Networking to Internet, a long journey
The art of computer networking dates back to the 1960s. As the use of computers was on the increase in the early 1960s the question of how to hook up and share the data between computers had arisen. The first revolutionary packet switching technique was invented by Leonard Kleinrock. Thereafter, this idea had gained popularity and people like Paul Baran at the Rand Institute had begun investigating on how to use packet switching for secure voice over military networks.
Roberts published a plan for the ARPAnet (Advanced Projects Research Agency) based in United States, the first packet switched computer network and the ancestors of today's Internet. The early packet switched were known as Interface Message Processors (IMP) which was first installed at the UCLA. Shortly, 3 more followed and the Internet grew to four nodes large by the end of 1969. Ofcourse, things weren't as easy, the very first use of the network to perform a remote login from UCLA crashed the remote system. (other three nodes - Stanford Research Institute, UC Santa Barbara, and the University of Utah).
Friday, September 20, 2002
Search engine
Something went wrong with the search function on this site. The index didn't automatically update for about 41 days (...). Fixed the problem so now the search engine is updated every week.
Something went wrong with the search function on this site. The index didn't automatically update for about 41 days (...). Fixed the problem so now the search engine is updated every week.
Internal Network Security
When organizations first begin to assess network security, the tendency is to focus almost exclusively on external facing assets to defend against unauthorized "hacker" attacks. However, to establish an effective security program, organizations must examine both internet facing, publicly accessible resources, as well as private internal networks. Recent findings, released by the FBI and the Computer Security Institute, show that internal attacks account for the majority (60%) of security breaches organizations experience, suggesting that internal security needs to become more of a priority for security managers.
When organizations first begin to assess network security, the tendency is to focus almost exclusively on external facing assets to defend against unauthorized "hacker" attacks. However, to establish an effective security program, organizations must examine both internet facing, publicly accessible resources, as well as private internal networks. Recent findings, released by the FBI and the Computer Security Institute, show that internal attacks account for the majority (60%) of security breaches organizations experience, suggesting that internal security needs to become more of a priority for security managers.
Thursday, September 19, 2002
Scary Tales from the Cryptologist
Information-security expert Paul Kocher is worried because as programs grow larger, identifying flaws becomes increasingly harder
In 1995, Paul Kocher caught the attention of information-security experts when he unveiled a method for cracking a handful of commonly used computer codes by timing how long it took for computers to process requests using those code algorithims. Today, Kocher remains a prominent voice in the cryptography field. As head of Cryptography Research, he and his small band of San Francisco-based cryptographers are paid by banks and credit-card companies to "hack" their products in hopes of uncovering system vulnerabilities.
Far from being an unqualified believer in cryptography, however, Kocher is deeply concerned. What worries him is that the tried and true methods, which rely on increased computing power to crack codes, will fall behind in their capacity to solve information-security problems. I recently spoke with Kocher about encryption's looming challenges. Here are edited excerpts from our conversation.
Information-security expert Paul Kocher is worried because as programs grow larger, identifying flaws becomes increasingly harder
In 1995, Paul Kocher caught the attention of information-security experts when he unveiled a method for cracking a handful of commonly used computer codes by timing how long it took for computers to process requests using those code algorithims. Today, Kocher remains a prominent voice in the cryptography field. As head of Cryptography Research, he and his small band of San Francisco-based cryptographers are paid by banks and credit-card companies to "hack" their products in hopes of uncovering system vulnerabilities.
Far from being an unqualified believer in cryptography, however, Kocher is deeply concerned. What worries him is that the tried and true methods, which rely on increased computing power to crack codes, will fall behind in their capacity to solve information-security problems. I recently spoke with Kocher about encryption's looming challenges. Here are edited excerpts from our conversation.
E-Secure-DB IT Security Information Database
This outstanding repository of data has information stored in easily accessed folders, indexed and cross referenced on all aspects of IT security. Vulnerabilities, product overviews, policy, procedures and more Information on IT Security Worldwide.
This outstanding repository of data has information stored in easily accessed folders, indexed and cross referenced on all aspects of IT security. Vulnerabilities, product overviews, policy, procedures and more Information on IT Security Worldwide.
Wednesday, September 18, 2002
Detecting and Removing Trojans and Malicious Code
The purpose of this article is to recommend steps that an administrator can use to determine whether or not a Win2K system has been infected with malicious code or "malware" and, if so, to remove it. This article will specifically address network backdoor Trojans and IRC bots, but the information delivered in this article should assist the reader in a variety of situations.
The purpose of this article is to recommend steps that an administrator can use to determine whether or not a Win2K system has been infected with malicious code or "malware" and, if so, to remove it. This article will specifically address network backdoor Trojans and IRC bots, but the information delivered in this article should assist the reader in a variety of situations.
Enterprise Security: An Architectural Approach
it is easy to lose sight of the bigger picture when addressing security concerns in the enterprise. IT executives should develop a strategic plan to address security requirements throughout the enterprise before digging into any single issue. IT executives should also work closely with other line of business (LOB) executives to incorporate areas such as auditing, intellectual property, and physical site security into an overarching security strategy document for the company as a whole.
it is easy to lose sight of the bigger picture when addressing security concerns in the enterprise. IT executives should develop a strategic plan to address security requirements throughout the enterprise before digging into any single issue. IT executives should also work closely with other line of business (LOB) executives to incorporate areas such as auditing, intellectual property, and physical site security into an overarching security strategy document for the company as a whole.
Wiretapped - Computer Security Software etc. Wiretapped is an archive of software and information covering the areas of host, network and information security, network operations, cryptography and privacy, among others. We believe we are now the largest archive of this type of software & information, hosting in excess of 20 gigabytes of information mirrored from around the world.
Tuesday, September 17, 2002
Offline NT Password & Registry Editor
Overview
This is a utility to (re)set the password of any user that has a valid (local) account on your NT system, by modifying the crypted password in the registrys SAM file.
You do not need to know the old password to set a new one.
It works offline, that is, you have to shutdown your computer and boot off a floppydisk. The bootdisk includes stuff to access NTFS partitions and scripts to glue the whole thing together.
Note: It will now also work with SYSKEY, including the option to turn it off!
Why?
NT stores it's user information including crypted versions of the passwords in a file called 'sam', usually found in \winnt\system32\config. This file is a part of the registry, in a binary format previously undocumented, and not easily accessible. But thanks to a German(?) named B.D, I've now made a program that understands the registry. As far as I know, Microsoft provides no way of changing the password if you cannot log in as someone with appropriate privileges, except restoring the registry files from the rescuefloppy.
Overview
This is a utility to (re)set the password of any user that has a valid (local) account on your NT system, by modifying the crypted password in the registrys SAM file.
You do not need to know the old password to set a new one.
It works offline, that is, you have to shutdown your computer and boot off a floppydisk. The bootdisk includes stuff to access NTFS partitions and scripts to glue the whole thing together.
Note: It will now also work with SYSKEY, including the option to turn it off!
Why?
NT stores it's user information including crypted versions of the passwords in a file called 'sam', usually found in \winnt\system32\config. This file is a part of the registry, in a binary format previously undocumented, and not easily accessible. But thanks to a German(?) named B.D, I've now made a program that understands the registry. As far as I know, Microsoft provides no way of changing the password if you cannot log in as someone with appropriate privileges, except restoring the registry files from the rescuefloppy.
Sunday, September 15, 2002
Human Firewall - Be aware. Be secure.
The Human Firewall Council, a non-profit security awareness organization, has created the industry's first free online tool for benchmarking security management best practices. The Security Management Index takes participants through a series of questions covering the nine major sections of ISO17799. At the end of the survey, each participant receives a score that shows how their security practices measure up. Results are completely confidential. Aggregate data will be used to create a final report to be released in January 2003. The Security Management Index is sponsored by industry leaders such as British Standards Institute, PentaSafe, Sun Microsystems, ISSA, QinetiQ and InfoWorld.
The Human Firewall Council, a non-profit security awareness organization, has created the industry's first free online tool for benchmarking security management best practices. The Security Management Index takes participants through a series of questions covering the nine major sections of ISO17799. At the end of the survey, each participant receives a score that shows how their security practices measure up. Results are completely confidential. Aggregate data will be used to create a final report to be released in January 2003. The Security Management Index is sponsored by industry leaders such as British Standards Institute, PentaSafe, Sun Microsystems, ISSA, QinetiQ and InfoWorld.
Subscribe to:
Posts (Atom)