By now most everyone has heard of the Metasploit Project and what it can do. Not only that but it is free, and quite powerful. This really is the exploit framework that put these types of programs on the map. Though Metasploit is by no means the only one out there. There is also CANVAS which was written by the very talented Dave Aitel, and is commercial in nature. It is worth noting though that the cost of CANVAS is very reasonable considering the quality of the product you’re getting. Not only that but you also get the source code for it. This can be very important for those of you working in high assurance environments. Another product to mention is that of Core IMPACT. There are a few negatives with Core IMPACT though from my perspective. Namely, a very high cost, and closed source. Have to give credit where credit is due though. It is a powerful product with a simple to use interface I am told. Of the three products mentioned here I would personally go with CANVAS from Immunitysec. The price is right, it comes with the source code, and has exploits for various platforms. All in all, pretty good bang for your buck.
Technorati Tags: Exploitation frameworks, CANVAS, Metasploit, Core IMPACT
Scripting, be it in PERL or Python, is a skill that will quickly prove itself invaluable to you as a network security analyst. This is why it really is worth spending a little bit of time each day teaching yourself the in’s and out’s of a scripting language. Not everyone takes naturally to scripting or programming though, however, it can be learnt. Just like any other subject matter it is simply a matter of spending some quality time on it. In that respect it is much like exercise. In no time at all you can be strong, and the same will happen if you devote a bit of time everyday to developing your PERL or Python scripting skills. With your newfound scripting skills you can automate many time intensive tasks like parsing through Intrusion Detection System (IDS) logs, or other security appliances like a firewall, or other such device. Make learning how to script one of your New Years resolutions.
Technorati Tags: PERL, Python, Network security, Intrusion Detection System, IDS, Firewall
One generally tends to think of system administrators (sys admins) and network security as one and the same. Well one example certainly highlights the perils of completely trusting your sys admin to act in the corporations best interests. The occurrence of sys admins, at times, acting in a criminal manner are not to be ignored by corporations out there today, as that article clearly illustrated. What is helpful in helping to safeguard the network from the odd sys admin who oversteps their bounds, to the criminal, is having your networks audited by outside network security personnel. Such contractors, or outside security service providers can help in detecting such criminal behaviour. Having the penetration test or vulnerability assessment performed is always good, however, at times a network traffic audit by outsiders is helpful. Not to mention simply having an outsider go through key computers looking for evidence of wrong doing. It is money well spent in my opinion.
Technorati Tags: Penetration test, Pen test, Vulnerability assessment, Network security, Sys admin
One of the biggest factors for a home user when it comes to computer security products is that of comfort. For that NIS 2007 from Symantec is hard to beat. The 2007 offering is better then that of earlier years in that it is less bloated, and loads faster. Not only that but it also does it’s job in a less obtrusive manner ie: not a ton of pop-ups. This type of quiet solution is important, as most home users easily become confused by too many pop-ups, as evidenced by other computer security products. Not only that, but Symantec also offers other products to help round out the protection window for your home computing needs. All in all, this years home user solution by Symantec is a solid product.
Technorati Tags: NIS 2007, Symantec, Firewall, Anti-virus, Computer security
The world of web application security is pretty much a field of its own within the realm of computer security. There are tons of in-house coded web applications in use that are Internet facing. Little surprise then that a pile of them are also bug ridden. When you are contracted to perform a vulnerability assessment/pen-test/choose your term, just how do you go about it? It really isn’t all that different then testing other parts of the network. You might take a web application scanner like Acunetix to make a first pass at the application under evaluation. From there you would view the results and follow up with pin point tests to determine the validity of the alerts. Make no mistake about it, commercial tools are as prone to false positives as open-source ones. They are very helpful though in speeding up your testing by making a fast series of tests. You need to follow up though with specific testing, and that requires knowledge of HTTP, PHP, and so on. A very long list that also includes the oft mentioned SQL injection exploits, cross-site scripting, web traversal, and many others. Keeping up to date is almost a full time exercise of its own. Any of you have some interesting stories that involve web application security?
Technorati Tags: Acunetix, Web application security, HTTP proxy, SQL injection, Cross-site scripting, XSS
Well once again we hear of another database breach. This one resulted in the possible compromise of some 800,000 peoples personal information. Boggles the mind doesn’t it, that in this day and age people don’t bother trying to secure their databases better then that. All I can say is thank goodness the sys admins noticed some odd activity, which led to the discovery of the databases compromise. Disclosure of such incidents is the law in California, but perhaps it is also time to mandate vulnerability assessments and pen tests. This would certainly go a long ways towards securing the networks that are falling prey all to often to database breaches.
Technorati Tags: Database breach, Identity theft, Vulnerability assessment, Pen test, Penetration test
I recently integrated the Watchguard X55e-W into my home network as I wanted more functionality then the typical Linksys or DLink home router could offer me. The reason I went with the Watchguard X55e-W is that the price was right and it had a rich set of features. There is more to the world of network infrastructure then Cisco 
. Installation of the X55e-W itself was a breeze. From the time I started the install till I was done, only ten minutes had gone by. Once you are done the initial install you are then able to get to the main menu as seen below.
You can see from the screenshot that the Watchguard X55e-W also comes with built-in VPN capability. This is a must have if you are running a business from home such as myself. The ability to VPN into my home network when I am on the road is crucial for me. Installing the VPN client itself was pain free. After I was done with those configurations I went on to setting up the wireless settings. This was done easily, and more importantly quickly. Shown below is the interface you have when tweaking the wireless network settings.
In the space of another couple of minutes my wireless network was up and running. All told at this point only 15 minutes had elapsed from the time I took the router out of the box. The firewall interface of any router is important. This is an area where a lot of vendors fail horribly. I was glad to confirm what I had earlier heard about Watchguard network security appliances in that it was a clean, and intuitive interface. Take a look at the screenshot below.
All in all, a rather nice layout that is not overwhelmed with data. Too often you will find interfaces that are presenting far too much information on one screen. Instead of that Watchguard has the column on the left of the screenshot that breaks down the areas into categories that you can then navigate to. There is far more to the configuration options as seen via the left hand column. A rather nice feature is that you can get WebBlocker which is nice to have for a corporate setting, no matter the size of it.
It has been a little while now since I integrated the Watchguard X55e-W into my home network. Since then I have had no complaints at all. The installation, configuration, and maintenance of it has been painless, and quick. If you are looking for an alternative to Cisco or other high priced appliance, I would definitely recommend taking a look at the Watchguard offerings.
Technorati Tags: Watchguard, Watchguard X55e-W, Wireless, Firewall, Interface, Router
It seems that MySpace is taking seriously the scourge that are sexual predators taking advantage of online forums and chat spaces to lure under age children into harm. This is a welcome change and I for one certainly applaud the fact that MySpace is going to help build a national database of sex offenders. There is no downside to such an initiative. That brings us, as security professionals, to another fact of life. Sex offenders, pedophiles, and others of their ilk are becoming increasingly Internet savvy. This should be countered with extra vigilance by system administrators and computer network security analysts. That can be done in a variety of ways ie: check for NTFS alternate data streams on corporate computers, verify corporate laptops periodically for adherence to corporate usage guidelines, and other such moves will help counter efforts by employees who are not what they might seem. Corporate security and system administrators need to be proactive in this fight against sexual miscreants. A companies publicly traded stock can be adversely affected by the discovery of pedophiles and the possibility that child pornography was stored on company IT assets. One never wants to think that this type of crime happens, but it is sadly a reality.
Technorati Tags: MySpace, NTFS alternate data streams, Corporate security, System administrator, Security professionals
Well Microsoft Windows Vista is finally a reality. The question is, is it worth it, to upgrade to it? This is in light of the rather bizarre/restrictive licensing scheme they have for it. Is it just me or did Microsoft peak with Windows 2000 Professional? Every O/S of theirs since then seems to have slid downhill. Don’t get me wrong here, for millions of people Microsoft Windows is still the way to fly. That plus the fact that many corporations are loathe to move to Linux/BSD/Mac for whatever reason, has kept the Microsoft juggernaut rolling along for decades. Market dominance is not always a good thing, and in Microsoft’s case the bloat is starting to show. They need to get back to their W2K Pro roots. This post is somewhat in continuance of my prior one on Oracle. Whenever a company starts to dominate a certain market it is not a good thing.
Technorati Tags: Microsoft Windows Vista, Oracle, Windows 2000 Professional, W2K Pro, Linux, BSD, Mac
The much talked about Week of Oracle Database bugs just came to a grinding halt. If you ask me this reeks of Oracle using their financial muscle to sick some lawyers on the computer security researcher. Of that I can’t be sure of course, but it certainly seems to be the case. That raises another question for me. In litigation happy America, not one company has yet to sue Oracle, Microsoft, or other software company for their, some would say criminal, attitude in patching their software once a researcher has found a problem with it. If I discovered that my company got hacked with 0 day code that the company knew about, you can bet I would seriously consider suing that company for damagers. That companies should take months, and others years, to patch critical holes in their software to me is simply insane. No one likes government sticking their nose where it doesn’t belong, but this is a case where government should step in, and perhaps lay down some legislation to force companies to patch quicker. The flip side to that would also be that companies would likely then spend more time in Q&A before taking a product to market. Either way, it would be win/win for the consumer.
Technorati Tags: Oracle, Oracle database bugs, Microsoft, Patching, Computer security researcher
