Selasa, 30 Mei 2006

Public Class Only Two Weeks Away

05.07  ,  No comments

My only public Network Security Operations class scheduled for 2006 begins in two weeks. The class is almost full, but I have a few seats left. I've published new prices:Register by 5 June 2006: $2595/studentRegister by noon on 12 June 2006: $2695/studentI will not be able to accept any more students past noon on Monday 12 June.ISSA members receive a 10% discount.This week I will also teach a one day course on Network Security Monitoring with Open Source Tools at the USENIX 2006 Annual Technical Conference in Boston, MA on Friday, 2 June 2006....

Read More

Senin, 29 Mei 2006

Recommended Reading on Federal IT

17.52    No comments

CIO Magazine absolutely hammered government IT in its lengthy story Federal I.T. Flunks Out. You wouldn't read that news in FCW. Commenting on the problem is this former IRS CIO:"Ultimately this is a security threat," says John Reece, a former IRS CIO and now a consultant to the federal government. "If we can't get beyond the legacy systems we have today, while our enemies are starting off with state-of-the-art technology, what's going to happen is they're going to absolutely tear us to pieces again."Wrong. It's not a security threat. Poor...

Read More

Three Threats

17.22  ,  No comments

I thought three examples of threats, with corresponding vulnerabilities, etc., might help convince those who doubt the proper use of these terms. Let's start with a mythical example: Achilles. I'll use Achilles' point of view.Risk: Death of Achilles.Asset: Achilles' life.Vulnerability: Achilles' heel. (Achilles was invulnerable, save the portion of his heel where his mother held while dipping him in the River Styx. This is the most popular version of the myth.)Threat: Paris, who shot Achilles in the heel with an arrow.Exploit: The arrow show...

Read More

Threat Term Used Properly in Government Report

16.52  ,  No comments

It's time once again to talk about threats! Yes, you guessed it. While reading back issues of FCW I encountered good -- and bad -- uses of the term "threat." Mostly, threat was used where vulnerability should have appeared. Let's briefly review the definition I provided in my books:A threat is a party with the capabilities and intentions to exploit a vulnerability in an asset. A vulnerability is a weakness in an asset that could lead to exploitation.For...

Read More

DoD Certification Program Update

16.41  ,  No comments

I've had a chance to read issues of Federal Computer Weekly delivered while I was on vacation. I like reading FCW because it gives me some insight into the madness found inside the Beltway.I enjoyed reading Wanted: Information assurance-savvy people, which discussed DoD's plans for certifying IT staff. I've examined this issue before. Here's a quote by someone who understands the problems with DoD's plan:Alan Paller, director of research at the SANS Institute, said DOD should have no problem meeting its initial target of 80,000-plus employees...

Read More

Jumat, 26 Mei 2006

The Worst of All Possible Worlds

06.25  ,  No comments

Sometimes I read configuration guides that advise installing anti-virus products on servers. Since I don't run Windows servers in production environments, I can usually ignore such advice. The proponents of the "anti-virus everywhere" mindset think that adding anti-virus is, at the very least, a "defense-in-depth" measure. This was debated last year, actually.A lesson I learned from the excellent book Protect Your Windows Network is that "defense-in-depth" is not a cost-free justification for security measures. Every configuration and installation...

Read More

Rabu, 24 Mei 2006

Security Clearance Story Continues

04.18    No comments

Apparently the Defense Security Service has resumed "processing initial Secret requests." That is "security officer"-speak meaning DSS is again working on requests for Secret clearances from people who have not held them before. The notice continues: "DISCO [Defense Industrial Security Clearance Office] will begin processing initial Top Secret requests and periodic reinvestigation requests for both Secret and Top Secret upon receipt of additional funding." That means those who have not held a Top Secret clearance but require one will still...

Read More

Senin, 22 Mei 2006

Host Fingerprinting with SinFP

13.13  ,  No comments

I tried SinFP today. It's a host fingerprinting tool by Patrice Auffret, owner of the cat. The SinFP feature I find interesting is its lack of using odd packets (a la Nmap) to discover remote operating systems.I tried installing SinFP using CPAN on FreeBSD 6.0, but I got the following errors.cpan> install Net::SinFPCPAN: Storable loaded okLWP not availableFetching with Net::FTP: ftp://archive.progeny.com/CPAN/authors/01mailrc.txt.gzGoing to read /usr/local/cpan/sources/authors/01mailrc.txt.gzLWP not availableFetching with Net::FTP: ftp://archive.progeny.com/CPAN/modules/02packages.details.txt.gzGoing...

Read More

I'm Back

08.26    No comments

I haven't been blogging for the past two weeks because my family and I were traveling in Europe. Part of our trip included speaking at the University of Cambridge Computer Laboratory Security Group Seminar Series in Cambridge, UK, on network security monitoring. This was the same group I mentioned in February.I'd like to thank Saar Drimer and Stephen Lewis for arranging my visit. I was fortunate enough to have Professor Ross Anderson, author of...

Read More

Sabtu, 06 Mei 2006

Two Pre-Reviews

19.56    No comments

Two publishers were kind enough to send me review copies of two of their new books. The first is Windows Forensics: The Field Guide for Corporate Computer Investigations by Chad Steel, published by Wiley. This book looks like more of an introductory text that does not delve too deeply into any single set of specifics. I'm worried that the section that mentions sniffing network traffic talks about "vampire taps." Hello early 1990s and coax cable.The second book is Hacker's Challenge 3 by David Pollino, Bill Pennington, Tony Bradley, and Himanshu...

Read More

Jumat, 05 Mei 2006

Review ofThe Database Hacker's Handbook Posted

17.51    No comments

Amazon.com just posted my four star review of The Database Hacker's Handbook by NGS Software members David Litchfield, Chris Anley, John Heasman, and Bill Grindlay. From the review:The Database Hacker's Handbook (TDHH) is unique for two reasons. First, it is written by experts who spend their lives breaking database systems. Their depth of knowledge is unparalleled. Second, TDHH addresses security for Oracle, IBM DB2, IBM Informix, Sybase ASE, MySQL,...

Read More
13.56    No comments

I've written about problems with security clearances before. Now I read Pentagon Halts Contractor Clearances. I recommend reading the article for details, but the bottom line is this sort of failure requires Congressional investigation. A private company with the same sorts of operational disasters would be without clients and bankrupt by now. The Federal government justs plods alo...

Read More

Congratulations to USAFA

13.48    No comments

My alma mater, the United States Air Force Academy won the sixth annual Cyber Defense Exercise last month. The aggressors were members of NSA's Red Team, and the cadets were the defenders. I'd like to attend one of these exercises and monitor the activities using Sguil. Please send email to taosecurity at gmail dot com if you have any connections. Go Air For...

Read More

Selasa, 02 Mei 2006

Avoid Incident Response and Forensics Work in These States

14.09    No comments

Here's an informative and scary article titled Forensic Felonies. It warns of a new Georgia law that may require incident response and forensics investigators to be licensed private investigators. Article author Mark Rasch notes:Georgia is not the only state that requires private investigators or private detectives to be licensed. Indeed, the Georgia law is in fact modeled after similar laws in California, Arizona, Utah, Nevada, Texas, Delaware, and New York – just to name a few. In each of these cases, the law requires that a person providing...

Read More

More Unrealistic Expectations from CIOs

13.47    No comments

I found another article containing unrealistic expectations for IT staff. It's in the 1 May 2006 issue of CIO Magazine, titled The Postmodern Manifesto. It begins this way:The service-fulfillment model for IT is dying. A new philosophy of innovation and productivity is being born. Here’s what CIOs need to do to usher in a new age of IT.Excuse me? IT as a service is already dying? I know plenty of shops who are only now jumping on the service bandwagon. I guess magazines like CIO have an incentive to write about whatever they consider to be...

Read More

Snort Dynamic Rules Preview

06.23    No comments

On my flights to and from the GFIRST 2006 conference this week, I got a chance to read the manual for Snort 2.6.0RC1. The most obvious addition to Snort 2.6 is the ability to add preprocessors, detection capabilities, and rules as dynamically loadable modules. This feature is activated by running configure with the --enable-dynamicplugin switch. Preprocessors and detection capabilities are more of an issue for Snort developers, since few Snort users code their own features. The advantage of the dynamic engine is that developers can write their...

Read More
Langganan: Postingan (Atom)