Network forensics analysis tools (NFATs) reveal insecurities, turn sysadmins into systems detectives.
Surgeon Michael Nusbaum knows a thing or two about hacking. Many years after reaching the "mandatory retirement age of 13" as a computer hacker, he commands the infosec defenses as COO at Hamilton Scientific Ltd., an ASP that provides Web-based medical software.
Atop Hamilton's multilayered defense system sits one of a new class of network forensics analysis tools (NFATs): Niksun's NetDetector (www.niksun.com). These products--which include SilentRunner (www.silentrunner.com ) and Sandstorm's NetIntercept (www.sandstorm.com )--combine robust network traffic capture with sophisticated analysis and forensics capabilities.
Friday, February 22, 2002
Securing Your Enterprise Email with Digital IDs
There are actually two different encryption standards that are widely used to protect email messages—S/MIME (Secure/Multipurpose Internet Mail Extensions) and PGP (Pretty Good Privacy). While both standards both use the public key encryption scheme and ultimately perform the same job, they work differently, and are represented in different types of products.
In this article, I’ll take a closer look at these two public key encryption standards and explain how they work. I’ll then take a look at two examples of enterprise email encryption products—one that uses S/MIME and another that uses PGP. As I do, I’ll pass along links that you can use to get more specific information about these encryption standards and the products that use them.
There are actually two different encryption standards that are widely used to protect email messages—S/MIME (Secure/Multipurpose Internet Mail Extensions) and PGP (Pretty Good Privacy). While both standards both use the public key encryption scheme and ultimately perform the same job, they work differently, and are represented in different types of products.
In this article, I’ll take a closer look at these two public key encryption standards and explain how they work. I’ll then take a look at two examples of enterprise email encryption products—one that uses S/MIME and another that uses PGP. As I do, I’ll pass along links that you can use to get more specific information about these encryption standards and the products that use them.
Password Corral
Password Corral is our popular freeware password manager. With a clean, easy to use interface, strong encryption and all the features you would expect from a program you'd have to pay for, it's no wonder thousands of people have made it their choice for password management!
Password Corral is our popular freeware password manager. With a clean, easy to use interface, strong encryption and all the features you would expect from a program you'd have to pay for, it's no wonder thousands of people have made it their choice for password management!
The Trojan List
The table shows examples of existing trojans and ports being used. The lower ports are often used by trojans that steals password and either mail the passwords to attackers or hide them in FTP-directories. The higher ports are often used by Remote Access trojans that can be reached over the network. If you find probes directed against ports normally not used, it may be someone trying to connect to a trojan inside your network. I hope this list will be of some help for you.
The table shows examples of existing trojans and ports being used. The lower ports are often used by trojans that steals password and either mail the passwords to attackers or hide them in FTP-directories. The higher ports are often used by Remote Access trojans that can be reached over the network. If you find probes directed against ports normally not used, it may be someone trying to connect to a trojan inside your network. I hope this list will be of some help for you.
Thursday, February 21, 2002
Hacking Lexicon
This document explains what people may mean by words. This does not attempt to define how words should be used.
This document explains what people may mean by words. This does not attempt to define how words should be used.
FAQ: Network Intrusion Detection Systems
This FAQ answers simple questions related to detecting intruders who attack systems through the network, especially how such intrusions can be detected.
This FAQ answers simple questions related to detecting intruders who attack systems through the network, especially how such intrusions can be detected.
Sniffing (network wiretap, sniffer) FAQ
This document answers questions about eavesdropping on computer networks (a.k.a. "sniffing").
This document answers questions about eavesdropping on computer networks (a.k.a. "sniffing").
PhoneBoy's FireWall-1 FAQ
This site has links, downloads, documents, and over 400 FAQs relating to Check Point FireWall-1.
This site has links, downloads, documents, and over 400 FAQs relating to Check Point FireWall-1.
Change Your Identity without fake ID
Now Ariza Research has created a new report written by an experienced attorney that provides an extremely detailed step-by-step system that will walk you through the entire process of creating a clean, fully documented new identity - not one built on flimsy fake ID or dead infants. It's a master guide to identity changing for the new millenium!
Now Ariza Research has created a new report written by an experienced attorney that provides an extremely detailed step-by-step system that will walk you through the entire process of creating a clean, fully documented new identity - not one built on flimsy fake ID or dead infants. It's a master guide to identity changing for the new millenium!
Build a poor man's firewall with the Cisco IOS
Today, network security has become a top priority for every organization connected to the Internet, and firewalls have come to serve as the main security mechanism. While vendors have been pushing toward dedicated “firewall appliances”—and I don’t argue that these are excellent solutions—such appliances can also be very costly for small to medium-size businesses. For example, a Cisco PIX Firewall can cost thousands of dollars.
However, there is an inexpensive and effective firewall solution that you may have overlooked. Most companies that connect to the Internet use a standard router to do so. If you use a Cisco router, you should know that the Cisco IOS has a built-in feature set for creating a firewall and intrusion detection system. Using this solution, you don’t need a separate firewall box—it can all be done inside your current Cisco router. I like to call this a "poor man’s firewall.”
Today, network security has become a top priority for every organization connected to the Internet, and firewalls have come to serve as the main security mechanism. While vendors have been pushing toward dedicated “firewall appliances”—and I don’t argue that these are excellent solutions—such appliances can also be very costly for small to medium-size businesses. For example, a Cisco PIX Firewall can cost thousands of dollars.
However, there is an inexpensive and effective firewall solution that you may have overlooked. Most companies that connect to the Internet use a standard router to do so. If you use a Cisco router, you should know that the Cisco IOS has a built-in feature set for creating a firewall and intrusion detection system. Using this solution, you don’t need a separate firewall box—it can all be done inside your current Cisco router. I like to call this a "poor man’s firewall.”
The Open Source Security Testing Methodology Manual
This manual is to set forth a standard for Internet security testing. Disregarding the credentials of many a security tester and focusing on the how, I present a solution to a problem that exists currently. Regardless of firm size, finance capital, and vendor backing, any network or security expert who meets the outline requirements in this manual is said to have completed a successful security snapshot. Not to say one cannot perform a test faster, more in depth, or of a different flavor. No, the tester following the methodology herein is said to have followed the standard model and therefore if nothing else, has been thorough.
This manual is to set forth a standard for Internet security testing. Disregarding the credentials of many a security tester and focusing on the how, I present a solution to a problem that exists currently. Regardless of firm size, finance capital, and vendor backing, any network or security expert who meets the outline requirements in this manual is said to have completed a successful security snapshot. Not to say one cannot perform a test faster, more in depth, or of a different flavor. No, the tester following the methodology herein is said to have followed the standard model and therefore if nothing else, has been thorough.
Wednesday, February 20, 2002
Tempest for Eliza
I wrote this program because it was fun and because it teaches in an amusing way that tempest really exists. I want people to understand that their computers can be observed.
I wrote this program because it was fun and because it teaches in an amusing way that tempest really exists. I want people to understand that their computers can be observed.
Tinfoil Hat Linux
It started as a secure, single floppy, bootable Linux distribution for storing PGP keys and then encrypting, signing and wiping files. At some point it became an exercise in over-engineering.
Tinfoil hat is useful if:
You're using a computer that could have a keystroke logger installed. http://www.keyghost.com is an example of a tiny & cheap hardware logger.
You need to use your personal GPG keys at work, school or a web hosting facility where you don't trust or own the equipment.
If you maintain a PGP Certificate Authority or signing key and have to have a safe place to use the CA key.
If you simply don't want to risk putting a PGP key on a hard drive where someone else might have access to it.
The Illuminati are watching your computer, and you need to use morse code to blink out your PGP messages on the numlock key.
It started as a secure, single floppy, bootable Linux distribution for storing PGP keys and then encrypting, signing and wiping files. At some point it became an exercise in over-engineering.
Tinfoil hat is useful if:
You're using a computer that could have a keystroke logger installed. http://www.keyghost.com is an example of a tiny & cheap hardware logger.
You need to use your personal GPG keys at work, school or a web hosting facility where you don't trust or own the equipment.
If you maintain a PGP Certificate Authority or signing key and have to have a safe place to use the CA key.
If you simply don't want to risk putting a PGP key on a hard drive where someone else might have access to it.
The Illuminati are watching your computer, and you need to use morse code to blink out your PGP messages on the numlock key.
WebAgain
WebAgain version 2.5 is the only software utility that concentrates on fixing and repairing the web site damage a hacker can create - and even sends an email alert to inform you of the repair. Use WebAgain to complete your web site security and disaster recovery plan!
WebAgain version 2.5 is the only software utility that concentrates on fixing and repairing the web site damage a hacker can create - and even sends an email alert to inform you of the repair. Use WebAgain to complete your web site security and disaster recovery plan!
Monday, February 18, 2002
CIA Showcases Array of Spy Gadgets
For the first time, the public is getting a large scale view of the CIA's and KGB's real-life James Bond gadgets, from a replica of the Russians' deadly poison-dart umbrella to some of the Amercians' most ingeniously concealed cameras.
The exhibit, which opened to the public Sunday at the Ronald Reagan Presidential Library, includes dozens of items borrowed from the CIA's collection in Langley, Va., many of them never before shown to the public.
For the first time, the public is getting a large scale view of the CIA's and KGB's real-life James Bond gadgets, from a replica of the Russians' deadly poison-dart umbrella to some of the Amercians' most ingeniously concealed cameras.
The exhibit, which opened to the public Sunday at the Ronald Reagan Presidential Library, includes dozens of items borrowed from the CIA's collection in Langley, Va., many of them never before shown to the public.
Subscribe to:
Posts (Atom)