The NoCat Community Wireless Network Project
Connect to the network using DHCP, you bring up a web browser, type in any url and you'll get an authentication screen. Authenticate first then you can use the network etc.
Saturday, April 26, 2003
OpenBSD IPsec clients
This page is for people who wants to use IPsec clients with OpenBSD as an IPsec gateway.
This page is for people who wants to use IPsec clients with OpenBSD as an IPsec gateway.
Thursday, April 24, 2003
Detecting NAT Devices using sFlow
Unauthorized NAT (Network Address Translation) devices can be a significant security problem. Typically the NAT device will appear to the network administrator as an end host and it will authenticate itself onto the network. However, the NAT device provides unrestricted access to any number of hosts connecting to it directly, or more troublingly via wireless (Wi-Fi 802.11). Wi-Fi is a particular problem since it allows access to the network from a considerable distance, allowing unauthorized access without even entering the building.
Reliably detecting NAT devices is difficult since they are virtually indistinguishable from legitimate hosts. This paper describes how the detailed, pervasive, traffic monitoring capabilities of sFlow (RFC 3176) can be used to identify NAT devices on a network.
Unauthorized NAT (Network Address Translation) devices can be a significant security problem. Typically the NAT device will appear to the network administrator as an end host and it will authenticate itself onto the network. However, the NAT device provides unrestricted access to any number of hosts connecting to it directly, or more troublingly via wireless (Wi-Fi 802.11). Wi-Fi is a particular problem since it allows access to the network from a considerable distance, allowing unauthorized access without even entering the building.
Reliably detecting NAT devices is difficult since they are virtually indistinguishable from legitimate hosts. This paper describes how the detailed, pervasive, traffic monitoring capabilities of sFlow (RFC 3176) can be used to identify NAT devices on a network.
Thursday, April 17, 2003
Cisco Support for Lawful Intercept In IP Networks
Service providers are being asked to meet lawful intercept requirements of IP networks for voice as well as data in a variety of countries worldwide. Service Provider requirements vary from country to country but some requirements remain common even though details such as delivery formats may differ. The objective of this document is to describe how a Service Provider can support lawful intercept with a general solution that has a minimum set of common interfaces. This document does not deal with legal requirements or obligations.
Service providers are being asked to meet lawful intercept requirements of IP networks for voice as well as data in a variety of countries worldwide. Service Provider requirements vary from country to country but some requirements remain common even though details such as delivery formats may differ. The objective of this document is to describe how a Service Provider can support lawful intercept with a general solution that has a minimum set of common interfaces. This document does not deal with legal requirements or obligations.
Tuesday, April 15, 2003
PKI... Why Go Through the Hassle?
As e-mail increasingly substitutes the use of letters and faxes (also to governmental bodies) and as commercial transactions on the web get more and more important to organisations, the need for secure communications equally grows, especially with spoof attacks, interception of transmissions and other hacking methods becoming more widespread and getting more “intelligent” every day. So, if the web is to achieve its true (commercial) potential, it is important that the right technological infrastructure is in place. Public Key Infrastructure (PKI) enabled by cryptography provides a secure basis. Digital signatures use public key infrastructure.
As e-mail increasingly substitutes the use of letters and faxes (also to governmental bodies) and as commercial transactions on the web get more and more important to organisations, the need for secure communications equally grows, especially with spoof attacks, interception of transmissions and other hacking methods becoming more widespread and getting more “intelligent” every day. So, if the web is to achieve its true (commercial) potential, it is important that the right technological infrastructure is in place. Public Key Infrastructure (PKI) enabled by cryptography provides a secure basis. Digital signatures use public key infrastructure.
Digital Forensics Lesson Learned Repository
The use of computers to store evidence by criminals has become more prevalent as our society has become increasingly computerized. It is now routine to find calendars, e-mails among co-conspirators, financial account information, detailed plans of crimes, telephone numbers and other artifacts that can be used as evidence in a criminal case stored on a hard drive, PDA or cell phone. However, every new computerized device or new software upgrade poses additional challenges to computer forensics experts who are already thinly stretched as case loads mount. There is little opportunity for innovation and research, and no slack to allow the luxury of reinventing the wheel for similar cases.
A "Lesson Learned" is defined as: "A good work practice or innovative approach that is captured and shared to promote repeat application, or an adverse work practice or experience that is captured and shared to avoid recurrence[1]." In order to facilitate sharing information on computer forensics, we are developing a web-based Lessons-Learned Repository (LLR) to facilitate both the contribution and retrieval of Lessons.
The LLR will initially be populated through contributions from a set of selected computer forensics specialists from the Law Enforcement community, the results of an analysis of the transcripts of past court cases involving electronic evidence and standardized procedures for collecting the data from a device in a legally admissible manner [2]. Once the Repository is on-line, it is anticipated additional Lessons will continue to be contributed from the global computer forensics community, as well as being augmented by manufacturers willing to post contact information for product-specific inquiries.
The use of computers to store evidence by criminals has become more prevalent as our society has become increasingly computerized. It is now routine to find calendars, e-mails among co-conspirators, financial account information, detailed plans of crimes, telephone numbers and other artifacts that can be used as evidence in a criminal case stored on a hard drive, PDA or cell phone. However, every new computerized device or new software upgrade poses additional challenges to computer forensics experts who are already thinly stretched as case loads mount. There is little opportunity for innovation and research, and no slack to allow the luxury of reinventing the wheel for similar cases.
A "Lesson Learned" is defined as: "A good work practice or innovative approach that is captured and shared to promote repeat application, or an adverse work practice or experience that is captured and shared to avoid recurrence[1]." In order to facilitate sharing information on computer forensics, we are developing a web-based Lessons-Learned Repository (LLR) to facilitate both the contribution and retrieval of Lessons.
The LLR will initially be populated through contributions from a set of selected computer forensics specialists from the Law Enforcement community, the results of an analysis of the transcripts of past court cases involving electronic evidence and standardized procedures for collecting the data from a device in a legally admissible manner [2]. Once the Repository is on-line, it is anticipated additional Lessons will continue to be contributed from the global computer forensics community, as well as being augmented by manufacturers willing to post contact information for product-specific inquiries.
Warren Harrison
Warren's research interests are focused on the areas of software engineering, computer forensics and mobile wireless applications. He is currently Editor-in-Chief of IEEE Software Magazine, whose mission is "building the community of leading software practitioners." He is also past-Editor-in-Chief of Empirical Software Engineering and the Software Quality Journal.
Warren's research interests are focused on the areas of software engineering, computer forensics and mobile wireless applications. He is currently Editor-in-Chief of IEEE Software Magazine, whose mission is "building the community of leading software practitioners." He is also past-Editor-in-Chief of Empirical Software Engineering and the Software Quality Journal.
Monday, April 14, 2003
Steganography Revealed
Over the past couple of years, steganography has been the source of a lot of discussion, particularly as it was suspected that terrorists connected with the September 11 attacks might have used it for covert communications. While no such connection has been proven, the concern points out the effectiveness of steganography as a means of obscuring data. Indeed, along with encryption, steganography is one of the fundamental ways by which data can be kept confidential. This article will offer a brief introductory discussion of steganography: what it is, how it can be used, and the true implications it can have on information security.
Over the past couple of years, steganography has been the source of a lot of discussion, particularly as it was suspected that terrorists connected with the September 11 attacks might have used it for covert communications. While no such connection has been proven, the concern points out the effectiveness of steganography as a means of obscuring data. Indeed, along with encryption, steganography is one of the fundamental ways by which data can be kept confidential. This article will offer a brief introductory discussion of steganography: what it is, how it can be used, and the true implications it can have on information security.
Webinvestigator
The Internet consists of over two billion pages of information yet many investigators make only superficial use of this amazing resource. This site is dedicated to those who have to dig deeper and use information more carefully than the general public.
The Internet consists of over two billion pages of information yet many investigators make only superficial use of this amazing resource. This site is dedicated to those who have to dig deeper and use information more carefully than the general public.
Wednesday, April 02, 2003
CyberData
CyberData, LLC (formerly 20/20 Investigations, Inc.) has established itself as a leader in providing computer forensic analysis and computer crime investigation services. Our mission is to provide the highest quality of services with unequaled integrity. We serve our clients with complete honesty, outstanding customer service, and personal attention. We provide exceptional value to our clients by combining our investigative skills with our knowledge in computer forensics and computer crime investigations.
Services we provide are:
Computer Forensic Analysis
Analysis of previously analyzed reports
Analysis of computer media (hard drives, disks, CD's, flash cards, Palm Pilots, etc.)
Computer Crime Investigations
E-Mail Tracing and Internet Profiling
Intellectual Property Theft
Cyber-Stalking and Suspected Child Pornography
Online Fraud
Abuse of Computer Use Policies
Consulting
Minimizing data theft
Providing solutions to businesses
Analysis of Computer Use Policies
Password Cracking
Lost password?
Employee sabotage?
Hard Drive Wiping
Wipe the drive before you donate that old computer
New employee or re-allocating the computer to another person?
Unconditional guarantee – drives are wiped to Department of Defense standards
Data Recovery
Recover lost or missing files
Recover accidentally deleted files
CyberData, LLC (formerly 20/20 Investigations, Inc.) has established itself as a leader in providing computer forensic analysis and computer crime investigation services. Our mission is to provide the highest quality of services with unequaled integrity. We serve our clients with complete honesty, outstanding customer service, and personal attention. We provide exceptional value to our clients by combining our investigative skills with our knowledge in computer forensics and computer crime investigations.
Services we provide are:
Computer Forensic Analysis
Analysis of previously analyzed reports
Analysis of computer media (hard drives, disks, CD's, flash cards, Palm Pilots, etc.)
Computer Crime Investigations
E-Mail Tracing and Internet Profiling
Intellectual Property Theft
Cyber-Stalking and Suspected Child Pornography
Online Fraud
Abuse of Computer Use Policies
Consulting
Minimizing data theft
Providing solutions to businesses
Analysis of Computer Use Policies
Password Cracking
Lost password?
Employee sabotage?
Hard Drive Wiping
Wipe the drive before you donate that old computer
New employee or re-allocating the computer to another person?
Unconditional guarantee – drives are wiped to Department of Defense standards
Data Recovery
Recover lost or missing files
Recover accidentally deleted files
Compusleuth
CompuSleuth, Inc. is comprised of a team of highly skilled forensic computer specialists. Located in Westerville, Ohio, our goal is to provide expert services to the corporate, legal and accounting communities on both a local and national level.
CompuSleuth, Inc. is comprised of a team of highly skilled forensic computer specialists. Located in Westerville, Ohio, our goal is to provide expert services to the corporate, legal and accounting communities on both a local and national level.
WarTyping.com
The first (and currently only) site on the net dedicated specifically to the art of "War Typing". WarTyping is basically the act of location, and interception of radio signals transmitted by wireless keyboards onto the public airwaves by driving / walking around with the appropriate equipment.
The first (and currently only) site on the net dedicated specifically to the art of "War Typing". WarTyping is basically the act of location, and interception of radio signals transmitted by wireless keyboards onto the public airwaves by driving / walking around with the appropriate equipment.
Tuesday, April 01, 2003
ForensicsWeb
Welcome to Forensics Web! A site dedicated to technology related investigations and forensics. This site caters to law enforcment and corpsec interests with a special focus on computer related forensics and investigations. New sections, forums, and content will come online over time.
Welcome to Forensics Web! A site dedicated to technology related investigations and forensics. This site caters to law enforcment and corpsec interests with a special focus on computer related forensics and investigations. New sections, forums, and content will come online over time.
Thursday, March 20, 2003
tscrack
TScrack is a dictionary based (rather than bruteforce) password cracker for Microsoft Windows Terminal Services (RDP).
TScrack is a dictionary based (rather than bruteforce) password cracker for Microsoft Windows Terminal Services (RDP).
File Signature Database
This database is designed to assist examiners primarily for the process of searching unallocated space. With the ever-growing number of forensic tools being produced I have attempted to create a portable database, allowing examiners to export the data within, for the use on the majority of the leading forensic computing tools.
This database is designed to assist examiners primarily for the process of searching unallocated space. With the ever-growing number of forensic tools being produced I have attempted to create a portable database, allowing examiners to export the data within, for the use on the majority of the leading forensic computing tools.
Wednesday, March 19, 2003
Wireless Security & Hacking
This is the last article in the Wireless series. Just to remind you, the first article introduced the reader to the Wireless world and discussed Wireless devices and protocols. The second article went deeper into Wireless networks, provided general info on WLAN and discussed IEEE standards for them. This article deals with WLAN security, explains the most common attack techniques and introduces some useful tools.
This is the last article in the Wireless series. Just to remind you, the first article introduced the reader to the Wireless world and discussed Wireless devices and protocols. The second article went deeper into Wireless networks, provided general info on WLAN and discussed IEEE standards for them. This article deals with WLAN security, explains the most common attack techniques and introduces some useful tools.
Monday, March 17, 2003
Four basic steps can get hackers into most computers
Every breach of computer security is different, depending on the skills of the attacker and the defenses in your system. But most hackers follow the same four basic steps to perpetrate an attack — profiling, scanning, enumerating and exploiting.
Here's how each step works.
Every breach of computer security is different, depending on the skills of the attacker and the defenses in your system. But most hackers follow the same four basic steps to perpetrate an attack — profiling, scanning, enumerating and exploiting.
Here's how each step works.
Remote timing attacks are practical
Timing attacks are usually used to attack weak computing devices such as smartcards. We show that timing attacks apply to general software systems. Specifically, we devise a timing attack against OpenSSL. Our experiments show that we can extract private keys from an OpenSSL-based web server running on a machine in the local network. Our results demonstrate that timing attacks against network servers are practical and therefore all security systems should defend against them.
Timing attacks are usually used to attack weak computing devices such as smartcards. We show that timing attacks apply to general software systems. Specifically, we devise a timing attack against OpenSSL. Our experiments show that we can extract private keys from an OpenSSL-based web server running on a machine in the local network. Our results demonstrate that timing attacks against network servers are practical and therefore all security systems should defend against them.
Tuesday, March 11, 2003
Cryptographic Filesystems: Design and Implementation
As security becomes a greater focus in networks, every aspect of online information needs a level of protection from the network-level use of firewalls and IDS to the host-level use of IDS. However, an additional level of security has recently come to the forefront of security - cryptographic filesystems. While the technology for cryptographic filesystems has been available for quite a while, the deployment of cryptographic filesystems in production environments has not taken hold. This article will discuss some of the background and technology of cryptographic filesystems and will then cover some example implementations of these filesystems including Microsoft's Encrypting File System for Windows 2000, the Linux CryptoAPI, and the Secure File System.
As security becomes a greater focus in networks, every aspect of online information needs a level of protection from the network-level use of firewalls and IDS to the host-level use of IDS. However, an additional level of security has recently come to the forefront of security - cryptographic filesystems. While the technology for cryptographic filesystems has been available for quite a while, the deployment of cryptographic filesystems in production environments has not taken hold. This article will discuss some of the background and technology of cryptographic filesystems and will then cover some example implementations of these filesystems including Microsoft's Encrypting File System for Windows 2000, the Linux CryptoAPI, and the Secure File System.
Subscribe to:
Posts (Atom)
