Tactical Forensics Platform

Earlier I wrote about my proposed Tactical Network Security Monitoring Platform. Today I finally sat down and installed the operating systems I need on this system to create a portable tactical forensics and investigation platform. I did not want to use my main work laptop for this sort of work because I do not administer it. I needed my forensics platform to be separate from the corporate domain and totally under my control. I only feel comfortable...

Read More

New Hakin9 Released

The latest issue of Hakin9 has been released. Several articles look interesting, including Javascript Obfuscation Techniques by David Sancho and an interview with Marcus Ranum. Hakin9 briefly interviewed Harlan Carvey and me. I've uploaded the one page of the interview if you'd like to read ...

Read More

First Issue of BSD Magazine Released

I received a copy of the new BSD Magazine yesterday by air mail from Poland, and I have to say it looks pretty cool. It contains an article I wrote explaining how to install Sguil 0.7.0 on FreeBSD 7.0. At the time I used a CVS version of Sguil and FreeBSD 7.0-BETA4, but the article is still relevant. One caution: I discovered a bug in MySQL, which I logged as Optimizer does table scan for select count(*) w/5.1.22, .23, not 5.0.51, 5.1.11. You...

Read More

NoVA Sec Meeting 1930 Thursday 24 April 2008

The next NoVA Sec meeting will take place 1930 (7:30 pm) Thursday 24 April 2008 at Fishnet Security:13454 Sunrise Valley Dr. Suite 230Herndon, VA 20171703.793.1440Aaron Walters from Volatile Systems will discuss memory forensics. Thank you to Fishnet and Aaron for their last-minute cooperation! I'm cross-posting this notice to get as many people notified as possible in the day before the meeti...

Read More

CloudSecurity.org

What a great idea for a blog -- CloudSecurity.org:This blog is dedicated to “Cloud Computing” from an IT security perspective.Cloud Computing is a nebulous term covering an array of technologies and services including; Grid Computing, Utility Computing, Software as a Service (SaaS), Storage in the Cloud and Virtualization. There is no shortage of buzzwords and definitions differ depending on who you talk to.The common theme is that computing takes...

Read More

Looking for Security-Assesor Friendly, Debian Dedicated Server

I'm looking for a dedicated server company that could provide a Debian environment suitable for running VMware Server. As a bonus it would be helpful to contract with a company that permits authorized outbound network scanning. As an alternative, I may try colocation. I am looking for a box for security testing, and VMware may not be suitable. I may need a box that can run Xen, for example.If you have any recommendations for dedicated server...

Read More

Run Apps on Cisco ISR Routers

Earlier this month we joked that the Sguil project was acquired by Cisco, such that Sguil would be integrated into Cisco platforms. Cisco routers already run Tcl, but now thanks to Cisco's new Application eXtension Platform, other possibilities are developing. According to Optimize Branch Footprint with Application Integration, Cisco says:Linux-based integration environment with downloadable Software Development Kit (SDK)Multiple applications support...

Read More

Remote Installation of the FreeBSD Operating System without a Remote Console

This looks interesting: Remote Installation of the FreeBSD Operating System without a Remote Console. I read about it on the author's blog. Daniel credits Colin Percival's Depenguinator with the idea, but he uses Martin Matuška's mfsBSD (memory file system) to create a FreeBSD image that can be written to a live remote system's hard drive, then booted and run from memory to allow full OS installation. I intend to give this a try, but if anyone...

Read More

Aaron Turner and Michael Assante on Freedom of the Cyber Seas

Thanks to Nick Selby I learned of a sequel to the great historical security paper Infrastructure Protection in the Ancient World. Michael Assante is back, joined by another security vet, Aaron Turner, discussing Freedom of the Cyber Seas. The authors compare the threat of naval piracy during the Jefferson administration with the current digital threat. Prior to Jefferson, US policy was to pay protection money to stop pirates seizing US goods.Opposing...

Read More

Solera V2P Tap

It looks like Solera Networks built a virtual tap, as I hoped someone would. I mentioned it to Solera when I visited them last year, so I'm glad to see someone built it. I told them it would be helpful for someone to create a way for virtual switches to export traffic from the VM environment to a physical environment, so that a NSM sensor could watch traffic as it would when connected to a physical tap.This picture describes what it does: You...

Read More

More Aggressive Network Self-Defense

Some of you might remember this book from my 2005 review. I thought of it after reading Security Guru Gives Hackers a Taste of Their Own Medicine. From the article:Malicious hackers beware: Computer security expert Joel Eriksson might already own your box.Eriksson, a researcher at the Swedish security firm Bitsec, uses reverse-engineering tools to find remotely exploitable security holes in hacking software. In particular, he targets the client-side applications intruders use to control Trojan horses from afar, finding vulnerabilities that would...

Read More

Argus 3.0 Released

I just posted that my latest Snort Report covered Argus 3.0. Those of you who like to wait for release-grade software should be happy. This week, Carter Bullard published Argus 3.0, as announced on the Argus mailing list. This happened over two years since I posted Argus 3.0 Will Be Released Soon. This is great news and I look forward to learning more about the new features in this powerful applicati...

Read More

Snort Report 14 Posted

My 14th Snort Report titled Network session data analysis with Snort and Argus has been posted. The article doesn't talk about Snort (despite the title -- not mine!) but it does discuss Argus, the network session tool developed by Carter Bullard. From the start of the article:This edition of the Snort Report departs from the standard format by introducing a data format and data collecting tool that can work alongside Snort. The data format is session...

Read More

BusinessWeek on The New E-spionage Threat

I'd like to head off any more messages to me telling me to look at the following: The New E-spionage Threat, the cover story for this week's issue of BusinessWeek. I recommend also listening to the podcast, which is 18:23 long and a good resource for decision makers with iPo...

Read More

OpenPacket.org 1.0 Is Live

Nearly three years after the initial post describing the idea , I am happy to report that OpenPacket.org 1.0 is ready for public use, free of charge. The mission of OpenPacket.org is to provide quality network traffic traces to researchers, analysts, and other members of the digital security community. One of the most difficult problems facing researchers, analysts, and others is understanding traffic carried by networks. At present there is no...

Read More

Review of Visible Ops Security Posted

Amazon.com just posted my four star review of Visible Ops Security by Gene Kim, Paul Love, and George Spafford. From the review:I reviewed Visible Ops (VO) in August 2005, and I provided commentary on a draft of Visible Ops Security (VOS) to co-author Gene Kim. I liked VO, with a few caveats that apply to both VO and VOS. I have mixed feelings on VOS because the book seems more about preparations and less about operations. Security operations (SO)...

Read More

Review of Economics and Strategies of Data Security

Dan Geer was kind enough to send me a copy of his new book Economics and Strategies of Data Security, published by his employer, Verdasys. The book is exceptionally well written and packed with the sorts of insights that make Dan one of my Three Wise Men. I'd like to present a few excerpts here, partially for my own easy reference but also because they might be useful to you. I recommend that anyone who reacts violently to these ideas try reading...

Read More

Scanless PCI, Hurray

Sometime ago, i mentioned something about PCI and its credibility. In short i was saying that are all those PCI certified companies safe from attacks just because they are PCI certified? Today we witnessed something better, more cost effective, faster, least intrusive and for the best part? It does not even cost a single cent as compared to hackersafe or qualys, unless you subscribe for additinal service. Well, i had not personally register for the...

Read More

Detection, Response, and Forensics Article in CSO

I wrote an article for CSO Online titled Computer Incident Detection, Response, and Forensics. It's online now, and it should appear in the next print edition as well. From the beginning of the article:2008 is a special year for the digital security community. Twenty years have passed since the Morris Worm brought computer security to the attention of the wider public, followed by the formation of the Computer Emergency Team/Coordination Center...

Read More

Sguil Project Acquired by Cisco

Three years ago I posted Cisco Routers Run Tcl, I had no idea where that development could run. Last month when I posted Sguil 0.7.0 Released, I wanted to say more about the release, but I couldn't -- until now. I am happy to report the following.Cisco Announces Agreement to Acquire Sguil™ Open Source Security Monitoring ProjectAcquisition Furthers Cisco’s Vision for Integrated Security ProductsSAN JOSE, Calif., and LONGMONT, Color., April 1st,...

Read More