RFID with
Bio-Smart Card in Linux - In this paper, we describe the integration
of fingerprint template and RF smart card for clustered network, which is
designed on Linux platform and Open source technology to obtain biometrics
security. Combination of smart card and biometrics has achieved in two step
authentication where smart card authentication is based on a Personal Identification
Number (PIN) and the card holder is authenticated using the biometrics template
stored in the smart card that is based on the fingerprint verification. The
fingerprint verification has to be executed on central host server for security
purposes. Protocol designed allows controlling entire parameters of smart
security controller like PIN options, Reader delay, real-time clock, alarm
option and cardholder access conditions.
pgp Key
Signing Observations: Overlooked Social and Technical Considerations
- While there are several sources of technical information on using pgp in
general, and key signing in particular, this article emphasizes social aspects
of key signing that are too often ignored, misleading or incorrect in the
technical literature. There are also technical issues pointed out where I
believe other documentation to be lacking. It is important to acknowledge
and address social aspects in a system such as pgp, because the weakest link
in the system is the human that is using it. The algorithms, protocols and
applications used as part of a pgp system are relatively difficult to compromise
or 'break', but the human user can often be easily fooled. Since the human
is the weak link in this chain, attention must be paid to actions and decisions
of that human; users must be aware of the pitfalls and know how to avoid them.
Bulletproof
Virus Protection - Protect your network from costly security
breaches with Guardian Digital’s multi-faceted security applications.
More then just an email firewall, on demand and scheduled scanning detects
and disinfects viruses found on the network. Click
to find out more!
Take advantage of our Linux Security discussion
list! This mailing list is for general security-related questions and comments.
To subscribe send an e-mail to security-discuss-request@linuxsecurity.com
with "subscribe" as the subject.
Earn an NSA recognized IA
Masters Online - The NSA has designated Norwich University a center
of Academic Excellence in Information Security. Our program offers unparalleled
Infosec management education and the case study affords you unmatched consulting
experience. Using interactive e-Learning technology, you can earn this esteemed
degree, without disrupting your career or home life.
Protect your home and business networks with the free, community version of
EnGarde Secure Linux. Don't rely only on a firewall to protect your network,
because firewalls can be bypassed. EnGarde Secure Linux is a security-focused
Linux distribution made to protect your users and their data.
Thank you for reading the LinuxSecurity.com
weekly security newsletter. The purpose of this document is to provide our readers
with a quick summary of each week's most relevant Linux security headline.
Common Security Solutions Can't Prevent Data Theft
11th, November, 2006
Widely used data security solutions have been found useless against several methods of data theft, according to tests conducted by a data security Innersafe Corporation. Types of data exposed included those useful for fraud, identity theft, phishing, or spamming. And, like tampered votes in certain electronic voting machines, data theft can remain undetected after it happens.
There you are, happily playing around with an audio file you've spent all afternoon tweaking, and you're thinking, "Wow, doesn't it sound great? Lemme just move it over here." At that point your subconscious chimes in, "Um, you meant mv, not rm, right?" Oops. I feel your pain -- this happens to everyone. But there's a straightforward method to recover your lost file, and since it works on every standard Linux system, everyone ought to know how to do it. Briefly, a file as it appears somewhere on a Linux filesystem is actually just a link to an inode, which contains all of the file's properties, such as permissions and ownership, as well as the addresses of the data blocks where the file's content is stored on disk. When you rm a file, you're removing the link that points to its inode, but not the inode itself; other processes (such as your audio player) might still have it open. It's only after they're through and all links are removed that an inode and the data blocks it pointed to are made available for writing.
With security on the Internet, there's always some nagging doubt. Can you ever be absolutely certain, for example, that the e-mail you're sending with some confidential business information attached isn't going to be intercepted and read as it travels the digital highways and byways? Using the Internet for anything sensitive requires some faith that everything in place to ensure the security of the information you're working with—all the encryption, passwords, and security policies—will, in fact, work. But as with most things in life, nothing is certain except uncertainty itself.
PGP Corporation salutes the 15th anniversary of PGP encryption technology. Developed and released in 1991 by Phil Zimmermann, Pretty Good Privacy 1.0 set the standard for safe, accessible technology to protect and share online information.
Roadwarrior is a client that uses unknown, dynamically assigned IP addresses to connect to a VPN gateway (in this case also firewall). This situation is shown on picture 1.1 and is one of the most interesting and today most needed scenarios in business environment. Here are some of the reasons why that is so: Client can be any computer (with any IP address assigned) that has Internet access and can initiate connection to VPN gateway. Wen connecting to VPN network, client is assigned an internal IP address on the network he is connecting to, which gives an impression that it is directly connected to VPN network, instead of connecting by tunneling through Internet. When internal IP address is assigned, network administration is easier. Traffic is protected on the route from the client to the VPN gateway. When connected, client doesn't have direct access to Internet because traffic is routed through VPN network and firewall (VPN gateway).
The SANS Institute has some controversial advice for computer security professionals looking to lock down their networks: spear-phish your employees. That's what the U.S. Military Academy at West Point did in 2004 to a group of 512 cadets, selected at random for a test called the Carronade. The cadets were sent a bogus e-mail that looked like it came from a colonel named Robert Melville, who claimed to be with the academy's Office of the Commandant. The Robert Melville identified as the sender of the e-mail is fictional; the real Robert Melville helped invent a short-range naval cannon called the Carronade nearly 250 years ago. "There was a problem with your last grade report," the e-mail stated, instructing recipients to click on a Web page and "follow the instructions to make sure your information is correct."
Ex-hacker Kevin Mitnick came by his security expertise the hard way. In the 1990s, his electronic penetration of some of the biggest companies in the world made him a notorious tech boogieman, and ultimately landed him five years in prison. Now free and clear, Mitnick has reinvented himself as a computer security consultant and writer. He travels the world teaching organizations how to secure their information in a world of corporate spies and younger versions of himself. He took a break from his jet-setting to share some practical security tips. Clip them and stick them on your parents' refrigerator or your IT administrator's white board.
It is a well known fact that viruses, trojan horses, worms, spam, and other forms of malware present a real threat to all modern-day organizations and affect productivity and business operations negatively. According to the 2006 FBI Crime and Security Survey, 97% of organizations have anti-virus software installed, yet 65% have been affected by a virus attack at least once during the previous 12 months. Network World cited studies that placed the cost of fighting Blaster, SoBig.F, Sober and other email viruses at $3.5 billion for US companies alone. Similarly a 2006 study by the British government found that 43% of companies in the United Kingdom were infected by viruses during 2005.
For more than three decades now, the Internet’s endto- end model has functioned remarkably well. This model has allowed the evolution of a transparent network architecture that efficiently supports the transport of data without caring what the data it-self represents [7]. Furthermore, being transparent and application-neutral has facilitated the creation and evolution of new Internet applications and services that operate on the same thirtysomething network architecture—which until recently had not required any major overhaul.
Packet Challenge: Fragments and a Blast from the Past
14th, November, 2006
This time around, packets from one of my own DNS servers. If you would like to follow along, you can find the full unobfuscated packet trace here.
(quick update... turns out that the router and DNS queries involved are part of www.nlnetlabs.nl, a network research labs that does experiment with DNS servers... so maybe this is all some side effect of an experiment they are running. Thanks to Don for pointing this out to me. After visiting their website, I did see a number of similar ICMP admin prohibited packets with flipped fragmentation bytes, but the embeded packet's source port was 80!
Honeypot Mirroring .edu domains under .eu / Active Threat
17th, November, 2006
he .eu top-level domain is relatively new and in the build-up phase and had a co-worker notice something fun.
When ssh'ing to a local server, he typo'd and finished the DNS name as .eu, it connected with an SSH handshake (it was a new server so the key warning wasn't considered a big deal) and took a password. The individual immediately recognized the problem when the password wasn't accepted and we investigated.
It appears any DNS name at ourdomain.eu would resolve to this machine. Not only that, but the machine in question was hosting at least 7 other domains under .eu that would map to an educational institution. For instance, for "fake" educational institution at ufoo.edu you could search for ufoo.eu and get a response to this machine.
Given massive data growth across all industries, Information Lifecycle Management or ILM has become accepted as a critical business goal many organisations hope to achieve over time. Most organisations recognise that they cannot simply continue to store and then blindly manage data of all types on primary storage. That data which has immediate relevance to active business processes merits a place on high-performance/high-availability primary storage. It also warrants special attention with frequent or continuous data protection and business continuance processes.
Laptop Loss: How To Avoid Becoming The Next Starbucks
13th, November, 2006
When Starbucks earlier this month revealed it couldn’t find four laptops containing data on thousands of employees, IT administrators everywhere once again were forced to ask themselves: What’s our policy on protecting data on mobile devices? The seemingly never-ending string of high-profile data loss cases — from Los Alamos National Laboratory to Allina Health to U.S. Veterans Affairs — is pushing more organizations to encrypt data on such devices as laptops and USB flash drives, and establish associated security policies.
Be afraid. Threats to corporate security are everywhere. Just when you thought your network was safe from hackers, along came wi-fi - or your iPod-wielding workforce - and opened a whole new can of worms.
Security is by its nature ever-evolving. Just as one threat is apparently locked down, another springs up to take its place - or an old one rears its head in a new form. Grappling with this malicious hydra it's no wonder the security space spawns new terms and phrases at a rate of knots - and you're supposed to keep up with them all.
Nowadays there are many tools for the extraction of data objects [SWGDE] from SIM cards; unfortunately, most of them are proprietary, or their use is restricted to law enforcement and this is contrary to the Daubert test for acceptability from the scientific community. In this paper, we present an open source tool for data objects extraction from SIM and USIM cards which is capable of extracting all observable memory and all the non-standard files that are found in every SIM card.
First, a description of the tool from a digital forensics perspective will be provided. Then, the technological background of the tool will be sketched. After that, the core algorithms will be described and explained. Then, motivations for the choice of an XML format for output will be given and the format described. In conclusion, the possible lines of evolution will be presented.
Six years ago, the SANS Institute and the National Infrastructure Protection Center (NIPC) at the FBI released a document summarizing the Ten Most Critical Internet Security Vulnerabilities. Thousands of organizations relied on that list, and on the expanded Top-20 lists that followed in succeeding years, to prioritize their efforts so they could close the most dangerous holes first. The vulnerable services that led to worms like Blaster, Slammer, and Code Red have been on SANS Top20 lists.
If major attack trends this year are any indication, security administrators looking to prioritize their tasks for 2007 would do well to focus on fighting highly targeted attacks and protecting their Web and Microsoft Office application environments.
A report released by the SANS Institute today showed a sharp increase in attacks on all three fronts this year, along with a surge in zero-day attacks and security threats associated with the use of voice over IP.
The trends were highlighted in SANS's annual update to its list of top 20 Internet security vulnerabilities, which reflects the consensus opinions of more than three dozen security researchers and agencies, including the U.S. CERT and the Department of Homeland Security.
It’s a pity that discussions on the subject of security vulnerabilities associated with virtual servers tend to focus on Windows: If a virtual machine is running as a guest on a Windows host, an exploit on the guest VM can climb up to the Windows host, and then all hell can break loose. There’s more to securing virtual servers than not running VMs as guests of a Windows host. If cyberfelons gain local or remote access to a VMware Virtual Center console, your world is their oyster. This seems like a fairly obscure potential risk — Virtual Center is pretty easy to lock down — but are there other risks unique to virtual servers?
The new law aims to close a number of loopholes in preceding anti-fraud legislation, which the Government said was unsuited to modern fraud. Until now there has been no single, general fraud law in English law, but an untidy mess of eight specific statutory crimes, such as 'obtaining property by deception,' and a vague common law offence of 'conspiracy to defraud'. Scotland does have a common law crime of fraud, committed when someone achieves a practical result by a false pretence.
In an earlier analysis, we revealed a botnet created by a trojan sometimes called SpamThru. By working with the anti-spam group SpamHaus and the ISP, we were able to receive access to files from the SpamThru control server. We have analyzed the files, and in this report we will look at some of the statistics and interesting finds. SpamThru operates in a limited peer-to-peer capacity, but all bots report to a central control server. The bots are segmented into different server ports, determined by which variant of the trojan is installed. The bots are further segmented into peer groups of no more than 512 bots, keeping the overhead involved in exchanging information about other peers to a minimum. In the following graph, the total count as recorded by the control server is shown for each control port.
There had been concern that Britain's Computer Misuse Act, written in the days before the World Wide Web, allowed denial of service attacks to fall through a loophole. These are attacks in which a web or email server is deliberately flooded with information to the point of collapse.
The 1990 legislation described an offence of doing anything with criminal intent "which causes an unauthorised modification of the contents of any computer"; the question was whether that covered denial of service attacks. When a court cleared teenager David Lennon in November 2005 on charges of sending five million emails to his former employer – because the judge decided that no offence had been committed under the Act – the need for amendment seemed obvious.
Contractors Should Comply With DOD Security Training Rules
17th, November, 2006
Contractors who are serious about getting Defense Department contracts should make sure now that their employees who have information assurance roles meet the standards set by DOD Directive 8570.1, according to panelists who spoke this morning at an Information Technology Association of America event. "There's not a downside to contractors being certified," said Phyllis Scott, president of training firm TTSC. Contracts will require it, and contractors who are already certified will have an immediate advantage, she said.
