This is shameless self promotion. I'm really trying to get my consulting business going. It is allot of work. I work 8 hours daily doing solutions selling in IT. I tell clients to think of me as a consultant for free.
I want to be on my own in three years. With my own clients. I want to provide security consulting on a contractual basis. I will handle all aspects of security. This includes updating servers. Patching software. Keeping virus signatures up to date. Managing firewall rule sets.
I spend my nights and evening eating breathing and sleeping IT security. Anyone need a security consultant?
Orange County Computer Consultant
- Orange County Computer Security Consultant
- Orange County Computer Consultant helps small businesses with networking, installations and small business software.
Tuesday, October 02, 2007
Monday, September 24, 2007
CA Arcserve
There are reports from Secunia that CA Arc Server has multiple vulnerabilities. The exploits can used to bypass security restrictions.
Secunia has a very good list of up to date alerts.
Secunia has a very good list of up to date alerts.
Thursday, September 20, 2007
Hacker Methods
So how do hackers and crackers go about attacking networks and hosts? The best ones do research first. They want to know about your company, workers names, hobbies. The more information the better.
The first step would be to scan your target to determine which ports are open on your network. This can be done with many tools on the Internet. I will not list the tools as this is not a hacker tutorial but more of a heads up. Once they find what ports are open they can determine what services are running. A simple scan on Google or other websites can tell you which vulnerabilities are known for this application or service.
The next step would be to search for exploit code for that open port/service. At this point the attacker could craft a packet with a payload with the exploit code. The exploit code can tell the remote host to send back a shell or any other numerous things. Most attackers want access to the system to look for things. Others are malicious.
Attackers will often install a sniffer to grab more passwords on the network. Then cover their tracks and come back at a later time to grab the information or use your host as a jump off point for more attacks. Some hackers use mulitple systems to do Denial of service attacks. DDos is used with multiple systems.
The lesson here is patch and patch often, install IDS systems and have a firewall that will drop any suspicious traffic. Monitor your logs and encrypt your data!
The first step would be to scan your target to determine which ports are open on your network. This can be done with many tools on the Internet. I will not list the tools as this is not a hacker tutorial but more of a heads up. Once they find what ports are open they can determine what services are running. A simple scan on Google or other websites can tell you which vulnerabilities are known for this application or service.
The next step would be to search for exploit code for that open port/service. At this point the attacker could craft a packet with a payload with the exploit code. The exploit code can tell the remote host to send back a shell or any other numerous things. Most attackers want access to the system to look for things. Others are malicious.
Attackers will often install a sniffer to grab more passwords on the network. Then cover their tracks and come back at a later time to grab the information or use your host as a jump off point for more attacks. Some hackers use mulitple systems to do Denial of service attacks. DDos is used with multiple systems.
The lesson here is patch and patch often, install IDS systems and have a firewall that will drop any suspicious traffic. Monitor your logs and encrypt your data!
Layered Technologies Hacked
It appears that hackers have managed to get into Layered Technologies databases. There are reports that over 6,000 user id's and passwords were compromised. This just shows why encryption should be used more vigilantly.
It looks like the hacker got in over HTTP. He then accessed the database and copied the information. Passwords for SSH, MySQL, Cpanel and other applications were taken. I would suggest to anyone using this company to switch their passwords or think about another hosting company.
It looks like the hacker got in over HTTP. He then accessed the database and copied the information. Passwords for SSH, MySQL, Cpanel and other applications were taken. I would suggest to anyone using this company to switch their passwords or think about another hosting company.
Intrusion Detection Systems
In my previous post I talked about a IDS. IDS is a system that is used to monitor your network or hosts for behaviour that is out of the norm. They look for known attacks and alert you. You can usually have a back end database to store this information.
IDS systems can protect against zero day exploits, directory traversal, SQL injection attacks, buffer overflows, worms and othe Mal ware.
A good IDS should be able to do the following:
SNORT is a great and free IDS. It can do network analysis and logging.
There are plenty of books availiable to learn and configure SNORT.
Cisco also has a IDS, they call it IPS or Intrusion Prevention System.
IDS systems can protect against zero day exploits, directory traversal, SQL injection attacks, buffer overflows, worms and othe Mal ware.
A good IDS should be able to do the following:
- Deep Packet Inspection
- Behaviour analysis
- Logging
SNORT is a great and free IDS. It can do network analysis and logging.
There are plenty of books availiable to learn and configure SNORT.
Cisco also has a IDS, they call it IPS or Intrusion Prevention System.
McAffee Intrushield
McAffee Intrushield is a IPS. Intrusion protection system. The Intrushield can scan data at up to 10Gbps. Their are different models. I was told by a security enginerr by McAffee security engineer that it is effective because it uses FPGA's and ASIC's to transfer data. I noticied a bullet point that stated that the device could even scan for encrypted threats. I asked how can the IPS device determine if it is legit traffic or Malware? He stated that the device decrypts the packets and then scans the contents.
This device also supports QOS. Which will allow you to prioritize data. For instance VoiP would need more bandwith than P2p. They also have a technology called Vitual IPS to protect VLAN's.
The Intrushield is compatabile with McAffe Orchestra and and Mcaffee NAC.
This device also supports QOS. Which will allow you to prioritize data. For instance VoiP would need more bandwith than P2p. They also have a technology called Vitual IPS to protect VLAN's.
The Intrushield is compatabile with McAffe Orchestra and and Mcaffee NAC.
Wednesday, September 19, 2007
Business Intelligence
Business Intelligence is used to find patterns and trends to spot opportunities. This is awesome technology. Databases can be modeled to look for this data, then turn it into information. The saying information is power is true. Business Intelligence allow you to peer into all the data to see your best customers, best locations for real estate, stock trends, and economic data.
It can be used to look at customer behaviour, what magazines they order, websites visited to, and much more. This is information can then be used by marketing and advertising companies or even worse spammers or telemarketers.
The future hold real time data analytics and business intelligence. Where decision's can be made on the spot. Talk about pressure.
There is a open source data mining tool called Rapid. Data mining, AI, data warehousing and analytics are interesting topics. I will be taking SQL next semester.
The government uses a similar technology for homeland security using databases to look for patterns and similarities to detect threats to our nation.
It can be used to look at customer behaviour, what magazines they order, websites visited to, and much more. This is information can then be used by marketing and advertising companies or even worse spammers or telemarketers.
The future hold real time data analytics and business intelligence. Where decision's can be made on the spot. Talk about pressure.
There is a open source data mining tool called Rapid. Data mining, AI, data warehousing and analytics are interesting topics. I will be taking SQL next semester.
The government uses a similar technology for homeland security using databases to look for patterns and similarities to detect threats to our nation.
Microsoft Products
It seems like everyday there is a new Microsoft software title. It's mind boggling. There is Microsoft Expression. Which is web design suite. It allows for CSS layouts and also works well with .NET. This is not a surprise. There is also something called Microsoft accounting. I found this interesting, because I need accounting program for Phuture Networks to bill my clients.
Microsoft also has something called start up center. It's a good resource covering everything from tax laws to office setup. I like the fact it has list's of things that can be needed as office supplies and then links to Kinko's and other office supply places. It's a startup portal.
They have a certification called Microsoft Small Business Specialist. This is a test that I'm planning to take. Microsoft has allot of good information.
Microsoft also has something called start up center. It's a good resource covering everything from tax laws to office setup. I like the fact it has list's of things that can be needed as office supplies and then links to Kinko's and other office supply places. It's a startup portal.
They have a certification called Microsoft Small Business Specialist. This is a test that I'm planning to take. Microsoft has allot of good information.
Tuesday, September 18, 2007
Microsoft Working with Sun on Virtualization
According to a article in CRN, Micros0ft is working with Sun to make sure that their virtualization will be compatible. This means that if I purchase a Sun server with Solaris, It should, emphasis on *should* be able to run MS Server.
Do I want this? Sure why not. I like running multiple operating systems to see what I like the best. They all have benefits and flaws. For instance MS Windows is great for the business world. i.e. applications. I love Mac OS X for it's beauty and simplicity. It is the perfect OS and system for home users.
If I want to code, I then use Linux/UNIX depending on what platform I need to try to write or debug software on. I'm no expert programmer, but can read and write some C, HTML (not a programming language) PERL and Assembly X86.
With Web 2.0 taking off. A popular buzzword. What it really is is services using AJAX. Think of applications on the web to use. Google Apps comes to mind, Facebook and Myspace.
To sum this up I think it is a smart move for Microsoft. After all Novell has Xensource.
Do I want this? Sure why not. I like running multiple operating systems to see what I like the best. They all have benefits and flaws. For instance MS Windows is great for the business world. i.e. applications. I love Mac OS X for it's beauty and simplicity. It is the perfect OS and system for home users.
If I want to code, I then use Linux/UNIX depending on what platform I need to try to write or debug software on. I'm no expert programmer, but can read and write some C, HTML (not a programming language) PERL and Assembly X86.
With Web 2.0 taking off. A popular buzzword. What it really is is services using AJAX. Think of applications on the web to use. Google Apps comes to mind, Facebook and Myspace.
To sum this up I think it is a smart move for Microsoft. After all Novell has Xensource.
Windows Vista Encryption Algorithim
A few months back I asked a Microsoft Sales Rep what encryption was used for Vista. He did not know. The encryption algorithm implemented is AES-CBC. This is Advanced Encryption Standard in cipher block chaining mode.
AES is a block cipher developed by our government. The key sizes can be 128, 192 or 256. The block size is 128bits. It can change the plain text 10, 12, 14 rounds.
To learn more detailed information. Wikipedia has a excellent article.
AES is a block cipher developed by our government. The key sizes can be 128, 192 or 256. The block size is 128bits. It can change the plain text 10, 12, 14 rounds.
To learn more detailed information. Wikipedia has a excellent article.
Artificial Intelligence
When will AI come to the point that we live in a world like IRobot. I often think of developing a massive database of information. It would be very sweet to have AI, running in the database. It would look for patterns, learn and try to make logical decision's. I read about data mining, data warehousing, and data modeling. This is all in the field of informatics.
Artificial Intelligence is developing intelligent systems to mimic human behavior. AI can be applied to all fields of research. There is also the thought that AI will one day take over humans. Pretty scary.
There are so many databases out there on the Net. Imagine if someone developed a intelligent spider to crawl the net looking for correlations, trends over even try to predict future events. This is already a reality.
Artificial Intelligence is developing intelligent systems to mimic human behavior. AI can be applied to all fields of research. There is also the thought that AI will one day take over humans. Pretty scary.
There are so many databases out there on the Net. Imagine if someone developed a intelligent spider to crawl the net looking for correlations, trends over even try to predict future events. This is already a reality.
VM Ware Products
Their are several products that VW Ware offers. There are products for first time virtualization users, for enterprise users, technical and programmers and products for locking down the desktop and as well as management.
For Servers there is VM Ware Server -----> VM Ware Infrastructure
For desktops there is VMWare player. You can run virtual machines on any machine. These are free downloads.
Virtual Manager allows you to create virtual machines.
VM Workstation allows developers to run multiple virtual machines for software development.
VMWare Ace is used on desktop for security, it can be used to lock down endpoints.
VMWare Infrastructure.
ESX Server is the flagship or foundation for distributed virtualization. ESX server takes care of managing memory, hardware, networking and splits them up into virtual machines. Virtual center gives you a birds eye view of your virtual machines. It also handles workloads, optimizing and it has templates.
There are several add-ons for ESX server.
VM Ware is great for Malware analysis. You can view and run the source code in the vitual machines in a controlled enviroment. There are Anti-Virus companies that use VMware and software debugging tools such as Soft Ice to look into worms and see what there are meant to do. What worms, viruses and othe Malware is contained in the payload.
For Servers there is VM Ware Server -----> VM Ware Infrastructure
For desktops there is VMWare player. You can run virtual machines on any machine. These are free downloads.
Virtual Manager allows you to create virtual machines.
VM Workstation allows developers to run multiple virtual machines for software development.
VMWare Ace is used on desktop for security, it can be used to lock down endpoints.
VMWare Infrastructure.
ESX Server is the flagship or foundation for distributed virtualization. ESX server takes care of managing memory, hardware, networking and splits them up into virtual machines. Virtual center gives you a birds eye view of your virtual machines. It also handles workloads, optimizing and it has templates.
There are several add-ons for ESX server.
VM Ware is great for Malware analysis. You can view and run the source code in the vitual machines in a controlled enviroment. There are Anti-Virus companies that use VMware and software debugging tools such as Soft Ice to look into worms and see what there are meant to do. What worms, viruses and othe Malware is contained in the payload.
Open Source Search Engine
Today while working I came across Koders. Koders is a open source search engine. This is nice. There is also Google Code search. The beauty of this is that you can search for functions and routines that other programmers have written. Why reinvent the wheel?
I also went through a hour of Microsoft licensing training. There are so many options. I'm currently working on loking for companies that need Enterprise Agreements. This can be for SQL, Windows Server, Microsoft Exchange, Server, Windows Vista all the favors. You can also get software assurance which alows you to get software upgrades. This can be valuable because Microsoft is coming out with Microsoft Exchange 2008.
I also went through a hour of Microsoft licensing training. There are so many options. I'm currently working on loking for companies that need Enterprise Agreements. This can be for SQL, Windows Server, Microsoft Exchange, Server, Windows Vista all the favors. You can also get software assurance which alows you to get software upgrades. This can be valuable because Microsoft is coming out with Microsoft Exchange 2008.
Microsoft Security Alerts for Sept 2007
Microsoft released some security alerts. There is only one critcal alert. It allows an attacker to run code remotely on your machine. This is dangerous because they can ask fr a shell back to their computer to execute commands.
Here are four of the alerts:
To update your system. Click here.
Microsoft has a ton of use full information on security.
Here is their security portal.
Microsoft also has a security response center. The one thing I wonder is why there are so many holes in the first place? There is software that will scan your source code for known vulnerabilities. This should be done before shipping the product!
Here are four of the alerts:
| • | MS07-051 - addresses a vulnerability in Windows (KB 938827) |
| • | MS07-052 - addresses a vulnerability in Visual Studio (KB 941522) |
| • | MS07-053 - addresses a vulnerability in Windows (KB 939778) |
| • | MS07-054 - addresses a vulnerability in MSN Messenger and Windows Live Messenger (KB 942099) |
To update your system. Click here.
Microsoft has a ton of use full information on security.
Here is their security portal.
Microsoft also has a security response center. The one thing I wonder is why there are so many holes in the first place? There is software that will scan your source code for known vulnerabilities. This should be done before shipping the product!
Monday, September 17, 2007
Cyberwar
The DOD has stated that Cyberwar is real. Our US networks have been attacked by China. I heard on CNN that our Secretary of Defense's computer was also penetrated. I do not know if this is true. President Bush says it's not.
The Air force has some of the best cyberwarriors. They have classes to train our troops on information warfare. The have a degree in Cyberwarfare. It's in the electrical and engineering department. They train on IP networks, telecommunications, radars, satellites, transportation systems, and power systems.
The NSA also does try to stop these attacks. The DOD had one of the lowest security rating's out of goverment agencies. The National Science foundation had some of the best security.
The Air force has some of the best cyberwarriors. They have classes to train our troops on information warfare. The have a degree in Cyberwarfare. It's in the electrical and engineering department. They train on IP networks, telecommunications, radars, satellites, transportation systems, and power systems.
The NSA also does try to stop these attacks. The DOD had one of the lowest security rating's out of goverment agencies. The National Science foundation had some of the best security.
Virtualization
Virtualization is hot right now. I sale VM Ware products. I'm currently studying for the VM Ware professional sales. There are plenty of other player in the field right now. There are open source solutions. Such as Virtual Box.
There is also Novell is Xensource.
Virtualization allows you to run multiple virtual machines on one computer or server. It is handy. I run Parallels here at home on my Macbook. The benefit is that I can run Mac OS X and then have Redhat Linux in another window. This allows me to focus on programming in Linux and using Mac OS X for my photos or running ITunes.
Companies can use virtualization to reduce IT cost's, There does not have to be as many desktops. You can run multiple virtual machines on the server and have clients connect with dumb terminals.
Virtualization is also good for security. A virus or worm will only stay in the virtual machine and not infect other machines, or virtual machines. Virtual machines can also be transported with VMware. This can be carried on person in a USB drive.
There is also Novell is Xensource.
Virtualization allows you to run multiple virtual machines on one computer or server. It is handy. I run Parallels here at home on my Macbook. The benefit is that I can run Mac OS X and then have Redhat Linux in another window. This allows me to focus on programming in Linux and using Mac OS X for my photos or running ITunes.
Companies can use virtualization to reduce IT cost's, There does not have to be as many desktops. You can run multiple virtual machines on the server and have clients connect with dumb terminals.
Virtualization is also good for security. A virus or worm will only stay in the virtual machine and not infect other machines, or virtual machines. Virtual machines can also be transported with VMware. This can be carried on person in a USB drive.
Microsoft Automatic Updates
It appears that Microsoft has been installing updates without our permission. Tommorow is patch Tuesday. I wonder how many holes they are going to patch?
You can view the knowledge base articles to see what they are installing on your computer there are allot of updates. It would be nice of Microsoft to let users know that they are going to be installing software. It's bad enough that I cannot see the source code. How do I really know what is in those updates? More Spy ware? This is why I love Open Source/Linux. I can view the code and run MD5 checksums to insure that the software has not been tampered with.
I was reading this article in Eweek that stated that they have been doing this for quite some time.
You can view the knowledge base articles to see what they are installing on your computer there are allot of updates. It would be nice of Microsoft to let users know that they are going to be installing software. It's bad enough that I cannot see the source code. How do I really know what is in those updates? More Spy ware? This is why I love Open Source/Linux. I can view the code and run MD5 checksums to insure that the software has not been tampered with.
I was reading this article in Eweek that stated that they have been doing this for quite some time.
AOL Instant Messenger Attack
It appears that it is possible to send HTML code to AOL messenger, to shut it down or try to gain information from the clients computer.
Here is the link to Bugtraq.
Here is the link to Bugtraq.
Cisco Adaptive Security Appliance
Every morning I get up and sign into My Yahoo and IGoogle. I have them configured to show me the days exploits and vulnerabilities. I do this to keep my clients informed. My clients consist of Network administrators, CIO's, CEO's and business owners.
Today I recommended a Cisco ASA to a client with IPS. IPS stands for intrusion prevention system. The Cisco ASA comes standard as a firewall. You can then add different modules such as VPN, Content filtering and Anti-X.
The VPN can support different users depending on the module selected. It does SSL and IPsec. There are different encryption protocols that can be utilized as well such as DES and 3DES. A VPN is a virtual private network. It allows you to login remotely form home or Starbucks securely. When you do this without a VPN, you send your data in clear text. A simple sniffer between your computer can pick up these packets and read what is in them. Encryption slows the process of reading the contents. 3DES and DES are very strong and it would take years or even longer to crack it. When you are surfing at your local Starbucks, the guy next to you can run a wireless sniffer and grab your bank account information, Yahoo Login ID, or Amazon login.
The content filtering module allows network administrators to implement security policies. Like blocking Yahoo instant messenger, Myspace, and ESPN during work hours.
Anit-X is a anit-Malware application. It defends against viruses, trojans, key-loggers, exploit code and other goodies that attackers like to use to gain info, mess up data, and just for fun.
The IPS module is nice. It attempts to stop attacks before they happen. How? It has a signature database, the firewall does deep packet inspection. This means it looks at the content of the packets and compares it against a updated databse of known attacks. It it looks suspicious it is dropped or quarantined for later inspection.
Today I recommended a Cisco ASA to a client with IPS. IPS stands for intrusion prevention system. The Cisco ASA comes standard as a firewall. You can then add different modules such as VPN, Content filtering and Anti-X.
The VPN can support different users depending on the module selected. It does SSL and IPsec. There are different encryption protocols that can be utilized as well such as DES and 3DES. A VPN is a virtual private network. It allows you to login remotely form home or Starbucks securely. When you do this without a VPN, you send your data in clear text. A simple sniffer between your computer can pick up these packets and read what is in them. Encryption slows the process of reading the contents. 3DES and DES are very strong and it would take years or even longer to crack it. When you are surfing at your local Starbucks, the guy next to you can run a wireless sniffer and grab your bank account information, Yahoo Login ID, or Amazon login.
The content filtering module allows network administrators to implement security policies. Like blocking Yahoo instant messenger, Myspace, and ESPN during work hours.
Anit-X is a anit-Malware application. It defends against viruses, trojans, key-loggers, exploit code and other goodies that attackers like to use to gain info, mess up data, and just for fun.
The IPS module is nice. It attempts to stop attacks before they happen. How? It has a signature database, the firewall does deep packet inspection. This means it looks at the content of the packets and compares it against a updated databse of known attacks. It it looks suspicious it is dropped or quarantined for later inspection.
Sunday, September 16, 2007
Working for a VAR
I have not posted to this blog for a long time. There has been allot of good stuff going on in my life. My son Alexander was born in May. I have not had allot of time to do anything really. I started working for a value added reseller. I enjoy my work. I focus my sales on storage, security and networking products. I.m trying to gain as many certifications as possible to increase my knowledge and provide solutions to clients.
Right now I'm going for VMware sales professional. I enjoy learning, it keeps my brain going. I work with some people who dont have the drive to really learn the new technologies. They just want to make the sale. I understand that and am not putting them down. I'm different. I want to know what I'm selling and how it works. I want to see if I can make it better. It can be software that needs added functionallity or hardware that could run faster or cheaper.
In five years from now I want to be running my own business Phuture Networks full time. I'm looking to provide managed security solutions for clients. This can include remote and onsite penetration testing. Wireless assesments, web server hardening, OS hardeing and verification of firewall rulesets. Recommendations on intrusion detection systems and physical security.
Right now I'm going for VMware sales professional. I enjoy learning, it keeps my brain going. I work with some people who dont have the drive to really learn the new technologies. They just want to make the sale. I understand that and am not putting them down. I'm different. I want to know what I'm selling and how it works. I want to see if I can make it better. It can be software that needs added functionallity or hardware that could run faster or cheaper.
In five years from now I want to be running my own business Phuture Networks full time. I'm looking to provide managed security solutions for clients. This can include remote and onsite penetration testing. Wireless assesments, web server hardening, OS hardeing and verification of firewall rulesets. Recommendations on intrusion detection systems and physical security.