ciprofloxacn and beer
can i take lexapro while weaning of pristiq
linezolid price colombia
vitimines to increase thyroxine levels
occasional use of advil with celebrex
menstrual cycle lasix
lisinopril without water pill
ketoconazole long term use
viagra vgr 100 street value
cymbalta going from 30am 30pm to 30am to 60 pm
alguien ke venda misoprostol en aguascalientes
cherries and erectile dysfunction
how many milligrams can u go on clonidine
cytotec santa marta
what is a natural alternative to bactrim
mirtazapine actavis wiki
buy zofran odt online
augmentin 625 mg price india for 6 tablets
atarax et migraine
is it ok to take 0.4 mg flomax twicw a day
where can i find cytotec in zimbabwe
does cipro tab cause brown stains after ovulation
bactrim 160 mg
what to use instead of prednisone for dogs
buy valacyclovir hcl online cheap
iud insertion with misoprostol nz
linezolid in egypt
para que sirve el danazol 100 mg
costa allegra cabins
mayo clinic lipitor side effects
glucophage 500 xr side effects
cialis order in canada
buy montelukast uk
metoprolol mg 25
tamoxifeno oil hair
gabapentin gel dose
lisinopril law suit
propranolol mg stage fright
can levaquin be taken with tamiflu
do we give digoxin in cpr
order bactrim cream online
sinequan 150 mg
anybody take 500mg of sertraline a day
atorvastatin 20 tabletspcshelf life
zofran for cats
tetracycline ointment in india
sildenafil citrate 50 mg dosage
will metronidazole affect my marijuana drug test
how often do i use flagyl 500 mg to treat ringworms
ketoconazole shampoo available in philippines
adalat low price online buy
taking escitalopram 20 mg and ritalin
antibiotic to cover strep and uti
metformin online canada
viagra pills for women pharmacy in kenya
name fur tablet zum depresi
what is buspirone used for
is levaquin removed with hemodialysis
escitalopram stopping anxiety and heart palpitations
can amoxicillin capsules and piritin tap cure infection
hyzaar price comparison
sertraline hcl 100 mg cost
90 metoprolol succ
fluconazole shelf life
lasix diuretic for sale
puedo tomar cytotec con 25 semana
does valtrex work on cold sores
sintomas al tomar cytotec para abortar
is red yeast rice safe to take with plavix
celexa and neurontin
side effects of phenergan on cats
cyproheptadine hydrochloride for kids in uk
tamsulosin keinen samenerguss
zocor with lamisil
can hydrochlorothiazide cause bradycardia
what is the difference between cialis 5mg 10 20 an40
does dischem sell xenical pills
duloxetine hcl dr 60 mg cap
amoxicillin and plasma donation
nizoral anti dandruff lotion flipkart
diovan 325 mg
verapamil 180 mg sa
can i take diazepam and phenergan on the same day
azithromycin 500mg dosage
lamisil lotrimin at naftin and lotrimin ultra in india
clomid timeline with doctor appointments
is there back conversion for ciprofloxacin
thuoc celecoxib capsules 200mg
terbinafine salep buat inu menyusui
levaquin 500 mg dosage sinus infection
prozac fda approval 1987
seroquel ir and adderall xr
valerian.root capsules interaction with lisinopril
baclofen nursing interventions
order albuterol sulfate
bactrim es efectivo
amoxicillin capsules 0.25g prekpektus
orlistat n underactive thyroid
provera and yellow stool
zovirax crema aciclovir 2g precio
pildoras 8163 seroquel
cheap propecia online uk
hydroxyzine 25 mg high yahoo answers
alendronate sodium tablets 70 mg side effects
flagyl cost in india
norvasc and snake venom
why does celexa take so long to work
prednisone affects l5 s1
que consecuencias causa el cytotec de 200 mcg
provera and yellow stool
how soon can i take the economy diflucan one
levitra 10mg price
how long does buspar work till next dose
amoxicillin tablet can get good sperm
amlodipine besylate 5mg buy online
generic lipitor problems
desogen initial breakout
metronidazole dose for poultry
prednisone dosage for sinus
how long after being on azithromycin not contagious
sildenafil 100mg uses
trying pregnant prescribed apo metformin
order flagyl online
how long can you keep azithromycin
does thyroxine tablets cause breast cancer
overdose with hydrocodone with augmentin
voltaren 1 gel dosage
sintomas de la cytotec
can metformin cause constipation during ivf pregnancy
how much amoxicillin should i give a 3 year old
can misoprostol terminate pregnancy
azithromycin 500 dzialanie
is levofloxacin 500mg can cure gonorrhea
bactrim oral solution dosage
how long after flagyl can i breastfeed
azithromycin 500mg for treating chlamydia
bcbs cialis for bph
atenolol and metformin interactions
dose of amoxil 875 mg for uti
ziyinzhuangyang viagra 3000mg
porque se usa bactrim forte en purpura
provera 20 mg three times daily
does prescription amoxicillin 825mg have acetomephene
azithromycin kills sperm
how to use kamagra
prometrium 200 mg to induce period
generic viagra prices
piroxicam y hemorroides
n shock herbal viagra reviews
can i have a cardiac arrest from zoloft
lamisil cream pregnancy sfe
levitra 10 mg 4 film tablet
can you take benadryl if you take norvasc
dosage per kg of phenergan injection
500mg azithromycin vs 1000 mg
kamagra oral jelly brisbane
how much does zyvox cost
prozac 2 weeks
alternative of linezolid
albuterol 180 mcg
cordarone 100 mg
using lexapro wellbutrin together
azithromycin 1gm packets without perscription
bactrim ds 960mg
como tomar xenical
nitroglycerin kao lek
lamisil cream price
atomoxetine 100 mg
over the counter amlodipine philippines
zyprexa generic manufacturer
has anyone taken viagra after stents
impact of too much metformin
what medicine ciprofloxacin stands for
componente de la pastilla piroxicam
amoxicillin 500mg trexil for cough
can you buy augmentin over the counter in prague
minimu safe time beween cialis and alcohol
cytotec misoprostol kuala lumpur
costco brookfield ct price on bupropion
classification for naprosyn 500mg
diltiazem ointment in india price
cara kerja obat doxycycline
can you use doxycycline for infection in canine ..
cardura 4 mg use
hair loss forum finasteride no prescription
metronidazole 62.5 mg tablets
acyclovir 400 stada
prednisone 40 mg daily 7 day taper dosing schedule
diflucan 500 not working yeast infection
cymbalta cost australia
ketoconazole generic philippines
viagra price boots
can claritin be taken with singulair
levitra 5mg enough
buy nolvadex tamoxifen indiac
shelf life fluconazole
is cialis from india real
i lost weight with metformin
can my 12 year old use ciprofloxacin 500 mg tab north
smoking weed and taking cialis
metronidazole for dogs dosage for diarrhea
dexamethasone and bactrim for sinusitis
flagyl antibiotic how long stay in your system
is bloating a side effects of ciprofloxacin 500 mg
is augmentin 1000 duo dangerous for ckd patient
sertraline and syndol
fluconazole and marijuana
nizoral 200mg uses
lamisil and male yeast infection
buy wellbutrin xl online from canada
cheap xenical pills
celebrex 400 mg bid
zyvox price malaysia
bupropion australia antidepressant
can you take ondansetron with excedrin
60mg of accutane uk
how much flouride in 40mg of citalopram
can you get high off zyprexa
montelukast with levocetirizine drug contraindications
taking tetracycline for abortion
lexapro first days
is amitriptyline hcl 50 mg tab a narcotic
want to buy amoxicillin 500mg in uk
can i take omeprazole with thyroxine
where to buy ivermectin for chickens
butik allegra u beogradu
heart palpitations while taking prometrium
piroxicam b cyclodextrin prices in pakistan
cialis daily and adderall
propranolol hydrochloride 80 mg for anxiety
montelukast actavis bijwerkingen
atenolol 12.5 mg daily
sildenafil cost per pill
can you take nexium without food
lasix 160 mg
amlodipine clopidogrel and alcohol
diflucan liver toxicity
viagra yellow pills
buy viagra tablets
apotik yang menjual metronidazole cream
metoprololer 100 mg para que sirven
carvedilol 6 mg
taking motrin cipro and vicodin together
is fluconazole safe for 6 months pregnant
isotretinoin 20 mg
will amoxillin help remove depot shots out of the body
buy indomethacin gel
telmisartan 50 mg
can one eat watermelon while using warfarin
can you take diflucan and antibiotics at same time
azithromycin capsules treatment for gonorrhea
can you overdose on 300mg of trazodone
bactrim 200 mg para que sirve
puedo comer despues de haber diluido el misoprostol
synthroid pills for sale
price of plavix 75 mg
is four 5mg cialis equal to a reg 20mg cialis
linezolid form 1
does taking diazepam interfere with arimidex benefits
peyronies and low dose cialis
viagra abu dhabi
amitriptyline prise de poids
citalopram hydrobromide 40mg
ketoconazole no prescription
ok to eat bananas takeing lisinopril
what is biotech ciprofloxacin ease for
will bactrim clear up bv or yeast
where to buy over the counter cytotec in cebu city
ivermectin lotion price
terbinafine dusting powder to face wound
comprar tofranil 50 mg
can you drink non alcoholic beer while taking flagyl
rapaflow vs flomax
meloxicam for cats uk
buy clozapine canada
eczema and prednisone dosage
does cyproheptadine slow down metabolism
buy maxalt no prescription
can toilet infection be treated with amoxil
do i take the 400mg flagyl all at once
erythromycin stearate bromhexine hcl
montelukast 4 mg tablets kastairez
compare ipratropium and albuterol mayo webmd
proscar no prescription
tab augmentin 625 dosage india
how often is bupropion hci fail urin test
terbinafine tablets and microgynon 30
40mg of prednisone for 9 year old
buy lisinopril hctz 20 12.5 mg without prescription
can i high off of paroxetine
net doctor group viagra
what does liquid tamoxifen citrate look like
can clomid drug stop period
price levitra vardenafil
zithromax 500mg obat apa
gabapentin 800 mg tab
can i tske tylenol with antibiotics and buscopan
can i give my dog metronidazole and what dose
misoprostol seaple 1862 venezuela
from generic india viagra
cena plavix 75 mg
strattera albuterol inhaler interaction
what is difference between revatio and viagra
cytotec aborto 3 meses
clopidogrel 600 mg stat
kegunaan nizoral cream
despues de que tiempo hace efecto el misoprostol
cytotec modo de uso
combien coute le stromectole
zithromax online with mastercard
flagyl sun sensitivity
neutropenic fever levaquin augmentin
in celebrex commercial who is in the boat
cyproheptadine appetite stimulant
husband on zoloft ttc
celebrex methodes de dosage
microzide 12.5 mg skin rash
duloxetine and libido
piroxicam 10 mg side effects
how much amoxicillin for a seven pound cat
cialis online cheap no prescription
albuterol nebulizer steroid side effects eyes
rizatriptan compared to sumatriptan cost
misoprostol cytotec venta online
paroxetine 25mg er
verapamil hydrochloride sr 120 mg
is a symptom of fluconazole pill dry mouth
lisinopril 20mg how fast does it worj
the cost of zovirax acyclovir
cheap viagra india online
nizoral treat hair lice
kamagra suhagra generic viagra
metoprolol 50 mg tablets
erythromycin gel brand name philippines
dutasteride is the best for bald
how fast does celexa work
efectos del lupron y tamoxifen
hyzaar 100 25 mg pre?§o
what is lisinopril hctz used for
prozac sale uk
harga obat nizoral pil
does zofran kill fetus
azithromycin tablets price in pakistan
phenergan dogs itchy skin
shampo apa yg mengandung nizoral
para que sirve el piroxicam gel 0.5
can ciprofloxacin wash sperm out of the body
celebrex urine smell
sildenafil citrate ip
levitra 5mg enough
buy orlistat ireland
viagra equivalent herbal tablets
nexium mg 20
anafranil 25 mg drake obat apa
does azithromycin kill sperm
does nexium build up in your system
cialis tablets cheapest
is cialis d ang erous to t ake before surgery
how long do amoxicillin side effects last
hydroxyzine what dosage will kill you
10. Securing LAN/WAN Networks
Network security is vital. Many applications (IBM 3270 telnet emulation, Telnet,
ftp...) send unencrypted passwords across the network. Although a network cannot be
completely secured, the weakest links should be protected. It is not realistic to expect
the Network to be ever 100% secure. The are two principal tendencies in network security
- New applications being developed are often designed so that they can transfer data
securely across insecure networks. i.e. some type of authentication / encryption is
- IP level encryption (for TCP/IP networks) offers a secure channel between two machines,
even over insecure networks. One example is SKIP (see the "Mechanisms" chapter).
Network security could easily be enhanced if Vendors
replaced relics such as ftp, telnet and rlogin with more secure
alternatives such as ssh (see the "Mechanisms" chapter), if NIS+ and/or
Kerberos clients were bundled with all major OSs and a secure email system such as pgp
were fully integrated into vendors email clients. But history shows that this is unlikely
Centralised network management is important for maintaining network security. The
Network (meaning both LAN and WAN) is analysed here in terms of:
- Protocols: Netbios, TCP/IP, SNA, IPX, Decnet...
- Physical network types: leased lines, ISDN, X25, FDDI, Ethernet, ATM, radio, infra red,
Microwave, GSM, satellite.
- Pure Network devices: routers, bridges, encryption units and modems. Firewalls are
discussed in the next chapter.
11.1 Network Model (OSI)
The Open Systems Interconnect model is the standard for describing the transmission of
data across networks. The seven layer model is particularly useful in comparing different
architectures. The following diagram should help to understand the relationships between
OSI, TCP/IP and communications layers used by Lan Manager.
11.2 Network Protocols
11.2.1 Lan Manager / Microsoft Network / NT Domains
NetBEUI: Use only on local subnets.
WINS (Windows Internet Naming Service) allows Netbios name to IP address resolution via
a highly automated dynamic database. It reduces the need for LMHOSTS files. See
the "Windows NT" chapter.
RAS (Remote Access Service), see the "Windows NT" chapter.
TCP/IP was not designed for high security:
- Protection through the use of privileged ports (0-1000) has little value since PCs have
become TCP/IP clients.
- No traffic priority (easy to flood the network).
- Traffic can be injected, packets can be stolen or hijacked, so ensure routers and
firewall implement anti-spoofing.
- UDP (datagram based) offers no authentication.
- TCP (connection based) offers weak authentication.
- No confidentiality (no encryption).
- IP spoofing is easy (weak authentication), machines can lie about IP addresses. Routers
can be tricked. Header checksums are not sufficient.
- Checksums are easy to cheat (weak algorithm).
However, TCP/IP is reliable, robust and the de-facto standard.
See the Mechanisms chapter for a discussion of new IP level encryption products
designed to address many of the above problems.
188.8.131.52 DNS (Domain Name Service)
- The DNS which is used on the internal network should not be visible to the
outside world (Internet). Firewalls which provide DNS information to the Internet should
only resolve firewall addresses/names (i.e. for email, an MX record which points to the
firewall itself) and not provide any information about hosts on the internal network.
- The internal DNS server can be set up to send unresolved queries to the external DNS
server (using "fowarders" in /etc/resolv.conf), which will then search
- Internal clients should point to the internal DNS server(s).
- Clients with very few, designated connections do not need to use DNS.
- DNS servers should be configured as class .
- Use replica (secondary) servers to increase availability.
- Up the latest version of the Public Domain BIND for the internet exposed DNS servers,
the public versions evolves more quickly and bug are fixed more rapidly than most vendors.
184.108.40.206 NIS, NIS + (Network Information Service)
See the chapter "Securing UNIX".
220.127.116.11 DHCP (Dynamic Host Configuration Protocol)
DHCP is very practical, especially for Laptops and in environments where
reorganisations are constant. However, dynamic DHCP makes it difficult to uniquely
identify machines, so for class networks,
avoid the use of dynamic IP addressing. Static DHCP may be useful for centralising the
management of IP addresses.
- An IP address should uniquely identify a
machine (to prevent host spoofing and allow use of IP address access control i.e. inetd
tcp_wrappers on UNIX machines).
- If DHCP is to be used (for large laptop populations for example), class servers should have static IP address and not be
configured via DHCP.
- Ethernet MAC addresses can also be used to uniquely identify a hosts's traffic, if
the MAC addresses are recorded and a database kept up to date and relevant network
monitoring software exists.
18.104.22.168 NFS (Network File System)
See the "Securing UNIX" chapter for a discussion of
11.3 Physical network types
If confidentiality is a major concern, use fibre optics, they are very difficult
interrupt or sniff.
- Use hubs instead of Thin Ethernet (Star formation). Use switches instead of hubs for
better performance and security (all packets are not sent to all nodes).
- avoid "unused" lived connections.
- Do not daisy chain.
- Disconnect unused sockets.
- Networks could be physically secured by
11.3.2 Leased lines
Copper leased lines should be hardware or software encrypted.
Because FDDI is a fibre optic ring, it is impossible to "listen" by detection
of magnetic fields and if someone tries to connect to the ring, they need specialist
equipment and the ring would be disturbed - it should not go unnoticed.
ATM (Asynchronous transfer mode) is
a complex suite of protocols with many interesting features, such as bandwidth allocation,
virtual networks, high speed... They are useful primarily by telecom providers. The
complexity of ATM makes it difficult for hackers to crack, but also difficult to configure
11.4 Network Devices
Most attacks come from the inside, so:
- No "sniffer" or "network analyser" software is to be allowed on any
PC unless it has been authorised by the Network manager, the Security manager and the user
is fully aware of his responsibilities and the PC is logged on a list of dangerous
machines. The status of these machines should be reviewed yearly.
- On systems (such as SunOS, Solaris) which include such software as standard, should
1. Delete the utility or
2. Change permissions on the utility so that it can only be used by root. Of course the
user must NOT have access to the root account in this case.
- Class systems should not be allowed on
the same subnet as .
- Install a packet filter/firewall between internal networks and class systems.
- Network interface cards in PCs: some cards cannot be switched into promiscuous mode e.g.
those based on the TROPIC chipset (HP Ethertwist). Buy Ethernet cards which do not allow
- Hubs, bridges and routers are getting very intelligent, they have more and more
configuration options and are increasingly complex. This is useful for additional
features, but the added complexity increases the security risk.
On critical subnets, it's important correctly configure network devices: only
enable needed services, restrict access to configuration services by port/interface/IP
address, disable broadcasts, source routing, choose strong (non default) passwords, enable
logging, choose carefully who has user/enable/admin access, etc.
- Repeater hubs broadcast incoming traffic. However, active (or switching)
hubs send only packets addressed for a host to that host. i.e. sniffer
software is rendered harmless. Performance is also improved. Recommended!
- Some hubs can be configured to protect at MAC level (so that only known MAC addresses
can be connected to certain ports). Other hubs remember Ethernet address seen at
certain ports and can be configured to stop access for new Ethernet addresses.
- Newer hubs also have built in http servers, if possible restrict access to certain IP
addresses/ports, and avoid using this service from public or potentially hostile networks.
- Newer hubs can also create VLANS (virtual LANs) that group together certain ports into a
virtual network, that other ports cannot see. Can be useful.
- Critical subnets: unused ports should be disabled (prevent attackers from using open
- Useful for breaking up subnets into small segments, making it easier to localise errors.
- Restricts traffic local to machines to that segment, by sensing what ethernet addresses
are where. This improves both network performance and privacy (makes sniffing more
- Newer bridges also have built in http servers, if possible restrict access to certain IP
addresses/interfaces, and avoid using this service from public or potentially hostile
Routers have become complex and can have almost as many configuration options as a UNIX
- Routers should not pass NetBEUI packets or TCP/IP broadcast packets, to save bandwidth
and increase availability. Where NIS is used, allowing IP broadcast across subnets also
- A router may be used as a filter to protect subnets, e.g. for firewalls or connections
to class networks: See the "Firewalls" chapter for details.
- Routers have a configuration port, often accessible via telnet. Use a strong password,
change it regularly! If possible restrict access to certain IP addresses/interfaces, or
even the console.
- Newer routers also have built in http servers, if possible restrict access to certain IP
addresses/interfaces, and avoid using this service from public or potentially hostile
- A useful checklist for router auditing (in particular Cisco) can be found at security portal.
- Avoid SNMP. It's worse than you think, the following Bugtraq discussion will give you an
- If using SNMP, use it for Read Only, use access control lists and don't use default
- If you really cannot avoid SNMP write community strings, use very difficult-to-guess
strings, access controls list and don't not let SNMP traverse hostile networks such ss the
- Consider enabling logging (of access violation, admin access errors), to a centralised
syslog server. Analyse this logs regularly.
A sweep of all Internal telephone lines should be made once a month (during the night)
to see how many modems are attached and at what numbers. This can then be checked against
a list of registered modems. TBD: example of a product which can do this!
- Modems which are only needed for outgoing calls should be configured to ignore incoming
- A simple (10.- CHF) timer on the 220V modem supply can be used to deactivate the modem
when it is not needed (for example during the night).
11.5 External connections to WANs
11.5.1 Permission for external connections
For external access (via modem for example) to internal systems or from internal
systems to the outside (Internet for example), a user should have the written permission.
The user should prove that such an external access is absolutely necessary.
These external connections can be classed as incoming and outgoing:
11.5.2 Example Incoming connections
- Dialup access for company partners.
- Dialup access for IT staff and directors.
- Access from universities (co-ordination on research projects).
- Internet Email.
- Enterprise WWW Server.
11.5.3 Example Outgoing Connections
- Access to Vendor Bulletin boards (for getting information, drivers).
- Customer connections: providing special services to clients (examples?).
- Internet Email.
- Normal Internet access: Netscape via proxy server.
- Special Internet Access: WWW, archie, ftp, news, telnet, gopher, wais.
- EDI (see above).
11.5.4 Simple Internet or Bulletin board access
If Internet access is required for information browsing (e.g. ftp or Web) on a
sensitive zone, one solution is to use a simple PC with modem but with absolutely no
(internal) network connection.
It is important that these connections be registered with, and audited regularly by
centralised security staff.
11.5.5 Insecure subnets
Where many external connections are required in one building, one possibility is to
group together the external connections on an "Insecure Subnet" which has direct
outside access, but which is separated from the internal network via a Firewall. This
minimises cost (only one firewall) and maximises flexibility, but great care must be taken
in the daily usage on these machines on the "Insecure Subnet", as they must be
considered as dangerous, penetrated hosts.
11.6 Network Management / Monitoring
Networks are becoming more important, data speeds and volumes are increasing and
networks are becoming more and more heterogeneous. Professional Network monitoring can
help to analyse and predict problems (and increase availability). Such monitors can also
be used to increase security by two methods:
a) "Strange" network behaviour could be an intrusion, so a monitor
should be able to note "strange" (i.e. not "normal") network
b) If security policy specifies that certain services are not to be used by certain
hosts at specified times, network monitor software could be used to check this. e.g. if
the security policy for a network specifies that ftp is not to be used between
00:00 and 06:00, then any ftp traffic on the network at this time should be
monitored an reported as a security alert. This kind of monitoring is especially useful
for local high security networks.
- The Solaris 1 utility etherfind or the Solaris 2 utility snoop or the
VMS utility ethermon could be used to monitor the network for unusual behaviour,
but only from qualified, trusted personnel!
- Utilities such as satan can be used to identify devices on an IP network, as
well as report on TCP/IP security problems.
- Such utilities should be removed from all other machines.