Wow…June already.
Here’s the list:
Cisco IPS Signature Engines – Good writeup on how Cisco IPS signatures work.
A signature engine is a component of the Cisco IPS that is designed to support many signatures in a certain category. An engine is composed of a parser and an inspector. Each engine has a set of parameters that have allowable ranges or sets of values.
A little about my book… – Don’t worry Harlan…you’re not even coming close to the number of “as I said in my book” references that Richard Bejtlich makes 🙂
Many times, in forums (forii??) or email, someone will see me say “…as I mentioned in my book…” or “…as detailed in my book…” and I’ve received comments that some folks have been turned off by that. Okay, I can go with that, as I dislike sales pitches myself. So why do I say something like that?
Sguil – Intuitive GUI for Network Security Monitoring with Snort – The best open tool for dealing with Snort alerts.
Sguil (pronounced sgweel) is probably best described as an aggregation system for network security monitoring tools. It ties your IDS alerts into a database of TCP/IP sessions, full content packet logs and other information. When you’ve identified an alert that needs more investigation, the sguil client provides you with seamless access to the data you need to decide how to handle the situation. In other words, sguil simply ties together the outputs of various security monitoring tools into a single interface, providing you with the most information in the shortest amount of time.
G2000 Logjam Continues To Spur Log Management Says SANS Survey – I’ll have to book some time to watch the webcast.
We teamed up with the SANS Institute again this year to survey the G2000 on the trends driving log management and intelligence. You can dowload a copy of the preliminary findings of the 2007 Log Management Survey or sign up to attend a webcast presentation of the results with SANS on June 6th.
These three day work weeks are fantastic! I’ve taken vacation tomorrow just to chill out before I head to Houston and boy am I looking forward to it.
Here’s the list:
Storage Array for your Splunk datastore – Oh how I wish I had one of these.
New Hotness: (Sun’s new “Low Cost Array” 25×0 series)
Announcing the Information Protection Assessment Toolkit (IPAT) – I suspect, based on the presenter, that this would be a very good program.
The Information Protection Assessment Toolkit is a process that helps you identify security issues and develop an information protection plan. It is the first step in protecting your organization from a breach. The launch program begins June 19th.
IPAT is unique in that it includes every member of your organization in the process of protecting information. Many of us already understand that we need to do this but struggle as to how. IPAT shows you how. Through the IPAT process you will more accurately identify key details about your information and clarify where it exists in your organization. It involves every person and prepares them to be more receptive to awareness training. The results are transformative. I’ll share a story with you next week.
Webcast Today – SIEM Shifts to Log Management – I wish I had more advanced notice of this Webcast so I could have made arrangements to participate.
LogLogic roundtable discussion on log management and intelligence is today. The panel will discuss the shift in the Security Information and Event Management (SIEM) paradigm as it moves toward log management. Topics covered in the panel include how leading enterprises use log management, when they use it, and some pragmatic approaches to deploying it enterprise wide and across different geographies.
An inside look at a targeted attack – Good analysis of a targeted attack.
With targeted attacks becoming regular news items, it might be a good time to have a closer look at a sample of a somewhat older one. Recently I received a potentially malicious e-mail that was originally distributed early 2006. After one year, the dropper, a Word document exploiting MS05-035 was recognized by only 9 out of VirusTotal’s 36 AVs as malicious.
This attack was clearly targeted through the scope of its distribution, limited to members of a specific organization, and the purported/spoofed source and content of the e-mail message. Each of these taken together created a valid context in which the message was interpreted by the recipient.
Auditing Secure Shell – Part I – This should be a good series if the first post is any indication of what is to come 🙂
This blog entry outlines a wide variety of audits and monitoring techniques that can be used to keep watch over the Secure Shell applications in use on your network. Examples for auditing SSH client and server configurations, vulnerabilities and logs will be discussed using Nessus, the Passive Vulnerability Scanner, the Security Center and the Log Correlation Engine.
Google Acquires Web Security Startup GreenBorder – This is all over the internet and I had many choices when referencing an article that spoke of it but I choose the DarkNet one because it was simple and to the point.
GreenBorder, a venture-backed startup founded in 2001 and based in Mountain View, California, where Google is also headquartered, offers security software that sets up temporary, virtual sessions each time a computer users surfs the Web, then discards the resulting data once the user is finished surfing.
The software allows technicians to insulate corporate networks so that malicious code hidden inside e-mail, instant messages or Web sites is automatically detected and contained.
Anton Security Tip of the Day #10: Email Tracking Through Logs – Good articles like this keep me coming back to Anton’s blog every day 🙂
Email tracking – oh, need I say more? 🙂 A nightmare for privacy fans – an “evil” weapon of lawyers and HR. Email tracking raises concerns that vary from a severe inability to do it all the way to having too much ability to do it. In this tip, we will focus on the following scenario: your boss says she just sent you an email; you never received it. What’s the story?
I’ve got everything booked for my trip to Houston and I’m looking forward to the BBQ I plan on enjoying 😛
Here’s the list:
Soloway: Another spammer bites the dust – Chalk one up for the good guys!
A notorious spammer once sued by Microsoft was arrested in Seattle this morning, a week after a federal grand jury indicted him under seal for allegedly illegal — and prolific — spamming.
NIST readies guidance on IT security assessments – If you’ve got comments you have until July 31st to make them.
The National Institute of Standards and Technology has finished the third and possibly final draft of its revised guidelines for assessing the adequacy of IT security. Special Publication 800-53A, Guide for Assessing the Security Controls in Federal Information Systems, will be released for comment June 4.
Germany declares hacking tools ‘verboten’ – This is terrible because there is no clear indication of what a “hacking tool” is.
Updates to Germany’s computer crime laws banning so-called “hacking tools” have been criticised as ill-considered and counterproductive.
The revamp to the German criminal code is designed to tighten definitions, making denial of service attacks and attempts to sniff data on third-party wireless networks, for example, clearly criminal. Attacks would be punishable by a fine and up to 10 years imprisonment.
A New Vector For Hackers — Firefox Add-Ons – Something to look out for.
Makers of some of the most popular extensions, or “add-ons,” for Mozilla’s Firefox Web browser may have inadvertently introduced security holes that criminals could use to steal sensitive data from millions of users.
By design, each Firefox extension — any of a number of free software applications that can be added to the popular open-source browser — is hard-coded with a unique Internet address that will contact the creator’s update server each time Firefox starts. This feature lets the Firefox browser determine whether a new version of the add-on is available.
IPS app available for free – I look forward to testing this out.
Network managers looking for an inexpensive way to better secure traffic crossing their nets might want to check out a free application from Intoto.
Intoto, a provider of security software for enterprise network equipment and CPE gateways, last week at Interop, introduced a stand-alone intrusion-prevention system (IPS) application that the company says will help small and midsize companies looking for enterprise-scale security tools.
Web application scan-o-meter – Another document to put on your “to-read” list.
The new OWASP Top 10 2007 has recently be made available. Excellent work on behalf of all the contributors. As described on the website, “This document is first and foremost an education piece, not a standard.”, and it’ll do just that. Educate. Last week I provided project team with updated text (unpublished) that more accurately describes the current capabilities of “black box” automated scanners in identifying the various issues on the list. The exercise provided ideas for the remainder of this blog post; estimating how effective scanners are at finding the issues organized by OWASP Top-10.