Joined: 04 Mar 2003
|Posted: Mon Aug 01, 2005 9:29 pm Post subject: Jul '05 SFDC Column
July ’05 SFDC Column
Well another busy month has gone by for both all of us on the forum, and the computer security world at large. No doubts you have all heard of the kerfuffle at Blackhat, and the Cisco IOS vulnerability that was disclosed. Wish I could have been there, as that would of made for a very interesting talk. Speaking of routers, and the mayhem one can do with them is one of our upcoming “Interview with a security professional” interviewee’s FX of IRPAS fame. He is a talented developer, and I look forward to his answers to the questions I have requested he respond to. For those of you who may have missed it we had Marcus Ranum do an interview for us this month. It made for an excellent read with some well thought out responses from Marcus. Lastly we also had Groovicus’s part I of his malware member article go up on the site in July. It made for good reading for those of you who may have an interest in playing with malware. On that note lets take a look at some of July’s interesting posts.
Password Expiry Policy….Importance?
One of the primary roles that a system administrator must fill is for basic security on their computer networks. A central theme to basic security is that of password expiry. The poster of this thread asked what a good policy would be, and just as importantly why it is important to have such a policy in place. Some very good responses were put forth in this thread, which expanded upon the need for forcing the change of passwords on a regular basis. Many companies have a regular turnover of employee’s, as that is a fact of life in today’s employment landscape. It was pointed out by AdamV that there may be a gap in time between HR notifying the IT administrator, and the time the employee actually left the company. You don’t really want the now departed employee to have continued access via RAS say if they no longer work there. You may also simply want to institute a passphrase vice password. A passphrase is easier to remember, and due to the number of characters involved a lot harder to break.
Linux & Windows on my new laptop
One of members was asking about dual booting their laptop in this thread, and how one should go about it. This question is one of those that always seems to surface periodically, as more people begin to gravitate towards Linux. Running both Linux and Windows on a laptop, or desktop for that matter is a great idea. Having the best of both worlds as it were really allows you to leverage each operating systems strengths without having to buy another computer. That being said one should also give some thought to VMWare as an alternative to dual booting, or going with a live linux distro like Whax. Using a live distro does have its advantages as you are simply running off of a cd, vice actually installing the linux distro itself. All that aside it is pretty simple nowadays to dual-boot a computer. You really only need a copy of Partition Magic, or simply use the partition agent that comes with many Linux distros. To sum up “give it a try!”. Should you run into any problems just ask for help on the forums, and we will do our best to help you out.
In this thread the poster wants to know how to best detect pollution aka spam, malware on their network. This is an excellent question with an equally good solution. The way that I approach this with clients is that I request that they do an inventory of their network services ie: what is supposed to be running on that network. From there I get a snapshot of one days traffic in a binary format. With a list of known services supposed to be running on the network in hand I am able to discount legitimate traffic, and the remaining traffic is therefore suspect. That type of traffic auditing, or log file analysis….. can be done via the use of BPF filters, and knowledge of the protocols themselves. It is time intensive, but is worth the effort of doing, or getting someone to do for you. Who knows what may be going on in your network. Auditing the traffic is the only real way of finding out what is flying around. Malware is one concern, employee misuse is also another concern, which can be addressed via this method. Network pollution as it were should be investigated on a regular basis. It is one step towards a far more secure network.
In this post the issue of exploit code being itself backdoored raises its head. This is indeed a timely topic as you must always be careful when compiling source code especially exploit source code. If you don’t really have a grasp of programming itself you in all honesty are best not to be playing around with exploit code for the very reason that you yourself may get exploited. A good example of this is the following article. Always make an attempt at reading the source code prior to compiling and invoking it. Lastly, always try to do so on a disposable box ie: a lab box. Playing around with exploit code can be fun, and very educational, but you must take steps to protect yourself from any “added features”.
On that note I will wrap up this months column, but would like to mention a few more points first. Please make sure to check out our crypto forums, as they are arguably the best to be found on the web today. Our very own JustinT rides herd over them, and contributes heavily of his time, and deep knowledge to them. Cryptography can be a daunting subject, but there is always someone there willing to help you out. Also please don’t be shy about writing an article, or column for us. It can be a great way to get your work publicized, and yourself recognition at the same time. Also a big congratulations goes out to our quarterly prize winners. Lets keep the great posts coming. Till next month!