Wednesday, December 31, 2003
Pity this guy?
Put me on the not list as I receive 20-30 legitimate messages per day which makes up less than 10% of the total volume. Thanks to various people for writing Procmail, SpamAssassin, SpamBayes, and various virus scanners.
Scraped from Slashdot.
Tuesday, December 30, 2003
OpenSSL and FIPS 140
Thanks to SilverStr for the pointer!
Monday, December 29, 2003
Oh, and BTW, I have a copy of the book on my shelf.
Sunday, December 28, 2003
I said it before and I'll say it again here: VLAN's are a network traffic managment tool, NOT a security tool!!!
Saturday, December 27, 2003
Includes a howto and a listing of required hardware/software.
Friday, December 26, 2003
Anyways, I've backfilled the last few days and will settle down to work on a serious back-log of posts.
Merry Christmas, y'all!
Thursday, December 25, 2003
The Achilles heel to most networks
I agree with Bowulf, at least in part. You also have to have logging enabled. If you're working in a NOC, that also means router logs (that's syslog servers, not the dinky space for logging in router memory!). For those networks which aren't allowed to enforce a decent firewall policy, you also need to log high-port to high-port traffic which is where most of your shady-stuff (unauthorized/covert channels, P2P, backdoors, etc.) happens.
I disagree with Bowulf in that logging isn't the sole action you need to take. Closely related to logging is taking and maintaining metrics. A good metrics supports the cliche "a picture is worth a thousand words". If you're watching your network metrics, you learn to recognize "normal" network activity and "abnormal" network activity.
One example of this is e-mail metrics. You cannot read every message that passes through your mail servers. However, if you graph your metrics properly, you should be able to recognize the spread of a new virus within 5-15 minutes of the initial spread (depending how often your graphs are update). While it won't block the new infection (usually nothing will), it does allow you to react quickly enough to minimize the damage and protect the rest of your network.
Maybe a good rule-of-thumb is to maintain metrics on your normal traffic (web, email, etc.) and regularly filter your logs for the abnormal traffic?
Wednesday, December 24, 2003
IE bug used in scam
Tuesday, December 23, 2003
Apologies to Kevin for the missed links.
Jabber XCP review
Jabber's XML-based communications have been around for quite awhile. The protocol is open source and there are quite a few tools to work with it. At one point, I'd even adapted it to send Instant Messages to all NOC personnel if a router interface or a service went down.
Monday, December 22, 2003
Another Day in the Life of...
Okay, so I'm descended from a long line of soap addicts.
Got any favorites you want to suggest for a *nix-based server?
Sunday, December 21, 2003
More Online Learning
Saturday, December 20, 2003
Friday, December 19, 2003
DCE RPC Vulnerabilities New Attack Vectors Analysis
Okay, I'll admit to scraping it from Slashdot.
Freep has an article about what your high-tech kids put up with in school.
Banking Scam Revealed
Thursday, December 18, 2003
NIST posts security control guidelines for comment
Uh Oh II
Oh... My... Gawd!
If you get the joke, get your d*mn browser fixed!
Wednesday, December 17, 2003
Why? WHy? WHY?
Tuesday, December 16, 2003
How not to program in PHP
Hint: ignoring this while programming allows cross-site scripting and SQL injection. Not a good thing.
Monday, December 15, 2003
Microsoft releases network port info
Help Net Security - Attacking the DNS Protocol
ADS's (not ad's)
Sunday, December 14, 2003
The Anatomy of Cross Site Scripting
RFC's are the agreed upon standards by which the "community" is defined. Think of it as the charter for your local government. Protocols (languages) are agreed upon. Responsibilities are defined.
One shortcomiing is that there is no requirement to comply. This allows organizations and individuals to do horrible, aggressive and/or stupid things via the Internet without reprisal. Examples: long distance Outlook-Exchange connections, MS's perversion of the Kerberos protocol, long distance NetBIOS, long distance Telnet/FTP/POP3/IMAP, just about any proprietary encryption scheme, and 90% of the e-mail domains.
For the Internet-based violations, here's a site called "RFC Ignorant", which tracks the stubbornly ignorant.
The Art of Unix Programming
Saturday, December 13, 2003
More celebrity teaching...
Help Net Security - Attacking the DNS Protocol
Thursday, December 11, 2003
Wading into an Eggdrop soup
Wednesday, December 10, 2003
NetBIOS Hex Codes
Tuesday, December 9, 2003
For those new to the game, FWTK is the Firewall Toolkit, one of the first application proxies written 20 years ago. Amazingly, it's still usable. Combining it with other technologies (SOCKS, ipfw, iptables, Squid, other proxies/packet filters) allows you to build a workable firewall for just about any *nix flavor, including a Mac version.
If you care to read it, click on the Wiki link above and scroll down to the Security section. Let me know what you think?
Monday, December 8, 2003
Early Warning!!: If you manage a corporate network, you may want to consider blocking this, both for sending (if it's possible) and for reading. There's some pretty unsavory blogs over there (people abusing the service mostly). The hosts state in their FAQ that if they receive a court order, they will turn you in if you're doing something illegal.
Sunday, December 7, 2003
SCO ordered to show evidence
Best Practices for Wireless Network Security - Computerworld
NSA Cisco Router Security Guidelines
Saturday, December 6, 2003
Am not! Are to!
It seems that beaumonday thinks I pick on Microsoft too much. Acutally, if you read REAL close, I pick on everyone who thinks that any one operating system is the way to go. (Do I need to repost my point-and-click administrator rant again?) I'm a firm believer in the-best-tool-for-the-job and know-the-technology-behind-the-gui.
I provide a lengthy response.
Just so I can alienate everyone and level the playing field, out of the box:
- Microsoft Windows is insecure
- Linux is insecure
- Unix (SunOS, BSD, Irix, AIX, Xenix, etc) is insecure
- Cisco/Foundry/Bay/etc. is insecure
- Novell has problems (actually, they had the highest rating by the gov't prior to adding in IP capabilities)
- and the OS that you may be writing has *SERIOUS* problems.
However, when used in conjunction, they can provide a very secure network for your users.
Friday, December 5, 2003
E tu Brute?
So, did the stock purchase include training on how to sue for money? Probably not but this sort of thing can turn nasty and unproductive.
Thursday, December 4, 2003
Wednesday, December 3, 2003
Britney Spear's Guide to Semi-conductor Physics
How about semi-conductor physics? (Yet another attempt by those-with-too-much-time-on-their-hands to use sex to teach the less-willing-to-learn.)
But it's funny anyways. The "Booble" search engine is interesting also. (Hint: click on the "Search Britney Space" radio button)