Important Note - Interest is terrible thing to waste. Where are you?

\/ w4rri0r \/Hacking is not a crime - It's an art of Awareness. \/ w4rri0r mission \/ is to make the information systems more secure, more aware, more reliable and protect against possible security breaches.

\/ w4rri0r \/ internationally recognized as a Security Researcher or White-Hat Hacker and Hall of Fame by Google, Microsoft, Yahoo, AppleRedHat, AT&T, Adobe, PayPal, Yandex, eBay, Deutsche TelekomBarracuda Networks, Nokia Siemens Network, Tuenti, Opera, BlackBerry, Nokia, SpotifyZynga, Netflix, iFixit, Basecamp, SoundCloudConstant Contact, Xmarks, LaunchKey, Zendesk and we are currently building \/ w4rri0r group \/ and inviting to join worldwide Security Researchers and Professionals. If you think you can contribute anything for \/ w4rri0r group \/ you are heartily invited and we'll give credit for your contribution and is greatly appreciated. [Launching soon]

If you have any questions, ideas, suggestions or contributions please do not hesitate to contact @ This email address is being protected from spambots. You need JavaScript enabled to view it. and will respond you within 24 hours.

Open Panel
  • Register

Network Security

Network security consists of the provisions and policies adopted by a network administrator to prevent and monitor unauthorized access, misuse, modification, or denial of a computer network and network-accessible resources.

Network security involves the authorization of access to data in a network, which is controlled by the network administrator. Users choose or are assigned an ID and password or other authenticating information that allows them access to information and programs within their authority. Network security covers a variety of computer networks, both public and private, that are used in everyday jobs conducting transactions and communications among businesses, government agencies and individuals. Networks can be private, such as within a company, and others which might be open to public access.

Network security is involved in organizations, enterprises, and other types of institutions. It does as its title explains: It secures the network, as well as protecting and overseeing operations being done. The most common and simple way of protecting a network resource is by assigning it a unique name and a corresponding password.

There are several ways to provide security within a network and between different networks and clients. Everything from the data sent over the network to the actual use and accessibility of the network can be controlled and secured.

 

Secure Transmission


Providing secure transmission of data is similar to using a courier to bring a valuable and sensitive document from one person to another. When the courier arrives at the sender, he would normally be asked to prove his identity.

Once this is done, the sender would decide if the courier is the one he claims to be, and if he can be trusted. If everything seems to be correct, the locked and sealed briefcase would be handed over to the courier, and he would deliver it to the recipient. At the receiver's end, the same identification procedure would take place, and the seal would be verified as "unbroken". Once the courier is gone, the receiver would unlock the briefcase and take out the document to read it.

A secure communication is created in the same way, and is divided into three different steps:

  1. Authentication
  2. Authorization
  3. Privacy

Authentication

This initial step is for the user or device to identify itself to the network and the remote end. This is done by providing some kind of identity to the network/system, like a username and password, an X509 (SSL) certificate, and using the 802.1x standard.

A closer look at IEEE 802.1x authentication

Pushed by the wireless community looking for stronger security methods, the 802.1x standard is among the most popular authentication methods in use today: IEEE 802.1X provides authentication to devices attached to a LAN port, establishing a point-to-point connection or preventing access from that port if authentication fails.

How it works

Clients and servers in an 802.1x network authenticate each other with the help of digital certificates provided by a Certification Authority. These are then validated by a third-party entity, such as an authentication server called a RADIUS server, one example of which is Microsoft Internet Authentication Service.

Authorization

The next step is to have this authentication authorized and accepted, that is verifying whether the device is the one it claims to be. This is done by verifying the provided identity within a database or list of correct and approved identities. Once the authorization is completed, the device is fully connected and operational in the system

Privacy

The final step is to apply the level of privacy required. This is done by encrypting the communication, which prevents others from using/reading the data. The use of encryption could substantially decrease performance, depending on the implementation and encryption used.

Privacy can be achieved in several ways. Two commonly used methods are:

  1. VPN (Virtual Private Network)
  2. HTTP over SSL/TLS (also known as HTTPS)

VPN (Virtual Private Network)

A VPN creates a secure tunnel between the points within the VPN. Only devices with the correct "key" will be able to work within the VPN. Network devices between the client and the server will not be able to access or view the data. With a VPN, different sites can be connected together over the Internet in a safe and secure way.

HTTP over SSL/TLS

Another way to accomplish security is to apply encryption to the application data itself. In this case, there is no secure tunnel as with the VPN solution, but the actual application data sent is secured. There are several different encryption protocols available, for example SSL/TLS. When using HTTP over SSL/TLS, the device or computer will install a certificate into the unit, which can be issued locally by the user or by a third-party such as Verisign. In most cases when a connection between two devices is established, the certificate of the server will be verified by the client and, if trusted, an encrypted communication is opened. When creating a secure connection to Web sites such as Internet banks, the certificates of the two units will be verified. When you see "https://…" in the Web address, the "s" stands for secure and it means that you are requesting a secure connection.

 

Protecting Single Devices

Security also means protecting single devices against intrusions, such as unauthorized users trying to gain access to the unit, or viruses and similar unwanted items. 

Access to PCs or other servers can be secured with user names and passwords, which should be at least 6 characters long (the longer the better), combining numbers and figures (mixing lower and upper cases). In the case of a PC, tools like finger scanners and smart cards can also be used to increase security and speed up the login process.

To secure a device against viruses, worms and other unwanted items, a virus scanner of good quality with up-to-date filters is recommended. This should be installed on all computers. Operating systems should be regularly updated with service packs and fixes from the manufacturer. When connecting a LAN to the Internet, it is important to use a firewall. This serves as a gatekeeper, blocking or restricting traffic to and from the Internet. It can also be used to filter information passing the firewall or to restrict access to certain remote sites. 

CORE Impact Professional

Logo Core ImpactCORE Impact Professional is the most comprehensive software solution for assessing and testing security vulnerabilities throughout your organization.

 
 

Read More...

IBM Security AppScan

Logo IBM Rational AppScanIBM Rational AppScan Enterprise is a scalable solution to help resolve application security vulnerabilities, offering recommendations to simplify remediation.

 

Read More...

HP WebInspect

Logo - HP WebInspectHP WebInspect gives security professionals and security novices alike the power and knowledge to quickly identify and validate critical, high-risk security vulnerabilities.

 

Read More...

Acunetix WVS

logo acunetix web application securityAcunetix Web Vulnerability Scanner (WVS) is an automated web application security testing tool that audits web applications by checking for hacking vulnerabilities. 

 

Read More...

w4rri0r - Hacking Is Not A Crime - It's an art of Awareness

\/ w4rri0r - Hacking Is Not A Crime - It's an art of Awareness \/ -  w4rri0r work in the dark, w4rri0r do what w4rri0r can, w4rri0r give what w4rri0r have, w4rri0r doubt is w4rri0r passion and w4rri0r passion is w4rri0r task. The rest is the madness of art \/ w4rri0r \/ 

\/ w4rri0r.com \/ are the great resource for information security professionals and researcher. \/ w4rri0r \/ offers a extensive variation of information security services that include SECURITY EXPLOITS (Bug or Vulnerability), SECURITY ADVISORIES (Security Alerts), SECURITY RESEARCHER TOOLBOX (Freeware, Shareware & Open-Source), SHELLCODE (Attacker Controller - Chunk of Data), SECURITY TRAINING (Educational Purpose), SECURITY NEWS (Security Recent or Important Events) and with this group you can be assured that you’re in the right hands. \/ w4rri0r gr0up \/  efforts being endorsed and appreciated by administrators, security researchers and members of various underground hacking groups and communities worldwide.

\/ w4rri0r mission \/ are to make the information systems more secure, more aware, more reliable and protect against possible security breaches.