Friday, April 05, 2002

The draft Special Publication 800-45 Guidelines on Electronic Mail Security
The document is intended primarily for a technical audience. It provides detailed guidance on setting up and maintaining a secure email system, and includes pointers to related material.
Offline NT Password & Registry Editor
This is a utility to (re)set the password of any user that has a valid (local) account on your NT system, by modifying the crypted password in the registrys SAM file.
You do not need to know the old password to set a new one.
It works offline, that is, you have to shutdown your computer and boot off a floppydisk. The bootdisk includes stuff to access NTFS partitions and scripts to glue the whole thing together.
Note: It will now also work with SYSKEY, including the option to turn it off!
InterSect Alliance
InterSect Alliance is a team of leading information technology security specialists, with extensive experience in both the policy and technical aspects of IT Security.

  • SNARE - System iNtrusion Analysis & Reporting Environment

  • RazorBack - SNORT Intrusion Detection Front-End

  • BackLog - a Windows NT service that facilitates the real time central collection and processing of Windows NT Event Log information

  • BackLog for Solaris

  • Windows 2000 - Graded Security Configuration Document

  • Internet Information Server 4 - Graded Security Configuration Document

  • Linux - Graded Security Configuration Document

  • Apache - Graded Security Configuration Document

Privacy Bird
AT&T invites you to download the new AT&T Privacy Bird software for free. This software will help Internet users stay informed about how information they provide to Web sites could be used. The AT&T Privacy Bird automatically searches for privacy policies at every website you visit. You can tell the software about your privacy concerns, and it will tell you whether each site's policies match your personal privacy preferences. The software displays a green bird icon at Web sites that match, and a red bird icon at sites that do not.
The IBM Tivoli Privacy Wizard
The pressure for comprehensive, effective privacy policies are rising every day. Creating your written policy is only the first step in this increasingly vital process. To be useful, your policy must then be translated into an electronic language that can be applied across your IT infrastructure. But how do you translate a human-language policy into an electronic format that applications can actually understand and use?
With the IBM Tivoli Privacy Wizard, it's easy and available to you for no charge!
The downloadable IBM Tivoli Privacy Wizard lets you define your privacy policies and translate them into an electronic language that many applications can understand and apply. Your IT department can then use that information to implement and maintain the new privacy policies. Policies created by the Wizard can be exported to P3P format, the current industry standard.
How To Give Network Security Administrators a Tremendous Headache
When I first plunged into the internals of HTTPS proxies, the idea on how to abuse these for unlimited Internet access immediately came to me. It dawned on me that, in essence, an HTTPS web proxy is a sort of tunnel into the Internet for everyone who is willing to speak the HTTP's protocol CONNECT command. And since all the traffic that passed through the tunnel is supposed to be SSL encrypted (so as to form an unhindered SSL session between the browser and the HTTPS server), there are little or no access controls possible on such a tunnel. I filed these ideas under the section "Interesting; must do something with this later"...
When "later" came, it turned out that the realisation described above could have very interesting security repercussions.....
SAFE ROOMS COME OUT OF HIDING
It would be easy to think that the safe room starring in Jodie Foster's new film, "Panic Room," is merely the product of a screenwriter's imagination.
Most people haven't heard of these hidden spaces that provide safe havens for homeowners in the tense minutes between a break-in and the arrival of the police.
Well, safe rooms are out there, and not just in the homes of California celebrities and corporate heads in New York, where "Panic Room" takes place. A trio of them are currently being constructed inside a downtown Boston condominium near the Four Seasons Hotel.

Often brushed aside as an urban myth or a plaything for the paranoid, safe rooms have been around for centuries. They're the modern-day equivalent of castle keeps and bomb shelters that can be found in high-end homes, corporate offices, and even health clinics. Nobody has statistics on just how many are out there, since their effectiveness depends on the silence of their owners and the people who build them. The $ 30 million opening weekend of "Panic Room" drags what was once secret into the public lexicon.
Suddenly, safe-room designers are using the film as an excuse to speak very carefully about the rooms they outfit with bulletproof doors, surveillance cameras, ventilation systems, and tamper-proof communication equipment. Cynics may say they are motivated by a desire to generate new business, but the designers are unveiling an industry that has been quietly thriving for decades.

Thursday, April 04, 2002

Links on CopsCops.com
Listing of links with description.
CIS Investigative Resources
Huge listing of links, sorted by subject.
Freeware downloads: Security

  • Access Control
    Restrict and monitor Internet usage, this includes keystroke monitoring, Internet usage etc.

  • Anti-Virus (Specialized)
    Anti-Virus tools, specialized for individual viruses, trojans or worms. These tools are usually released quickly after a new, fast spreading virus is discovered.

  • Anti-Virus Tools
    Virus protection is a "must have" when you are using the Internet.

  • Cache and Cookie
    Clean your browser cache, securely delete files and/or cookies.

  • E-mail Security & Encryption
    Protect the privacy of your email communications.

  • File Encryption Tools
    These tools can be used to encrypt email messages or files on your computer.

  • Password Manager
    Manage and store your passwords, generate random passwords and more.

  • Personal Firewalls
    Protect your computer from intruders.

  • Secure File Deletion
    Digital File Shredders - Permanently delete files beyond recovery...

  • Security Tools
    These tools are intended to monitor your Internet or network connection and alert you of potential intruders. They are NOT firewalls!

SpyBlocker Software
This site is dedicated to help secure your communications and files from third parties, as well as several other important security aspects that may arise when you are connected to the Internet.

Wednesday, April 03, 2002

Kernel Based Keylogger
There is a wide variety of keyloggers for Windows and only a few crippled ones for Linux. This paper describes some basic concepts, used techniqes and hits. I've also included proof of concept LKM code which was tested "in the wild". A must read for every pen tester, system administrator and honeypot freak :)
socklog
Socklog in cooperation with djb's daemontools is a small and secure replacement for syslogd.
syslog-ng
syslog-ng, as the name shows, is a syslogd replacement, but with new functionality for the new generation. The original syslogd allows messages only to be sorted based on priority/facility pairs; syslog-ng adds the possibility to filter based on message contents using regular expressions. The new configuration scheme is intuitive and powerful. Forwarding logs over TCP and remembering all forwarding hops makes it ideal for firewalled environments.
syslog-ng is in use primarily on Linux, Solaris and FreeBSD, and should be quite easily ported to other BSD-like Unixes.
The Distributed Honeypot Project
Imagine having the ability to deploy an entire honeynet system on a single machine, complete with data control and data capture. The focus of this paper outlines a proof of concept that such a system is possible. Originally intended to be showcased using open source operating system technologies, the solution was completed via mainstream consumer products. Design and configuration of the system will be provided, along with discussion of other potential solutions. Although to my knowledge this is the first published example of this type of technology, it is completely possible that someone else has already implemented such a system. Think Alexander Graham Bell.
Modular Syslog
A replacement to traditional syslog daemons. Including cryptographic log protection, mysql, postgresql. Supported on Linux, BSD, Irix, Solaris and AIX.

Tuesday, April 02, 2002

R.U.N.S.A.F.E.
The information and associated steps listed on this page are key components to everyone's online security. Everyone should understand them and be able to take the actions described. R.U.N.S.A.F.E. workshops are offered once per semester that describe the incidents we've seen at JMU, the threats we're exposed to, and that teach the defensive concepts and procedures described here.
TUCOFS - The Ultimate Collection of Forensic Software
TUCOFS, or T.U.C.O.F.S., stands for The Ultimate Collection of Forensic Software. This site places all Law Enforcement Personnel in touch with the latest and greatest Internet based resources for High Tech Law Enforcement purposes. Resource types include files, sofware, websites and documentation.