Wednesday, February 10, 2010
201 CMR 17 and Intrusion Detection
Designed to protect MA consumers from identity theft, 201 CMR 17 is scheduled to take effect on 3/31/2010. One of the provisions of this law states that a reasonable attempt must be made to detect unauthorized access - such as failed logins to a Windows server or domain. If you've ever looked at Windows event logs, you know that reviewing them on a frequent basis isn't practical. One of our recommended solutions is OSSEC, an excellent open source intrusion detection system developed by Daniel Cid and now owned by Trend Micro. Pretty quick and easy to set up, simple to maintain, OSSEC actually contains extensive functionality well beyond the scope of this quick article. Regarding the requirements of the law, what OSSEC can do is alert (via email) on Windows multiple failed logins, account lockouts, and many other security related events. As of today, the server must be installed on Linux (or similar, but not Windows) while the agent goes on AD controllers and any other important systems. A little tuning, and voila! Compliance with the requirement. There's lots of documentation at the OSSEC site, as well as many examples all over the web - thousands of companies are using it. Of course, we'd welcome the opprtunity to help - just drop us an email or give us a call (contact info).
Saturday, March 8, 2008
Router and Firewall Security Assessment
Excellent tool for parsing router and firewall config files, been meaning to spread the word for a while. From the author -
"nipper is a Network Infrastructure Configuration Parser. nipper takes a network infrastructure device configuration, processes the file and details security-related issues with the configuration together with detailed recommendations. nipper was previous known as CiscoParse. nipper currently supports Cisco switches (IOS), Cisco Routers (IOS), Cisco Firewalls (PIX/ASA/FWSM) and Juniper NetScreen (ScreenOS). Output is in HTML, Latex, XML and Text. Encrypted passwords can be output to a John-the-Ripper file for strength testing."
http://www.titania.co.uk/nipper.php
This tool is mainly for security geeks - YMMV.
"nipper is a Network Infrastructure Configuration Parser. nipper takes a network infrastructure device configuration, processes the file and details security-related issues with the configuration together with detailed recommendations. nipper was previous known as CiscoParse. nipper currently supports Cisco switches (IOS), Cisco Routers (IOS), Cisco Firewalls (PIX/ASA/FWSM) and Juniper NetScreen (ScreenOS). Output is in HTML, Latex, XML and Text. Encrypted passwords can be output to a John-the-Ripper file for strength testing."
http://www.titania.co.uk/nipper.php
This tool is mainly for security geeks - YMMV.
2008 Google Communications Intelligence Report
Interesting read - as we've also observed, spam volume and threats are rapidly rising.
http://www.google.com/a/help/intl/en/security/pdf/cir_08.pdf
Whaddaya know, they recommend Google Apps and Postini - but I can't deny their point.....
http://www.google.com/a/help/intl/en/security/pdf/cir_08.pdf
Whaddaya know, they recommend Google Apps and Postini - but I can't deny their point.....
Friday, March 7, 2008
This time for sure ;-)
OK. I'm a bum- start a blog and then ignore it. Going to be more active now, lots on my mind.
Saturday, March 17, 2007
PostgreSQL Information Disclosure and Denial of Service Vulnerabilities
PostgreSQL is prone to information-disclosure and denial-of-service vulnerabilities; fixes are available.An attacker can exploit these vulnerabilities to cause the backend database to crash and reveal sensitive information. This may lead to other attacks. These issues affect versions 8.0, 8.1, and 8.2. The second issue described also affects version 7.3 and 7.4.
Patches are available - a good reference is the following page on SecurityFocus:
http://www.securityfocus.com/bid/22387/solution
Patches are available - a good reference is the following page on SecurityFocus:
http://www.securityfocus.com/bid/22387/solution
Thursday, March 15, 2007
Logon Warning Banner
I've been asked many times for a logon banner, so here's my favorite:
WARNING!!!This system is solely for the use of authorized users for official purposes. Unauthorized access or use of this computer system may subject violators to criminal, civil, and/or administrative action. You have no expectation of privacy in its use and to ensure that the system is functioning properly, individuals using this computer system are subject to having all of their activities monitored and recorded by system personnel. Use of this system evidences an express consent to such monitoring and agreement that if such monitoring reveals evidence of possible abuse or criminal activity, system personnel may provide the results of such monitoring to appropriate officials.
WARNING!!!This system is solely for the use of authorized users for official purposes. Unauthorized access or use of this computer system may subject violators to criminal, civil, and/or administrative action. You have no expectation of privacy in its use and to ensure that the system is functioning properly, individuals using this computer system are subject to having all of their activities monitored and recorded by system personnel. Use of this system evidences an express consent to such monitoring and agreement that if such monitoring reveals evidence of possible abuse or criminal activity, system personnel may provide the results of such monitoring to appropriate officials.
802.11n Draft 2.0 gets thumbs up from Working Group
Draft 2.0 of the 802.11n spec has been approved by the 802.11 Working Group, moving the increasingly popular wireless networking technology a step closer to its final form.
read more | digg story
read more | digg story
Subscribe to:
Posts (Atom)