Suggested Blog Reading – Monday September 24th, 2007

ReadMake sure you catch my SANS “Ask the Expert” WebCast tomorrow! 🙂

Here is the list:
De-perimeterization is dead – Well said 🙂

Let me go on record now. The perimeter is alive and well. It has to be. It will always be. Not only is the idea that the perimeter is going away wrong it is not even a desirable direction. The thesis is not even Utopian, it is dystopian. The Jericho Forum has attempted to formalize the arguments for de-perimeterization. It is strange to see a group formed to promulgate a theory. Not a standard, not a political action campaign, but a theory. Reminds me of the Flat Earth Society.

2007 Top Vulnerable Vendors? – Is your company on this list?

New IBM research shows that five vendors are responsible for 12.6 percent of all disclosed vulnerabilities.

Not surprising: In the first half of 2007, Microsoft was the top vendor when it came to publicly disclosed vulnerabilities. Likely surprising to some: Apple got second place.

IBM Internet Security Systems’ X-Force R&D team released its 2007 report on cyber attacks on Sept. 17, revealing that the top five vulnerable vendors accounted for 12.6 of all disclosed vulnerabilities in the first half of the yearor 411 of 3,272 vulnerabilities disclosed.

Mobile Phone Forensic Course Available From Guidance Software – Wow, this would be a great course to take. I’ve always been curious about the world of cell forensics.

This mobile phone forensic course is intended for law enforcement officers, computer forensic examiners, corporate and private investigators, and network security personnel. Participants may have minimal computer skills and may be new to the field of mobile phone forensics. Ideally, students should own or have access to EnCase(r) Forensic Edition and the Neutrino mobile phone acquisition device.

The Next Phase in Patching – I like the idea of the “central update console” but will Microsoft pay for the creation and maintenance of such a service out of the goodness of their hearts? I have my doubts.

Here is my solution: Microsoft needs to come up with a Central Update Console that software and driver developers can hook to configure automatic updates. They already provide this type of feature through the “Add/Remove Programs” console. Good developers utilize this to help users and administrators manage the software that is installed on their systems. How hard would it be to come up with a solution that other developers could hook to help with centralizing the management of updates and provide a significant positive impact on the overall security of every computer on the Interweb? Although the design, development, testing, implementation, and maintenance of this project would be challenging, I am willing to be that this would be a small project in the grand scheme of Microsoft OS development. They don’t need to take every software vendor into consideration, they just need to come up with one method all of them could use. Once a system is developed software developers can start modifying their products to hook the console. They wouldn’t need to take out their current auto-update mechanism, rather, they could leave it in place. This is how the “Add/Remove Programs” console works. Software developers have not removed the mechanism to uninstall from their software, rather, they have placed hooks in the “Add/Remove Programs” console that calls their uninstall and repair mechanism. Users and admins who prefer a particular method are all satisfied.

NSA to Become America’s Firewall – Is this a good thing or a bad thing? What are your thoughts?

The National Security Agency is preparing to take over the job of monitoring the Internet and other domestic communication networks, a massive expansion of the agency’s defense duties into networks used routinely by American citizens, according to a story by Siobhan Gorman of the Baltimore Sun.

LORCON (Loss Of Radio CONnectivity) 802.11 Packet Library – Hmm..low cost way to disrupt wireless communication?

The LORCON packet injection library provides a high level interface to transmit IEEE 802.11 packets onto a wireless medium. Written for Linux systems, this architecture simplifies the development of 802.11 packet injection through an abstraction layer, making the development of auditing and assessment tools driver- independent.

Using LORCON, developers can write tools that inject packets onto the wireless network without writing driver-specific code, simply by asking the user to identify the driver name they are currently using for a specified interface.

Tactical Network Security Monitoring Platform

Looks like a cool rig. I wonder what the pricing is like?
I am working both strategic and tactical network security monitoring projects. On the tactical side I have been looking for a platform that I could carry on a plane and fit in the overhead compartment, or at the very least under the seat in front of me. Earlier in my career I’ve used Shuttle and Hacom boxes, but I’m always looking for something better.

Five routers on your laptop – I’ve never heard of this before. I’m certainly going to try it out.

In case you haven’t heard about Dynamips/Dynagen yet: Dynamips emulates a variety of IOS platforms (from 2600 to 7200) on Intel platform and Dynagen provides friendlier user interface (more than friendly enough for me, probably too cryptic for GUI addicts). I’ve seen Dynamips a year or two ago, checked what it can do and decided to stay with the real routers in a remote lab environment. In the meantime, the software has improved drastically, allowing you to test all sorts of IOS features and topologies, as long as you don’t expect QoS to work or real-time features to act in real-time (simulation is, after all, a bit slower than the real life).

A Military Grade Encrypting Self-Destructing USB Drive Makes A Great Gift! – Good stocking stuffer 🙂

“IronKey Inc. this week introduced a secure USB thumb drive designed for sensitive government, military and enterprise users. The vendor’s IronKey: Enterprise Special Edition drive is available in 1 GB, 2 GB and 4 GB configurations and features built-in hardware encryption for security of stored data.

Accessing data on the drive requires a password that is verified by hardware, and it features a self-destruct sequence that protects data if an unauthorized user tries to unlock or tamper with the device, according to IronKey, of Los Altos, Calif.

The Enterprise Special Edition drive also performs dynamic drive mapping to work in environments with network-mapped drives and it forgoes features, including Firefox, Secure Sessions, Secure Updates and the IronKey Password Manager, found on other IronKey drives that could compromise security or violate security requirements for secure installations.

For military use, the device has been tested for and passed the MIL-STD-810F military waterproof standards. It was also designed to resist being tampered with or disassembled by hackers, the vendor said.”

Scroll to top