Joined: 04 Mar 2003
|Posted: Fri Dec 02, 2005 3:29 am Post subject: Nov '05 SFDC Column
November ’05 SFDC Column
Another busy month has gone by for many of us on the forum, and quite a few of us are dreading another long, cold winter coming up! Canada is indeed known as the “Great White North”, and for you geography buffs can any of you guess, which is the coldest world capital? Ulaan Bator in Mongolia, and right behind it my hometown of Ottawa in Canada. Back to forum business now! The staff here at SFDC has noticed a marked increase in the use of nested quotes, and simple one liner posts. These are both prohibited in the rules of the forum, and for good reason. What I mean by nested quotes is that you actually quote more then one person. That is a nested quote, and please do not use them, as is indicated in the forum rules. Lastly, please do not make simple, short one line responses in posts. Kindly make them more detailed, and put some thought into them. We need the help of all of our members to keep SFDC the great forum that it is. With that said lets go back over some interesting posts made last month.
Installing two firewalls
The question of using more then one firewall on a computer is one that seemingly pops up on a regular basis. Are you more secure by using more then one? Does it have any other advantages over using just one firewall? To completely understand that question one needs to understand just how a firewall really works. Recommended reading on just how they work would be this two part article. After having given that article series a read you will understand that if you do use two firewalls you are very likely to have system instability. When a firewall does install itself it will install several drivers. The last thing you really want to do is install those same drivers again from another firewall. From that is where your system instability issues would come from. Like it was suggested in this thread you would be better off having a hardware firewall in place to act as a first layer of defense. What is a hardware firewall you ask? Well it does not have to be a Cisco PIX that is for sure. A soho router such as a DLink, or Linksys will perform quite well as a hardware firewall seen as they perform stateful packet inspection against traffic hitting it.
Nov MS Security Updates screwed up my 2k3 display settings
One of our members has dutifully installed the latest Microsoft security update, but due to their diligence have triggered other problems. Specifically, the display settings on the W2K3 server. While I personally don’t have an answer for this problem I am hoping that this post will job some of your memories so that the member can resolve the problem. On another note though, and one that should be practiced by everyone, is that you really should test out the patches on a lab computer before implementing them in a production environment. I realize that many of you may not have the h/w to do so, but you may want to approach your management to perhaps get a copy of VMWare and one lab computer to test out patches as they come out. This could quite possibly save your company a lot of money in down time. Every network has its unique quirks or programs on them that could be broken by a Microsoft patch. Test them out if at all possible before implementing them!
The member in question here is looking for advice on how to write their own buffer overflow, and the best way to go about it. It is typical to have strong opinions on subjects like exploit development, and just what a person needs to know to do it. This was very much exhibited in this thread by various members. In my opinion you are best to approach a subject matter like this from the ground up. That would mean learning how to program in languages such as C/C++ and ASM as these are the languages that most every heavyweight applications are written in. You can certainly skip ahead, and use other methods to do quick and dirty learning as it were. Problem is though that you will eventually come full circle, and realize you need to learn the above noted languages if you want to make a serious study of exploit development. Like many of our parents have told us “Anything worthwhile takes time and effort”. I will add that reading this thread was very enjoyable.
Exploit development cycle
Another member wanted to know just what the exploit development cycle is, and what tools were used to accomplish it. This bears mentioning as it falls hand in glove with the other post made on exploit development. A nice variety of advice was given the poster in this case. It bears notice that there is both commercial and freeware tools that can be used to do exploit development. There are excellent tools to be had for work in the win32 world, and of course there are those for use in *nix. To be quite honest this is one of those posts that you may want to bookmark in addition to the one above. Between these you really have a pretty good road map of what to do, and what with as it impacts exploit development. Should you be interested in beginning or continuing you work in this field then these threads contain excellent advice.
Our series of “Interview with a security professional” continues strong with this month featuring Ron Gula. I am pleased to announce that Mr. Bruce Schneier has agreed to do an interview for us. This is very much a coup for us here, as he is very much at the pinnacle of his craft. Please remember as well that should you wish to see someone specific interviewed please drop me a pm, and I shall do my best to see if they can. It has been great having these interviews, and a real pleasure in dealing with them. They have all been quite pleasant to deal with, and most generous of their time. Till next month folks!