Saturday, October 17, 2009
Friday, October 9, 2009
Journal 6 - Database Encryption
What is the value in encrypting your Data?
By Rich Adrian Lane
This article discusses reasons for deciding on whether or not to encrypt data.
Case 1 - In establishing a disaster recovery plan considerations are made on duplicating or backing up server data to an external location.
Case 2- Concerns about the loss of sensitive company information when lab equipment is stolen prompted consideration for encrypting data.
Case 3 – Compliance with PCI-DSS guidelines where customer billing, credit card and password information is stored in a database.
Case 4 –Key management is forgotten to be encrypted.
http://securosis.com/tag/database+encryption
By Rich Adrian Lane
This article discusses reasons for deciding on whether or not to encrypt data.
Case 1 - In establishing a disaster recovery plan considerations are made on duplicating or backing up server data to an external location.
Case 2- Concerns about the loss of sensitive company information when lab equipment is stolen prompted consideration for encrypting data.
Case 3 – Compliance with PCI-DSS guidelines where customer billing, credit card and password information is stored in a database.
Case 4 –Key management is forgotten to be encrypted.
http://securosis.com/tag/database+encryption
Network Security Tool Live CD
Network Security Tool is a bootable ISO live CD/DVD toolkit. It was designed to provide easy access to best-of-breed Open Source Network Security Applications. I chose to write about Network Security Tool because it has a comprehensive set of the top 100 security tools, an advanced Web User Interface for system administration, navigation, automation and configuration of network security applications. The NST can transform most processors into a system designed for network traffic analysis, intrusion detection, network packet generation, wireless network monitoring, virtual session servicing or a sophisticated network/host scanner. It takes less than a minute to get it going by just rebooting NST Live. It is an excellent tool to help with crash recovery troubleshooting scenarios and diagnostics.
In September 2009, NST announced the latest release v2.11.0 with a new design. NST Live can be installed to a USB device for creation of a NST Live USB disk. NST keeps looking for ways to improve their product and does not stand still when it comes to the latest technology and interfacing with it. Since NST is an open source security application, there are various support organizations that will help take advantage of all of its capabilities. It will help with configuring technical security controls for organizations when considering prevention, detection and over all security administration.
The NST toolkit can help in supporting the mission of the organization by protecting its physical and financial resources, reputation, legal position, employees and other tangible and intangible assets. It is very cost-effective since it is an open source and well known in the industry. The toolkit can help organizations support its policies in managing their computer security program, risk management, helping with the Business Continuity Plan and Disaster recovery program, awareness training, and physical and environmental security among others.
Some of security tools that the NST toolkit provides are as follows:
Wireshark, Multi-Tap, Network Packet Capture, Nessus, Snort, NMap, Top, Kismet, Netcat, Hping2, Tcpdump, Cain and Abel, John the Ripper, Ettercap, Nikto, THC Hydra
http://sourceforge.net/support/getsupport.php?group_id=85467
http://www.networksecuritytoolkit.org/nst/index.html NIST SP800-30 & NST SP800-14
In September 2009, NST announced the latest release v2.11.0 with a new design. NST Live can be installed to a USB device for creation of a NST Live USB disk. NST keeps looking for ways to improve their product and does not stand still when it comes to the latest technology and interfacing with it. Since NST is an open source security application, there are various support organizations that will help take advantage of all of its capabilities. It will help with configuring technical security controls for organizations when considering prevention, detection and over all security administration.
The NST toolkit can help in supporting the mission of the organization by protecting its physical and financial resources, reputation, legal position, employees and other tangible and intangible assets. It is very cost-effective since it is an open source and well known in the industry. The toolkit can help organizations support its policies in managing their computer security program, risk management, helping with the Business Continuity Plan and Disaster recovery program, awareness training, and physical and environmental security among others.
Some of security tools that the NST toolkit provides are as follows:
Wireshark, Multi-Tap, Network Packet Capture, Nessus, Snort, NMap, Top, Kismet, Netcat, Hping2, Tcpdump, Cain and Abel, John the Ripper, Ettercap, Nikto, THC Hydra
http://sourceforge.net/support/getsupport.php?group_id=85467
http://www.networksecuritytoolkit.org/nst/index.html NIST SP800-30 & NST SP800-14
Friday, October 2, 2009
Increase Security through Open Source?
Is it not logical that if you close the door to your security system you could reduce the risk and have less vulnerability? Would you not reduce the likelihood of a successful attack with less exposure with a closed software system? The question is, when considering security risks in your system, which is better to use an open or closed source?
There has to be an understanding between the security of a system, the exposure of the system and the risk associated with using the system. Risk is defined as a combination of the likelihood of a successful attack and the damage resulting from it. The exposure of a system is not just that hackers can get into the system but that they know the vulnerabilities and whether the system is a high profile target. How secure the system is depends on the number of vulnerabilities and the severity.
A closed source prevents the attacker from easy access. However, it is well know that hackers take it as a challenge and they do not stop until they get access into a closed source and they can create havoc. One of the major problems is that the producers of the closed source are the only ones that can create patches to the vulnerabilities that have been compromised. A big problem is that it will take them weeks or months to implement their patches. In the meantime, they will be vulnerable to hackers. These hackers will provide the information to other hackers and the public over the internet eventually creating even more disaster for the victim.
An open source system does provide exposure to the public and actually puts the potential victim on guard where they have to install preventive software patches to protect themselves. However, this is a good thing because open source users help each other by making these patches available to a central repository. There is a network effect, where users can find more and faster patches to quickly resolve their problem. This also enables them to add extra security measures. Evidence suggests that patches for open source software are released almost twice as fast as for closed software, thus cutting in half the vulnerability period. If a user is unable to patch a bug himself, open source enables him to communicate about bugs with developers more efficiently. Because it is an open source to the public as a side effect, this will stimulate research and development in new, improved tools for software development, testing and evaluation. In the long run openness of the source will increase its security.
There has to be an understanding between the security of a system, the exposure of the system and the risk associated with using the system. Risk is defined as a combination of the likelihood of a successful attack and the damage resulting from it. The exposure of a system is not just that hackers can get into the system but that they know the vulnerabilities and whether the system is a high profile target. How secure the system is depends on the number of vulnerabilities and the severity.
A closed source prevents the attacker from easy access. However, it is well know that hackers take it as a challenge and they do not stop until they get access into a closed source and they can create havoc. One of the major problems is that the producers of the closed source are the only ones that can create patches to the vulnerabilities that have been compromised. A big problem is that it will take them weeks or months to implement their patches. In the meantime, they will be vulnerable to hackers. These hackers will provide the information to other hackers and the public over the internet eventually creating even more disaster for the victim.
An open source system does provide exposure to the public and actually puts the potential victim on guard where they have to install preventive software patches to protect themselves. However, this is a good thing because open source users help each other by making these patches available to a central repository. There is a network effect, where users can find more and faster patches to quickly resolve their problem. This also enables them to add extra security measures. Evidence suggests that patches for open source software are released almost twice as fast as for closed software, thus cutting in half the vulnerability period. If a user is unable to patch a bug himself, open source enables him to communicate about bugs with developers more efficiently. Because it is an open source to the public as a side effect, this will stimulate research and development in new, improved tools for software development, testing and evaluation. In the long run openness of the source will increase its security.
Data Remanence - Journal 5
I selected the article “How can DRAM remanence compromise encryption keys” by Michael Cobb at SearchSecurity.com because it discusses the attacks on random access memory which is the next step in data or disk remanence vulnerabilities. In data remanence the concern is the data that has been erased but still exists in hard drives. This article discusses the concern on the encryption keys where they linger in the RAM after the computer is turned off. It is unknown how much the risk is because it is an emerging threat and hackers will not publish their findings, at least not yet. This article also advices the readers on basic defenses such as physical prevention and training in awareness of the latest risks in RAM and disk remanence.
Thursday, October 1, 2009
Monday, September 28, 2009
Wireless Infidelity
1. What is war Driving?
Answer:
War driving is wireless monitoring but with the unlawful or unethical intent by intruders for their gain or profit.
2. What is Wired Equivalent Privacy (WEP)?
Answer:
A security protocol for wireless local area networks defined in the 802.11b standard. WEP aims to provide security by encrypting data over radio waves so that it is protected as it is transmitted from one end point to another.
3. What was the lessoned learned form War Driving?
Answer:
A person who is war driving has a very high possibility of getting prosecuted because judges are now willing to accept a reason of intent as being sufficient to put someone behind bars.
Answer:
War driving is wireless monitoring but with the unlawful or unethical intent by intruders for their gain or profit.
2. What is Wired Equivalent Privacy (WEP)?
Answer:
A security protocol for wireless local area networks defined in the 802.11b standard. WEP aims to provide security by encrypting data over radio waves so that it is protected as it is transmitted from one end point to another.
3. What was the lessoned learned form War Driving?
Answer:
A person who is war driving has a very high possibility of getting prosecuted because judges are now willing to accept a reason of intent as being sufficient to put someone behind bars.
Subscribe to:
Posts (Atom)
