R-Log ยป R-LogAnother Website About Stuff2016-01-03T13:13:56+13:00Rajhttp://www.phigmov.co.nz/rpatel@phigmov.co.nztag:r-log,2016:r-logPivotXCopyright (c) 2016, Authors of R-LogInteresting Links2014-07-26T21:23:00+13:002014-07-26T21:21:00+13:00tag:r-log,2014:r-log.818A long time between posts again.
People write about some interesting stuff -
How the Presidents Blackberry is secured, and from the same site, How Air Force Ones phones work.
People write about some interesting stuff -
How the Presidents Blackberry is secured, and from the same site, How Air Force Ones phones work.
]]>RajBig Brother is Watching2009-05-24T19:38:00+13:002008-10-25T18:59:00+13:00tag:r-log,2008:r-log.697So apart from running out of fresh water, Australia appears to be about to implement its own Great Firewall just like China.
So i suspect things like TOR, private VPN and external public Proxies are going to become really popular.
On a related note the UK seems to be going surveillance mad - so 'Go Banksy!'running out of fresh water, Australia appears to be about to implement its own Great Firewall just like China.
So i suspect things like TOR, private VPN and external public Proxies are going to become really popular.
On a related note the UK seems to be going surveillance mad - so 'Go Banksy!'
]]>RajHoly F@#k!2009-05-24T19:37:00+13:002008-05-16T19:20:00+13:00tag:r-log,2008:r-log.667A must read if you're a interested in IT security - Exploiting Network Cards.
Be afraid if you run a firewall on x86 hardware!Exploiting Network Cards.
Be afraid if you run a firewall on x86 hardware!
]]>RajSecurity & Hardening Guidelines2009-05-24T19:36:00+13:002006-10-30T16:08:00+13:00tag:r-log,2006:r-log.491Some well thought out security guides from the Universty of Texas:
Hardening Checklist for Windows 2003
Hardening Checklist for RedHat Linux
Hardening Checklist for Solaris 10
Also if you're looking for guidelines or templates to formulate your own IT Policy they have some excellent documents:
ITS Policies
Data Classification Guidelines
Change Management
]]>rajMcAfee SiteAdvisor2009-05-24T19:36:00+13:002006-10-19T12:24:00+13:00tag:r-log,2006:r-log.495Nifty browser tool (IE & Firefox) - McAfee SiteAdvisor - installs and tells you wether a site is 'good' or 'bad' based on the amount of mail you'll get if you sign up for its services along with the sites affiliates, downloaded cookies and reviews. It also parses search engine results and provides a summary for each hit relating to wether its a good or badly behaved site.
Pretty cool. Possibly a must-have for all home and corporate browsers.
You do wonder if it reports back on your browsing habits to McAfee ? Also how long will it remain free ?McAfee SiteAdvisor - installs and tells you wether a site is 'good' or 'bad' based on the amount of mail you'll get if you sign up for its services along with the sites affiliates, downloaded cookies and reviews. It also parses search engine results and provides a summary for each hit relating to wether its a good or badly behaved site.
Pretty cool. Possibly a must-have for all home and corporate browsers.
You do wonder if it reports back on your browsing habits to McAfee ? Also how long will it remain free ?
]]>rajTinyApps Points to some Security Tools2009-05-24T19:36:00+13:002006-09-19T09:53:00+13:00tag:r-log,2006:r-log.493The people over at TinyApps always point to good stuff.
Two recent security related posts from them -
* SecureRDP is a free tool to add an extra layer of security to RDP. You can accept/deny incoming RDP connections by IP, Mac address or Host name. Handy for locking down server administration only to admin PC's.
* TinyApps points to SSLExplorer which is an open-source SSL VPN solution. A two part setup guide is available form Toms Hardware - part 1 and part 2. Looks like a really really handy way of offering secure access to a small internal LAN without having to roll out a full IPSec based VPN solution.TinyApps always point to good stuff.
Two recent security related posts from them -
* SecureRDP is a free tool to add an extra layer of security to RDP. You can accept/deny incoming RDP connections by IP, Mac address or Host name. Handy for locking down server administration only to admin PC's.
* TinyApps points to SSLExplorer which is an open-source SSL VPN solution. A two part setup guide is available form Toms Hardware - part 1 and part 2. Looks like a really really handy way of offering secure access to a small internal LAN without having to roll out a full IPSec based VPN solution.
]]>rajEndpoint Security2009-05-24T19:36:00+13:002006-08-28T09:58:00+13:00tag:r-log,2006:r-log.489Endpoint Security checking is going to be huge as more and more people start connecting into their corporate LAN's remotely (actually even in a wired LAN its pretty important given the proliferation of trojans, spyware and malicious hackers).
Essentially EP lets the network administrator define certain conditions that must be met before being able to participate on the corporate LAN. In some case the tools will even allow direct you towards a quarantined location which will explain why the connection was refused and assist you to rectify the problem. For example an EP tool can direct an authorised client that fails post-connection criteria to a web page with links to security patches, antivirus software and firewall tools - it can even offer up different LAN access profiles (eg webmail or terminal services but not a direct connection).
* Wikipedia on Endpoint Security
* Wikipedia on Checkpoint Integrity a centralised EP system
* Nice flowchart tool to design EP access control for Firepass
* Flash Demo of CheckPoints Interspect appliance - actually more of an IDS/IDP (Intrudion detection sensor / Intrusion detection and prevention) system which works hand in hand with end-point solutions
* McAfee have their Host Intrusion Protection (PDF) system which integrates into their ePO framework
* Juniper have a cool Flash Demo of their IDP product (unfortunately you need to register to see it)
* ISS (who've been bought out by IBM) have Proventia - it looks like they also bought Black Ice Defender (fyi - Checkpoint bought Zone Alarm)
Security seems to be a serious growth industry given the trail of acquisitions and mergers in the small group of companies listed above.
Endpoint solutions seem to rely heavily on application and system profiling - if the app hasn't been approved or doesn't comply with a known checksum it won't run. This means someone needs to keep a constant eye on what applications and patches are likely to be installed and approve them before the endpoint solution takes remedial action. Ideal for a restricted environment but trickier for a more open environment.
Simple options that can be implemented immediately (without spending on new tools) include:
* ensuring appropriate desktop access
* centrally managed anti-virus / patching / desktop policy restrictions
* mac address restrictions on dhcp / switch ports (depends on the mobility of the client)
Essentially EP lets the network administrator define certain conditions that must be met before being able to participate on the corporate LAN. In some case the tools will even allow direct you towards a quarantined location which will explain why the connection was refused and assist you to rectify the problem. For example an EP tool can direct an authorised client that fails post-connection criteria to a web page with links to security patches, antivirus software and firewall tools - it can even offer up different LAN access profiles (eg webmail or terminal services but not a direct connection).
* Nice flowchart tool to design EP access control for Firepass
* Flash Demo of CheckPoints Interspect appliance - actually more of an IDS/IDP (Intrudion detection sensor / Intrusion detection and prevention) system which works hand in hand with end-point solutions
* McAfee have their Host Intrusion Protection (PDF) system which integrates into their ePO framework
* ISS (who've been bought out by IBM) have Proventia - it looks like they also bought Black Ice Defender (fyi - Checkpoint bought Zone Alarm)
Security seems to be a serious growth industry given the trail of acquisitions and mergers in the small group of companies listed above.
Endpoint solutions seem to rely heavily on application and system profiling - if the app hasn't been approved or doesn't comply with a known checksum it won't run. This means someone needs to keep a constant eye on what applications and patches are likely to be installed and approve them before the endpoint solution takes remedial action. Ideal for a restricted environment but trickier for a more open environment.
Simple options that can be implemented immediately (without spending on new tools) include:
* mac address restrictions on dhcp / switch ports (depends on the mobility of the client)
]]>rajVMWare Based Security Tools2009-05-24T19:36:00+13:002006-07-21T10:42:00+13:00tag:r-log,2006:r-log.494Came across Stratagaurd and OSSIM - Open Source Security Information Management which both offer VMWare images for their tools.
I'll have to try them out and see what they offer.Stratagaurd and OSSIM - Open Source Security Information Management which both offer VMWare images for their tools.
I'll have to try them out and see what they offer.
]]>rajComputer Forensics (Updated 04/05/05)2009-05-24T19:36:00+13:002004-04-14T20:11:00+13:00tag:r-log,2004:r-log.490The Sleuthkit lets you carry out an 'exam' on a comprimised or suspect system.
Dana Epp has written about performing a forensic exam on a comprimised Linux system.Sleuthkit lets you carry out an 'exam' on a comprimised or suspect system.