Suggested Blog Reading – Monday May 7th, 2007

ReadWhat a nice, relaxing weekend it was. I was fortunate enough to find time to catch up on some reading, do a little work around the house, and get the dog out to the dog park. We’re also supposed to have fantastic weather this week so the BBQ is going to be busy 🙂

Here’s the list for today:

Securing a RADIUS server – Good refresher for those who have been away from RADIUS configurations for a while.

For any corporate wireless infrastructure to remain secure, using 802.1X for authentication is a must – after all, it provides much more granular control of authentication credentials and can provide accounting for wireless LAN usage. Setting everything up can be a complex process fraught with choosing the right EAP type that both your clients and your RADIUS server supports in addition to putting in place the PKI infrastructure that some EAP types require. During this whole process one thing can often be overlooked – the security of the RADIUS server itself.

“Is your PC virus-free? Get it infected here!” – Didier sent me this on the weekend. I can’t believe how many people clicked the link!

Last fall, my attention got caught by a small book on Google Adwords at our local library. Turns out it’s very easy to setup an ad and manage the budget. You can start with a couple of euros per month. And that gave me an idea: this can be used with malicious intend. It’s a way to get a drive-by download site on the first page of a search result (FYI, I’ve reported on other ways to achieve this). So I started an experiment…

Hacker Files, Tools & Software Repository – leetupload.com – “dedicated as a repository for hacking programs for Windows and Linux”

This site is dedicated as a repository for “hacking” programs for Windows and Linux. Please note that hacking means nothing but tweaking or cleverly resolving a problem. Use the programs as you wish, but this site or its provider are not responsible in terms of how you use these programs, (i.e. for educational purposes only).

Admit It – Email is Broken – Fine…I admit it!

The Security Catalyst Community just released the results of their first survey titled “Five Minute Survey on Messaging Security.” Although the results are not surprising one thing did catch my eye and I had to write a response. In case you do not want to register for the Security Catalyst Community (although I recommend that you do) the following is the content of my rant. If you would like to see the survey, however, you will have to log into the community.

Unified Risk Management (URM) and the Secure Architecture Blueprint – Good read.

The point of URM is to provide a holistic framework against which one may measure and effectively manage risk. Each one of the blocks above has a set of sub-components that breaks out the specifics of each section. Further, my thinking on URM became the foundation of my exploration of the Security Services Oriented Architecture (SSOA) model.

The $100 Million InfoSec Budget – How would one get in on this spend-a-pa-looza anyway? 🙂

TJX’s breach-related bill could surpass $1 billion over five years — including costs for consultants, security upgrades, attorney fees, and added marketing to reassure customers, but not lawsuit liabilities — estimates Forrester Research, a market and technology research firm in Cambridge, Mass. The security upgrade alone could cost $100 million, says Jon Olstik, a senior analyst for Enterprise Strategy Group, a Milford, Mass., consulting firm, based on his conversations with industry experts and people familiar with the work being done.

How forensic tools recover digital evidence (data structures) – Excellent way to explain digital forensics to anyone with programming or development backgrounds.

In a previous post I covered “The basics of how digital forensics tools work.” In that post, I mentioned that one of the steps an analysis tool has to do is to translate a stream of bytes into usable structures. This is the first in a series of three posts that examines this step (translating from a stream of bytes to usable structures) in more detail. In this post I’ll introduce the different phases that a tool (or human if they’re that unlucky) goes through when recovering digital evidence. The second post will go into more detail about each phase. Finally, the third post will show an example of translating a series of bytes into a usable data structure for a FAT file system directory entry.

Clearing swap and hibernation files properly – Never too early to start some spring cleaning…

Unfortunately, your swap file knows a lot about you. Pretty much anything you do with your computer can leave traces there. Files you’ve opened and their contents, websites you’ve visited, online chats you’ve had, emails you’ve sent and received, virtually anything can end up archived in it for quite a long time – months, and even years. You can delete, even wipe securely, the original data, and still your swap file might tell on you by retaining duplicate traces of your computing behaviour. Forensics practitioners consider the swap file to be a real bonanza of data traces, because swapping is an automatic, background process that users – even privacy-conscious ones – can’t control completely.

MS Needs Your Credit Card Details? – I didn’t want to give them my money in the first place…now they want more?!? 😉

Recently we came across an interesting Trojan sample, detected by Symantec as Trojan.Kardphisher. The Trojan is not very technical – it’s really just another classic social-engineering attack. What makes it interesting is that the author has obviously taken great pains to make it appear legitimate.

Few Bits on Log Management Trends

– The one trend that I feel is going to blossom is integrating physical security logs into log management practices (UPS brownouts, fire sensors, etc.).
Some time before the recent SANS Log Management Summit, somebody asked me: What are the top three trends in the log analysis industry?

What’s new in SELinux for Red Hat Enterprise Linux 5? – Good overview of SELinux and what’s available in RHEL5.

For many people, security is a subject that they only think about after something bad happens. Like buying a home alarm system after your home has been burgled. Why? One reason is denial–after all, bad things always happen to someone else. Additional reasons may be the perception that security, especially in software, is too hard. People either don’t use it, or use it incorrectly1. Computer security may prevent you from performing tasks that you want to accomplish. Or the security is not all that effective.

Written by Andrew Hay


Website:

About


Devastatingly handsome CISO @DataGravityInc.

Security, DFIR, DevOps, cloud, business, and BBQ renaissance man of most trades (master of some).