The Enemy Within: Firewalls and Backdoors
As a modern IT professional you've done all the right things to keep the "bad guys" out: you protected your network with firewalls and/or proxies, deployed anti-virus software across all platforms, and secured your mobile workstations with personal firewalls. You may even be in the process of designing and deploying an enterprise-wide network and host intrusion detection framework to help keep an even closer eye on what's going on. Even with all this, are you really safe? Can your multiple-lines of defense truly protect your network from modern methods of intrusion?
This article presents an overview of modern backdoor techniques, discusses how they can be used to bypass the security infrastructure that exists in most network deployments and issues a wake-up call for those relying on current technologies to safeguard their systems/networks.
Monday, June 09, 2003
RedFang
Redfang is a small proof-of-concept application that finds non-discovereable Bluetooth devices by brute forcing the last six bytes of the device's Bluetooth address and doing a read_remote_name().
Redfang is a small proof-of-concept application that finds non-discovereable Bluetooth devices by brute forcing the last six bytes of the device's Bluetooth address and doing a read_remote_name().
Thursday, June 05, 2003
How To Use SpamAssassin on Win32
SpamAssassin is a wonderful open source product that performs heuristic spam analysis and RBL lookups, among other tests, to allow you to block most spam mail.
In its default form, it is designed and written for Unix platforms. This document provides information on how to get SpamAssassin working on Win32.
SpamAssassin is a wonderful open source product that performs heuristic spam analysis and RBL lookups, among other tests, to allow you to block most spam mail.
In its default form, it is designed and written for Unix platforms. This document provides information on how to get SpamAssassin working on Win32.
NTIDA
NTIDA (NT Intrusion Detection Audit) is a scripted framework dependant on thirdparty freeware utilities intended to assist administrators in easily auditing their critical NT/2K systems.
NTIDA (NT Intrusion Detection Audit) is a scripted framework dependant on thirdparty freeware utilities intended to assist administrators in easily auditing their critical NT/2K systems.
Wednesday, June 04, 2003
Windows NT/2000/XP Hardening
This paper is a brief security note to advise users of Windows NT, 2000 and XP workstations on how to apply patches and configure their systems to better protect them from compromise. This is emphatically not a comprehensive guide to Windows security but it is a first step in that direction.
This paper is a brief security note to advise users of Windows NT, 2000 and XP workstations on how to apply patches and configure their systems to better protect them from compromise. This is emphatically not a comprehensive guide to Windows security but it is a first step in that direction.
Tuesday, June 03, 2003
Open Source Computer Forensics Manual
An open-source manual for computer forensics covering methodology, process and delving into technical standard operating procedures.
An open-source manual for computer forensics covering methodology, process and delving into technical standard operating procedures.
Easy Encryption
Fred Langa looks at the universe of products that help you protect sensitive files and data from prying eyes and hackers.
Fred Langa looks at the universe of products that help you protect sensitive files and data from prying eyes and hackers.
Argus
Welcome to the Argus Open Project, home of Argus, the network Audit
Record Generation and Utilization System. The Argus Open Project is
focused on developing network activity audit strategies that can do real
work for the network architect, administrator and network user.
Welcome to the Argus Open Project, home of Argus, the network Audit
Record Generation and Utilization System. The Argus Open Project is
focused on developing network activity audit strategies that can do real
work for the network architect, administrator and network user.
Monday, June 02, 2003
Cisco Disovery Protocol
cdpr is used to decode a Cisco Disovery Protocol (CDP) packet, by default it will report the device ID, the IP Address (of the device), and the port number that the machine is connected to. Optionally it will decode the entire CDP packet.
cdpr is used to decode a Cisco Disovery Protocol (CDP) packet, by default it will report the device ID, the IP Address (of the device), and the port number that the machine is connected to. Optionally it will decode the entire CDP packet.
Friday, May 30, 2003
ODESSA
What is odessa? It's an acronym for "Open Digital Evidence Search and Seizure Architecture"
The intent of this project is to provide a completely open and extensible suite of tools for performing digital evidence analysis as well as a means of generating a usable report detailing the analysis and any findings. The odessa tool suite currently represents more than 7 man years of labor, and consists of 3 highly modular cross-platform tools for the acquisition, analysis, and documentation of digital evidence.
What is odessa? It's an acronym for "Open Digital Evidence Search and Seizure Architecture"
The intent of this project is to provide a completely open and extensible suite of tools for performing digital evidence analysis as well as a means of generating a usable report detailing the analysis and any findings. The odessa tool suite currently represents more than 7 man years of labor, and consists of 3 highly modular cross-platform tools for the acquisition, analysis, and documentation of digital evidence.
Tuesday, May 27, 2003
Conducting a Security Audit: An Introductory Overview
The word "audit" can send shivers down the spine of the most battle-hardened executive. It means that an outside organization is going to conduct a formal written examination of one or more crucial components of the organization. Financial audits are the most common examinations a business manager encounters. This is a familiar area for most executives: they know that financial auditors are going to examine the financial records and how those records are used. They may even be familiar with physical security audits. However, they are unlikely to be acquainted with information security audits; that is, an audit of how the confidentiality, availability and integrity of an organization's information is assured. They should be. An information security audit is one of the best ways to determine the security of an organization's information without incurring the cost and other associated damages of a security incident.
The word "audit" can send shivers down the spine of the most battle-hardened executive. It means that an outside organization is going to conduct a formal written examination of one or more crucial components of the organization. Financial audits are the most common examinations a business manager encounters. This is a familiar area for most executives: they know that financial auditors are going to examine the financial records and how those records are used. They may even be familiar with physical security audits. However, they are unlikely to be acquainted with information security audits; that is, an audit of how the confidentiality, availability and integrity of an organization's information is assured. They should be. An information security audit is one of the best ways to determine the security of an organization's information without incurring the cost and other associated damages of a security incident.
ISECOM - Institute for Security and Open Methodologies
Security Testing
OSSTMM - Open Source Security Testing Methodology Manual
OSSTMM Shortcuts
Internal Security Testing
BSTA Workbook - Business Security Testing and Analysis Workbook
Application Security
SPSMM - Secure Programming Standards Methodology Manual
Theses
Security Tools
Operational Tools
Development
Open Protocol Resource
Security Training
JACK - Jack of all Trades Security Testing Training Supplement
OPST - OSSTMM Professional Security Tester Certification
OPSA - OSSTMM Professional Security Analyst Certification
OPSS - OSSTMM Professional Security Series
Hacker High School
Incident Handling
SIPES - Security Incident Pollicy Enforcement System
Business Integrity Testing
Software Quality Testing
STICK - Software Testing Checklist
Security Testing
OSSTMM - Open Source Security Testing Methodology Manual
OSSTMM Shortcuts
Internal Security Testing
BSTA Workbook - Business Security Testing and Analysis Workbook
Application Security
SPSMM - Secure Programming Standards Methodology Manual
Theses
Security Tools
Operational Tools
Development
Open Protocol Resource
Security Training
JACK - Jack of all Trades Security Testing Training Supplement
OPST - OSSTMM Professional Security Tester Certification
OPSA - OSSTMM Professional Security Analyst Certification
OPSS - OSSTMM Professional Security Series
Hacker High School
Incident Handling
SIPES - Security Incident Pollicy Enforcement System
Business Integrity Testing
Software Quality Testing
STICK - Software Testing Checklist
Thursday, May 22, 2003
Passive Network Traffic Analysis
Network IDS devices use passive network monitoring extensively to detect possible threats. Through passive monitoring, a security admin can gain a thorough understanding of the network's topology: what services are available, what operating systems are in use, and what vulnerabilities may be exposed on the network. Much of this data can be gathered in an automated, non-intrusive manner through the use of standard tools, which will be discussed later in this article. While the concepts presented here are not difficult to understand, the reader should have at least an intermediate understanding of IP and a base-level familiarity with the operation of network sniffers.
Network IDS devices use passive network monitoring extensively to detect possible threats. Through passive monitoring, a security admin can gain a thorough understanding of the network's topology: what services are available, what operating systems are in use, and what vulnerabilities may be exposed on the network. Much of this data can be gathered in an automated, non-intrusive manner through the use of standard tools, which will be discussed later in this article. While the concepts presented here are not difficult to understand, the reader should have at least an intermediate understanding of IP and a base-level familiarity with the operation of network sniffers.
Tuesday, May 20, 2003
Securing Apache: Step-by-Step
This article shows in a step-by-step fashion, how to install and configure the Apache 1.3.x Web server in order to mitigate or avoid successful break-in when new vulnerabilities in this software are found.
This article shows in a step-by-step fashion, how to install and configure the Apache 1.3.x Web server in order to mitigate or avoid successful break-in when new vulnerabilities in this software are found.
Friday, May 16, 2003
Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary & Brute-Force attacks, decoding scrambled passwords, revealing password boxes and analyzing routing protocols.
IRS scans for IP restrictions set for a particular service on a Host. It combines "ARP Poisoning" and 'Half-Scan' techniques and tries totally spoofed TCP connections to the selected port of the Target. IRS is not a port Scanner but a 'valid source IP address' Scanner for a given service.
sTerm is a Telnet client with a unique feature. It can establish an entire bi-directional Telnet session to a target host never sending your real IP and MAC addresses in any packet. By using "ARP Poisoning", "MAC Spoofing" and "IP Spoofing" techniques sTerm can effectively bypass ACLs, Firewall rules and IP restrictions on servers and network devices. the connection will be done impersonating a Trusted Host.
cPfPc (Cisco PIX Firewall Password Calculator) produces the encrypted form of Cisco PIX enable mode passwords without the need to access the device.
ArpWorks is an utility for sending customized 'ARP announce' packets over the network. All ARP parameters, including the Ethernet Source MAC address (the phisical address of your network card) can be changed as you like. Other features are: IP to MAC resolver, subnet MAC discovery, host isolation, packets redirection, general IP confict.
IRS scans for IP restrictions set for a particular service on a Host. It combines "ARP Poisoning" and 'Half-Scan' techniques and tries totally spoofed TCP connections to the selected port of the Target. IRS is not a port Scanner but a 'valid source IP address' Scanner for a given service.
sTerm is a Telnet client with a unique feature. It can establish an entire bi-directional Telnet session to a target host never sending your real IP and MAC addresses in any packet. By using "ARP Poisoning", "MAC Spoofing" and "IP Spoofing" techniques sTerm can effectively bypass ACLs, Firewall rules and IP restrictions on servers and network devices. the connection will be done impersonating a Trusted Host.
cPfPc (Cisco PIX Firewall Password Calculator) produces the encrypted form of Cisco PIX enable mode passwords without the need to access the device.
ArpWorks is an utility for sending customized 'ARP announce' packets over the network. All ARP parameters, including the Ethernet Source MAC address (the phisical address of your network card) can be changed as you like. Other features are: IP to MAC resolver, subnet MAC discovery, host isolation, packets redirection, general IP confict.
Saturday, May 10, 2003
Top 75 Network Security Tools
In May of 2003, I conducted a survey of Nmap users from the nmap-hackers mailing list to determine their favorite security tools. Each respondent could list up to 8. This was a followup to the highly successful June 2000 Top 50 list. An astounding 1854 people responded in '03, and their recommendations were so impressive that I have expanded the list to 75 tools! Anyone in the security field would be well advised to go over the list and investigate tools they are unfamiliar with. I discovered several powerful new tools this way. I also plan to point newbies to this page whenever they write me saying "I do not know where to start".
In May of 2003, I conducted a survey of Nmap users from the nmap-hackers mailing list to determine their favorite security tools. Each respondent could list up to 8. This was a followup to the highly successful June 2000 Top 50 list. An astounding 1854 people responded in '03, and their recommendations were so impressive that I have expanded the list to 75 tools! Anyone in the security field would be well advised to go over the list and investigate tools they are unfamiliar with. I discovered several powerful new tools this way. I also plan to point newbies to this page whenever they write me saying "I do not know where to start".
Wednesday, May 07, 2003
Wellenreiter v1.8 - scanning for dummies
Perl Wellenreiter-1.8 has been released right now. Get it at our downloadsection. Wellenreiter is the first and only Linux Wireless scanner that does not need configurations by the user. It detects its environment automaticly. As long as the needed modules and drivers are present, Wellenreiter find its settings. As i said in the topic,scanning for dummies.
Perl Wellenreiter-1.8 has been released right now. Get it at our downloadsection. Wellenreiter is the first and only Linux Wireless scanner that does not need configurations by the user. It detects its environment automaticly. As long as the needed modules and drivers are present, Wellenreiter find its settings. As i said in the topic,scanning for dummies.
Practical examples for establishing Web service security in .NET
Instead of abstract theories, here are some examples to provide an easy and quick way to accomplish a rather complex task
Because security is one of the most fundamental aspects in the development and deployment of a Web service, there are a myriad of articles, documentation, and samples of how to make it secure. Yet the majority of this information is conveyed as abstract theory, as opposed to practical, real-world implementation.
Here, I'll share some practical examples on Web service security in .NET, not just abstract theories. These examples provide an easy and fast way to accomplish a rather complex task.
Let's explore programmatic Web service security using Visual Studio .NET to implement a custom, stateful SOAP Header to authenticate a consumer before allowing a method to execute. I will also show you how to remove public access to your Web service, how to prevent anonymous users from obtaining your WSDL file, and how to implement your Web service in an unauthorised manner. I will then explain how you can wrap your entire Web service implementation in a highly secure, encrypted format.
Instead of abstract theories, here are some examples to provide an easy and quick way to accomplish a rather complex task
Because security is one of the most fundamental aspects in the development and deployment of a Web service, there are a myriad of articles, documentation, and samples of how to make it secure. Yet the majority of this information is conveyed as abstract theory, as opposed to practical, real-world implementation.
Here, I'll share some practical examples on Web service security in .NET, not just abstract theories. These examples provide an easy and fast way to accomplish a rather complex task.
Let's explore programmatic Web service security using Visual Studio .NET to implement a custom, stateful SOAP Header to authenticate a consumer before allowing a method to execute. I will also show you how to remove public access to your Web service, how to prevent anonymous users from obtaining your WSDL file, and how to implement your Web service in an unauthorised manner. I will then explain how you can wrap your entire Web service implementation in a highly secure, encrypted format.
Tuesday, May 06, 2003
MUSC Computer Use Policy
The University recognizes its legal and social obligations to respect the privacy of the authorized users of its computing and network resources. However, users must recognize that the confidentiality of their electronic communications cannot be guaranteed by the University. Moreover, the University reserves the right to audit or monitor any uses of its computing and network resources when necessary to ensure compliance with University policy, and with federal, state and local law.
The University network provides its authorized users with access to many classes of privileged information. Users must maintain the confidentiality and integrity of the information they access, and must not use privileged information for any purpose not explicitly authorized.
The University's computing and network resources exist to support the University's missions of teaching, research, patient care and public service. Incidental personal use of these resources by authorized users is permitted only to the extent that such use is lawful and ethical, does not conflict with the University's missions, does not interfere with other authorized users, and does not cause additional expense to the University.
The University recognizes its legal and social obligations to respect the privacy of the authorized users of its computing and network resources. However, users must recognize that the confidentiality of their electronic communications cannot be guaranteed by the University. Moreover, the University reserves the right to audit or monitor any uses of its computing and network resources when necessary to ensure compliance with University policy, and with federal, state and local law.
The University network provides its authorized users with access to many classes of privileged information. Users must maintain the confidentiality and integrity of the information they access, and must not use privileged information for any purpose not explicitly authorized.
The University's computing and network resources exist to support the University's missions of teaching, research, patient care and public service. Incidental personal use of these resources by authorized users is permitted only to the extent that such use is lawful and ethical, does not conflict with the University's missions, does not interfere with other authorized users, and does not cause additional expense to the University.
Scapy
Scapy is a powerful interactive packet manipulation tool, packet generator, network scanner, network discovery, packet sniffer, etc. It can for the moment replace hping, 85% of nmap, arpspoof, arp-sk, arping, tcpdump, tethereal, p0f
Scapy is a powerful interactive packet manipulation tool, packet generator, network scanner, network discovery, packet sniffer, etc. It can for the moment replace hping, 85% of nmap, arpspoof, arp-sk, arping, tcpdump, tethereal, p0f
Subscribe to:
Posts (Atom)
