Posted: Wed Dec 01, 2004 11:58 pm Post subject: November '04 SFDC Column
November SFDC Column
Well the New Year is rapidly approaching, and with it a rather auspicious moment for us here at Security-Forums. Whatever do you mean you say? Well forum membership is nearing the twenty thousand mark! This is a true testament to the perfect mix of patience and skill seen daily on the forum. We must all continually strive to keep this the best site for one and all; especially newcomers to the world of computers. Without further ado lets recap some of the more informative posts of this past month.
Set Windows Permissions from Command Line
This post addresses the issue of setting permissions from the command line in a Windows operating system environment. In this specific case the poster wanted to know how to set a folder up so that it inherited permissions from its parent folder. The person already knew how to do it via the GUI, but wanted to know how to do it via the command line. For those of you unsure of what that means; doing it via a DOS shell. The_Psyko responded that the tool xcacls would do the trick. The case with using a command line tool is learning what all the various command switches mean. This was the crux of the matter once the user tried this tool. Quickly enough though the original poster had the issue worked out. Working at the command line is a twin edged sword. It does take longer to learn how to do things, but as a result of it you know how to do it better. One should not become too dependant on a GUI if at all possible.
In the world of Linux most modern firewalls are built around iptables. Though some people still use the older ipchains. In this case the poster wanted to know how to set up an Iptables script. Several suggestions, and amendments were put forth by delete852 and tutaepaki. One thing that became readily apparent in this thread is that to successfully implement a sound Iptables script you need to know TCP/IP. It was pointed out to the poster that you must allow UDP though for DNS resolution as that protocol uses it for the vast bulk of its work. This protocol will only switch over to TCP for a zone transfer. One can never know everything of course, but taking on such projects as building an Iptables script will kick start ones learning. This is as mentioned by many if one of the nice parts of using Linux; you can do pretty much what you want with it. That includes building your own firewall via Iptables.
Programming and More
It is worth revisiting a post that I had written about earlier as there has now been a successful conclusion to the posters problem. To that end I will not try and recap all of the posts between Capi and the poster, but let you read it. One thing that this post brings to light though is that in most things computer related, and especially programming is that if a problem is encountered you must look for the breakpoint. By that I mean just where do things go awry? Start discounting what is working and look at what is left. By using a methodical approach like this you will save yourself gobs of time, and by extension develop a proper analysis methodology. To be fair though debugging certain programming issues may be beyond someone’s ability. That is why you make use of resources such as this forum! Where else can you get free programming advice, and have someone else actively debug your code? Once again a big thank you goes out to Capi for generously donating his time and skills to help out the poster.
The poster in this thread wanted to know how to log ip’s that were making connections to his Citrix server. One of the moderators on the forum; sgt_b responded that it would probably be easiest to do it with a PIX firewall. At this point various suggestions were made in order to optimize reporting, and on the use of ACL’s versus conduits. Sgt_b also makes the point that sometimes using the CLI is indeed faster then the GUI for tasks like editing ACL’s.
An interesting post surfaced in this forum about whether or not there really is a difference between brand name, and generic components. Some good points were made that it also depends on what you are buying ie: a video card, cabling, hard drive and the such. It does have an impact on whether or not a brand name is better. It was posted in this thread by Eliza that on big ticket items like a hard drive and say video cards you would be best to go with a brand name. Why? Simply put because of product continuity, support, and the all important drivers as well. To put a specific example in place here I have an ATI video card, and the reason I bought it is for the excellent Linux support they give. You would be wise to give these types of questions thought before making your purchase.
On a final note for this month’s column I would like to touch on something that occurred earlier this month. Some of you will remember the announcement I posted about the fake 0 day source code for MS04-029. In a nutshell this was not 0 day code for a new remote exploit, but rather an attempt at social engineering. Had you downloaded this code you would have simply trojaned yourself, and joined a bot army. While I am all for doing your patriotic duty joining a bot army is not something you want to be doing. In case some of you are interested in reading more about this incident as it were please surf on over to our sister site and give the articles titles “Social Engineering Meets the Bot” a read. On that note I wish to thank Hugo one of our moderators here for taking a look at that “0 Day” code with me. Have a great month of December guys and gals and I will type at you next month once again.
Last edited by alt.don on Sat Jan 01, 2005 4:17 pm; edited 1 time in total
hi thanks alot
sometimes when I get busy I missed some topics and really this SFDC Column help me and I would like to receive it by mail when I want that I will chose this option from my profile that`s if this option will be Available
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum