The Computer Professional Reference
A lot of (online) penetration testing tools. Be sure to check out the tools section of this site!
Friday, June 14, 2002
Security Search
The world's largest security industry yellow page directory. Over 35,000 users, and 15,000 listings covering 94 countries.
The world's largest security industry yellow page directory. Over 35,000 users, and 15,000 listings covering 94 countries.
DOE Custom Tools
Custom tools and documents are those developed by different sites as part of their daily operations, and that have applicability outside of their developing organizations. Custom tools and documents are expected to be not as polished or well documented as the DOE-developed tools, but having access to them will give another site a large head start in developing a similar capability of their own. DOE sites who have or are developing information security tools and documents are encouraged to make those materials available for inclusion on the server.
Custom tools and documents are those developed by different sites as part of their daily operations, and that have applicability outside of their developing organizations. Custom tools and documents are expected to be not as polished or well documented as the DOE-developed tools, but having access to them will give another site a large head start in developing a similar capability of their own. DOE sites who have or are developing information security tools and documents are encouraged to make those materials available for inclusion on the server.
Thursday, June 13, 2002
The latest rage: CSO
Before you ask--No, CSO isn't a new TV crime show. But you'd never know that from the hype. Over the last few weeks, the chief security officer--or CSO--job title has been generating enough buzz to make a Hollywood press agent envious.
Headhunters are waxing ecstatic over the six-figure salaries, the number of openings that companies say they have, and the fact that it's a growth area in an otherwise down market. And there's a lot of agreement that corporate security needs to be centralized, at least in some manner. But if it's so hot, why are so few companies actually hiring CSOs?
Before you ask--No, CSO isn't a new TV crime show. But you'd never know that from the hype. Over the last few weeks, the chief security officer--or CSO--job title has been generating enough buzz to make a Hollywood press agent envious.
Headhunters are waxing ecstatic over the six-figure salaries, the number of openings that companies say they have, and the fact that it's a growth area in an otherwise down market. And there's a lot of agreement that corporate security needs to be centralized, at least in some manner. But if it's so hot, why are so few companies actually hiring CSOs?
Internetwork Routing Protocol Attack Suite
Routing protocols are by definition protocols, which are used by routers to communicate with each other about ways to deliver routed protocols, such as IP.
While many improvements have been done to the host security since the early days of the Internet, the core of this network still uses unauthenticated services for critical communication. Because most of the routers you will see in todays environments are Cisco products, we focus our work on these, which does not mean that it dosn't apply to other router vendors.
The idea is to implement small tools which can be scripted for larger tests while using the protocols describd in standards or white papers. IRPAS is not a collection of exploits. While several circumstances can lead to a denail of service attack, the tools try to implement routing protocol functionality as described by the papers, therefore enabling the user of these tools (probably you) to design it's own customized attack.
Another nice side effect is that people used to point-and-click attack tools should have some difficulties to use a raw IGRP sender tool.
Routing protocols are by definition protocols, which are used by routers to communicate with each other about ways to deliver routed protocols, such as IP.
While many improvements have been done to the host security since the early days of the Internet, the core of this network still uses unauthenticated services for critical communication. Because most of the routers you will see in todays environments are Cisco products, we focus our work on these, which does not mean that it dosn't apply to other router vendors.
The idea is to implement small tools which can be scripted for larger tests while using the protocols describd in standards or white papers. IRPAS is not a collection of exploits. While several circumstances can lead to a denail of service attack, the tools try to implement routing protocol functionality as described by the papers, therefore enabling the user of these tools (probably you) to design it's own customized attack.
Another nice side effect is that people used to point-and-click attack tools should have some difficulties to use a raw IGRP sender tool.
Wednesday, June 12, 2002
Stalker tech
Do you know where your boyfriend is? If he attends the University of California at San Diego, finding him may be as easy as turning on a PDA.
The university is equipping hundreds of students with personal digital assistants that allow them to track each other's location from parking lot to lecture hall to cafeteria. The technology is sophisticated enough to pinpoint where a person is in a building -- say, a dorm -- within a margin of error of one floor.
Do you know where your boyfriend is? If he attends the University of California at San Diego, finding him may be as easy as turning on a PDA.
The university is equipping hundreds of students with personal digital assistants that allow them to track each other's location from parking lot to lecture hall to cafeteria. The technology is sophisticated enough to pinpoint where a person is in a building -- say, a dorm -- within a margin of error of one floor.
The New C-Guard EXP
Cellular phones, seemingly innocent devices, are often used for carrying out illegal actions. Today, a major security threat is being acknowledged by more and more organizations worldwide - the use of cellular phones as bugging devices.
Cellular phone technology has dramatically changed eavesdropping techniques. While a decade ago performing illegal eavesdropping was a complicated task requiring professional expertise (involving the installation of concealed transmitters and receivers on-site), today cellular phones can be easily converted into bugs and placed anywhere.
Popular cell-phone models made by Nokia, Motorola and other market leaders, can transform into sophisticated, easily operated bugging devices through a small modification. By a simple press of a button, a seemingly standard cell-phone device switches into a mode in which it seems to be turned-off. However, in this deceitful mode the phone will automatically answer incoming calls, without any visual or audio indications whatsoever. In most cases, such 'spy' phones are concealed within the targeted area, for instance - inside a houseplant. A well placed bug-phone can be activated on?demand from any remote location (even out of another country).
Cellular phones, seemingly innocent devices, are often used for carrying out illegal actions. Today, a major security threat is being acknowledged by more and more organizations worldwide - the use of cellular phones as bugging devices.
Cellular phone technology has dramatically changed eavesdropping techniques. While a decade ago performing illegal eavesdropping was a complicated task requiring professional expertise (involving the installation of concealed transmitters and receivers on-site), today cellular phones can be easily converted into bugs and placed anywhere.
Popular cell-phone models made by Nokia, Motorola and other market leaders, can transform into sophisticated, easily operated bugging devices through a small modification. By a simple press of a button, a seemingly standard cell-phone device switches into a mode in which it seems to be turned-off. However, in this deceitful mode the phone will automatically answer incoming calls, without any visual or audio indications whatsoever. In most cases, such 'spy' phones are concealed within the targeted area, for instance - inside a houseplant. A well placed bug-phone can be activated on?demand from any remote location (even out of another country).
Sun's Solaris operating environment takes first place in security certification
Sun Microsystems' "Trusted" Solaris 8 4/01 Operating Environment, considered the de facto standard for protecting classified and sensitive information, is the first and only operating system to receive the highest level of security certification under the Common Criteria Labelled Security Protection Profile (LSPP) at Evaluation Assurance Level 4 (EAL4).
Sun Microsystems' "Trusted" Solaris 8 4/01 Operating Environment, considered the de facto standard for protecting classified and sensitive information, is the first and only operating system to receive the highest level of security certification under the Common Criteria Labelled Security Protection Profile (LSPP) at Evaluation Assurance Level 4 (EAL4).
Tuesday, June 11, 2002
Site R (Raven Rock) - Alternate Joint Communications Center (AJCC)
This offers information on a hardened US military communications facility, Site R (Raven Rock) Alternate Joint Communications Center (AJCC), located beneath Raven Rock mountain, near Waynesboro, PA, reported to be the bunker used by Vice President Cheney during the months after 9/11.
This offers information on a hardened US military communications facility, Site R (Raven Rock) Alternate Joint Communications Center (AJCC), located beneath Raven Rock mountain, near Waynesboro, PA, reported to be the bunker used by Vice President Cheney during the months after 9/11.
Law Enforcement OnLine
The Federal Bureau of Investigation provides a national focal point for electronic communication, education, and information sharing through the development and operation of LEO -- Law Enforcement OnLine.
LEO is a national interactive computer communications system and information service, an Intranet exclusively for the law enforcement community. It is a user-friendly service which can be accessed by any approved employee of a duly constituted local, state, or federal law enforcement agency, or approved member of an authorized law enforcement special interest group. LEO is intended to provide a state-of-the-art communication mechanism to link all levels of law enforcement throughout the United States. LEO is also used as a vehicle to educate officers on
The Federal Bureau of Investigation provides a national focal point for electronic communication, education, and information sharing through the development and operation of LEO -- Law Enforcement OnLine.
LEO is a national interactive computer communications system and information service, an Intranet exclusively for the law enforcement community. It is a user-friendly service which can be accessed by any approved employee of a duly constituted local, state, or federal law enforcement agency, or approved member of an authorized law enforcement special interest group. LEO is intended to provide a state-of-the-art communication mechanism to link all levels of law enforcement throughout the United States. LEO is also used as a vehicle to educate officers on
Monday, June 10, 2002
Open Source Debate
This PDF article, written by Kenneth Brown of ADTI, attempts to explain that "Open source GPL use by government agencies could easily become a nation security concern. Government use of software in the public domain is exceptionally risky."
"... Another consideration for the U.S. government is that all source code developed under the GPL could have mirrored availability to the public. This poses unlimited security issues. Wheeler comments, There are many programs developed by the government which are THEMSELVES classified, and many - and probably most - of the various programs most important to national security are in this category (e.g., weapons systems). In that case, neither binaries nor source code of those particular applications are released to anyone else; besides being illegal, releasing the binary executables would give away far too much information." Rossz Vamos-Wentworth a programming expert, disagrees about the relevance of releasing code commenting, If the government uses GPL software, the government is to release their version(s). If the software is related to security, it really doesnt matter if the code is available or not. Security holes are eventually found, with or without open source code. If the security software is well done, having the source code will not make it easier to crack.
This PDF article, written by Kenneth Brown of ADTI, attempts to explain that "Open source GPL use by government agencies could easily become a nation security concern. Government use of software in the public domain is exceptionally risky."
"... Another consideration for the U.S. government is that all source code developed under the GPL could have mirrored availability to the public. This poses unlimited security issues. Wheeler comments, There are many programs developed by the government which are THEMSELVES classified, and many - and probably most - of the various programs most important to national security are in this category (e.g., weapons systems). In that case, neither binaries nor source code of those particular applications are released to anyone else; besides being illegal, releasing the binary executables would give away far too much information." Rossz Vamos-Wentworth a programming expert, disagrees about the relevance of releasing code commenting, If the government uses GPL software, the government is to release their version(s). If the software is related to security, it really doesnt matter if the code is available or not. Security holes are eventually found, with or without open source code. If the security software is well done, having the source code will not make it easier to crack.
Layered Insecurity
From the earliest stages of their careers, most IT security practitioners are taught about the practical benefits of "layered security" and "defense-in-depth"--and for good reason. Segregating public and private networks, deploying overlapping controls for access and asset protection, constructing DMZs and bastion hosts--these and other security techniques go a long way toward helping organizations secure their intellectual property and proprietary communications.
But creating a "living" layered security infrastructure is not a static, one-size-fits-all proposition. As network environments become more complex--involving partner extranets, VLANs, application portals, Web services, secure remote connectivity, Internet/POP mail, instant messaging and so on--architecting defense-in-depth into the network becomes more and more difficult. No one sets out to undermine security. But unless the security of the network evolves hand in hand with the ever-growing list of network services, the layers designed to secure it can actually introduce new and unforeseen vulnerabilities.
This article examines how security layers can break down, and how to architect the network to avoid these common pitfalls.
From the earliest stages of their careers, most IT security practitioners are taught about the practical benefits of "layered security" and "defense-in-depth"--and for good reason. Segregating public and private networks, deploying overlapping controls for access and asset protection, constructing DMZs and bastion hosts--these and other security techniques go a long way toward helping organizations secure their intellectual property and proprietary communications.
But creating a "living" layered security infrastructure is not a static, one-size-fits-all proposition. As network environments become more complex--involving partner extranets, VLANs, application portals, Web services, secure remote connectivity, Internet/POP mail, instant messaging and so on--architecting defense-in-depth into the network becomes more and more difficult. No one sets out to undermine security. But unless the security of the network evolves hand in hand with the ever-growing list of network services, the layers designed to secure it can actually introduce new and unforeseen vulnerabilities.
This article examines how security layers can break down, and how to architect the network to avoid these common pitfalls.
The SANS Security Policy Project
Welcome to the SANS Security Policy Resource page, a consensus research project of the SANS community. The ultimate goal of the project is to offer everything you need for rapid development and implementation of information security policies. You’ll find a great set of resources posted here already including policy templates for twenty-four important security requirements.
There is no cost for using these resources. They were compiled to help the people attending SANS training programs, but security of the Internet depends on vigilance by all participants, so we are making this resource available to the entire community.
Welcome to the SANS Security Policy Resource page, a consensus research project of the SANS community. The ultimate goal of the project is to offer everything you need for rapid development and implementation of information security policies. You’ll find a great set of resources posted here already including policy templates for twenty-four important security requirements.
There is no cost for using these resources. They were compiled to help the people attending SANS training programs, but security of the Internet depends on vigilance by all participants, so we are making this resource available to the entire community.
Directory Snoop
Directory Snoop is a low-level forensic utility that can recover erased files in an emergency, wipe sensitive data, and search for hidden data at the cluster level. Step through your File Allocation Table (FAT) and map individual clusters back to the file that owns them. Purge orphaned (and possibly sensitive) file names right out of the directory structure.
Directory Snoop is a low-level forensic utility that can recover erased files in an emergency, wipe sensitive data, and search for hidden data at the cluster level. Step through your File Allocation Table (FAT) and map individual clusters back to the file that owns them. Purge orphaned (and possibly sensitive) file names right out of the directory structure.
StegoArchive
In an ideal world we would all be able to openly send encrypted email or files to each other with no fear of reprisals. However there are often cases when this is not possible, either because you are working for a company that does not allow encrypted email or perhaps the local government does not approve of encrypted communication (a reality in some parts of the world). This is where steganography can come into play.
Steganography simply takes one piece of information and hides it within another. Computer files (images, sounds recordings, even disks) contain unused or insignificant areas of data. Steganography takes advantage of these areas, replacing them with information (encrypted mail, for instance). The files can then be exchanged without anyone knowing what really lies inside of them. An image of the space shuttle landing might contain a private letter to a friend. A recording of a short sentence might contain your company's plans for a secret new product. Steganography can also be used to place a hidden "trademark" in images, music, and software, a technique referred to as watermarking.
In an ideal world we would all be able to openly send encrypted email or files to each other with no fear of reprisals. However there are often cases when this is not possible, either because you are working for a company that does not allow encrypted email or perhaps the local government does not approve of encrypted communication (a reality in some parts of the world). This is where steganography can come into play.
Steganography simply takes one piece of information and hides it within another. Computer files (images, sounds recordings, even disks) contain unused or insignificant areas of data. Steganography takes advantage of these areas, replacing them with information (encrypted mail, for instance). The files can then be exchanged without anyone knowing what really lies inside of them. An image of the space shuttle landing might contain a private letter to a friend. A recording of a short sentence might contain your company's plans for a secret new product. Steganography can also be used to place a hidden "trademark" in images, music, and software, a technique referred to as watermarking.
The PalmPilot single-floppy backup system
PenguinBackup is a single, bootable 3.5" floppy disk which includes a complete operating system, utilities, and communication software for all kinds of Pilots (OS 1.x - 3.x), wrapped in a nice, easy-to-use menu system.
It is intended as an emergency backup system in case you're on the road with only your Pilot and need to do a full restore after a hard reset.
PenguinBackup is a single, bootable 3.5" floppy disk which includes a complete operating system, utilities, and communication software for all kinds of Pilots (OS 1.x - 3.x), wrapped in a nice, easy-to-use menu system.
It is intended as an emergency backup system in case you're on the road with only your Pilot and need to do a full restore after a hard reset.
PDS Seizure
As an examiner you know better than anyone that the difference between making a case and losing a case is hard evidence. And with more bad guys going high tech, obtaining that evidence is becoming more difficult than ever.
With paraben's pda seizure , you can retreive all the information that's on a PDA device.
Paraben's pda seizure is a comprehensive tool that allows PDA data to be acquired, viewed, and reported on, all within a Windows environment.tm
As an examiner you know better than anyone that the difference between making a case and losing a case is hard evidence. And with more bad guys going high tech, obtaining that evidence is becoming more difficult than ever.
With paraben's pda seizure , you can retreive all the information that's on a PDA device.
Paraben's pda seizure is a comprehensive tool that allows PDA data to be acquired, viewed, and reported on, all within a Windows environment.tm
Snorting Next Generation Secure Remote Log Servers over TCP
A comprehensive guide to building encrypted, secure remote syslog-ng servers with the Snort IDS. In PDF format.
A comprehensive guide to building encrypted, secure remote syslog-ng servers with the Snort IDS. In PDF format.
Creating a Virtual HoneyNet
Creating a virtual honeynet is no more than configuring a number of virtual-networked-systems to log all activity heading to it, while looking as generic as possible. Don't worry if you feel you can't afford the resources needed to run the honeynet, virtual honeynets are cheap, powerful and easy to admin, plus thru this paper I'll be trying to put in as much of my experience as possible to make it easier for you, but before we start there are a few points we have to understand.
Creating a virtual honeynet is no more than configuring a number of virtual-networked-systems to log all activity heading to it, while looking as generic as possible. Don't worry if you feel you can't afford the resources needed to run the honeynet, virtual honeynets are cheap, powerful and easy to admin, plus thru this paper I'll be trying to put in as much of my experience as possible to make it easier for you, but before we start there are a few points we have to understand.
OS Scan
Which Operating System have more vulnerabilities out of the box? Are they more secure after the latest patches? Do the latest patches add vulnerabilities? We wanted to see how much the OS patches released really help and to see which OS is more secure “Out of the Box”. So we picked several of the more popular Operating Systems and put them to the test. In this study, we will use Nmap version 2.54BETA 22 and Nessus 1.0.9 to scan Operating Systems installed with default options and no additional patches or configurations. Then we will scan them with the latest Security Packs and Cluster Patches and compare the scans to learn what security means to the vendors of the Operating Systems and the security scanners we use today.
Which Operating System have more vulnerabilities out of the box? Are they more secure after the latest patches? Do the latest patches add vulnerabilities? We wanted to see how much the OS patches released really help and to see which OS is more secure “Out of the Box”. So we picked several of the more popular Operating Systems and put them to the test. In this study, we will use Nmap version 2.54BETA 22 and Nessus 1.0.9 to scan Operating Systems installed with default options and no additional patches or configurations. Then we will scan them with the latest Security Packs and Cluster Patches and compare the scans to learn what security means to the vendors of the Operating Systems and the security scanners we use today.
The Security Writers Guild
The Security Writers Guild (SWG) is focused on publishing quality papers and developing original & creative projects in an effort to promote IT security and simultaneously establish its own security oriented community.
Information on SWG has been gathered from personal experiences, SANS teachings, or real professionals in the field.
The Security Writers Guild (SWG) is focused on publishing quality papers and developing original & creative projects in an effort to promote IT security and simultaneously establish its own security oriented community.
Information on SWG has been gathered from personal experiences, SANS teachings, or real professionals in the field.
Forensic Acquisition Utilities
This is a collection of utilities and libraries intended for forensic or forensic-related investigative use in a modern Microsoft Windows environment. The components in this collection are intended to permit the investigator to sterilize media for forensic duplication, discover where logical volume information is located and to collect the evidence from a running system while at the same time guaranteeing data integrity (e.g. with a cryptographic checksum) and while minimizing changes to the subject system.
This is a collection of utilities and libraries intended for forensic or forensic-related investigative use in a modern Microsoft Windows environment. The components in this collection are intended to permit the investigator to sterilize media for forensic duplication, discover where logical volume information is located and to collect the evidence from a running system while at the same time guaranteeing data integrity (e.g. with a cryptographic checksum) and while minimizing changes to the subject system.
DMZS-Biatchux Bootable CD Forensics/Incident-Response/Recovery/Virus Scanning/Pen-Tester Platform
Biatchux is a portable bootable cdrom based distribution with the goal of providing an immediate environment to perform forensic analysis, incident response, data recovery, virus scanning and vulnerability assessment.
Also capable of providing necessary tools for live forensics/analysis, just mount the cdrom on your choice of OS win32, sparc solaris and x86 linux trusted static binaries are available in /statbins.
Biatchux is a portable bootable cdrom based distribution with the goal of providing an immediate environment to perform forensic analysis, incident response, data recovery, virus scanning and vulnerability assessment.
Also capable of providing necessary tools for live forensics/analysis, just mount the cdrom on your choice of OS win32, sparc solaris and x86 linux trusted static binaries are available in /statbins.
Native Win32 ports of some GNU utilities
Here are some ports of common GNU utilities to native Win32, including dd. In this context, native means the executables do only depend on the Microsoft C-runtime (msvcrt.dll) and not an emulation layer like that provided by Cygwin tools.
Here are some ports of common GNU utilities to native Win32, including dd. In this context, native means the executables do only depend on the Microsoft C-runtime (msvcrt.dll) and not an emulation layer like that provided by Cygwin tools.
Instant Messaging Privacy and Security Solutions
One version of IMpasse protects multiple networks simultaneously — including AIM (AOL), MSN (Microsoft), and Yahoo messengers.
One version of IMpasse protects multiple networks simultaneously — including AIM (AOL), MSN (Microsoft), and Yahoo messengers.
Review of various computer forensics tools
This article reports on the capabilities and limitations of various software tools available to the forensics practitioner to complete a forensically sound examination.
This article reports on the capabilities and limitations of various software tools available to the forensics practitioner to complete a forensically sound examination.
Wireless Phones To Be Made Secure, by Pentagon Standards
The lack of secure telephone communications between U.S. and allied military forces was an oft-heard complaint during the Persian Gulf War and subsequent operations involving multi-national coalitions.
Now, the Defense Information Systems Agency (DISA) is trying to get out the message that there is a relatively easy way to achieve secure voice communications among coalition partners. For about $4,000, U.S. government officials and selected military allies can purchase a wireless handset that meets National Security Agency encryption standards.
The lack of secure telephone communications between U.S. and allied military forces was an oft-heard complaint during the Persian Gulf War and subsequent operations involving multi-national coalitions.
Now, the Defense Information Systems Agency (DISA) is trying to get out the message that there is a relatively easy way to achieve secure voice communications among coalition partners. For about $4,000, U.S. government officials and selected military allies can purchase a wireless handset that meets National Security Agency encryption standards.
STUDENT CRACKS XBOX, OPENS GAME CONSOLE TO OTHER OSES
With three weeks of work and $50 in hardware, a graduate student at the Massachusetts Institute of Technology cracked the security protections of Microsoft's Xbox, making it possible to run competing software and operating systems on the popular video game console. In a paper posted on MIT's Web site last weekend, Andrew Huang described how he build hardware that read the Xbox's internal security system and crack the encrypted data exchanged between two chips that prevented the console from being exploited. Huang says he technique gives users the ability to turn the Xbox into a standalone computer that can run non-Microsoft software and OSes, including rival Linux. Huang says he also discovered a series of other vulnerabilities that could allow users to run the code of their choice on the box and identify users when the Xbox is connected to the Internet.
With three weeks of work and $50 in hardware, a graduate student at the Massachusetts Institute of Technology cracked the security protections of Microsoft's Xbox, making it possible to run competing software and operating systems on the popular video game console. In a paper posted on MIT's Web site last weekend, Andrew Huang described how he build hardware that read the Xbox's internal security system and crack the encrypted data exchanged between two chips that prevented the console from being exploited. Huang says he technique gives users the ability to turn the Xbox into a standalone computer that can run non-Microsoft software and OSes, including rival Linux. Huang says he also discovered a series of other vulnerabilities that could allow users to run the code of their choice on the box and identify users when the Xbox is connected to the Internet.
Top Secret Phone Debuts For Feds
General Dynamics today reveals its Type 1 Sectera Secure Wireless Phone for GSM systems, a handset it says can handle the stringent security expectations of the nation's top government officials. The Type 1 phone, which consists of a clip-in module designed for use with the Motorola Timeport, operates over commercial or private GSM systems in the 900, 1800 and 1900 MHz GSM bands.
General Dynamics today reveals its Type 1 Sectera Secure Wireless Phone for GSM systems, a handset it says can handle the stringent security expectations of the nation's top government officials. The Type 1 phone, which consists of a clip-in module designed for use with the Motorola Timeport, operates over commercial or private GSM systems in the 900, 1800 and 1900 MHz GSM bands.
Subscribe to:
Posts (Atom)