The Enemy Within: Firewalls and Backdoors
As a modern IT professional you've done all the right things to keep the "bad guys" out: you protected your network with firewalls and/or proxies, deployed anti-virus software across all platforms, and secured your mobile workstations with personal firewalls. You may even be in the process of designing and deploying an enterprise-wide network and host intrusion detection framework to help keep an even closer eye on what's going on. Even with all this, are you really safe? Can your multiple-lines of defense truly protect your network from modern methods of intrusion?
This article presents an overview of modern backdoor techniques, discusses how they can be used to bypass the security infrastructure that exists in most network deployments and issues a wake-up call for those relying on current technologies to safeguard their systems/networks.
Monday, June 09, 2003
RedFang
Redfang is a small proof-of-concept application that finds non-discovereable Bluetooth devices by brute forcing the last six bytes of the device's Bluetooth address and doing a read_remote_name().
Redfang is a small proof-of-concept application that finds non-discovereable Bluetooth devices by brute forcing the last six bytes of the device's Bluetooth address and doing a read_remote_name().
Thursday, June 05, 2003
How To Use SpamAssassin on Win32
SpamAssassin is a wonderful open source product that performs heuristic spam analysis and RBL lookups, among other tests, to allow you to block most spam mail.
In its default form, it is designed and written for Unix platforms. This document provides information on how to get SpamAssassin working on Win32.
SpamAssassin is a wonderful open source product that performs heuristic spam analysis and RBL lookups, among other tests, to allow you to block most spam mail.
In its default form, it is designed and written for Unix platforms. This document provides information on how to get SpamAssassin working on Win32.
NTIDA
NTIDA (NT Intrusion Detection Audit) is a scripted framework dependant on thirdparty freeware utilities intended to assist administrators in easily auditing their critical NT/2K systems.
NTIDA (NT Intrusion Detection Audit) is a scripted framework dependant on thirdparty freeware utilities intended to assist administrators in easily auditing their critical NT/2K systems.
Wednesday, June 04, 2003
Windows NT/2000/XP Hardening
This paper is a brief security note to advise users of Windows NT, 2000 and XP workstations on how to apply patches and configure their systems to better protect them from compromise. This is emphatically not a comprehensive guide to Windows security but it is a first step in that direction.
This paper is a brief security note to advise users of Windows NT, 2000 and XP workstations on how to apply patches and configure their systems to better protect them from compromise. This is emphatically not a comprehensive guide to Windows security but it is a first step in that direction.
Tuesday, June 03, 2003
Open Source Computer Forensics Manual
An open-source manual for computer forensics covering methodology, process and delving into technical standard operating procedures.
An open-source manual for computer forensics covering methodology, process and delving into technical standard operating procedures.
Easy Encryption
Fred Langa looks at the universe of products that help you protect sensitive files and data from prying eyes and hackers.
Fred Langa looks at the universe of products that help you protect sensitive files and data from prying eyes and hackers.
Argus
Welcome to the Argus Open Project, home of Argus, the network Audit
Record Generation and Utilization System. The Argus Open Project is
focused on developing network activity audit strategies that can do real
work for the network architect, administrator and network user.
Welcome to the Argus Open Project, home of Argus, the network Audit
Record Generation and Utilization System. The Argus Open Project is
focused on developing network activity audit strategies that can do real
work for the network architect, administrator and network user.
Monday, June 02, 2003
Cisco Disovery Protocol
cdpr is used to decode a Cisco Disovery Protocol (CDP) packet, by default it will report the device ID, the IP Address (of the device), and the port number that the machine is connected to. Optionally it will decode the entire CDP packet.
cdpr is used to decode a Cisco Disovery Protocol (CDP) packet, by default it will report the device ID, the IP Address (of the device), and the port number that the machine is connected to. Optionally it will decode the entire CDP packet.
Friday, May 30, 2003
ODESSA
What is odessa? It's an acronym for "Open Digital Evidence Search and Seizure Architecture"
The intent of this project is to provide a completely open and extensible suite of tools for performing digital evidence analysis as well as a means of generating a usable report detailing the analysis and any findings. The odessa tool suite currently represents more than 7 man years of labor, and consists of 3 highly modular cross-platform tools for the acquisition, analysis, and documentation of digital evidence.
What is odessa? It's an acronym for "Open Digital Evidence Search and Seizure Architecture"
The intent of this project is to provide a completely open and extensible suite of tools for performing digital evidence analysis as well as a means of generating a usable report detailing the analysis and any findings. The odessa tool suite currently represents more than 7 man years of labor, and consists of 3 highly modular cross-platform tools for the acquisition, analysis, and documentation of digital evidence.
Subscribe to:
Posts (Atom)
