Hey every body !! Its been along time i posted on my blog ! I recently had an interview with some security managers of a Multi National Company ! We discussed about alot of Network Security Issues ! Although my mind was kinda rusted because i have lately been working on Web Application vulnerabilities and bypass etc ! i was asked a few questions regarding IDS bypass ! That how it can be done ! and also questions about how to secure the internal network from browser exploits and web worms.And another problem to manage thousands of computers on a remote home/corporate network.
Well there were many solutions. We discussed some of them there but then it kept me thinking. So i came up with a solution.
Back in 2007 i was working with SUNray Thin Clients !! As you can see in the picture below ! What it does is exactly what dumb terminals used to do !They get booted from a remote server and every thing is loaded from that server. The problem was the remote management of 1000s of computers accross the country ! Now with this one can easily boot remote sunray clients through Satellite , from the central server at a central location.
Now the issues that could arise are that sunray thin clients are not a very good solution in some situations , that is if some one wants to use USB or some Director level dude wants to have full controll over which applications he/she has access to , is very difficult ! And then this solution fails. But normally it is the best solution for remote management of computers.
The second problem was IDS bypass ! Well that is pretty simple , what IDS/IDP Systems do is , that it scans the payload on the application layer level to check for anomaly or checks against a DB with signatures and also has many other ways to detect. But I am going to look at the Application Layer level portion of the above sentence. Well to bypass it one can easily encrypt the payload ! Now it can be stopped by checking the destination port and that can also be changed !
The third one was to check n mitigate web browser attacks well the solution for that is Websense module for different Hardware firewalls and proxies , which scans the webtraffic for malicious traffic. 😉 ! Feel free to comment , if there are more solutions for the problems !
Stay safe 🙂