Suggested Blog Reading – Wednesday June 20th, 2007

ReadIn talks to write a book….stay tuned for more info 🙂

Here’s the list:

A Taxonomy of Information Systems Audits, Assessments and Reviews – from the SANS Information Security Reading Room

Security Implications of the Virtualized Data Center – from the SANS Information Security Reading Room

UserAssist Q&A – Didier answers questions from his recent talk on his UserAssist tool.

I was a speaker at the local ISSA chapter last Monday. My talk explained how to use my UserAssist tool for forensic analysis. The audience had great questions for me at the Q&A, some of which I want to share here.

Fake NetBIOS Tool – Simulate Windows Hosts – Another tool to add to the collection.

FakeNetbiosDGM sends NetBIOS Datagram service packets on port UDP 138 to simulate Windows hosts bradcasts. It sends periodically NetBIOS announces over the network to simulate Windows computers. It fools the Computer Browser services running over the LAN and so on.

FakeNetbiosNS is a NetBIOS Name Service daemon, listening on port UDP 137. It responds to NetBIOS Name requests like real Windows computers: for example ‘ping -a’, ‘nbtstat -A’ and ‘nbtstat -a’, etc.

The iPhone, our new security nightmare – I don’t see this being any more of a nightmare than an iPod or PDA. It’s use must be regulated as with any outside electronic device in your organization.

The dawn is near; the iPhone blitz lays prepared to turn your security team into zombies. On June 29th, your helpdesk systems will be inundated with whines to “make my new flashy iPhone work with my work PC”. No amount of beer, ThinkGeek gadgets or favors will get me or my team to kowtow.

DHS to Answer for Hundreds of Cyber Break-Ins – Looks like someone was looking for a patsy and they found one in Scott Charbo.

DHS CIO Scott Charbo is scheduled to appear tomorrow before a House Homeland Security subcommittee hearing entitled “Hacking the Homeland.” The panel follows a hearing April in which Commerce and State department officials recounted how hackers broke into and gained control over a number of systems in a series of targeted attacks. Since that testimony, committee leaders demanded answers to dozens of questions about DHS’s compliance on cyber-security standards, and whether it, too, had suffered similar break-ins.

MySQL Database Tuning Tips – Not specific to security but important none the less.

I came across a great article on MySQL performance tuning. It’s got a few very practical tips for examining the database settings and tweaking them to achieve the best performance.

“What’s this got to do with security”, you ask? As you know, Sguil stores all of it’s alert and network session data in a MySQL backend. If you monitor a bunch of gigabit links for any amount of time, you’re going to amass a lot of data.

I try to keep a few months of session data online at any given time, and my database queries have always been kinda slow. I learned to live with it, but after reading this article, I decided to check a few things and see if I could improve my performance, even a little.

Using Access Control Lists and authentication in Squid (Part II) – Part 2 in the series.

Now that everyone has mastered the basics of Squid, we are ready to have a little more fun. In case you missed it, we published Part I of this series recently. Access Control Lists (ACLs) allow Squid to do many interesting things in addition to just providing a caching proxy server. A properly configured set of ACLs can do things like:

  • restrict access to websites by IP address,
  • limit or block websites by name, such as www.badsite4kids.com2,
  • restrict web access by time and day, or
  • regular expression matches, such as .exe files or “porn” in URL names.

You can additionally add custom html error messages that let your users or children know why they have been blocked from the web.

I neglected to mention the cost for these services, as many commercial software programs provide these features too. It is free, you just need to configure it yourself. How’s that for some motivation to learn a little more advanced Squid?

Scroll to top