Posted: Mon Nov 01, 2004 10:57 pm Post subject: October '04 SFDC Column
October SFDC Column
Well another month has gone by and yet again we have more quality posts in the forums. To think that not all that long ago the forum only had a couple of thousand members. At this moment we are not that far off from breaking the 20,000 mark in terms of active membership. This phenomenal growth is truly a testament to the founders of the forum (Chris and Shaolintiger) and the void they saw in the online security community. Let us not forget though that the other equally critical ingredient has been the contribution of the members themselves. Without the interesting posts, and equally informative responses from the members we would not be where we are today.
Restricting Web Access
On that note let us take a minute and review some of the more interesting posts made this month by the membership. In the Windows forum a member asked for a method of blocking a certain group of users in a complete Win2K environment from accessing the internet. This thread originally started in September but bears revisiting as there have been more posts to a topic that is of concern to many system administrators. Quite often on large to medium networks there is always an employee who will insist on spending too much time on the web, or worse yet be visiting inappropriate sites. How do you stop those troublesome employee’s from doing so though? Outside of firing them there are several ways to control their web access listed in this thread.
Linux Binaries Security
Oddly enough we had a similar type question pop up in the UNIX/Linux forum this month as well. The poster wanted to know if there was a way of restricting the execution of certain binaries on a Linux machine. Several solutions were given to this question and the most viable one in my opinion centered on making certain mounts non-executable. Not a bad solution indeed and probably the simplest one to implement really. Though give the thread a read and see the other possible remedies to this problem. Better yet if you have another possible way to fix this problem post it to the thread.
Optimizing Program Size
In the Programming and more forum there is once again an interesting post made by Capi. What Capi has done this time is to create a little program that he has released under the GPL license. The whole point of the program is to simply tighten up your existing C code. What is meant by that is all white spaces are taken out. This of course will minimize the size of your code, which is always a good thing. Future versions of this program will include other features as time permits for Capi.
Disabling USB Sticks Access
There is usually an informative post or three in the Exchange 2000//2003 & Active Directory forum. This month is no different and a rather important security issue also gets answered. One of the posters wanted to know how to disable the usage of usb sticks in a Windows environment. With the ever increasing popularity of these memory sticks as well as their size this is of increasing concern to system administrators everywhere. If it isn’t then it should be. All kinds of nasty stuff can be introduced to the internal LAN care of these delivery vehicles. Included in this thread is a very good way of mitigating this threat via group policy. It is far more elegant then the usage of a batch script first suggested by the original poster. I highly suggest you read this thread if you are in any way involved in administering a network.
In the Networking forum there is a pretty good question, which displays the importance of troubleshooting. Not only that but also in finding the breakpoint in the problem you are facing so that you can diagnose, and fix the problem properly. The poster originally thought that there was something wrong with their install of Apache. It turns out though that there was nothing wrong with the actual installation of Apache on this persons system, but rather there was a configuration problem with their router. In essence the port was changed that the webserver should be listening on. Not to forget either is that the external request has to be forwarded to the proper internal LAN ip address, or else the webserver will never see any requests. NAT also needed to be turned on to mention but a few configuration problems that needed to be corrected. Developing a sound methodical approach to problem solving is key. Much like using the OSI model can be helpful in figuring out networking problems.
Advanced Firewall Testing
We saw in the Firewalls/Intrusion Detection forum a post which highlights the need to understand the underpinning of computer communications – TCP/IP. To be a competent security analyst let alone a talented one you simply must have a very good knowledge of the core protocols at the least. The core protocols being IP, TCP, UDP, and ICMP. The poster wanted to know about doing some advanced testing of their firewall via HPing2. You will note in the response provided in the thread by Shaolintiger that not only a knowledge of protocols is required, but also a bit of imagination also. To whit, just what would happen were I to do this to that protocol? Realistically though if you are really into bending or breaking protocols you are going to have to learn how to program raw sockets.
That pretty much wraps up this months column, but I would like to leave you with a thought or two. We all lead busy lives and making the time to learn new things to increase our knowledge can be difficult. It always comes down to time management really. Myself I try to at least spend a half hour a day reading a book or an online resource to continue learning. Rest assured that those people you admire for their knowledge of all things computer related do spend a great deal of time studying. There is no quick solution to expanding your knowledge base it simply takes time. On that note have a great day, and hope to see you on the forums!
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum