we are building this web of trust where everyone trust everyone else. There is just one problem, everyone does not trust everyone else, yet in most cases we are giving them full access to this information. At this point lets step back and say how did this happen. This happened because people get so caught up in technology and functionality that no one worries about security, yet security is critical in this day and age.

I remember 10 years ago when I worked in security, no one wanted anything to do with you. You were like the smelly kid in school. No one would sit next to you at meetings, heck no one would even want to go to lunch with you out of fear that their manager would see you with the security psycho and you wouldn’t get that big promotion. Why did people hate security so much? The main reason is no one saw the value, thought it was a waste of money and did not think the threat was real. See with most other technologies, there is an immediate tangible benefit. For example, installing a new network or a new server for a company is something they can directly see the benefit of. Faster access, more storage space, more efficient calculations, etc., but the bottom line is there is a direct benefit. With security there is no direct benefit, there is only an indirect benefit, your data and information will be secure. In most cases a company does not realize the benefit of security until it is too late. After an attacker breaks into their system and steals $10 million, than they see why they need security and are willing to pay the money. Think of how much money the company would have saved if they invested in security originally.

Hopefully as more and more companies suffer losses, more and more companies will start investing in security from the beginning and not wait for a major breach in security, to realize how much they need it. Think about car insurance. Every who buys a car gets insurance immediately, just in case an accident occurs. I know people that have never been in an accident for 30 years and they still get insurance because they know that it is cheaper to have insurance and not have an accident, than not have insurance and get into an accident. Companies need to use the same logic with security. No matter what size company you are or what type of business you do, security is always a wise investment.

No systems are safe. Any system that is connected to the Internet is getting probed and possible broken into. If you do not believe me run this simple experiment. Since most home computers have either direct connections or dial-up connections, you can even use your home computer for this experiment. Purchase or download one of the personal firewall products that are available on the Internet. There are several programs but zone alarm available from www.zonelabs.com has a free version for non-commercial use. Install the program on your system and keep your system up for at least 48 hours and get ready to be amazed. Usually within less than 2 days your systems will be probed several times and even broken into. For example, I called up an ISP received an IP address and connected by machine and within 30 minutes received over 5 probes of the system. Now think about this for a minute. If your home computer with no domain name that no one cares about gets probed and attacked, what does that say for a company. It basically says that their systems will be attacked and without good security, they would be broken into and compromised.

I have had companies tell me that they have never had an attempted attack against there system. That statement is false. The correct statement is that they have never had an attempted breach that they detected. Just because you are looking in the wrong places does not me that your site is secure. It is critical that companies know the right places to look at and the proper way to secure their systems. Hopefully this book will show you what attackers are up to and give you insight into their tools and techniques so that you can look in the right places and better defend your sites. Remember, the best way to have a good defense is to understand the offense. That is really the main goal of this book, to make people aware of the techniques, methods and tools attackers are using to compromise systems and use that knowledge to build secure networks. Security cannot be done in a vacuum, you must understand what the treat is. In this field ignorance is deadly and knowledge is power.

Hopefully this book will give you insight into hackers and how you can protect against them. Securing a network is a never-ending journey, but based on my experience it is a very enjoyable and rewarding journey. Well lets get started on our journey into the wonderful world of network security.