Random TLD Name, Numbers and Letters, for Added Security? [closed] - security

Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 11 years ago.
Improve this question
I have a client app that faces the internet, but only clients will access. The site should never be indexed or crawled or viewed outside of our clients. We always concerned about DDOS and attempts to gain access. If the system can add one more level of being hidden, or harder to find, I don't see the negatives.
Users will never have to enter the domain name (think kiosks), and admins can use bookmarks. Yes, security by obscurity is no solution and never relied upon. But if you can add it to an existing and robust secured system, why not?
Is there any downside to having a random domain name like j398sh3-3nj23j.com?
I would love to hear some thoughts and opinions.

If you're never using where anyone will see it (even by rDNS on an incoming connection from your server), then the only real drawback is that you're paying for it when you could as easily use a random subdomain under a domain you already control (e.g. j398sh3-3nj23j.example.com).
But it'll provide zero protection from DDOS or attempts to gain access, as anyone who is in a position to extract a normal domain name from your client app will probably be able to extract this random domain name just as easily, and they may not even bother with domain names and just get the IP address your client is connecting to anyway.

Emphatically speaking, that's useless. As was pointed out above, using some subdomain of your own would cost less, be saner, and have more utility.
If you have a number of nodes on a private network that is not physically private, use a good VPN system and machine authentication with certificates. If you do that, nothing is accessible except the Internet-facing VPN software, and that can easily ignore anything that's not legitimate.

Related

why are ISP's only blocking sub domains and not the full domain [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 8 years ago.
Improve this question
Using the popular torrent backdoor come.in as an example, why are only the sub domains being blocked by ISP's?
Originally my ISP blocked eztv.it so I found eztv.come.in which was eventually blocked after some time only to be replaced with ezztv.come.in.
They are now on ezzzztv.come.in and no doubt in time they will be on ezzzzzzzztv.
They also have backdoors to all the other big torrent sites and do the same thing, just open up again with a new sub domain URL
Is there some kind of technical reason that the main domain is not being blocked? Or maybe it's a legal reason. I am no expert but can't think of a logical reason the main domain is not being blocked instead of the ISP playing this cat and mouse game.
I doubt it's anything too mysterious. I'd say it depends heavily on how they are doing the blocking and I'm willing to bet this changes a good bit from ISP to ISP. I would guess that it's one of the following:
1) They get hostnames to block from some source (some kind of commercial feed maybe?), this source gives them the subdomains (i.e. specific hosts instead of a group of hosts), they import this to some list that gets blocked
2) Plain old ignorance or laziness - maybe whatever team is in charge of this just blocks based on hosts because they don't care enough to do basic pattern recognition on hosts they're ordered to block.
3) Technical reasons - maybe whatever tool they use to manage their blacklists only accepts subdomains?
Unless we get someone that does this kind of work for ISPs (and they do it the same way as you are describing), then we'll never know :-)
I do not know why the subdomains are being blocked, however I do know that using a encrypted VPN such as HotspotShield means that your ISPs cannot know what you are visiting (And therefore would have to either block everything or nothing), which means that you can bypass that block.
When I accidentally forgot to pay the bill (Was overdrawn) and my ISP limited me to only Google and Youtube, I used a VPN and was able to access everything fine.
I have only ever used HotspotShield, never used TOR, etc, so I don't know which VPNs it would work with or not (really the question is, which VPNs are encrypted?).
VPNs give higher latency, but to my knowledge do not give slower download speeds (Except if the VPN has a slower internet connection than you), so should be fine for downloads.

In relation to packet sniffing, how secure are secure networks? [closed]

Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 9 years ago.
Improve this question
I don't fully understand how packet sniffing works, but the gist I get from it is that if someone is logged on the same network as you, they can sniff packets for unhashed passwords and... well, that's really enough damage.
The solution, I've read, is to only go on networks that are secure when doing bank stuff, but my issue is that the only secure network I have is a school wide one (dorms). Imaginably, the school wouldn't set up a network so open to password theft, but the only thing I can think of stopping the bad guys is that we log in with our student ID. All they would need is someone else's ID and password and (if my understanding is correct) they could packet sniff pretty much everyone in the hall using the same router without being traced.
Are my fears justified, and if not why? And if so, also why?
Thank you
Speaking generally, you can't sniff transmissions between a client and a bank server since the communication uses public key encryption. That said, SSL is still vulnerable to man-in-the-middle attacks - beware of notices/alerts about unrecognized certificates.
Regarding privacy on non-HTTPS websites, it depends on how your network is set up. If it's a standard WPA2 setup then all of your unencrypted traffic is visible (easily) to anyone who is in transmission range of your computer and has the WiFi password. You can install HTTPS Everywhere from EFF (https://www.eff.org/https-everywhere‎) which helps secure your communications on many common websites - Facebook, Twitter, etc.

Small websites - openID instead of SSL? [closed]

Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 11 years ago.
Improve this question
I'll be using a shared Internet connexion starting this September at my school and I was wondering about what someone sniffing traffic with Wireshark may find there. I am not planing to do this myself but I feel I ought to know more about it if I want to sometimes work on my website during class.
Basically, isn't every non-SSL website that asks you for a password and an e-mail totally unsecure to log on on a shared connexion? When you know how many people use the same password for all their web/laptop/mobile accounts, it doesn't take long to get access to someone's all private data if you manage to sniff one password and e-mail.
As for me, I am already looking at how to secure my FTP connexions, but what about my users who log through HTTP? Unless I buy a SSL certificate (which I don't want, the site's too small), they are going to get more exposed to Wireshark sniffers all over the world, right? Isn't this where login tools such as OpenID become handy for small communities, since they do provide a free encryption of passwords?
OpenID and SSL are completely unrelated. OpenID's purpose is to consolidate and give ownership of a user's identity to the user, while SSL is used to keep a user's traffic with your site secret (encrypted). You can use OpenId to keep track of the user (like Stackoverflow does) and still not use SSL for the content pages.

IP address as additional security factor for authentication [closed]

Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 9 years ago.
Improve this question
In addition to standard form authentication, IP address has been added as the security factor. Means change of IP address drops user session.
Personally I think this is overhelmed solution and does not provide real value. Also something tells me that possible situations when IP address could be changed legally.
Need to mention, that we do not have "remember me" check box and we just consumer, e-commers application.
So questions:
Does IP could be security factor?
Is there something that could change IP address during surfing (proxies, anonimazers, speed-boosters)?
You should not rely on the IP address for authentication, not even for enhanced authentication.
There are a lot of scenarios where an IP address changes during surfing, you mentioned some. Others include: Switch to a VPN, restart of router, reset of connection by the ISP.
The first time I ran into this problem was many years ago, due to AOL users. With the AOL software at the time, browser requests would go through AOL's proxy farm and could come from a different IP address on every request. Certainly the same thing can happen today, for many reasons. Your web app must not rely on the IP address being constant. Use cookies instead.
Not only are there legitimate ways for an IP to change, but there are illegitimate ways for a sophisticated user to spoof someone's IP whose info they were trying to steal.
So this approach can inconvenience real users and provide more tools for the bad guys.

Network Security [closed]

Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 12 years ago.
Improve this question
I have been a .net developer for the past three yrs. Just curious to know about the network security field. What kind of work does the developers working in these area do? I really have not much idea about network security but what my understanding is these people are involved in securing network, preventing attacks on network as obvious. Could any one please give me some details about this field and also what does it take to move to this field.
Take a look at "Security Engineering" by Ross Anderson. The first edition and part of the second are available for free online here. While he talks about many non-network issues, the principles mostly apply.
Network security is a vast subject. On the developer side, I think you would most likely be concerning yourself with lots of encryption schemes and process security. There are basic things like using SSL for network traffic of a program to more advanced subjects like preventing any traces of a sensitive operation from remaining in RAM after a program has processed (and probably encrypted) it.
Today, you would need to become an expert in TCP/IP protocols. Everything from ARP, DNS, UDP, ICMG, BGP, and on and on. Most networks are IP-based, with IP-based firewalls. The firewalls will allow, for example, "TCP traffic on port 80" to come through. You need to be able to understand if that traffic is valid web surfing, DOS attack, or otherwise malicious. This can only be accomplished with detailed understanding of how IP networks work. Ditto for other protocols like DNS. In addition, lower-level understanding of ethernet communications and other means of transport (like cell phone networks or WiFi networks) would be important. I suppose it depending on what you mean by "network security" - to me this is below the application layer.

Resources