NavigationRecent UpdatesUpcoming events |
Operating SystemSolaris in.telnetdSubmitted by alcourt on Tue, 2007-02-13 15:09.Operating System
By now, I'm sure everyone with a Sun system has heard about the widely disseminated vulnerability in Solaris 10's telnetd code. My experiences in managing that issue from early announcement to patch might serve as a warning/aide to others who are looking at security models. Several lessons were learned as a result of the experience. Some were things that worked well, some were things that I feel would hopefully be improved.
alcourt's blog | add new comment | 915 reads
NMAPSubmitted by dklein on Sun, 2007-01-14 10:50.Communications | Linux | Network | Networking | Operating System | Operating System | Protocols | Security | TCP | UDP | Unix | User Security | Visualization | Windows
Fast enumeration of network services Active Nmap is a powerful tool for discovering hosts on a network and enumerating what service they are offering. This can be used to find vulnerable systems, to locate rogue services on your network or simply for a first step in troubleshooting. add new comment | 1553 reads
sudoshSubmitted by doug on Wed, 2006-11-15 22:15.Operating System | Security
Sudosh records all keystrokes and output and can play back the session as just like a VCR. Stable sudosh is used with sudo(8) to exec the user's shell specified in /etc/passwd as root. sudosh makes use of the built-in script(5) command to log session data to syslog. Companies that have a team of system administrators and a large number of servers face a difficult problem: root access. The most common solution is to distribute the root password to the system administrators and contain them in a wheel group. With the recent requirements of Sarbanes and Oxley this becomes quickly impossible because the root password must be changed every 3 months. The other option is to use sudo. Sudo works great. It's actually too good. This is why I created sudosh. Sudo doesn't allow you to do shell type things that system administrators are used to. The following example is a real command that is used during an AIX data migration: add new comment | 1938 reads
Parts of securitySubmitted by alcourt on Fri, 2006-11-03 17:52.Operating System
So I've been working on an internal security review and discovering that the bulk of the issues I run into stem from the fact that the users don't seem to understand the need for an audit trail. To me, security consists of confidentiality, authenticity, and the auditability. It's easy to explain the need for the first two, or at least, people don't need me to explain why they are a part of security. I get the normal "But we have a firewall, why do we need security?", but that's minor. But when it comes to issues that center around preserving an audit trail, I get blank stares and a complete lack of understanding as if they just don't understand at all what I'm talking about or why a security review would be remotely concerned with maintaining a record of who did what on a system. alcourt's blog | add new comment | 1342 reads
SSL Intro for techs; mini OpenSSL CASubmitted by syscomet on Sat, 2006-10-28 17:44.Applications | Network | Operating System
Sysadmin's Basic Guide to SSL Certificates and AuthoritiesIntended audience: system administrators who know roughly what SSL/TLS is and can use SSH and OpenPGP products (such as GnuPG) and who now want to know more and perhaps issue local certificates. You should know what public-key cryptography is, but are not expected to be able to follow any math (no equations herein) -- this is about using the stuff, not understanding the underlaying principles. You understand that "encrypt" is scrambling and "decrypt" is descrambling. syscomet's blog | add new comment | 5206 reads
rsyslogSubmitted by doug on Sun, 2006-08-27 20:47.Applications | Communications | Network | Operating System | Operating System | Operating System | Security | Security | Unix
Rsyslog is an enhanced multi-threaded syslogd supporting, among others, MySQL, syslog/tcp, RFC 3195, permitted sender lists, fil Active Rsyslog is an enhanced multi-threaded syslogd supporting, among others, MySQL, syslog/tcp, RFC 3195, permitted sender lists, filtering on any message part, and fine grain output format control. It is quite compatible to stock sysklogd and can be used as a drop-in replacement. Its advanced features make it suitable for enterprise-class, encryption protected syslog relay chains while at the same time being very easy to setup for the novice user. An optional web interface - phpLogCon - can be used to visualize all data online. add new comment | 1594 reads
Log AnalysisSubmitted by doug on Tue, 2006-07-25 09:29.Log Data | Network | Operating System | Security
Web page referencing log analysis tools "Log Analysis is one of the great overlooked aspects of operational computer security. Many organizations spend hundreds of thousands of dollars on intrusion detection systems (IDS) deployments - but still ignore their firewall logs. Why? Because the tools and knowledge to make use of that data are often not there, or the tools that exist are too inconvenient. You should expect that to change. Right now, IDS vendors are up against the wall with the volumes of data they produce; the next wave in security is to try to usefully correlate and process the contents of multiple logs." add new comment | 1374 reads
 |
| All content on this site © 2005-2008 by each individual author, All Rights Reserved. | Thanks to Platinum sponsor |  |