November 2009 – Page 2

News

Review of EventTracker 6.4 in November Network Computing Issue

November 16, 2009
Andrew Hay
No Comments

My recent review of Prism Microsystems’ EventTrack 6.4 update has been published in the November issue of Network Computing. You can download the story for free here – http://www.informationweek.com/nwcdigital/nov09/index.jhtml.

Enjoy 🙂

News

Upcoming Webcast: The Top 5 Fastest ROI Projects Around Identity Assurance

November 5, 2009
Andrew Hay
No Comments

I’ve been asked to participate in an upcoming SANS Ask the Expert Webcast entitled The Top 5 Fastest ROI Projects Around Identity Assurance with Benjamin Cunningham from IBM. Here are the details:

Webcast Overview:

The Top 5 Fastest ROI Projects Around Identity Assurance
Friday, December 11 at 1:00 PM EST (1800 UTC/GMT)
Featuring: Andrew Hay and Benjamin Cunningham

With budgets being frozen across all industries, executives are finding it increasingly difficult to justify new capital expenditures. Security is one area in which organizations know they cannot afford to reduce spending without increasing risk. In this seminar, we’ll discuss the top 5 identity assurance projects that will give your organization a return on investment (ROI) in the shortest amount of time possible.

You can sign up for the webcast here (it’s free): https://www.sans.org/webcasts/-top-5-fastest-roi-projects-around-identity-assurance-92943

HowTo's

Configuring a Promiscuous Interface on Ubuntu 9.04

November 5, 2009
Andrew Hay
No Comments

If you’ve got a bad memory (like me) you might some day find yourself searching for a way to configure an interface on your Ubuntu 9.04 system to use as a sniffer interface. Here is how you do it:

1) Edit the interfaces file:

you@ubuntu:~$ sudo vim /etc/network/interfaces [sudo] password for you: enter your password

2) Go to the last line of your interfaces file and add the following:

iface eth1 inet manual up ifconfig $IFACE 0.0.0.0 up up ip link set $IFACE promisc on down ip link set $IFACE promisc off down ifconfig $IFACE down

3) Save and exit the file:

:wq

4) Bring your newly configured interface up:

you@ubuntu:~$ sudo ifup eth1

5) Check your interface and look for PROMISC:

you@ubuntu:~$ sudo ifconfig eth1 eth1 Link encap:Ethernet HWaddr 00:0c:29:bb:3a:cc inet6 addr: fe80::20c:29ff:febb:3acc/64 Scope:Link UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1 RX packets:31011 errors:0 dropped:0 overruns:0 frame:0 TX packets:10 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:4973602 (4.9 MB) TX bytes:796 (796.0 B) Interrupt:16 Base address:0x2080

Now start snort, tcpdump, or whatever you want to use to start sniffing traffic using your newly configured promiscuous interface.

Month: November 2009