Security Basics

How to detect process using ICMP

Thu, 19 Nov 2009 23:59:07 GMT

Posted by Tony Raboza on Nov 19

Hi

I have a Linux server which I now is sending out strange ICMP traffic
to two hosts. My IDS (snort) told me that its a stacheldraht-dos. I
have checked on the server using tcpdump and indeed it is sending out
ICMP. Now, how do I found out which process is doing this? lsof so
far has not been successful.

Thanks.

Best,
Tony

------------------------------------------------------------------------
Securing Apache Web Server with thawte...

Re: How do I find out what hop is not forwarding traffic on a specific port?

Thu, 19 Nov 2009 23:53:41 GMT

Posted by Alex Fiuvertiz on Nov 19

Perhaps firewalk will solve that question? I'm not sure I completely
understood the problem, but if you're having a firewall/router in
front of a network and wants to map the firewall's rulebase than
perhaps firewalk could help.
But you will have to know a host on the inside network of the filtering devices.
The method will only work at level 3 firewalls/filtering devices.
You let firewalk calculate the TTL so that TTL is 1 when you get to
the...

Methodology

Thu, 19 Nov 2009 23:51:14 GMT

Posted by Alex Fiuvertiz on Nov 19

Hi Security-basics,

It seems like there are a lot of different methodologies out there
when it comes down to perfoming penetration tests.
But how often are people/pentesters out there use the
industry/official "standards" (se example list below)?
Are you/they using them mostly for the client's sake when writing
reports and to make sure you don't overlook anything?

Or are you ignoring them totally and just hack away and have your own...

Detecting Mutating Javascript

Wed, 18 Nov 2009 16:03:08 GMT

Posted by TSS on Nov 18

Hi,

I'm looking for people working on detecting mutating Javascript. I've
been working on detecting Javascript encoded in whitespace and
have come up with a few ideas so far:
* Signature detection on the decoder function (lame)
* Analyzing the whitespace to try to find encoded information (decent,
but difficult because there could be so many encoding schemes)
* Building character frequency maps from non-malicious Javascript
libraries and...

Re: Windows Service Accounts

Tue, 17 Nov 2009 20:01:20 GMT

Posted by Henri Salo on Nov 17

I would start by making a policy to expire passwords.

---
Henri Salo

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase,
install...

machine authentication on Cisco ACS

Tue, 17 Nov 2009 16:04:50 GMT

Posted by marco gregorio on Nov 17

Hi,

Does wpa_supplicant supports machine authentication? If so, how to
configure it?

More specifically, in Cisco's ACS, there is a setting called "Enable
machine access restrictions". Does wpa_supplicant support that?

Thanks,

Marco

Re: Two Factor - Virtual Private Network

Mon, 16 Nov 2009 16:33:29 GMT

Posted by Nick Owen on Nov 16

As for the last question, there are a number of options, though the
easiest will probably not be a 100% open source solution, because you
are going to an MS authentication server. What you really want to think
about is what VPN solutions work with what two-factor authentication
solutions using the authentication protocols in my environment.

I discussed this strategy in a recent webinar, which you can see here:...

WAP's with guest access and compatible with IAS

Mon, 16 Nov 2009 16:15:48 GMT

Posted by Murad Talukdar on Nov 16

Hi all,
Looking for some decent but cost consciously priced WAPs for a small office
training room.
I'm hoping to get one which has IAS/RADIUS compatible so that it can be used
in conjunction with AD.
But, if it can also have some kind of guest access that would be great.

Otherwise, if this is a security risk, I will setup two, one on a DMZ for
guests and one on a separate VLAN for the in-house users.

I'm looking at the LinksysWAP 2000 initially...

Re: Security Incident Handling / Organization

Mon, 16 Nov 2009 16:12:32 GMT

Posted by Gleb Paharenko on Nov 16

Hi, Tony!

I suggest you to start from defining roles and assigning them to
personnel. It is a good practice for security incidents to form ad-hoc
team, which should include IT/helpdesk specialist for technical work
and some one from management, who has enough power for administrative
actions. Later you can allocate a dedicated persons for a roles. For
strategic IT security initiatives you might want to form a security
committee (board) in the...

Windows Service Accounts

Mon, 16 Nov 2009 16:09:52 GMT

Posted by Abo Sous on Nov 16

Hi list,

Part of my new job, I'm cleaning up the accounts (both AD and local)
in a windows environment (~2000+ in all). Getting to the local
services accounts, i wonder if you would have some remediation
approach to track such accounts, remove unused ones, and, at a later
stage (long term), to manage those which are hard coded in 3rd party
applications or that need to be remain in the environment.

thanks,
./as...

Doohickey of House:How to select fingerprint lock

Mon, 16 Nov 2009 16:05:57 GMT

Posted by we on Nov 16

Fingerprint Technologyis one of mature biometric technology, which moves to lock industry, brings big innovation for
traditional lock applications, to gain better life and security.

however,how to select a good Fingerprint door lock? there is some suggestions for your following up

1. check what type of doors in your house, find the right saddle for your horse, for example, wooden door inside
house, no need to select a big cylinder type...

RE: Rouge Wireless AP

Fri, 13 Nov 2009 18:58:55 GMT

Posted by Nick Duda on Nov 13

I know the OP is looking for cheap/free solutions, but we use Cisco Wireless LAN Controllers for rogue AP detection,
(auto/manual)containment, and WIPS. Works pretty good.

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Murda Mcloud
Sent: Thursday, November 12, 2009 5:53 PM
To: 'Steven Bonici'; security-basics () lists securityfocus com
Subject: RE: Rouge Wireless AP

How...

RE: Rouge Wireless AP

Fri, 13 Nov 2009 18:54:17 GMT

Posted by Erin Carroll on Nov 13

Ekahau Heat Mapper is a useful tool for building coverage maps &
triangulation that I've used with some success. www.ekahau.com

Re: Security Toolkit for dummies

Fri, 13 Nov 2009 18:21:30 GMT

Posted by n3td3v on Nov 13

It's not been removed, I found it http://www.securityfocus.com/brief/1034

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase,...

Re: Security Toolkit for dummies

Fri, 13 Nov 2009 18:13:55 GMT

Posted by Jay Vlavianos on Nov 13

Probably for the same reason it was removed as a torrent from various
sites - it is deemed too hot to deal with at the moment.

Considering it is one of the only software packages out there that was
completely designed for LEOs, it stands to reason that people fear M$
legal/cop smack down.

Why get the BSA involved for piracy when you can just let the LEOs you
create it for own the case? Even reporting that you reviewed it is an...