http://www.phigmov.co.nz/ Another Website About Stuff en rpatel@phigmov.co.nz (Raj) Copyright 2016 PivotX - 2.3.6 Sun, 03 Jan 2016 13:13:56 +1300 60 http://www.phigmov.co.nz/?e=818 http://www.phigmov.co.nz/?e=818#comm
People write about some interesting stuff -

How the Presidents Blackberry is secured, and from the same site, How Air Force Ones phones work. ]]> 818@localhost/ security Sat, 26 Jul 2014 21:21:00 +1300 Raj http://www.phigmov.co.nz/?e=697 http://www.phigmov.co.nz/?e=697#comm running out of fresh water, Australia appears to be about to implement its own Great Firewall just like China.

So i suspect things like TOR, private VPN and external public Proxies are going to become really popular.

On a related note the UK seems to be going surveillance mad - so 'Go Banksy!' ]]> 697@localhost/ security Sat, 25 Oct 2008 18:59:00 +1300 Raj http://www.phigmov.co.nz/?e=667 http://www.phigmov.co.nz/?e=667#comm Exploiting Network Cards.

Be afraid if you run a firewall on x86 hardware! ]]> 667@localhost/ security Fri, 16 May 2008 19:20:00 +1300 Raj http://www.phigmov.co.nz/?e=491 http://www.phigmov.co.nz/?e=491#comm

• Hardening Checklist for Windows 2003


• Hardening Checklist for RedHat Linux


• Hardening Checklist for Solaris 10

Also if you're looking for guidelines or templates to formulate your own IT Policy they have some excellent documents:

• ITS Policies


• Data Classification Guidelines


• Change Management

]]> 491@localhost/ security, tech Mon, 30 Oct 2006 16:08:00 +1300 raj http://www.phigmov.co.nz/?e=495 http://www.phigmov.co.nz/?e=495#comm McAfee SiteAdvisor - installs and tells you wether a site is 'good' or 'bad' based on the amount of mail you'll get if you sign up for its services along with the sites affiliates, downloaded cookies and reviews. It also parses search engine results and provides a summary for each hit relating to wether its a good or badly behaved site.

Pretty cool. Possibly a must-have for all home and corporate browsers.

You do wonder if it reports back on your browsing habits to McAfee ? Also how long will it remain free ? ]]> 495@localhost/ security, tech Thu, 19 Oct 2006 12:24:00 +1300 raj http://www.phigmov.co.nz/?e=493 http://www.phigmov.co.nz/?e=493#comm TinyApps always point to good stuff.

Two recent security related posts from them -

* SecureRDP is a free tool to add an extra layer of security to RDP. You can accept/deny incoming RDP connections by IP, Mac address or Host name. Handy for locking down server administration only to admin PC's.

* TinyApps points to SSLExplorer which is an open-source SSL VPN solution. A two part setup guide is available form Toms Hardware - part 1 and part 2. Looks like a really really handy way of offering secure access to a small internal LAN without having to roll out a full IPSec based VPN solution. ]]> 493@localhost/ security, tech Tue, 19 Sep 2006 09:53:00 +1300 raj http://www.phigmov.co.nz/?e=489 http://www.phigmov.co.nz/?e=489#comm
Essentially EP lets the network administrator define certain conditions that must be met before being able to participate on the corporate LAN. In some case the tools will even allow direct you towards a quarantined location which will explain why the connection was refused and assist you to rectify the problem. For example an EP tool can direct an authorised client that fails post-connection criteria to a web page with links to security patches, antivirus software and firewall tools - it can even offer up different LAN access profiles (eg webmail or terminal services but not a direct connection).

* Wikipedia on Endpoint Security

* Wikipedia on Checkpoint Integrity a centralised EP system

* Nice flowchart tool to design EP access control for Firepass

* Flash Demo of CheckPoints Interspect appliance - actually more of an IDS/IDP (Intrudion detection sensor / Intrusion detection and prevention) system which works hand in hand with end-point solutions

* McAfee have their Host Intrusion Protection (PDF) system which integrates into their ePO framework

* Juniper have a cool Flash Demo of their IDP product (unfortunately you need to register to see it)

* ISS (who've been bought out by IBM) have Proventia - it looks like they also bought Black Ice Defender (fyi - Checkpoint bought Zone Alarm)

Security seems to be a serious growth industry given the trail of acquisitions and mergers in the small group of companies listed above.

Endpoint solutions seem to rely heavily on application and system profiling - if the app hasn't been approved or doesn't comply with a known checksum it won't run. This means someone needs to keep a constant eye on what applications and patches are likely to be installed and approve them before the endpoint solution takes remedial action. Ideal for a restricted environment but trickier for a more open environment.

Simple options that can be implemented immediately (without spending on new tools) include:

* ensuring appropriate desktop access

* centrally managed anti-virus / patching / desktop policy restrictions

* mac address restrictions on dhcp / switch ports (depends on the mobility of the client) ]]> 489@localhost/ security, tech Mon, 28 Aug 2006 09:58:00 +1300 raj http://www.phigmov.co.nz/?e=494 http://www.phigmov.co.nz/?e=494#comm Stratagaurd and OSSIM - Open Source Security Information Management which both offer VMWare images for their tools.

I'll have to try them out and see what they offer. ]]> 494@localhost/ security, tech Fri, 21 Jul 2006 10:42:00 +1300 raj http://www.phigmov.co.nz/?e=490 http://www.phigmov.co.nz/?e=490#comm Sleuthkit lets you carry out an 'exam' on a comprimised or suspect system.

Dana Epp has written about performing a forensic exam on a comprimised Linux system. ]]> 490@localhost/ security, tech Wed, 14 Apr 2004 20:11:00 +1300 raj