|
Jun
20: Serious Paragliding accident: 4 months in hospital.... this page won't
be updated for a while..
Jun 8
The Enemy Within:
Firewalls and Backdoors, by Bob Rudis, and Phil Kostenbader
A good summary of backdoors and the limits of firewall protection..
Microsft & DRM:
Digital Rights Management
May 2003
Rsync:
+
SSH minimalist on Windows,
Discussions,
Faq-O-Matic
Understanding a
Network Through Passive Monitoring by Kevin Timm
Useful example on analysis of tcpdump logs.
Securing Apache: Step-by-Step by Artur Maj (useful example with
chroot'ing tips)
Top 75 Security Tools
(poll of nmap users)
XP:
Tweaking,
enhanced command-line monitoring utilities
Introduction to
Simple Oracle Auditing by Pete Finnigan
Auditing Web Site
Authentication #1 by Mark Burnett
Load
Balancers As Firewalls, by Tony Bourke (from 2001, but
interesting)
Apr 2003
Auditing Web Site
Authentication #1 by Mark Burnett
Specter: a
Commercial Honeypot Solution for Windows Lance Spitzner
Cryptographic
File Systems, Part Two: Implementation, Ido Dubrawsky
OpenSSH securID patches that
support next token
scponly looks interesting for restricting ssh file transfers.
OpenSSH 3.6 and 3.6.1 released
Incident Response
Tools For Unix, Part One: System Tools by Holt Sorenson
A handy summary of UNIX tools for budding Security Administrators.
Why
Am I Getting All This Spam? Center for Democracy & Technology
Tim. Bray:
Why
XML Doesn't Suck,
XML
Is Too Hard For Programmers
Mar
2003
Forensics example:
Snort + dtspcd + trojaned /bin/login
VNC on Windows +
stunnel/SSL
Best Practices
for Secure Development, Razvan Peteanu.
Burning
the bridge: Cisco IOS exploits
Unofficial SuSE
FAQ
Very Secure ftp server: vsftpd
(and easy to use as well!).
Feb 2003
BSD: Creating
systrace policies
MySQL
security
Is the
U.S. Turning Into a Surveillance Society?
SNMP
FAQ, CERT tips
on snmp, Presentation
by Lucent
SunScreen,
Part Two: Policies, Rules, and NAT
Comment: finally some decent articles on the sunscreen. A pity the
examples use the GUI and not the command line.
Jan 2003
Sunscreen
Part one: introduction, by Ido Dubrawsky
Security
Quick-Start HOWTO for Red Hat Linux
Securing
Outlook, Part Two: Many Choices to Make
Strikeback,
Part Deux, by Tim Mullen
Intelligence
Gathering: Watching a Honeypot at Work, by Toby Miller
SANS: Security
Policy Project, Reading Room
Netcat overview
Nmapwin
TightVNC is
an improved version of VNC (speed/compression/GUI), and RealVNC
is the continuation of the original version. The commercial TridiaVNC
Pro looks interesting too, with file transfer and SSL encryption.
Dell Inspiron 8x00
fan control utility
|
'Twas the Night
Before Christmas, 2002, Tim Mullen
Microsoft & Windows
Solaris
IDS:
Tools
- Audit
- Jordan Russell provides some free useful tools for Windows
developers:
Inno Setup is a free installer for Windows programs, with source
code, written in Delphi.
StripReloc is a
free utility that removes the relocation (".reloc") section
from Win32 PE EXE files
- Sudo Aliases and
Exclusions
- Advanced Log Processing by Anton
Chuvakin
Log Analysis Resources, Tina Bird
- Spam /anti virus
- Linux Serial
Console HOW-TO
- Interesting Social-Engineering
attack on PGP.
- IP address CIDR/netmask calculator http://grox.net/utils/whatmask/
-
SSH
- Note: Solaris9 has SSH bundled and it
works well, for example password aging works correctly (which is
not the case with v3.4p1..)
- Mindterm v2.3.1 & Putty 0.53b have been
released (and hence our review,
and install bundle).
Note especially our security tip
if you have used previous Mindterm versions.
-
OpenSSH 3.4 released. At least it compiles and seems to work cleanly on Solaris
(v3.2.x did not). I've generated some Solaris
packages and updated the SSH
paper.
-
OpenSSH 3.2.2 released, with several interesting improvements.
Doesn't work well on Solaris though. We'll update this space when packages have
been generated: www.openssh.com
-
Our SSH article has been updated for v3.1p1 and a common
Solaris 2.6/7/8 sparc/UltraSPARC package created. www.boran.com/security/sp/ssh-part2.html
-
OpenSSH 3.1 released, a nasty security bug fix - you'll need to
upgrade www.openssh.com. We
have generated a package for Solaris 2.6 to 8 that you may wish to use: www.boran.com/security/sp/ssh
.
-
Our SSH article has been updated for v3.0.1p2 and a common
Solaris 2.6/7/8 sparc/UltraSPARC package created. www.boran.com/security/sp/ssh-part2.html
-
PGP
- Crypto plugins such as PGP don't ensure that all traffic is
encrypted when sending emails in an Exchange environment, since
Outlook sends data even before "send" is hit - strange stuff. www.heise.de/newsticker/data/pab-26.02.02-000/
- Sunscreen Firewall tip: When sunscreen rules are changed and then activated, the existing
network connections are not stopped and re-checked against the rules. So
if the new rules you added are intended to actually block current
sessions (as opposed to new ones), the connection tables need to be
flushed:
ssadm lib/statetables -f
Warning: this will reset ALL existing connections (e.g. PASV ftp transfers)
- IPTables Linux firewall with packet string-matching support http://www.securityfocus.com/infocus/1531
, http://articles.linuxguru.net/view/120.
This allows you do things like stopping all those pesky HTTP gets of cmd.exe
loading your WebServer and filling your web logs: iptables -I INPUT -j DROP
-m
string -p tcp -s 0.0.0.0/0 --string “cmd.exe”
- Hogwash is a little similar to the string matching above, except is uses snort for
signature matching... it "stops attacks that can't be blocked by a traditional
firewall and can be used to protect systems that are un-patchable for one reason or
another". V0pre7 is the latest... http://hogwash.sourceforge.net/
WLAN/WiFi
General
- Our ADSL/cable SOHO
Firewall review has been update with the Snapgear Pro+.
- What are the
real risks of cyber terrorism?
At last, an article that presents a decent discussion without hype and
exaggeration.
- SANS top 20 Vulnerabilities
- Terrorists
on the Net? Who Cares?
- Interesting papers by Eric Hines of Fatelabs:
- Footprints in the
Sand, Part One. Fingerprinting exploits in system and application
log files
- Flying Pigs:
Snorting Secure Remote Syslog-NG Servers
- Forensic
Analysis Without an IDS: A Detailed Account of Blind Incident
Response (on NT)
- Non
blind IP Spoofing and Session Hijacking: A Diary From the Garden of
Good and Evil
- Virtual Private
Problems: The Broken Dream
- Attack signatures
-
Collection of papers on SentryInformation
- OECD
published updated cybersecurity guidelines: Awareness,
Responsibility, Response, Ethics, Democracy, Risk assessment, Security
design & implementation, Security management, Reassessment.
-
System Administrator
Appreciation Day
-
Twenty Don'ts
for ASP Developers by Mark Burnett
-
Security Concerns
in Licensing Agreements, Part One: Clickwrap and Shrink-wrap Agreements
by Steven Robinson
-
Strange
Attractors and TCP/IP Sequence Number Analysis
- Cryptogram:
One time pads, U.S. National Strategy to Secure Cyberspace
- Cryptogram:
Palladium, License to Hack, Microsoft
5 minute security tips
- Cryptogram
May 15th: Interesting summary of fingerprint reader cracking
by Tsutomu Matsumoto.
http://www.itu.int/itudoc/itu-t/workshop/security/present/s5p4.pdf
http://cryptome.org/gummy.htm
- Zaurus Linux PDA (I just got one and love it):
Myzaurus,
Sharp place, killefiz,
Review1, Review2,
Opie,
OpenZaurus, Zaurus
Dev, Sourceforge
Forum, Zauruszone feed,
Unofficial
FAQ, HOW-tos, LovesLinux
German: Zaurus Community, Zubehör,
Z-info
- Assessing
Internet Security Risk, Part One: What is Risk Assessment? by Charl
Van der Walt
Part Two: an
Internet Assessment Methodology
Part Three: an
Internet Assessment Methodology
Part Four:
Custom Web Application
[a pretty good intro to this topic..]
- Vulnerability
Is Discovered in Security for Smart Cards
- Mozilla 1.0
released
-
C4i: Computer Security &
Intelligence (there's an email
list too)
- Estimating
the cost of damages due to a security incident
- Web
services white paper by Softonomy
- Information
Security Hype Cycle
-
Rolf Oppliger at eSecurity.ch
has written some interesting security books and papers. I've not read
them yet, but the overviews look promising.
- Attacking
FreeBSD with Kernel Modules - by pragmatic / THC
-
Cryptogram:
good discussions at the end.
-
Internet Access Performance sunsite.cnlab-switch.ch/performance
-
J. Loughry and D.A. Umphress. "Information Leakage from Optical
Emanations." applied-math.org/optical_tempest.pdf
-
Interesting product I'd like to try: 3Com
firewall on an NIC ($170 for NIC, $1000 for
central management tool)
-
NIST have
release a flurry of useful draft
documents this year: Guidelines on Electronic Mail Security,
Procedures for Handling Security Patches, Securing Public Web Servers,
Network Security Testing
-
The BSI
Grundschutz is useful resource to revisit now and again, as is Common
Criteria (also in German).
-
Chasing the Wind, Episode Fifteen: End Game
-
The Enemy Inside the Gates: Preventing and Detecting Insider Attacks
This summaries quite a few issues. I think that centralised logging with
monitoring & analysis needs more emphasis though.
-
Top 10 database security headaches
http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci797222,00.html
-
Firewall Analysis by the German BSI http://www.bsi.de/literat/studien/firewall/fw01eng/fwstuden.htm
Comment: interesting, but they got the Sunscreen completely wrong -
didn't test stealth mode.
-
Gentoo Linux http://www.gentoo.org
-
The Open Web Application Security Project (OWASP) was setup to build an
industry standard framework for testing the security of web applications
http://www.owasp.org
-
Chasing the Wind, Episode Thirteen http://www.securityfocus.com/infocus/1529
-
Risk Analysis (STAR) [Some more tips for assessing risk] http://www.security.vt.edu/playitsafe/index.phtml#RiskAnalysis
Consider two non techie books I discovered in 2002: The Rogue State and Crimes and Mercies. See the non-techie
section below.
|
CISCO Router Tool & Benchmark
http://www.cisecurity.org/bench_cisco.html
Microsoft
- Force Outlook 2002 to let you look at attachments it blocks with
it's default security.
http://support.microsoft.com/support/kb/articles/Q290/4/97.asp
The implementation of attachment blocking is a real pain in Outlook2002, it does not allow
you to specify trusted recipients, even an exchange environment.
- Windows 2000 - Georgi Guninski Security Research http://www.guninski.com/win2k.html
- IIS Lockdown, Microsoft Personal Security Advisory, Cleaner for Code Red II, Improved
Cipher Security Tool, Qchain, Security Screen Savers, Windows 2000 Internet Server
Security Tool, Security Planning Tool for IIS, and HFNetChk.
http://www.microsoft.com/technet/security/tools/tools.asp
http://www.ntbugtraq.com/nimdachk.asp
-
Using IPSec in Windows and XP http://www.securityfocus.com/infocus/1526
Sun
SSH
HP: Precompiled free software, for HP http://hpux.asknet.de
(a bit like www.Sunfreeware.com for Solaris)
System administration
Humor
IDS & Attacks
General
|
