Security Basics

Re: [OT] IP Address scheme for branch office

Thu, 26 Nov 2009 22:14:56 GMT

Posted by martin on Nov 26

Hi All

Thanks for the replies. In answer to your questions, we are actually
using Class A addresses globally (sorry, I didn't use the actual IP's
in my original plan). The EMEA region has been assigned one Class B
network to sub-divide amongst our offices. So unfortunately the
solutions above won't fit our requirements.

Of course, assigning a /21 subnet to each office will meet the IP
address requirements. But it won't give us a standard...

Re: Is snort an overkill for desktop only environment ?

Thu, 26 Nov 2009 22:10:22 GMT

Posted by martin on Nov 26

2009/11/26 martin <martiniscool () gmail com>:

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase,
install and use a thawte...

Re: adding another defence layer against viruses/worms

Thu, 26 Nov 2009 22:05:35 GMT

Posted by Mohamed Aymen SAHLI on Nov 26

Maybe,

-Using local firewalls on these branches to filter outbound traffic to the core

-Centralize the internet access to have all web traffic go through a
filtering appliance such as a Cisco Iron Port or a websense web
security.

-Have an antivirus solution deployed over the campus. I would
recommend Symantec EndPoint Protection as it provides good deal of
flexibility in what concerns remote sites ( replication, local group
updates provide...

RE: adding another defence layer against viruses/worms

Thu, 26 Nov 2009 22:01:11 GMT

Posted by Rivest, Philippe on Nov 26

Thats always an issue with IDS/IPS
Sadly I dont know any heuristic IDS/IPS, I know the overall purpose and
setup of these devices but I did not have the chance to play with any of
them yet.

sorry

Philippe Rivest - CEH, Network+, Server+, A+
TransForce Inc.
Internal auditor - Information security
Verificateur interne - Securite de l'information

8585 Trans-Canada Highway, Suite 300
Saint-Laurent (Quebec) H4S 1Z6
Tel.: 514-331-4417
Fax:...

RE: Dealing with Scans (portscans, vulnerability, etc.)

Thu, 26 Nov 2009 21:50:41 GMT

Posted by Holger Reichert on Nov 26

Hi,
just one hint regarding the topic of reporting this to a contact of the
company of where the attacking IP address is located.
In my times of defence system administration I decided to report major scans
to companies within my own country, which were the origin of attacks like
this. They were always very grateful, as they had not detected yet, that
they were hacked and their system used for scannings.

Kind regards
Holger Reichert
Holysword...

RE: adding another defence layer against viruses/worms

Thu, 26 Nov 2009 21:48:03 GMT

Posted by Juan B on Nov 26

Hi Philipe,

thanks for your respond !

the issue about heuristic IPS is that it will be in the lan so Im afraid of a high volume of false positives !
which heuristic IPS would you suggest for this task?

thanks

juan

--- On Wed, 11/25/09, Rivest, Philippe <PRivest () transforce ca> wrote:

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we...

Onapsis Research: SAP Security In-Depth Vol. I

Thu, 26 Nov 2009 21:45:43 GMT

Posted by Onapsis Research on Nov 26

Dear colleague,

The first volume of the Onapsis' SAP Security In-Depth publication has been released.

SAP Security In-Depth is a free technical publication leaded by the Onapsis Research Labs with the purpose of providing
specialized information about
the current and future risks in the SAP security field, allowing all the different actors (financial managers,
information security managers, SAP
administrators, auditors, consultants and the...

RE: adding another defence layer against viruses/worms

Thu, 26 Nov 2009 21:42:20 GMT

Posted by Rivest, Philippe on Nov 26

I believe your looking for a Heuristic IPS, also called behavioral IPS.
Which will take a look at the activities going on your network segment and
build a DB of normal activities (PLEASE ensure you are virus, worm, hacker
and problem free..). When you decide your DB is big enough, you stop it and
run all day-2-day activities against it. Any deviation will be flagged as
unauthorized and action will be taken.

This will allow you to block new...

RE: Is snort an overkill for desktop only environment ?

Thu, 26 Nov 2009 21:39:08 GMT

Posted by Rivest, Philippe on Nov 26

I'M not sure we are tackling this the right way. The question that was ask
is "is it overkill for a desktop only environment".

Every time you want to implement a control, you need to evaluate if you need
it (cost-benefit). If theres no need for IDS (H-N) at all, dont implement
them. But if you are the NSA and have (for what ever reason) a desktop only
environment in on of their branch/location, you MIGHT want to have these
controls....

Re: When SPAMMERS Pay You !

Thu, 26 Nov 2009 21:35:25 GMT

Posted by Shreyas Zare on Nov 26

Hi,

That mail came from paypal server, I did verify the mail headers and I
have that eCheck payment in my account too (although the entire amount
is deducted as fees, so I get nothing).

Regards,

Re: whole disk encryption on multi boot laptop

Thu, 26 Nov 2009 21:33:12 GMT

Posted by Alexander Klimov on Nov 26

As a professional paranoid I would not recommend using hardware FDE
for anything more than "keeping your kid sister out": you can never be
sure what backdoors are incorporated into them. In addition to
intentional backdoors (that, presumably, can be used only by the
authorities) you should be afraid of stupidity: there are known
examples (see Drecom) when a "128-bit AES hardware data encryption"
turns out to be a xor of every...

RE: adding another defence layer against viruses/worms

Wed, 25 Nov 2009 15:35:13 GMT

Posted by boaz.shunami on Nov 25

Hi Juan,

I would advise your Client to either:

1. Have solid policy as to what sites are accessible/are not accessible
from his branches (can be enforced with bluecoat and the like...)
2. Segregate the network the branches have access to (kind of DMZ) from
his LAN using FW.
3. Give low level permissions to the branches on the core.

My 2c...

Thanks,

Boaz

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce ()...

scalable syscall proxying

Wed, 25 Nov 2009 15:27:45 GMT

Posted by pleed on Nov 25

Hi there,

some weeks ago i ve read papers about syscall proxying.
When i was looking for implementations, i just found very specific
code (e.g. at ueberwall.org) that could be used for minimal application.

Thats why i thought it could be funny to write my own, scalable syscall
proxy.
My concept includes:
- using ptrace SYSEMU to catch a process syscalls instead of
overwriting libc wrappers
- providing an interface to enable/disable...

Re: Dealing with port/vulnerability scans

Wed, 25 Nov 2009 15:25:36 GMT

Posted by Michael Painter on Nov 25

Tony Raboza wrote:

Chapter 1. Getting Started with Nmap
Legal Issues

http://nmap.org/book/legal-issues.html

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how
it benefits your company and how your customers can tell if a site is secure. You will...

Re: Is snort an overkill for desktop only environment ?

Wed, 25 Nov 2009 15:24:15 GMT

Posted by pleed on Nov 25

Alexander Klimov wrote:

In my opinion NIDS on the host itself does not make the box more secure.
When deploying snort, you normaly want to know if there already has been a
_successful_ attack, because when connecting to the internet you re
always being
attacked but mostly without any affect to your system. In your case if
your desktop
is attacked successfully, i wouldnt trust the NIDS output anyway.
In addition snort is just helpfull if someone...