Source: IT Observer - Posted by Benjamin D. Thomas
To study the proceedings and attacks from hackers, Honeypots are used. The idea thereby is, to put one or more special servers in a network . An aggressor; who cannot differentiate between genuine server/services and honeypots; sooner or later will be taken up the services offered by a Honeypot by his search for a safety gap. All his activities on the honeypot are loged thereby.
This paper describes a simple honeypot using PHP and emulating several vulnerabilities in Mambo and Awstats. We show the mechanism used to 'compromise' the server and to download further malware. This honeypot is 'fail-safe' in that when left unattended, the default action is to do nothing – though if the operator is present, exploitation attempts can be investigated. IP addresses and other details have been obfuscated in this version.
Sourcefire, Inc., the world leader in intrusion prevention, today announced that, with the consent of the US government, Sourcefire and Check Point Software Technologies have opted to withdraw their merger filing with the Committee on Foreign Investment in the United States (CFIUS). Sourcefire will continue to operate as the industry's largest private Intrusion Prevention System (IPS) vendor.
Source: InfoSec Writers - Posted by Benjamin D. Thomas
This paper describes a simple honeypot using PHP and emulating several vulnerabilities in Mambo and Awstats. We show the mechanism used to 'compromise' the server and to download further malware. This honeypot is 'fail-safe' in that when left unattended, the default action is to do nothing – though if the operator is present, exploitation attempts can be investigated. IP addresses and other details have been obfuscated in this version.
HLBR is a brazilian project, started in november 2005, as a fork of the Hogwash project (started by Jason Larsen in 1996). This project is destined to the security in computer networks. HLBR is an IPS (Intrusion Prevention System) that can filter packets directly in the layer 2 of the OSI model (so the machine doesn't need even an IP address).
Version 0.6 of the OSSEC HIDS is now available! OSSEC HIDS is an Open source Host-based intrusion detection system. It performs log analysis, integrity checking, rootkit detection, time-based alerting and active response.
This new version comes with a lot of new features, including
new active responses ( for ipfilter, user lockout and iptables),
support for firewall log analysis (iptables, ipfilter and AIX
IPSEC), better support for NIDS log analysis and an improved
rootkit detection and integrity checking capabilities.
In addition to that, this version includes a lot of bug fixes
and performance improvements.
Fear unites us. We used to be afraid of network problems, such as bandwidth and broken switches. Now we're afraid of the bad guys. Our networks must be connected to the Internet, yet the Internet is a cesspool of attackers constantly hammering on our defences, looking for that chink in the armour. It's not just the Internet: we fear our own users, lest their indispensable laptops acquire some vagrant affliction while driving by a Starbucks Wi-Fi hot spot.
Source: InfoSec Writers - Posted by Benjamin D. Thomas
An intrusion detection system can be an effective technical control in the modern world of information and network security. One option that provides for low cost NIDS sensor deployment is the use of the open source IDS software Snort in combination with a consumer grade LinkSys cable/DSL router and the open source firmware distribution OpenWrt. These three items together form a powerful yet inexpensive unit that delivers IDS, routing, firewall, wireless, and NAT functionality for use in a light-weight environment, i.e. consumer or small business deployments.
There is a wealth of tools available to help protect the enterprise from security threats. Firewalls, virtual private networks, strong user authentication, encryption, intrusion detection/prevention systems (IDS/IPS), email filters, antivirus, vulnerability scanners are all options. Each of these point solutions is capable of addressing a specific element of the security mosaic. In order to address their limitations many enterprises attempt to aggregate these solutions in a futile attempt to achieve effective IT security.
