Nabble - Security Basics

Re: MASS EMAIL bypass BLACKLIST?

2009-12-04T05:08:51Z

http://en.wikipedia.org/wiki/Fast_flux

It's a fairly common practice for spammers.

Tremaine Lea
Network Security Consultant
Intrepid ACL
"Paranoia for hire"

AFH Security wrote:

> Hey guys,
>
> I was wondering if there was a way of bypassing blacklist and spam
> filters?
> I keep receiving emails from a domain and I've blocked the ip from my
> server as well as blacklisted the email but for some reason they keep
> getting through. I'm guessing they're using a DNS with a low ttll with
> a botnet? (Yes kinda like the movie Untraceable).
> That'd be awesome if I could get some form of a response.
>
>

Re: MASS EMAIL bypass BLACKLIST?

2009-12-04T04:03:10Z

Hello,

To verify this you would need to collect some emails and review the headers. It also depends on what your spam filter you are using as well.

Hope this helps,

Nathan
On Dec 1, 2009, at 6:30 PM, AFH Security wrote:

> Hey guys,
>
> I was wondering if there was a way of bypassing blacklist and spam filters?
> I keep receiving emails from a domain and I've blocked the ip from my server as well as blacklisted the email but for some reason they keep getting through. I'm guessing they're using a DNS with a low ttll with a botnet? (Yes kinda like the movie Untraceable).
> That'd be awesome if I could get some form of a response.
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> ------------------------------------------------------------------------
>

Windows Server without AD?

2009-12-04T02:45:27Z

Hello, I have come across a Windows Server 2003 system that has not had
AD (or DNS or DHCP) installed on it. It does have Terminal Services
installed (5 licenses) and there are local accounts setup for each user.
Single server for the organization.

What are the security implications of not having AD installed? I'm
assuming one would be that it'd be easy to reset the local Admin
password and gain access to the box.

One note is that all the clients in the network are Macs, using RDP to
access this Terminal Server.

Thanks in advance.

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

FW: [Full-disclosure] Facebook Police

2009-12-03T21:42:13Z

Has anyone tested the 'policy' in a court of law? Ie, someone has created a
'fake' profile and then been sued or prosecuted by Facebook for doing so?

They have been sued by real people who had their names used on the fake
profiles, though.
http://www.guardian.co.uk/technology/2008/jul/24/facebook.privacy

I'm sure people have made all manner of defamatory statements on Facebook
using the 'anonymity' of it.
Google were recently forced to reveal the name of an anonymous blogger.
http://www.smh.com.au/technology/technology-news/model-forces-google-to-reve
al-skank-bloggers-identity-20090819-epz0.html

If the police were to stray on the wrong side of the law(which never
happens...) in using the 'fake' identity then perhaps they could be
prosecuted.

I can't see that Facebook's policy actually, physically stops you from
creating a fake ID but if they were to find out that you had done so, then
they would be 'justified' in deleting your account, and if the real person
you have pretended to be finds out, then you could be in trouble.

If, however, I said my name was Zaphod Beeblebrox(apologies to Douglas
Adams) then would I get in trouble?
-----Original Message-----
From: listbounce@... [mailto:listbounce@...] On
Behalf Of Stephen Mullins
Sent: Wednesday, December 02, 2009 5:42 AM
To: Michael.Barber@...
Cc: netinfinity.securitylab@...; security-basics@...
Subject: Re: [Full-disclosure] Facebook Police

People assuming false identities on MY internet? Heaven forbid. I am
quite appalled by this drastic revelation.

On Fri, Nov 27, 2009 at 3:12 PM, <Michael.Barber@...> wrote:
> Interesting take on the situation... however if you extend internet to
real life your argument takes on a different tone. By your reasoning it
should be illegal for law enforcement to go undercover. If you assume it is
legal for a cop to go undercover ... then he/she is using a real name.
Therefore no laws or policy's are being broken.
>
> Just my 0.02.
>
>
>
> -----Original Message-----
> From: listbounce@... [mailto:listbounce@...]
On Behalf Of netinfinity

> Sent: Thursday, November 26, 2009 7:46 PM
> To: security-basics@...
> Subject: Re: [Full-disclosure] Facebook Police
>
> "Facebook policy requires the use of one's real name to sign up, but
> they let the police use fake names.."
>
> Sure the policy says that but a lot of people are changing their names
> on a daily basis (ok maybe not daily). And majority of those changes
> are
> just for fun, but never the less they are against the policy. What
> about those people? Only way to verify or check someone's name is
> through IP (ISP). And that can't be done
> by will.. It must have some legal grounds...
>
> Let me get to the point, I'm sure that police is violating some some
> kind of human rights or even law's (?)
>
> --
> netinfinity
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL

certificate. We look at how SSL works, how it benefits your company and how
your customers can tell if a site is secure. You will find out how to test,
purchase, install and use a thawte Digital Certificate on your Apache web
server. Throughout, best practices for set-up are highlighted to help you
ensure efficient ongoing management of your encryption keys and digital
certificates.
>
>
http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727
d1
> ------------------------------------------------------------------------
>
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL
certificate. We look at how SSL works, how it benefits your company and how
your customers can tell if a site is secure. You will find out how to test,
purchase, install and use a thawte Digital Certificate on your Apache web
server. Throughout, best practices for set-up are highlighted to help you
ensure efficient ongoing management of your encryption keys and digital
certificates.
>
>
http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727
d1
> ------------------------------------------------------------------------
>
>

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL
certificate. We look at how SSL works, how it benefits your company and how
your customers can tell if a site is secure. You will find out how to test,
purchase, install and use a thawte Digital Certificate on your Apache web
server. Throughout, best practices for set-up are highlighted to help you
ensure efficient ongoing management of your encryption keys and digital
certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727
d1
------------------------------------------------------------------------

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Re: adding another defence layer against viruses/worms

2009-12-03T12:33:31Z

Juan,

Another direction to look at would be sandboxing the server
application(s) or even running a stateless server. There are several
solutions out there which could help isolate the application from the
rest of the system preventing the spread of any infections. Set the
server up in a DMZ/virtual LAN for further isolation and any
infections should be well contained.

Also combine that with a better anti-virus system, or use an
proxy/anti-virus solution to handle all incoming connections to the
server to reduce the occurrence of infections.

Kraig Babin

On Tue, Nov 24, 2009 at 10:03 AM, Juan B <juanbabi@...> wrote:

>
> Hi all,
>
> I'm doing some security consulting for a client. this client have around 30 remote branches connected to his core. the problem is that sometimes the AV fails to detect new viruses/worms coming from those branches so those viruses/worms mess up his LAN.another problem is that the the client doesn't have much of control over the remote PCs in the branches. so I thought about adding another layer of defence in which we will add an IPS (which Ips detects also viruses/worms??) which will filter and scan all traffic coming from the branches.
>
> I just wonder if you guys agree with my suggestion.
>
> any comments will be welcomed.
>
> BTW,
>
> any recomendations for the IPS?
>
> thanks a lot
> juan
>
>
>
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> ------------------------------------------------------------------------
>

--
[K]

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

RE: adding another defence layer against viruses/worms

2009-12-01T18:14:12Z

Thanks for the good advice. I will take a look at the producet.

They also will implent NAC and as I recommended a network level filter they will buy GFI languard to scan the pc's, don’t you think it’s a bit of over kill to implement also core Tracer?

Thanks again,

juan

-----Original Message-----
From: listbounce@... [mailto:listbounce@...] On Behalf Of Nathan ONeal
Sent: Saturday, November 28, 2009 3:39 AM
To: security basics
Subject: Re: adding another defence layer against viruses/worms

Juan,

In addition to all of the solid recommendations given previously, I would ask your client how far they are willing to go to prevent these issues. It also matters if all nodes accessing the network are owned and provisioned by your client (for your sake I truly hope so). Assuming these things are true, and they have a some decent network policies in place, I would suggest looking at "white listing" for your end points. We are all aware of how lacking TPM is with no vendor actually providing certificates on the hardware to validate their signed code, but we have had measured success utilizing programs like Prevx and Core Tracer (neither of which I work for by the way) to fill in these gaps.

Core Tracer specifically had great success at the last Defcon and from what I saw point us towards the future of endpoint security. At the massive rate that malware is being created and mutated, we have decided that a whitelist approach on the end point is the most effective way to mitigate the majority of problems we were experiencing with endusers. It is my no means a silver bullet and I am not suggesting you abandon proactive event correlation and malware mitigation at the network level, but I know it has saved our team massive amounts of time not only by reducing the number of fires that come up, but also allowing us a little bit of time to test out what the vendor patches break while fixing their own code. Good luck mate.

Nathan O'Neal

On Nov 26, 2009, at 9:11 PM, aditya mukadam wrote:

> Juan,
>
> I would highly recommend you few solutions as below :
>
> 1) End point Security Check : You can enforce strict PC/Laptop policy
> (which would make sure that every PC/Laptop has AV/Personal Firewall).
> Devices like UAC/NAC, can perform end point security check on
> PC/Laptps while it connects to the network. This will atleast make
> sure every user has an AV.
> 2) (Standalone) Content/Protocol Filtering: With this solution, you
> can make sure that the user traffic passes through an application,
> which filters the content of the traffic and also does protocol
> filtering (Example: Websense)
> 3) Proxy Content Filtering : Since you mentioned that you don't have
> control this solution would not fit in however its worth considering
> for future usage. Example: BlueCoat Proxy
> 4) IPS : I would recommend Tipping Point IPS, Juniper IDP.
>
> Hope this helps.
>
> Thanks,
> Aditya Govind Mukadam
> CISSP,CEH,JNSA-Advanced Security, JNCIA-UAC, JNCIA_SSL,
> CQS-PIX,CQS-VPN http://in.linkedin.com/in/adityamukadam
>
>
>
> On Tue, Nov 24, 2009 at 7:33 PM, Juan B <juanbabi@...> wrote:
>> Hi all,
>>
>> I'm doing some security consulting for a client. this client have around 30 remote branches connected to his core. the problem is that sometimes the AV fails to detect new viruses/worms coming from those branches so those viruses/worms mess up his LAN.another problem is that the the client doesn't have much of control over the remote PCs in the branches. so I thought about adding another layer of defence in which we will add an IPS (which Ips detects also viruses/worms??) which will filter and scan all traffic coming from the branches.
>>
>> I just wonder if you guys agree with my suggestion.
>>
>> any comments will be welcomed.
>>
>> BTW,
>>
>> any recomendations for the IPS?
>>
>> thanks a lot
>> juan
>>
>>
>>
>>
>> ---------------------------------------------------------------------
>> --- Securing Apache Web Server with thawte Digital Certificate In
>> this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
>>
>> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be
>> 442f727d1
>> ---------------------------------------------------------------------
>> ---
>>
>>
>
> ----------------------------------------------------------------------
> -- Securing Apache Web Server with thawte Digital Certificate In this
> guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be4
> 42f727d1
> ----------------------------------------------------------------------
> --
>

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

RE: adding another defence layer against viruses/worms

2009-12-01T18:13:25Z

Ok I will take look on the AV, they have now symentec.

They have windows 2003 servers and xp as pc's. what you suggest implementing with GPO to elevate the security of the pc's? today they use GPO only to block the screen after 15 minutes of none use. And they need the USB and cd to transefer pictures they really need to use for work tasks. Must of the users don’t have admin rights on there machines. What else can I implenet to elevate the security? They implent patches throw WSUS and keep the pc's updated. Maybe to use the FW feature of the AV? You have a security template you can send me?

Thanks for your answer.

juan

-----Original Message-----
From: listbounce@... [mailto:listbounce@...] On Behalf Of Quark Group - Hilton Travis
Sent: Friday, November 27, 2009 5:38 PM
To: security-basics@...
Subject: RE: adding another defence layer against viruses/worms

G'day Juan,

The best move would be to deploy a good AV product instead of whichever one you're currently running. The best one around now (and since about 1999) is still NOD32, however you cannot run the latest version on Servers also running Microsoft Exchange as the Eset guys seem to have deemed Exchange not worth updating for - their current version is 4.x however the latest Exchange version is 2.7x, meaning you need to run an ancient version on Windows Server boxes running Exchange - something I honestly cannot understand why they have left this way.

Aside from that issue, NOD32 has the best heuristics, best detection rates and outstandingly low false positive rates *even* when Heuristics have been cranked up to the highest level.

So, I'd look at fixing the broken AV issue at the source, then look at other ways to implement better control of the remote PCs, such as distributed AD controllers and using GPO for what it was designed for - control of servers and desktops on the domain.

--

http://hiltont.blogspot.com/

Regards,

Hilton Travis Phone: +61 (0)7 3105 9101
(Brisbane, Australia) Phone: +61 (0)419 792 394
Manager, Quark IT http://www.quarkit.com.au
Quark Group http://www.quarkgroup.com.au

War doesn't determine who is right. War determines who is left.

> -----Original Message-----
> From: listbounce@...
> [mailto:listbounce@...]
> On Behalf Of Juan B
> Sent: Wednesday, 25 November 2009 12:04 AM
> To: security-basics@...
> Subject: adding another defence layer against viruses/worms
>
> Hi all,
>
> I'm doing some security consulting for a client. this client have
> around 30 remote branches connected to his core. the problem is that
> sometimes the AV fails to detect new viruses/worms coming from those
> branches so those viruses/worms mess up his LAN.another problem is
> that the the client doesn't have much of control over the remote PCs
> in the branches. so I thought about adding another layer of defence in
> which we will add an IPS (which Ips detects also viruses/worms??)
> which will filter and scan all traffic coming from the branches.
>
> I just wonder if you guys agree with my suggestion.
>
> any comments will be welcomed.
>
> BTW,
>
> any recomendations for the IPS?
>
> thanks a lot
> juan

This document and any attachments are for the intended recipient only.
It may contain confidential, privileged or copyright material which must not be disclosed or distributed without prior approval.

Quark Group Pty Ltd :: ABN 23 114 975 772 Trading As Quark AudioVisual, Quark Automation, Quark IT

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

--------------------------------------------------------------------------------
<< ella for Spam Control >> has removed 2595 Spam messages and set aside 0 Newsletters for me
You can use it too - and it's FREE! www.ellaforspam.com

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

MASS EMAIL bypass BLACKLIST?

2009-12-01T16:30:02Z

Hey guys,

I was wondering if there was a way of bypassing blacklist and spam filters?
I keep receiving emails from a domain and I've blocked the ip from my
server as well as blacklisted the email but for some reason they keep
getting through. I'm guessing they're using a DNS with a low ttll with a
botnet? (Yes kinda like the movie Untraceable).
That'd be awesome if I could get some form of a response.

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Re: [Full-disclosure] Facebook Police

2009-12-01T11:42:26Z

People assuming false identities on MY internet? Heaven forbid. I am
quite appalled by this drastic revelation.

On Fri, Nov 27, 2009 at 3:12 PM, <Michael.Barber@...> wrote:

> Interesting take on the situation... however if you extend internet to real life your argument takes on a different tone. By your reasoning it should be illegal for law enforcement to go undercover. If you assume it is legal for a cop to go undercover ... then he/she is using a real name. Therefore no laws or policy's are being broken.
>
> Just my 0.02.
>
>
>
> -----Original Message-----
> From: listbounce@... [mailto:listbounce@...] On Behalf Of netinfinity
> Sent: Thursday, November 26, 2009 7:46 PM
> To: security-basics@...
> Subject: Re: [Full-disclosure] Facebook Police
>
> "Facebook policy requires the use of one's real name to sign up, but
> they let the police use fake names.."
>
> Sure the policy says that but a lot of people are changing their names
> on a daily basis (ok maybe not daily). And majority of those changes
> are
> just for fun, but never the less they are against the policy. What
> about those people? Only way to verify or check someone's name is
> through IP (ISP). And that can't be done
> by will.. It must have some legal grounds...
>
> Let me get to the point, I'm sure that police is violating some some
> kind of human rights or even law's (?)
>
> --
> netinfinity
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> ------------------------------------------------------------------------
>
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> ------------------------------------------------------------------------
>
>

PCAP replay across firewall/NAT device

2009-12-01T06:55:36Z

Hi Folks,

Is there any tool like tcpreplay/tomahawk which is used to replay Packet Captures(PCAPs) across NATting devices or Firewalls?

In tcpreplay we have -N option for NAT, is it straight forward usage or should we need to configure anything to replay properly?

Many Thanks,
Praveen Darshanam,

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Re: [Full-disclosure] Facebook Police

2009-11-30T05:41:34Z

NI,

No responses to your post yet, but I agree with you in some degree. I am trying to understand where you are coming from though.

Is there a reason why you want law officials to use their real names, or anyone else, besides the fact that you may want to find an old High School sweet heart?

If you could elaborate a little more, I may be able to see where you are coming from.

Law officials may need to disguise their identity for certain operations, for example, to catch online predators.

I may be trying to get a job and do not want my prospective employer to find me on Facebook and try to befriend me just obtain information on whether or not they should hire me or not.

The two examples, amongst (I'm sure) many others, are valid in my book and possibly in others too.
Sent via BlackBerry by AT&T

-----Original Message-----
From: netinfinity <netinfinity.securitylab@...>
Date: Fri, 27 Nov 2009 01:46:05
To: <security-basics@...>
Subject: Re: [Full-disclosure] Facebook Police

"Facebook policy requires the use of one’s real name to sign up, but
they let the police use fake names.."

Sure the policy says that but a lot of people are changing their names
on a daily basis (ok maybe not daily). And majority of those changes
are
just for fun, but never the less they are against the policy. What
about those people? Only way to verify or check someone's name is
through IP (ISP). And that can't be done
by will.. It must have some legal grounds...

Let me get to the point, I'm sure that police is violating some some
kind of human rights or even law's (?)

--
netinfinity

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Compilation of major vendors firewall vulnerability history

2009-11-29T11:22:12Z

List,

Does anyone know of an existing list of known vulnerabilities for
corporate firewalls from the major vendors (Cisco, Juniper,
McAfee/Secure Computing, Fortinet) over the past few years?

I'm looking for a list of them all in one place rather than searching
vulnerability databases manually.

Thanks,

Steve

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Re: adding another defence layer against viruses/worms

2009-11-27T22:39:15Z

Juan,

In addition to all of the solid recommendations given previously, I would ask your client how far they are willing to go to prevent these issues. It also matters if all nodes accessing the network are owned and provisioned by your client (for your sake I truly hope so). Assuming these things are true, and they have a some decent network policies in place, I would suggest looking at "white listing" for your end points. We are all aware of how lacking TPM is with no vendor actually providing certificates on the hardware to validate their signed code, but we have had measured success utilizing programs like Prevx and Core Tracer (neither of which I work for by the way) to fill in these gaps.

Core Tracer specifically had great success at the last Defcon and from what I saw point us towards the future of endpoint security. At the massive rate that malware is being created and mutated, we have decided that a whitelist approach on the end point is the most effective way to mitigate the majority of problems we were experiencing with endusers. It is my no means a silver bullet and I am not suggesting you abandon proactive event correlation and malware mitigation at the network level, but I know it has saved our team massive amounts of time not only by reducing the number of fires that come up, but also allowing us a little bit of time to test out what the vendor patches break while fixing their own code. Good luck mate.

Nathan O'Neal

On Nov 26, 2009, at 9:11 PM, aditya mukadam wrote:

> Juan,
>
> I would highly recommend you few solutions as below :
>
> 1) End point Security Check : You can enforce strict PC/Laptop policy
> (which would make sure that every PC/Laptop has AV/Personal Firewall).
> Devices like UAC/NAC, can perform end point security check on
> PC/Laptps while it connects to the network. This will atleast make
> sure every user has an AV.
> 2) (Standalone) Content/Protocol Filtering: With this solution, you
> can make sure that the user traffic passes through an application,
> which filters the content of the traffic and also does protocol
> filtering (Example: Websense)
> 3) Proxy Content Filtering : Since you mentioned that you don't have
> control this solution would not fit in however its worth considering
> for future usage. Example: BlueCoat Proxy
> 4) IPS : I would recommend Tipping Point IPS, Juniper IDP.
>
> Hope this helps.
>
> Thanks,
> Aditya Govind Mukadam
> CISSP,CEH,JNSA-Advanced Security, JNCIA-UAC, JNCIA_SSL, CQS-PIX,CQS-VPN
> http://in.linkedin.com/in/adityamukadam
>
>
>
> On Tue, Nov 24, 2009 at 7:33 PM, Juan B <juanbabi@...> wrote:
>> Hi all,
>>
>> I'm doing some security consulting for a client. this client have around 30 remote branches connected to his core. the problem is that sometimes the AV fails to detect new viruses/worms coming from those branches so those viruses/worms mess up his LAN.another problem is that the the client doesn't have much of control over the remote PCs in the branches. so I thought about adding another layer of defence in which we will add an IPS (which Ips detects also viruses/worms??) which will filter and scan all traffic coming from the branches.
>>
>> I just wonder if you guys agree with my suggestion.
>>
>> any comments will be welcomed.
>>
>> BTW,
>>
>> any recomendations for the IPS?
>>
>> thanks a lot
>> juan
>>
>>
>>
>>
>> ------------------------------------------------------------------------
>> Securing Apache Web Server with thawte Digital Certificate
>> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
>>
>> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
>> ------------------------------------------------------------------------
>>
>>
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> ------------------------------------------------------------------------
>

Re: adding another defence layer against viruses/worms

2009-11-27T13:04:28Z

Hi Aditya,

The client will implemt NAC for the pc's later the next year and he also has a proxy for web content filtering the thing is that I need an appliance (IPS ?) which will examine all the pc's traffic from the branches coming fron the pc's to the core of the network, but IPS its not enogh I think coase the IPS doensnt scan for viruses just for known attacks am I wrong?

They are worriend about trojans and viruses, they had a problem this year because of the confliker virusres that effected the network, the AV didn't cought it although it was updated.

I know NAC will help but I want something that will look on the wire also.
Some inline appliance but I don't know how to choose, mayve finjan or alladin?

Thanks

juan

Thanks,
Aditya Govind Mukadam
CISSP,CEH,JNSA-Advanced Security, JNCIA-UAC, JNCIA_SSL, CQS-PIX,CQS-VPN http://in.linkedin.com/in/adityamukadam

On Tue, Nov 24, 2009 at 7:33 PM, Juan B <juanbabi@...> wrote:

> Hi all,
>
> I'm doing some security consulting for a client. this client have around 30 remote branches connected to his core. the problem is that sometimes the AV fails to detect new viruses/worms coming from those branches so those viruses/worms mess up his LAN.another problem is that the the client doesn't have much of control over the remote PCs in the branches. so I thought about adding another layer of defence in which we will add an IPS (which Ips detects also viruses/worms??) which will filter and scan all traffic coming from the branches.
>
> I just wonder if you guys agree with my suggestion.
>
> any comments will be welcomed.
>
> BTW,
>
> any recomendations for the IPS?
>
> thanks a lot
> juan
>
>
>
>
> ----------------------------------------------------------------------
> -- Securing Apache Web Server with thawte Digital Certificate In this
> guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be4
> 42f727d1
> ----------------------------------------------------------------------
> --
>
>

RE: adding another defence layer against viruses/worms

2009-11-27T12:37:51Z

G'day Juan,

The best move would be to deploy a good AV product instead of whichever one you're currently running. The best one around now (and since about 1999) is still NOD32, however you cannot run the latest version on Servers also running Microsoft Exchange as the Eset guys seem to have deemed Exchange not worth updating for - their current version is 4.x however the latest Exchange version is 2.7x, meaning you need to run an ancient version on Windows Server boxes running Exchange - something I honestly cannot understand why they have left this way.

Aside from that issue, NOD32 has the best heuristics, best detection rates and outstandingly low false positive rates *even* when Heuristics have been cranked up to the highest level.

So, I'd look at fixing the broken AV issue at the source, then look at other ways to implement better control of the remote PCs, such as distributed AD controllers and using GPO for what it was designed for - control of servers and desktops on the domain.

--

http://hiltont.blogspot.com/

Regards,

Hilton Travis Phone: +61 (0)7 3105 9101
(Brisbane, Australia) Phone: +61 (0)419 792 394
Manager, Quark IT http://www.quarkit.com.au
Quark Group http://www.quarkgroup.com.au

War doesn't determine who is right. War determines who is left.

> -----Original Message-----
> From: listbounce@... [mailto:listbounce@...]
> On Behalf Of Juan B
> Sent: Wednesday, 25 November 2009 12:04 AM
> To: security-basics@...
> Subject: adding another defence layer against viruses/worms
>
> Hi all,
>
> I'm doing some security consulting for a client. this client have around 30
> remote branches connected to his core. the problem is that sometimes the
> AV fails to detect new viruses/worms coming from those branches so those
> viruses/worms mess up his LAN.another problem is that the the client
> doesn't have much of control over the remote PCs in the branches. so I
> thought about adding another layer of defence in which we will add an IPS
> (which Ips detects also viruses/worms??) which will filter and scan all traffic
> coming from the branches.
>
> I just wonder if you guys agree with my suggestion.
>
> any comments will be welcomed.
>
> BTW,
>
> any recomendations for the IPS?
>
> thanks a lot
> juan

RE: [Full-disclosure] Facebook Police

2009-11-27T12:12:07Z

Interesting take on the situation... however if you extend internet to real life your argument takes on a different tone. By your reasoning it should be illegal for law enforcement to go undercover. If you assume it is legal for a cop to go undercover ... then he/she is using a real name. Therefore no laws or policy's are being broken.

Just my 0.02.

-----Original Message-----
From: listbounce@... [mailto:listbounce@...] On Behalf Of netinfinity
Sent: Thursday, November 26, 2009 7:46 PM
To: security-basics@...
Subject: Re: [Full-disclosure] Facebook Police

"Facebook policy requires the use of one's real name to sign up, but
they let the police use fake names.."

Sure the policy says that but a lot of people are changing their names
on a daily basis (ok maybe not daily). And majority of those changes
are
just for fun, but never the less they are against the policy. What
about those people? Only way to verify or check someone's name is
through IP (ISP). And that can't be done
by will.. It must have some legal grounds...

Let me get to the point, I'm sure that police is violating some some
kind of human rights or even law's (?)

--
netinfinity

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Re: OT: Can an old NIC driver affect TLS?

2009-11-27T10:40:30Z

On 2009-11-27, at 7:04 AM, Paul Halliday wrote:

> I have been troubleshooting a weird latency issue between a web client
> and a finance application.
>
> The NIC driver was stamped 2006 and after an update the problem seems
> to have disappeared. Does this make sense?
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> ------------------------------------------------------------------------
>

A driver most certainly can effect latency, or just about any other parameter of the NIC. Example, if the old driver you had installed contained a 'hack' that was put there just to get the driver working while a proper patch was developed, this 'hack' may have been the source of your latency; which when removed in a future update disappeared. Drivers should always be kept up to date, typically for NIC's a driver update is going to improve either performance or stability.

-----------------------------------------------------------------
Adam Mooz
Adam.Mooz@...
AdamMooz@...
http://www.AdamMooz.com
------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Re: OT: Can an old NIC driver affect TLS?

2009-11-27T10:40:22Z

Yes
Driver update rollout policy and strategy apply not only to server but also to client
Christophe

----- Original Message -----
From: listbounce@... <listbounce@...>
To: Securityfocus <security-basics@...>
Sent: Fri Nov 27 13:04:19 2009
Subject: OT: Can an old NIC driver affect TLS?

I have been troubleshooting a weird latency issue between a web client
and a finance application.

The NIC driver was stamped 2006 and after an update the problem seems
to have disappeared. Does this make sense?

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

OT: Can an old NIC driver affect TLS?

2009-11-27T04:04:19Z

I have been troubleshooting a weird latency issue between a web client
and a finance application.

The NIC driver was stamped 2006 and after an update the problem seems
to have disappeared. Does this make sense?

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Re: adding another defence layer against viruses/worms

2009-11-26T19:11:28Z

Juan,

I would highly recommend you few solutions as below :

1) End point Security Check : You can enforce strict PC/Laptop policy
(which would make sure that every PC/Laptop has AV/Personal Firewall).
Devices like UAC/NAC, can perform end point security check on
PC/Laptps while it connects to the network. This will atleast make
sure every user has an AV.
2) (Standalone) Content/Protocol Filtering: With this solution, you
can make sure that the user traffic passes through an application,
which filters the content of the traffic and also does protocol
filtering (Example: Websense)
3) Proxy Content Filtering : Since you mentioned that you don't have
control this solution would not fit in however its worth considering
for future usage. Example: BlueCoat Proxy
4) IPS : I would recommend Tipping Point IPS, Juniper IDP.

Hope this helps.

Thanks,
Aditya Govind Mukadam
CISSP,CEH,JNSA-Advanced Security, JNCIA-UAC, JNCIA_SSL, CQS-PIX,CQS-VPN
http://in.linkedin.com/in/adityamukadam

On Tue, Nov 24, 2009 at 7:33 PM, Juan B <juanbabi@...> wrote:

> Hi all,
>
> I'm doing some security consulting for a client. this client have around 30 remote branches connected to his core. the problem is that sometimes the AV fails to detect new viruses/worms coming from those branches so those viruses/worms mess up his LAN.another problem is that the the client doesn't have much of control over the remote PCs in the branches. so I thought about adding another layer of defence in which we will add an IPS (which Ips detects also viruses/worms??) which will filter and scan all traffic coming from the branches.
>
> I just wonder if you guys agree with my suggestion.
>
> any comments will be welcomed.
>
> BTW,
>
> any recomendations for the IPS?
>
> thanks a lot
> juan
>
>
>
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> ------------------------------------------------------------------------
>
>

Re: Dealing with Scans (portscans, vulnerability, etc.)

2009-11-26T18:56:19Z

I agree with Jon K.

1) Ideally, your IDS shouldn't be seeing port scan from internet.
Either your Border router or Firewall should block this traffic.
2) Do not ignore scans. You need to know the threats your
network/resource is up against. It could be a start to a potential
attack.
3) It is recommended that you report this to the ISP, irrespective of
the fact it takes action or not.

Thanks,
Aditya Govind Mukadam
http://in.linkedin.com/in/adityamukadam

On Fri, Nov 27, 2009 at 1:56 AM, Holger Reichert
<holger.reichert@...> wrote:

>
> Hi,
> just one hint regarding the topic of reporting this to a contact of the
> company of where the attacking IP address is located.
> In my times of defence system administration I decided to report major scans
> to companies within my own country, which were the origin of attacks like
> this. They were always very grateful, as they had not detected yet, that
> they were hacked and their system used for scannings.
>
> Kind regards
> Holger Reichert
> Holysword GbR
> Information Security Consulting
> Germany
>
> -----Original Message-----
> From: listbounce@... [mailto:listbounce@...] On
> Behalf Of Aarón Mizrachi
> Sent: Dienstag, 24. November 2009 21:29
> To: security-basics@...
> Cc: Tony Raboza
> Subject: Re: Dealing with Scans (portscans, vulnerability, etc.)
>
> On Sunday 22 November 2009 01:35:02 Tony Raboza wrote:
> > Hi,
> >
> > I'm tuning my IDS and I'm thinking of taking out the portscan/web
> > vulnerability scan rules. Why? Because, yes - I know that somebody
> > may be scanning my network - but, what can I do about it?
> >
> > 1. Block the IP? But, what if its NAT - meaning only 1
> > workstation/user did the port scanning, I would be blocking all the
> > possibly valid users behind that IP.
> Indeed. That's right.
>
> > 2. Report it to their ISP or to them? Then what?
> >
> Not all ISP's take actions against it users doing port scanning. Depends on
> internal policy and local legislation.
>
> > I want my IDS console not to be too cluttered that's why I'm tuning
> > it. If its too cluttered - I might be missing out the really
> > important alerts.
> >
> > What about you? How do you deal with port/vulnerability scans?
> First of all, we must secure enough our sites/servers to prevent attacks,
> even if the attacker know every detail about our platform, including
> usernames, ports, OS, versions, hardware, and more.
>
> After that, we have two options to _delay_ scanning:
>
> 1- Restrict the scan: You can automatically block certain IP using IPS. It
> will delay, not prevent the scanning. An attacker could use anti-ips
> techniques to prevent detection and surpass the protection.
>
> 2- Confuse the attacker: You can automatically send crafted information to
> the scanning process and overload him with trash.
>
> I wrote an application to do that, i called it portjammer / synackflood. Is
> opensource, and you can download it from:
>
> http://sourceforge.net/projects/synackflood/
>
> > Is it
> > illegal btw?
> >
> We need to understand that Internet is not ruled by only one legislation.
> Every country have their own laws on that matter. And attackers, usually are
> based in other countries.
>
> In my country (by example), we have a special law for internet crime, this
> law defines that any attacker can't be extradited based on foreign laws on
> that matter. And... scanning itself is not defined as a offense here.
>
> Add it to this that many of these countries do not have infrastructure to
> investigate cybercrime. And in addition, many attackers are using the free
> wifi hotspots.
>
> What means?
>
> We must protect our networks against attackers around the world. Not
> thinking that our local laws will protect us. Local laws are intended to
> prevent local crime, and these laws do not always work out of our country.
>
> >
> >
> > Thanks.
> >
> >
> > Best,
> > Tony
> >
> > ----------------------------------------------------------------------
> > -- Securing Apache Web Server with thawte Digital Certificate In this
> > guide we examine the importance of Apache-SSL and who needs an SSL
> > certificate. We look at how SSL works, how it benefits your company
> > and how your customers can tell if a site is secure. You will find
> > out how to test, purchase, install and use a thawte Digital
> > Certificate on your Apache web server. Throughout, best practices for
> > set-up are highlighted to help you ensure efficient ongoing
> > management of your encryption keys and digital certificates.
> >
> > http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be4
> > 42f72
> > 7d1
> >
> > ----------------------------------------------------------------------
> > --
> >
>
> --
> Ing. Aaron G. Mizrachi P.
>
> http://www.unmanarc.com
> Mobil 1: + 58 416-6143543
> BBPIN: 0x 247066C1
>
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> ------------------------------------------------------------------------
>

Re: [Full-disclosure] Facebook Police

2009-11-26T16:46:05Z

"Facebook policy requires the use of one’s real name to sign up, but
they let the police use fake names.."

Sure the policy says that but a lot of people are changing their names
on a daily basis (ok maybe not daily). And majority of those changes
are
just for fun, but never the less they are against the policy. What
about those people? Only way to verify or check someone's name is
through IP (ISP). And that can't be done
by will.. It must have some legal grounds...

Let me get to the point, I'm sure that police is violating some some
kind of human rights or even law's (?)

--
netinfinity

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

RE: Dealing with Scans (portscans, vulnerability, etc.)

2009-11-26T12:26:05Z

Hi,
just one hint regarding the topic of reporting this to a contact of the
company of where the attacking IP address is located.
In my times of defence system administration I decided to report major scans
to companies within my own country, which were the origin of attacks like
this. They were always very grateful, as they had not detected yet, that
they were hacked and their system used for scannings.

Kind regards
Holger Reichert
Holysword GbR
Information Security Consulting
Germany

-----Original Message-----
From: listbounce@... [mailto:listbounce@...] On
Behalf Of Aarón Mizrachi
Sent: Dienstag, 24. November 2009 21:29
To: security-basics@...
Cc: Tony Raboza
Subject: Re: Dealing with Scans (portscans, vulnerability, etc.)

On Sunday 22 November 2009 01:35:02 Tony Raboza wrote:
> Hi,
>
> I'm tuning my IDS and I'm thinking of taking out the portscan/web
> vulnerability scan rules. Why? Because, yes - I know that somebody
> may be scanning my network - but, what can I do about it?
>
> 1. Block the IP? But, what if its NAT - meaning only 1
> workstation/user did the port scanning, I would be blocking all the
> possibly valid users behind that IP.
Indeed. That's right.

> 2. Report it to their ISP or to them? Then what?
>
Not all ISP's take actions against it users doing port scanning. Depends on
internal policy and local legislation.

> I want my IDS console not to be too cluttered that's why I'm tuning
> it. If its too cluttered - I might be missing out the really
> important alerts.
>
> What about you? How do you deal with port/vulnerability scans?
First of all, we must secure enough our sites/servers to prevent attacks,
even if the attacker know every detail about our platform, including
usernames, ports, OS, versions, hardware, and more.

After that, we have two options to _delay_ scanning:

1- Restrict the scan: You can automatically block certain IP using IPS. It
will delay, not prevent the scanning. An attacker could use anti-ips
techniques to prevent detection and surpass the protection.

2- Confuse the attacker: You can automatically send crafted information to
the scanning process and overload him with trash.

I wrote an application to do that, i called it portjammer / synackflood. Is
opensource, and you can download it from:

http://sourceforge.net/projects/synackflood/

> Is it
> illegal btw?
>
We need to understand that Internet is not ruled by only one legislation.
Every country have their own laws on that matter. And attackers, usually are
based in other countries.

In my country (by example), we have a special law for internet crime, this
law defines that any attacker can't be extradited based on foreign laws on
that matter. And... scanning itself is not defined as a offense here.

Add it to this that many of these countries do not have infrastructure to
investigate cybercrime. And in addition, many attackers are using the free
wifi hotspots.

What means?

We must protect our networks against attackers around the world. Not
thinking that our local laws will protect us. Local laws are intended to
prevent local crime, and these laws do not always work out of our country.

>
>
> Thanks.
>
>
> Best,
> Tony
>
> ----------------------------------------------------------------------
> -- Securing Apache Web Server with thawte Digital Certificate In this
> guide we examine the importance of Apache-SSL and who needs an SSL
> certificate. We look at how SSL works, how it benefits your company
> and how your customers can tell if a site is secure. You will find
> out how to test, purchase, install and use a thawte Digital
> Certificate on your Apache web server. Throughout, best practices for
> set-up are highlighted to help you ensure efficient ongoing
> management of your encryption keys and digital certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be4
> 42f72
> 7d1
>
> ----------------------------------------------------------------------
> --
>

--
Ing. Aaron G. Mizrachi P.

http://www.unmanarc.com
Mobil 1: + 58 416-6143543
BBPIN: 0x 247066C1

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Re: [OT] IP Address scheme for branch office

2009-11-26T07:44:56Z

Hi All

Thanks for the replies. In answer to your questions, we are actually
using Class A addresses globally (sorry, I didn't use the actual IP's
in my original plan). The EMEA region has been assigned one Class B
network to sub-divide amongst our offices. So unfortunately the
solutions above won't fit our requirements.

Of course, assigning a /21 subnet to each office will meet the IP
address requirements. But it won't give us a standard set of
"numbers" that we can use in each office. I'm sure other global
companies have this same predicament, but I'm wondering how they solve
it ! Assigning a /20 subnet would resolve the problem but would
result is 4 wasted subnets per office.

Maybe I'm thinking "inside the box here" and need to come up with a
different solution other than using the same number for each office.
But unfortunately I'm at a bit of a brick wall :o( I'd appreciate any
guidance/help/ideas anybody else has on this. I'm sure other global
companies face the same challenge, so I'm wondering how they get
around this

thanks in advance
M

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Re: Is snort an overkill for desktop only environment ?

2009-11-26T07:33:51Z

2009/11/26 martin <martiniscool@...>:

> Hi Guys
>
> Sorry for not responding to this earlier. First of all, thank you so
> so much for all the replies on this, very much apprecaited. We've
> decided that we are definitely going to install snort. Although we
> think we know what all our traffic is, of course without monitoring
> it, we don't actually know. Likewise, if there's traffic passing
> around the network that doesn't match what we think should be there,
> then we definitely want to know about it, so I think even in our
> environment it will definitely be useful
>
> Thanks again
>
> M
>

Re: adding another defence layer against viruses/worms

2009-11-26T01:59:26Z

Maybe,

-Using local firewalls on these branches to filter outbound traffic to the core

-Centralize the internet access to have all web traffic go through a
filtering appliance such as a Cisco Iron Port or a websense web
security.

-Have an antivirus solution deployed over the campus. I would
recommend Symantec EndPoint Protection as it provides good deal of
flexibility in what concerns remote sites ( replication, local group
updates provide to alleviate the bandwidth, granular policy etc)

-Limit to the strict minimum the users with local administrator
rights on their machines.
-Prohibit removable media usage, thumb drives mainly. This, EndPoint
Protection can do.
-Prohibit local file sharing, system restore etc. (via group policy)
-…

And above all, have a solid security policy written and approved by management.

Regards.

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

RE: adding another defence layer against viruses/worms

2009-11-25T09:09:20Z

Thats always an issue with IDS/IPS
Sadly I dont know any heuristic IDS/IPS, I know the overall purpose and
setup of these devices but I did not have the chance to play with any of
them yet.

sorry

Philippe Rivest - CEH, Network+, Server+, A+
TransForce Inc.
Internal auditor - Information security
Verificateur interne - Securite de l'information

8585 Trans-Canada Highway, Suite 300
Saint-Laurent (Quebec) H4S 1Z6
Tel.: 514-331-4417
Fax: 514-856-7541

http://www.transforce.ca/

-----Message d'origine-----
De : Juan B [mailto:juanbabi@...]
Envoyé : 25 novembre 2009 11:55
À : boaz.shunami@...; security-basics@...; Rivest,
Philippe
Objet : RE: adding another defence layer against viruses/worms

Hi Philipe,

thanks for your respond !

the issue about heuristic IPS is that it will be in the lan so Im afraid of
a high volume of false positives !
which heuristic IPS would you suggest for this task?

thanks

juan

--- On Wed, 11/25/09, Rivest, Philippe <PRivest@...> wrote:

> From: Rivest, Philippe <PRivest@...>
> Subject: RE: adding another defense layer against viruses/worms
> To: boaz.shunami@..., juanbabi@...,
security-basics@...

> Date: Wednesday, November 25, 2009, 11:31 AM
> I believe your looking for a
> Heuristic IPS, also called behavioral IPS.
> Which will take a look at the activities going on your
> network segment and
> build a DB of normal activities (PLEASE ensure you are
> virus, worm, hacker
> and problem free..). When you decide your DB is big enough,
> you stop it and
> run all day-2-day activities against it. Any deviation will
> be flagged as
> unauthorized and action will be taken.
>
> This will allow you to block new virus/worm while your AV
> should detect
> known threats.
>
> Understand that these solutions are technical and I would
> suggest you get
> help if you're not familiar with these technologies.
>
>
> I like the solutions ob Boaz, especially network
> segregation. Implementing
> DMZ will contain (should) attacks.
>
> You can also use 2 levels of AV. IE use TrendMicro for
> network detection and
> Mcafe for host AV. This will reduce the risk that if one
> can't detect the
> threat, maybe the other can.
>
> Id also suggests using network proxies. If you break the
> client-server
> communication, you might be able to scan your packets
> deeper and detect
> attacks before they are sent to the client.
>
> Hope this helps :)
>
>
> Philippe Rivest - CEH, Network+, Server+, A+
> TransForce Inc.
> Internal auditor - Information security
> Verificateur interne - Securite de l'information
>
> 8585 Trans-Canada Highway, Suite 300
> Saint-Laurent (Quebec) H4S 1Z6
> Tel.: 514-331-4417
> Fax: 514-856-7541
>
> http://www.transforce.ca/
>
>
>
> -----Message d'origine-----
> De : listbounce@...
> [mailto:listbounce@...]
> De
> la part de boaz.shunami@...
> Envoyé : 25 novembre 2009 02:08
> À : juanbabi@...;
> security-basics@...
> Objet : RE: adding another defence layer against
> viruses/worms
>
> Hi Juan,
>
> I would advise your Client to either:
>
> 1. Have solid policy as to what sites are accessible/are
> not accessible
> from his branches (can be enforced with bluecoat and the
> like...)
> 2. Segregate the network the branches have access to (kind
> of DMZ) from
> his LAN using FW.
> 3. Give low level permissions to the branches on the core.
>
> My 2c...
>
> Thanks,
>
> Boaz
>
> -----Original Message-----
> From: listbounce@...
> [mailto:listbounce@...]
> On Behalf Of Juan B
> Sent: Tuesday, November 24, 2009 4:04 PM
> To: security-basics@...
> Subject: adding another defence layer against
> viruses/worms
>
> Hi all,
>
> I'm doing some security consulting for a client. this
> client have around
> 30 remote branches connected to his core. the problem is
> that sometimes
> the AV fails to detect new viruses/worms coming from those
> branches so
> those viruses/worms mess up his LAN.another problem is that
> the the
> client doesn't have much of control over the remote PCs in
> the branches.
> so I thought about adding another layer of defence in which
> we will add
> an IPS (which Ips detects also viruses/worms??) which will
> filter and
> scan all traffic coming from the branches.
>
> I just wonder if you guys agree with my suggestion.
>
> any comments will be welcomed.
>
> BTW,
>
> any recomendations for the IPS?
>
> thanks a lot
> juan
>
>
>
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and
> who needs an
> SSL certificate. We look at how SSL works, how it
> benefits your company
> and how your customers can tell if a site is secure. You
> will find out
> how to test, purchase, install and use a thawte Digital
> Certificate on
> your Apache web server. Throughout, best practices for
> set-up are
> highlighted to help you ensure efficient ongoing management
> of your
> encryption keys and digital certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
> f727d1
> ------------------------------------------------------------------------
>
>
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and
> who needs an SSL
> certificate. We look at how SSL works, how it
> benefits your company and how
> your customers can tell if a site is secure. You will find
> out how to test,
> purchase, install and use a thawte Digital Certificate on
> your Apache web
> server. Throughout, best practices for set-up are
> highlighted to help you
> ensure efficient ongoing management of your encryption keys
> and digital
> certificates.
>
>

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727
> d1
> ------------------------------------------------------------------------
>
>

smime.p7s (2K) Download Attachment

RE: adding another defence layer against viruses/worms

2009-11-25T08:54:43Z

Hi Philipe,

thanks for your respond !

the issue about heuristic IPS is that it will be in the lan so Im afraid of a high volume of false positives !
which heuristic IPS would you suggest for this task?

thanks

juan

--- On Wed, 11/25/09, Rivest, Philippe <PRivest@...> wrote:

> From: Rivest, Philippe <PRivest@...>
> Subject: RE: adding another defense layer against viruses/worms
> To: boaz.shunami@..., juanbabi@..., security-basics@...
> Date: Wednesday, November 25, 2009, 11:31 AM
> I believe your looking for a
> Heuristic IPS, also called behavioral IPS.
> Which will take a look at the activities going on your
> network segment and
> build a DB of normal activities (PLEASE ensure you are
> virus, worm, hacker
> and problem free..). When you decide your DB is big enough,
> you stop it and
> run all day-2-day activities against it. Any deviation will
> be flagged as
> unauthorized and action will be taken.
>
> This will allow you to block new virus/worm while your AV
> should detect
> known threats.
>
> Understand that these solutions are technical and I would
> suggest you get
> help if you're not familiar with these technologies.
>
>
> I like the solutions ob Boaz, especially network
> segregation. Implementing
> DMZ will contain (should) attacks.
>
> You can also use 2 levels of AV. IE use TrendMicro for
> network detection and
> Mcafe for host AV. This will reduce the risk that if one
> can't detect the
> threat, maybe the other can.
>
> Id also suggests using network proxies. If you break the
> client-server
> communication, you might be able to scan your packets
> deeper and detect
> attacks before they are sent to the client.
>
> Hope this helps :)
>
>
> Philippe Rivest - CEH, Network+, Server+, A+
> TransForce Inc.
> Internal auditor - Information security
> Verificateur interne - Securite de l'information
>
> 8585 Trans-Canada Highway, Suite 300
> Saint-Laurent (Quebec) H4S 1Z6
> Tel.: 514-331-4417
> Fax: 514-856-7541
>
> http://www.transforce.ca/
>
>
>
> -----Message d'origine-----
> De : listbounce@...
> [mailto:listbounce@...]
> De
> la part de boaz.shunami@...
> Envoyé : 25 novembre 2009 02:08
> À : juanbabi@...;
> security-basics@...
> Objet : RE: adding another defence layer against
> viruses/worms
>
> Hi Juan,
>
> I would advise your Client to either:
>
> 1. Have solid policy as to what sites are accessible/are
> not accessible
> from his branches (can be enforced with bluecoat and the
> like...)
> 2. Segregate the network the branches have access to (kind
> of DMZ) from
> his LAN using FW.
> 3. Give low level permissions to the branches on the core.
>
> My 2c...
>
> Thanks,
>
> Boaz
>
> -----Original Message-----
> From: listbounce@...
> [mailto:listbounce@...]
> On Behalf Of Juan B
> Sent: Tuesday, November 24, 2009 4:04 PM
> To: security-basics@...
> Subject: adding another defence layer against
> viruses/worms
>
> Hi all,
>
> I'm doing some security consulting for a client. this
> client have around
> 30 remote branches connected to his core. the problem is
> that sometimes
> the AV fails to detect new viruses/worms coming from those
> branches so
> those viruses/worms mess up his LAN.another problem is that
> the the
> client doesn't have much of control over the remote PCs in
> the branches.
> so I thought about adding another layer of defence in which
> we will add
> an IPS (which Ips detects also viruses/worms??) which will
> filter and
> scan all traffic coming from the branches.
>
> I just wonder if you guys agree with my suggestion.
>
> any comments will be welcomed.
>
> BTW,
>
> any recomendations for the IPS?
>
> thanks a lot
> juan
>
>
>
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and
> who needs an
> SSL certificate. We look at how SSL works, how it
> benefits your company
> and how your customers can tell if a site is secure. You
> will find out
> how to test, purchase, install and use a thawte Digital
> Certificate on
> your Apache web server. Throughout, best practices for
> set-up are
> highlighted to help you ensure efficient ongoing management
> of your
> encryption keys and digital certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
> f727d1
> ------------------------------------------------------------------------
>
>
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and
> who needs an SSL
> certificate. We look at how SSL works, how it
> benefits your company and how
> your customers can tell if a site is secure. You will find
> out how to test,
> purchase, install and use a thawte Digital Certificate on
> your Apache web
> server. Throughout, best practices for set-up are
> highlighted to help you
> ensure efficient ongoing management of your encryption keys
> and digital
> certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727
> d1
> ------------------------------------------------------------------------
>
>

RE: adding another defence layer against viruses/worms

2009-11-25T08:31:16Z

I believe your looking for a Heuristic IPS, also called behavioral IPS.
Which will take a look at the activities going on your network segment and
build a DB of normal activities (PLEASE ensure you are virus, worm, hacker
and problem free..). When you decide your DB is big enough, you stop it and
run all day-2-day activities against it. Any deviation will be flagged as
unauthorized and action will be taken.

This will allow you to block new virus/worm while your AV should detect
known threats.

Understand that these solutions are technical and I would suggest you get
help if you're not familiar with these technologies.

I like the solutions ob Boaz, especially network segregation. Implementing
DMZ will contain (should) attacks.

You can also use 2 levels of AV. IE use TrendMicro for network detection and
Mcafe for host AV. This will reduce the risk that if one can't detect the
threat, maybe the other can.

Id also suggests using network proxies. If you break the client-server
communication, you might be able to scan your packets deeper and detect
attacks before they are sent to the client.

Hope this helps :)

Philippe Rivest - CEH, Network+, Server+, A+
TransForce Inc.
Internal auditor - Information security
Verificateur interne - Securite de l'information

8585 Trans-Canada Highway, Suite 300
Saint-Laurent (Quebec) H4S 1Z6
Tel.: 514-331-4417
Fax: 514-856-7541

http://www.transforce.ca/

-----Message d'origine-----
De : listbounce@... [mailto:listbounce@...] De
la part de boaz.shunami@...
Envoyé : 25 novembre 2009 02:08
À : juanbabi@...; security-basics@...
Objet : RE: adding another defence layer against viruses/worms

Hi Juan,

I would advise your Client to either:

1. Have solid policy as to what sites are accessible/are not accessible
from his branches (can be enforced with bluecoat and the like...)
2. Segregate the network the branches have access to (kind of DMZ) from
his LAN using FW.
3. Give low level permissions to the branches on the core.

My 2c...

Thanks,

Boaz

-----Original Message-----
From: listbounce@... [mailto:listbounce@...]
On Behalf Of Juan B
Sent: Tuesday, November 24, 2009 4:04 PM
To: security-basics@...
Subject: adding another defence layer against viruses/worms

Hi all,

I'm doing some security consulting for a client. this client have around
30 remote branches connected to his core. the problem is that sometimes
the AV fails to detect new viruses/worms coming from those branches so
those viruses/worms mess up his LAN.another problem is that the the
client doesn't have much of control over the remote PCs in the branches.
so I thought about adding another layer of defence in which we will add
an IPS (which Ips detects also viruses/worms??) which will filter and
scan all traffic coming from the branches.

I just wonder if you guys agree with my suggestion.

any comments will be welcomed.

BTW,

any recomendations for the IPS?

thanks a lot
juan

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an
SSL certificate. We look at how SSL works, how it benefits your company
and how your customers can tell if a site is secure. You will find out
how to test, purchase, install and use a thawte Digital Certificate on
your Apache web server. Throughout, best practices for set-up are
highlighted to help you ensure efficient ongoing management of your
encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL
certificate. We look at how SSL works, how it benefits your company and how
your customers can tell if a site is secure. You will find out how to test,
purchase, install and use a thawte Digital Certificate on your Apache web
server. Throughout, best practices for set-up are highlighted to help you
ensure efficient ongoing management of your encryption keys and digital
certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727
d1
------------------------------------------------------------------------

smime.p7s (2K) Download Attachment

RE: Is snort an overkill for desktop only environment ?

2009-11-25T08:07:00Z

I'M not sure we are tackling this the right way. The question that was ask
is "is it overkill for a desktop only environment".

Every time you want to implement a control, you need to evaluate if you need
it (cost-benefit). If theres no need for IDS (H-N) at all, dont implement
them. But if you are the NSA and have (for what ever reason) a desktop only
environment in on of their branch/location, you MIGHT want to have these
controls. But at home, I really dont care about a N/H-IDS.

So yes its overkill if your environment does not need that level of
protection and No its not overkill if you need it.

Risk management all the way.

Philippe Rivest - CEH, Network+, Server+, A+
TransForce Inc.
Internal auditor - Information security
Verificateur interne - Securite de l'information

8585 Trans-Canada Highway, Suite 300
Saint-Laurent (Quebec) H4S 1Z6
Tel.: 514-331-4417
Fax: 514-856-7541

http://www.transforce.ca/

-----Message d'origine-----
De : listbounce@... [mailto:listbounce@...] De
la part de pleed
Envoyé : 24 novembre 2009 16:38
À : security-basics@...
Objet : Re: Is snort an overkill for desktop only environment ?

Alexander Klimov wrote:

> On Tue, 27 Oct 2009, [ISO-8859-1] Jos? Manuel Molina Pascual wrote:
>
>> If you have the HW and some time to do it.... Why not?
>>
>
> Because every new software package you install is a potential
> source of exploitable flaws, even more so if it is always
> working and getting its inputs from network.
>
>

In my opinion NIDS on the host itself does not make the box more secure.

When deploying snort, you normaly want to know if there already has been a
_successful_ attack, because when connecting to the internet you re
always being
attacked but mostly without any affect to your system. In your case if
your desktop
is attacked successfully, i wouldnt trust the NIDS output anyway.
In addition snort is just helpfull if someone is looking into the alerts
24/7.

I think you should spend your time with more productive stuff. But for
educational purpose
playing with it is never wasted time.

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL
certificate. We look at how SSL works, how it benefits your company and how
your customers can tell if a site is secure. You will find out how to test,
purchase, install and use a thawte Digital Certificate on your Apache web
server. Throughout, best practices for set-up are highlighted to help you
ensure efficient ongoing management of your encryption keys and digital
certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727
d1
------------------------------------------------------------------------

smime.p7s (2K) Download Attachment

Re: When SPAMMERS Pay You !

2009-11-25T05:51:15Z

Hi,

That mail came from paypal server, I did verify the mail headers and I
have that eCheck payment in my account too (although the entire amount
is deducted as fees, so I get nothing).

Regards,

On Wed, Nov 25, 2009 at 3:04 AM, Meta Junkie <metajunkie@...> wrote:

>
> Shreyas Zare:
>
> From the limited email details you gave, it looks like the message
> didn't actually come from PayPal.
>
> Did you actually receive the ten cent deposit into your account?
>
> If I was to wager, just based upon what I see here - I'd say you
> didn't. This looks more like a fishing (aka phishing) attack. But,
> if I'm wrong in my guess - please let me know!
>
>
> - metajunkie
>
> ps - I have an article or two regarding other phishing attacks at
> http://cyber-jutsu.blogspot.com

--
("Relax, its only ONES and ZEROS !")

Shreyas Zare
Co-Founder, Technitium
eMail: shreyas@...

..::< The Technitium Team >::..
Visit us at www.technitium.com
Contact us at theteam@...

Join Sci-Tech News group and get the latest science & technology news
in your inbox. Visit http://tech.groups.yahoo.com/group/sci-tech-news
to join.

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Re: whole disk encryption on multi boot laptop

2009-11-25T00:59:35Z

On Tue, 24 Nov 2009, Adam Mooz wrote:
> For this level of encyption it might be easier for you to get a
> harddrive with hardware encryption

As a professional paranoid I would not recommend using hardware FDE
for anything more than "keeping your kid sister out": you can never be
sure what backdoors are incorporated into them. In addition to
intentional backdoors (that, presumably, can be used only by the
authorities) you should be afraid of stupidity: there are known
examples (see Drecom) when a "128-bit AES hardware data encryption"
turns out to be a xor of every sector with the same mask.

By the way, some most vocal hardware FDE proponents on this list
actually work for companies that sell hardware FDE -- caveat
emptor :-)

--
Regards,
ASK

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

RE: adding another defence layer against viruses/worms

2009-11-24T23:08:29Z

Hi Juan,

I would advise your Client to either:

1. Have solid policy as to what sites are accessible/are not accessible
from his branches (can be enforced with bluecoat and the like...)
2. Segregate the network the branches have access to (kind of DMZ) from
his LAN using FW.
3. Give low level permissions to the branches on the core.

My 2c...

Thanks,

Boaz

-----Original Message-----
From: listbounce@... [mailto:listbounce@...]
On Behalf Of Juan B
Sent: Tuesday, November 24, 2009 4:04 PM
To: security-basics@...
Subject: adding another defence layer against viruses/worms

Hi all,

I'm doing some security consulting for a client. this client have around
30 remote branches connected to his core. the problem is that sometimes
the AV fails to detect new viruses/worms coming from those branches so
those viruses/worms mess up his LAN.another problem is that the the
client doesn't have much of control over the remote PCs in the branches.
so I thought about adding another layer of defence in which we will add
an IPS (which Ips detects also viruses/worms??) which will filter and
scan all traffic coming from the branches.

I just wonder if you guys agree with my suggestion.

any comments will be welcomed.

BTW,

any recomendations for the IPS?

thanks a lot
juan

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an
SSL certificate. We look at how SSL works, how it benefits your company
and how your customers can tell if a site is secure. You will find out
how to test, purchase, install and use a thawte Digital Certificate on
your Apache web server. Throughout, best practices for set-up are
highlighted to help you ensure efficient ongoing management of your
encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Re: Dealing with port/vulnerability scans

2009-11-24T15:37:38Z

Tony Raboza wrote:
>
> What about you? How do you deal with port/vulnerability scans? Is it
> illegal btw?

Chapter 1. Getting Started with Nmap
Legal Issues

http://nmap.org/book/legal-issues.html

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------