Source: Tenable Network Security - Posted by Eckie Silapaswang
There's a lot of magic that goes on behind the scenes when you do a full Nessus vulernability scan. However, how are you exactly trust that report about your OpenSSH server being vulnerable? Is it just relying on version numbers and not considering patches? The Nessue 3 Unix scanners allow you to save packet dumps of your scans in libpcap compatible files, allowing you to view them under TCPDUMP or Wireshark for your convenience. Now you can go into greater analysis of what exactly was used to scan your server rather than a text message of "scanned". Read on for even more benefits to saving the packet data of your scans!
Source: Network World - Posted by Eckie Silapaswang
There are now people who create programs that make it easier for other people to create programs that make money. Don't worry, you read that right. This article reports on the business of making commercial malware / spamming software. For just around $200, you yourself can have programs that exploit Firefox, Internet Explorer, and Quicktime in an effort to spread your spam as quickly and easily as possible. There are now concentrated efforts in coding these shiny, plug and play spam generators. Have we gotten to the point of "if you can't beat 'em, join 'em"?
This open source company attempts to bring their open source IDS solutions to the table. The article provides a personal insight into the beginnings and directions of the project, bringing out an interesting point of the catch-22 of open source projects: no community -> no credibility -> no community. Sure one of the biggest concerns with the IDS are false positives - however, which IDS doesn't have that concern? Why not check out the article and see if you would want to contribute to the community there. Better yet, do you have any ideas of how to get out of the catch-22?
Source: The Inquirer - Posted by Eckie Silapaswang
Those of you familiar with CSI (or have surely heard of it) are all too familiar with the process they use to catch the criminals - scientific analysis, forensics, gadgetry, and smarmy head investigators. Reoccurring themes include DNA analysis or other types of human-related evidence. However, in the information world, catching a criminal after the crime is in another league of its own. This article presents an account of a recent DefCon presentation which focused on breaking the actual forensics software used to analyze compromised systems. The most interesting line in the article referred to the weaknesses in one of the most popular forensics tools - "Most of these can and will be fixed in the near future, but at least one is a design flaw, not a bug.". Read on to find out how your forensics tools are only as good as the makers of them, and how it can result in a perfect getaway.
Source: Network World - Posted by Eckie Silapaswang
Better scripting languages calls for better automation which results in better automated exploit tools. Security firm Immunity has its own tool that automates the creation of attack code, supposedly cutting the development time in half. Unveiled at DefCon, this tool has made its rounds at the conference and sparked a buzz with its emphasis on capitalizing on zero-day flaws, making sure exploits can be developed as soon as possible.
A site for reviews and Linux, Piotr over at Polishlinux.org took a chance to review EnGarde Community for servers. A nice, quick overview of install, configuration, and how to test EnGarde from one computer. The site itself is a great resource for understanding how to compare, assess and choose the best distribution for you. SO make sure to check out their Distro chooser,a great little quiz that takes your preferences and recommends the best distro based on your answers. A nice resource as well.
Let's just imagine for once that you ARE a Photoshop wizard or some other GUI intensive app expert. Better yet, you're the sysadmin responsible for all those Microsoft Word / Photoshop heavy desktops on your network. One day your boss asks you "What happens if the building is closed due to bad weather / construction / St. Patrick's Day Parade? Can we enable remote access for our web design whiz kids?" With the recent release of Xandros Server 2.0, this is all possible.
"The companies claim that this extended Xandros-NoMachine alliance provides enhanced capabilities for secure and rapid access to graphical applications, running on any operating system across any network connection."
Tell the whiz kid's who somehow "can't make it into work" that she could now work from home effeciently, utilizing her broadband connection to connect to the Xandros Server rather than connecting to deviantArt.
I'm a big fan of virtualization software. The main benefits come from having a pristine duplicate testing environment in every case, ease of portability, as well as (lack of?) hardware costs. These are essential features in anyone's network analysis toolbox and helps to expose any vulnerabilities in architecture. Read on for some interesting virtualization schemes for Cisco routers and Linux networks and start hammering away at your "what if?"s rather than theorizing them.
"The security chiefs of several large infrastructure and software vendors said they are doing all they can do to embed security into their products, but they agreed that more work must be done to improve security between their platforms." How well does the open source community spread security issues? Does Redhat and Novel work together to improve security? One of the best ways to improve security is to have all players share their patches to fix vulnerabilities fast.
How secure is Linux? It is so secure it is now being used to protect Microsoft Windows. Adrian Kingsley-Hughes gives a first hand review of the 'Yoggie Pico Pro'. The Yoggie, no relation to a the baseball player, is an embedded computer the size of a USB drive that plugs right into a computer USB port. The little gadget then allows the user to run 13 security applications that won't bog down his normal computing experience. Its a must have for any one that has a laptop and likes to plug into public networks.
