Security

Planning, Scoping and Recon Techniques

Mon, 09 Jan 2012 04:00:00 EST

The purpose of this article is to describe some tools and techniques in performing the planning, scoping, and recon portion of a penetration test. In covering these tools and techniques the reader will learn how to use them to find vulnerabilities in their organization and help improve security posture. Some other names for this first phase of penetration testing are; OSINT (Open Source Intelligence), Footprinting, Discovery, and Cyberstalking.

How Does the DoD Fight Terrorism Despite Budget Cuts?

Fri, 28 Oct 2011 11:00:00 EDT

United States military contractors are under unprecedented pressure to find ways to cut costs for their federal government customers despite the interest in developing new technologies to fight the war on terrorism. Gone are the days when contracts would swell exponentially without any regard for initial quote figures or recourse from their customers. The federal deficit debt-reduction plan, which includes massive defense spending cuts, recently put the contracting community on notice that it has to change the way it does business, become more accountable for cost overruns and find ways to do more with less. Those who don't meet this mandate will find themselves on the outside looking in. Getting the military contractor community to radically change the way it does business is akin to trying to turn around an oil tanker with an oar. It’s a daunting challenge, but not an entirely impossible one. The answer may be easier to find than many would expect: open source technologies. By using open source software (OSS) and Government off-the-shelf (GOTS) technologies, contractors can offer quality products and services that are significantly more flexible and cost-effective than proprietary systems, and can be reused indefinitely and shared with other federal agencies without additional cost.

Metasploit Nessus Bridge on Ubuntu

Fri, 01 Jul 2011 10:00:00 EDT

Ever wondered how to use the autopwn feature in Metasploit on Unbuntu? Want to run nessus from within metasploit? What database should I use: sqlite3 or postgres? I will explain the benefits of both. Nessus is a vulnerability scanner program, it is free for personal use using the nessus for home. They also have a nessus for business which requires a fee. I will be discussing the nessus for home use and using it with the popular metasploit framework. Acquire the latest release of nessus homefeed Nessus-4.4.1-ubuntu1010_i386.deb and register for the activation code. Follow the instructions listed in the document ion for installing with Ubuntu and start to configure. Nessus daemon cant be started until nessus has been registered and the plugin download has occurred.

Bulletproofing the WebSocket Wire Protocol

Sun, 12 Dec 2010 02:30:00 EST

There's been a flurry of discussion this week among Internet and Web standards heavy-hitters around WebSocket, the new communications protocol supported in Chrome 4 and Safari 5. What was the main issue? Is there some kind of fundamental security vulnerability with the WS protocol? Web Security Journal turned to a domain expert in such issues, namely the CTO of Kaazing Corporation, John R. Fallows.

Successful Open Source Security Is Knowing What to Secure

Wed, 27 Aug 2008 14:23:00 EDT

Imagine the CIO of a consumer bank who thinks he is running 50 Oracle databases, but now finds out that in fact he has 100 databases installed behind his firewall. He doesn't have any idea where the other 50 came from. He doesn’t know the name of the vendor(s) supporting them. And he doesn’t have anyone on his IT team assigned to managing them. This scenario would be totally unacceptable to anyone.

Application Security for Open Source - The New Frontier

Fri, 23 May 2008 14:15:00 EDT

Hybrid applications made up of proprietary, open source and third-party components are the result of today's fast-paced and complex software development landscape. Applications developed within the last five years - whether internal or external - are at least 50% open source software (OSS) and third-party components.

Why 'LiveCD' Should Be a Part of Every Computer User's Vocabulary

Fri, 07 Mar 2008 11:00:00 EST

Throughout the last decade, society has witnessed an explosion of network connectivity among PCs and mobile devices as well as a vast proliferation of networked applications, ranging from Web-based email to online banking. The end result of this is that network connectivity has become an almost indispensable resource for many individuals.

SSO, Open Source and the 'Modern' Enterprise

Thu, 17 Jan 2008 12:00:00 EST

Efforts to modernize enterprise infrastructure have never been more complex. While the need is certainly there on multiple fronts - competitive edge, cost savings and new business initiatives, to name just a few - new hurdles seem to pop up no matter where an IT administrator might look. That includes not just management issues such as cap/ex costs and user resistance, but also an increasing pancake stack of integration layers within and among applications.

Proactively Preventing Data Corruption

Thu, 03 Jan 2008 14:00:00 EST

Data corruption is an insidious problem in storage. While there are many forms of corruption, there are also many ways to prevent them. For example, enterprise class servers use error checking and correcting caches and memory to protect against single and double bit errors. System buses have similar protective measures such as parity. Communications going over the network are protected by checksums.

Trust But Verify

Fri, 06 Apr 2007 17:00:00 EDT

Some years ago, a small manufacturing firm was hijacked by its IT employees. They didn't use weapons, but they did commit murder: They killed the business. Unfortunately, they were aided and abetted by the company's own lax security policies.

EOS Cover Story — Linux Authentication Using PAM and LDAP

Wed, 18 Oct 2006 15:00:00 EDT

In an environment with more than a few Linux servers, managing users, groups, and other information securely across those systems is critical. Pluggable Authentication Modules (PAM) and the Lightweight Directory Access Protocol (LDAP) give administrators a way to accomplish this without having to distribute flat files or rely on RPC services, such as the insecure Network Information Service (NIS).

The Open Source Advantage in Secure Application Development

Mon, 24 Jul 2006 13:00:00 EDT

The security benefits and risks of Open Source code is one of the most debated topics in information security today. The views of proponents of the Open Source model are typified by Eric Raymond's argument that Open Source software is intrinsically more secure since its open nature lets a greater number of programmers view the source code and uncover potential security threats before they're released to the wild.