Posted: Sat Oct 02, 2004 4:14 pm Post subject: September '04 SFDC Column
September SFDC Column
Well the month of September is pretty much behind us now. There have been some new and interesting posts in the various forums. Several ones of particular interest come to mind, which I will expand upon lightly below. The point of this column is to reacquaint the forum membership with quality posts they may not have seen. With that in mind let us take a stroll through some of Septemberís posts by our members.
Keeping an eye on your sockets
In the Windows forum a thread was started on monitoring processes running on your computer. This is, or should be of interest to most everyone. Why? Well any program running on your computer should show up when executing the netstat function. For example all of the NetBIOS services, and the DCE one as well on port 135. These services are running by default on your Windows OS. These services are expected by as one of the posters said what about spyware? Checking your active sockets would be an excellent way to determine what is going on with your computer. There are many programs which will allow you to monitor your sockets, but my personal favorite is ActivePorts. Keep an eye on your sockets as something you may not want running could be sending out your personal info.
UNIX/Linux Configuration files
Another good question came up in the UNIX/Linux forum. Though it is generally a novice type question it does help illustrate one area within UNIX or Linux that many people donít fully understand. That area being the /etc directory or in this posts case the /etc/services directory. Some of the forum members pointed out exactly what it was that was found in this file. It bears closer review though the /etc directory as this is where all the config files if you will are located on a UNIX or Linux computer. Oneís such as the /etc/hosts or the /etc/inetd.conf file. You need to remember as well that in UNIX or Linux everything is a file. So it is a relatively simple matter of opening up one of these files with say VI or a text editor like Kate, and modifying the contents of it. This is one of the huge points that Linux has over Windows is that you can simply and easily edit the operating system itself. That statement though is not meant to start another meaningless OS war as each OS has its strong points.
API Hooking & DLL Injection
Another excellent forum on the site is the Programming and More one. We are lucky in so much as that there are several talented developers who both moderate here, and patrol this forum. Hugo and Capi please take a bow! Per my perspective programming is one of the twin pillars of knowledge that we should all strive to learn, and TCP/IP being the other. Learning how to program can be a sometimes frustrating affair but it is pretty much essential if you want to have a good understanding of how the web works. Not only that but all computer security related matters invariably come back to programming as well. This month saw a post by Capi himself actually which was about Win 9x/2K API hooking. This topic very much relates to such security issues as DLL injection and other high end hacking issues. Some very good information resides in this thread and you are all highly encouraged to take your time and read through it. It is not often you are able to take advantage of such able programmers for free!
AD Replication in a NAT'd environment
A good portion of the forum membership are also system administrators in a Windowís environment. One of the issues that keepís cropping up is that of MS Exchange administration and that of Active Directory implementation, or maintenance. While both of these programs are relatively intuitive not everyone has the same network design. That is where a question this month comes up. How do you implement Active Directory replication with NAT? A good question indeed. This area is not my forte as it were so I read it with interest. Some sample solutions are laid out for the poster by that forums moderator MattA.
Understanding online firewall security checks
One of the questions that keepís popping up is that of the stealthed ports, and those online security scans. In the Networking forum this very same question popped up again. One of the readers pointed out indeed that being stealthed is not an indication of very much. This again boils down to a lack of fundamental knowledge of TCP/IP and how it works. You should also take into account if you are running any services such as an Apache web server on your computer. Not only that, but actually take the time to learn how to properly configure your router/switch is you use one. These technologies are pretty easy to use and quite intuitive. This post here actually ties into the one earlier mentioned in the Windows forum about monitoring processes. Remember you donít actually turn off a port but rather you need to disable or turn off the program which opened a socket on your computer.
Cryptography's impact on WWII
Another very popular forum here is the Cryptographic Software and Hardware discussion one. This forum is moderated by our very own JustinT who is very much a wealth of knowledge in this rather difficult area. A rather cool topic actually has come up this month, and it deals with World War II Crypto history. There are few things which have influenced the outcome of war as much as cryptography and itís breaking of ciphers. Some of us know or remember from History class that the Allied capture of an Enigma machine led to the beginning of the end for the Axis powers. Such is the impact of being able to read your enemies encrypted communications.
Microsoft JPEG vulnerability issue
Our last topic to be revisited resides in the Exploits/System Weaknesses forum. The JPEG processing issue vulnerability was discussed by several members who took the exploit through its paces to see how it worked. It bears mentioning that one should only ever work with exploits in a lab environment, and not on the actual internet. One is quite legal and the other is most certainly not. Studying exploit code is a legitimate exercise in network security, but only in a controlled lab environment. It is rather difficult to protect your network assets if you donít know how they are attacked. Give the thread a read and learn a bit more about exploit code and itís development/usage.
Well that brings us to the end of Septemberís column. Every month we will be putting out a column, which will highlight certain posts of interest for the members. Well until next month take care, and hope to see you on the forum
nice little summary and I enjoyed reading a few of those
especially the bit about
The reason why I said "don't worry" is because stealth does not improve your security, it does not hide your system, and is in general as useful as pulling a sock over your head thinking you're now invisible..."
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum