HAKIN9 ONDEMAND NETWORK SECURITY 4/12

1. Perimeter Protection
By Dusko Pijetlovic. 
With over half a million apps in the App Store, Apple’s trademark slogan “There’s an app for that” is bordering on reality. We use these apps for online banking, social networking and e-mail without really knowing if they’re communicating and storing our personal data securely. With Apple controlling over 52% of the mobile market [1], iOS apps are becoming more closely scrutinised in a world where the security of our personal data is paramount. In the last year, MDSec’s consultants have performed an increasing number of security assessments of iOS applications and their supporting architecture where data security is paramount, specifically the retail/business banking sector.

2. Network Crux
By Vikas Kumar
Network security consists of the provisions and policies adopted by a network administrator to prevent and monitor unauthorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves the authorization of access to data in a network, which is controlled by the network administrator. Users choose or are assigned an ID and password or other authenticating information that allows them access to information and programs within their authority.

3. Network Inventory on BackTrack
By Aleksandar Bratic
Network Inventory is an up to date list of devices of the network, servicer and open ports, regardless whether it is wired or wireless environment.

4. Pentesting with BackTrack Distribution
By Jan Hrach, Miroslav Ludvik, Michal Srnec 
BackTrack is a Linux distribution focused on penetration testing, forensic analysis and safety in general. Although it is primarily distributed as a Live DVD, it is no problem to install it on a flash disk or hard drive as a normal system. It contains many interesting tools and with more of them we will get acquainted in this article. We shall see how to “shoot” through a very hard set firewall, will attack web applications and will generate false packets.

5. When Developers API Simplify User-Mode Rootkits Development – Part II
By Yury Chemerkin 
This series of articles is about the ease of which user-mode rootkits for BlackBerry can be developed. In a previous article, several cases were mentioned along with ideas on how a mobile rootkit could easily be built on the application level by exploiting API and privilege escalation vulnerabilities or oversight. Cases covered the top trojans for two years with the first one being Android Plankton. Instead of giving access to hidden levels of this popular game, malware sends information about the device to criminals and downloads other malicious programs.

6. Network Security in BYOD Networks
By Kaladhar Brahmanapally
The concept of “Bring Your Own Device” (BYOD) is growing day by day in corporate networks. As per Gartner’s research, organizations know about only 80% of the devices on the network while the remaining 20% are employee-owned devices accessing information from the corporate network. BYOD implementation is growing in organizations to shift the costs to the user and improve user productivity.

7. Quick Tutorial on SQL Database Programming
By Wade Hamp
Since the birth of internet in the 1990s I have been interested in how web sites interact with databases were designed but being a network administrator of a rather large network I didn’t have the time to devote to looking into it. I had worked as a technical writer working on specifications and had done some programming to convert Displaywrite coding in EBCDIC into codes like [B) for bold that we could search and replace in Word Perfect. (We liked working in Word Perfect because we could see the codes in the code window.) I had also made a simple text editor in C++.

8. The Tip of The Iceberg
By David Perry
Far from being simply a technical issue, most attacks on system security involve human behavior. At this point there are a whole raft of behavioral issues, including semantics, misinformation, disinformation, myth, confusion, and malicious or self-destructive issues on the part of the end user. There is a behavioral minefield in even advising users on the existence of a threat.