- Information Security
- Process Security
- Internet Technology Security
- Communications Security
- Wireless Security
- Systems integration and configuration
- Procurement Services.
Please email today for a free consultation.
Orange County Computer Consultant
- Orange County Computer Security Consultant
- Orange County Computer Consultant helps small businesses with networking, installations and small business software.
Friday, June 13, 2008
Phuture Network Services offered Call 714-786-5878
Phuture Networks offers the following services in the Orange County Area:
Tuesday, June 10, 2008
Linkedin Profile
I decided to post my Linkedin profile. Please feel free to view it. Potential clients can email me at benjamin.hargis@gmail.com.
Asus EEE and Backtrack 3 Beta
Thursday, May 08, 2008
Need a Router Password?
If you ever need to look up your default router password check out this website. It allows you to search by manufacture as well.
Redhat Linux Videos Online
I learn allot from watching videos online regarding Linux, computer science and security from websites like You Tube and Google Tech Videos. These are great tools to use and learn for free.
Relaunch of Phuture Networks website
I temporarily brought down Phuture Networks for upgrades. Phuture Networks new website will have a more user friendly feel to it. Client's will receive their own login username and passwords so you can check on project status, billable hours and post any questions, comments or suggestions regarding Phuture Networks or your security project.
Tuesday, October 02, 2007
Phuture Networks
This is shameless self promotion. I'm really trying to get my consulting business going. It is allot of work. I work 8 hours daily doing solutions selling in IT. I tell clients to think of me as a consultant for free.
I want to be on my own in three years. With my own clients. I want to provide security consulting on a contractual basis. I will handle all aspects of security. This includes updating servers. Patching software. Keeping virus signatures up to date. Managing firewall rule sets.
I spend my nights and evening eating breathing and sleeping IT security. Anyone need a security consultant?
I want to be on my own in three years. With my own clients. I want to provide security consulting on a contractual basis. I will handle all aspects of security. This includes updating servers. Patching software. Keeping virus signatures up to date. Managing firewall rule sets.
I spend my nights and evening eating breathing and sleeping IT security. Anyone need a security consultant?
Monday, September 24, 2007
CA Arcserve
There are reports from Secunia that CA Arc Server has multiple vulnerabilities. The exploits can used to bypass security restrictions.
Secunia has a very good list of up to date alerts.
Secunia has a very good list of up to date alerts.
Thursday, September 20, 2007
Hacker Methods
So how do hackers and crackers go about attacking networks and hosts? The best ones do research first. They want to know about your company, workers names, hobbies. The more information the better.
The first step would be to scan your target to determine which ports are open on your network. This can be done with many tools on the Internet. I will not list the tools as this is not a hacker tutorial but more of a heads up. Once they find what ports are open they can determine what services are running. A simple scan on Google or other websites can tell you which vulnerabilities are known for this application or service.
The next step would be to search for exploit code for that open port/service. At this point the attacker could craft a packet with a payload with the exploit code. The exploit code can tell the remote host to send back a shell or any other numerous things. Most attackers want access to the system to look for things. Others are malicious.
Attackers will often install a sniffer to grab more passwords on the network. Then cover their tracks and come back at a later time to grab the information or use your host as a jump off point for more attacks. Some hackers use mulitple systems to do Denial of service attacks. DDos is used with multiple systems.
The lesson here is patch and patch often, install IDS systems and have a firewall that will drop any suspicious traffic. Monitor your logs and encrypt your data!
The first step would be to scan your target to determine which ports are open on your network. This can be done with many tools on the Internet. I will not list the tools as this is not a hacker tutorial but more of a heads up. Once they find what ports are open they can determine what services are running. A simple scan on Google or other websites can tell you which vulnerabilities are known for this application or service.
The next step would be to search for exploit code for that open port/service. At this point the attacker could craft a packet with a payload with the exploit code. The exploit code can tell the remote host to send back a shell or any other numerous things. Most attackers want access to the system to look for things. Others are malicious.
Attackers will often install a sniffer to grab more passwords on the network. Then cover their tracks and come back at a later time to grab the information or use your host as a jump off point for more attacks. Some hackers use mulitple systems to do Denial of service attacks. DDos is used with multiple systems.
The lesson here is patch and patch often, install IDS systems and have a firewall that will drop any suspicious traffic. Monitor your logs and encrypt your data!
Layered Technologies Hacked
It appears that hackers have managed to get into Layered Technologies databases. There are reports that over 6,000 user id's and passwords were compromised. This just shows why encryption should be used more vigilantly.
It looks like the hacker got in over HTTP. He then accessed the database and copied the information. Passwords for SSH, MySQL, Cpanel and other applications were taken. I would suggest to anyone using this company to switch their passwords or think about another hosting company.
It looks like the hacker got in over HTTP. He then accessed the database and copied the information. Passwords for SSH, MySQL, Cpanel and other applications were taken. I would suggest to anyone using this company to switch their passwords or think about another hosting company.
Intrusion Detection Systems
In my previous post I talked about a IDS. IDS is a system that is used to monitor your network or hosts for behaviour that is out of the norm. They look for known attacks and alert you. You can usually have a back end database to store this information.
IDS systems can protect against zero day exploits, directory traversal, SQL injection attacks, buffer overflows, worms and othe Mal ware.
A good IDS should be able to do the following:
SNORT is a great and free IDS. It can do network analysis and logging.
There are plenty of books availiable to learn and configure SNORT.
Cisco also has a IDS, they call it IPS or Intrusion Prevention System.
IDS systems can protect against zero day exploits, directory traversal, SQL injection attacks, buffer overflows, worms and othe Mal ware.
A good IDS should be able to do the following:
- Deep Packet Inspection
- Behaviour analysis
- Logging
SNORT is a great and free IDS. It can do network analysis and logging.
There are plenty of books availiable to learn and configure SNORT.
Cisco also has a IDS, they call it IPS or Intrusion Prevention System.
McAffee Intrushield
McAffee Intrushield is a IPS. Intrusion protection system. The Intrushield can scan data at up to 10Gbps. Their are different models. I was told by a security enginerr by McAffee security engineer that it is effective because it uses FPGA's and ASIC's to transfer data. I noticied a bullet point that stated that the device could even scan for encrypted threats. I asked how can the IPS device determine if it is legit traffic or Malware? He stated that the device decrypts the packets and then scans the contents.
This device also supports QOS. Which will allow you to prioritize data. For instance VoiP would need more bandwith than P2p. They also have a technology called Vitual IPS to protect VLAN's.
The Intrushield is compatabile with McAffe Orchestra and and Mcaffee NAC.
This device also supports QOS. Which will allow you to prioritize data. For instance VoiP would need more bandwith than P2p. They also have a technology called Vitual IPS to protect VLAN's.
The Intrushield is compatabile with McAffe Orchestra and and Mcaffee NAC.
Wednesday, September 19, 2007
Business Intelligence
Business Intelligence is used to find patterns and trends to spot opportunities. This is awesome technology. Databases can be modeled to look for this data, then turn it into information. The saying information is power is true. Business Intelligence allow you to peer into all the data to see your best customers, best locations for real estate, stock trends, and economic data.
It can be used to look at customer behaviour, what magazines they order, websites visited to, and much more. This is information can then be used by marketing and advertising companies or even worse spammers or telemarketers.
The future hold real time data analytics and business intelligence. Where decision's can be made on the spot. Talk about pressure.
There is a open source data mining tool called Rapid. Data mining, AI, data warehousing and analytics are interesting topics. I will be taking SQL next semester.
The government uses a similar technology for homeland security using databases to look for patterns and similarities to detect threats to our nation.
It can be used to look at customer behaviour, what magazines they order, websites visited to, and much more. This is information can then be used by marketing and advertising companies or even worse spammers or telemarketers.
The future hold real time data analytics and business intelligence. Where decision's can be made on the spot. Talk about pressure.
There is a open source data mining tool called Rapid. Data mining, AI, data warehousing and analytics are interesting topics. I will be taking SQL next semester.
The government uses a similar technology for homeland security using databases to look for patterns and similarities to detect threats to our nation.
Microsoft Products
It seems like everyday there is a new Microsoft software title. It's mind boggling. There is Microsoft Expression. Which is web design suite. It allows for CSS layouts and also works well with .NET. This is not a surprise. There is also something called Microsoft accounting. I found this interesting, because I need accounting program for Phuture Networks to bill my clients.
Microsoft also has something called start up center. It's a good resource covering everything from tax laws to office setup. I like the fact it has list's of things that can be needed as office supplies and then links to Kinko's and other office supply places. It's a startup portal.
They have a certification called Microsoft Small Business Specialist. This is a test that I'm planning to take. Microsoft has allot of good information.
Microsoft also has something called start up center. It's a good resource covering everything from tax laws to office setup. I like the fact it has list's of things that can be needed as office supplies and then links to Kinko's and other office supply places. It's a startup portal.
They have a certification called Microsoft Small Business Specialist. This is a test that I'm planning to take. Microsoft has allot of good information.
Tuesday, September 18, 2007
Microsoft Working with Sun on Virtualization
According to a article in CRN, Micros0ft is working with Sun to make sure that their virtualization will be compatible. This means that if I purchase a Sun server with Solaris, It should, emphasis on *should* be able to run MS Server.
Do I want this? Sure why not. I like running multiple operating systems to see what I like the best. They all have benefits and flaws. For instance MS Windows is great for the business world. i.e. applications. I love Mac OS X for it's beauty and simplicity. It is the perfect OS and system for home users.
If I want to code, I then use Linux/UNIX depending on what platform I need to try to write or debug software on. I'm no expert programmer, but can read and write some C, HTML (not a programming language) PERL and Assembly X86.
With Web 2.0 taking off. A popular buzzword. What it really is is services using AJAX. Think of applications on the web to use. Google Apps comes to mind, Facebook and Myspace.
To sum this up I think it is a smart move for Microsoft. After all Novell has Xensource.
Do I want this? Sure why not. I like running multiple operating systems to see what I like the best. They all have benefits and flaws. For instance MS Windows is great for the business world. i.e. applications. I love Mac OS X for it's beauty and simplicity. It is the perfect OS and system for home users.
If I want to code, I then use Linux/UNIX depending on what platform I need to try to write or debug software on. I'm no expert programmer, but can read and write some C, HTML (not a programming language) PERL and Assembly X86.
With Web 2.0 taking off. A popular buzzword. What it really is is services using AJAX. Think of applications on the web to use. Google Apps comes to mind, Facebook and Myspace.
To sum this up I think it is a smart move for Microsoft. After all Novell has Xensource.
Windows Vista Encryption Algorithim
A few months back I asked a Microsoft Sales Rep what encryption was used for Vista. He did not know. The encryption algorithm implemented is AES-CBC. This is Advanced Encryption Standard in cipher block chaining mode.
AES is a block cipher developed by our government. The key sizes can be 128, 192 or 256. The block size is 128bits. It can change the plain text 10, 12, 14 rounds.
To learn more detailed information. Wikipedia has a excellent article.
AES is a block cipher developed by our government. The key sizes can be 128, 192 or 256. The block size is 128bits. It can change the plain text 10, 12, 14 rounds.
To learn more detailed information. Wikipedia has a excellent article.
Artificial Intelligence
When will AI come to the point that we live in a world like IRobot. I often think of developing a massive database of information. It would be very sweet to have AI, running in the database. It would look for patterns, learn and try to make logical decision's. I read about data mining, data warehousing, and data modeling. This is all in the field of informatics.
Artificial Intelligence is developing intelligent systems to mimic human behavior. AI can be applied to all fields of research. There is also the thought that AI will one day take over humans. Pretty scary.
There are so many databases out there on the Net. Imagine if someone developed a intelligent spider to crawl the net looking for correlations, trends over even try to predict future events. This is already a reality.
Artificial Intelligence is developing intelligent systems to mimic human behavior. AI can be applied to all fields of research. There is also the thought that AI will one day take over humans. Pretty scary.
There are so many databases out there on the Net. Imagine if someone developed a intelligent spider to crawl the net looking for correlations, trends over even try to predict future events. This is already a reality.
VM Ware Products
Their are several products that VW Ware offers. There are products for first time virtualization users, for enterprise users, technical and programmers and products for locking down the desktop and as well as management.
For Servers there is VM Ware Server -----> VM Ware Infrastructure
For desktops there is VMWare player. You can run virtual machines on any machine. These are free downloads.
Virtual Manager allows you to create virtual machines.
VM Workstation allows developers to run multiple virtual machines for software development.
VMWare Ace is used on desktop for security, it can be used to lock down endpoints.
VMWare Infrastructure.
ESX Server is the flagship or foundation for distributed virtualization. ESX server takes care of managing memory, hardware, networking and splits them up into virtual machines. Virtual center gives you a birds eye view of your virtual machines. It also handles workloads, optimizing and it has templates.
There are several add-ons for ESX server.
VM Ware is great for Malware analysis. You can view and run the source code in the vitual machines in a controlled enviroment. There are Anti-Virus companies that use VMware and software debugging tools such as Soft Ice to look into worms and see what there are meant to do. What worms, viruses and othe Malware is contained in the payload.
For Servers there is VM Ware Server -----> VM Ware Infrastructure
For desktops there is VMWare player. You can run virtual machines on any machine. These are free downloads.
Virtual Manager allows you to create virtual machines.
VM Workstation allows developers to run multiple virtual machines for software development.
VMWare Ace is used on desktop for security, it can be used to lock down endpoints.
VMWare Infrastructure.
ESX Server is the flagship or foundation for distributed virtualization. ESX server takes care of managing memory, hardware, networking and splits them up into virtual machines. Virtual center gives you a birds eye view of your virtual machines. It also handles workloads, optimizing and it has templates.
There are several add-ons for ESX server.
VM Ware is great for Malware analysis. You can view and run the source code in the vitual machines in a controlled enviroment. There are Anti-Virus companies that use VMware and software debugging tools such as Soft Ice to look into worms and see what there are meant to do. What worms, viruses and othe Malware is contained in the payload.
Open Source Search Engine
Today while working I came across Koders. Koders is a open source search engine. This is nice. There is also Google Code search. The beauty of this is that you can search for functions and routines that other programmers have written. Why reinvent the wheel?
I also went through a hour of Microsoft licensing training. There are so many options. I'm currently working on loking for companies that need Enterprise Agreements. This can be for SQL, Windows Server, Microsoft Exchange, Server, Windows Vista all the favors. You can also get software assurance which alows you to get software upgrades. This can be valuable because Microsoft is coming out with Microsoft Exchange 2008.
I also went through a hour of Microsoft licensing training. There are so many options. I'm currently working on loking for companies that need Enterprise Agreements. This can be for SQL, Windows Server, Microsoft Exchange, Server, Windows Vista all the favors. You can also get software assurance which alows you to get software upgrades. This can be valuable because Microsoft is coming out with Microsoft Exchange 2008.
Microsoft Security Alerts for Sept 2007
Microsoft released some security alerts. There is only one critcal alert. It allows an attacker to run code remotely on your machine. This is dangerous because they can ask fr a shell back to their computer to execute commands.
Here are four of the alerts:
To update your system. Click here.
Microsoft has a ton of use full information on security.
Here is their security portal.
Microsoft also has a security response center. The one thing I wonder is why there are so many holes in the first place? There is software that will scan your source code for known vulnerabilities. This should be done before shipping the product!
Here are four of the alerts:
| • | MS07-051 - addresses a vulnerability in Windows (KB 938827) |
| • | MS07-052 - addresses a vulnerability in Visual Studio (KB 941522) |
| • | MS07-053 - addresses a vulnerability in Windows (KB 939778) |
| • | MS07-054 - addresses a vulnerability in MSN Messenger and Windows Live Messenger (KB 942099) |
To update your system. Click here.
Microsoft has a ton of use full information on security.
Here is their security portal.
Microsoft also has a security response center. The one thing I wonder is why there are so many holes in the first place? There is software that will scan your source code for known vulnerabilities. This should be done before shipping the product!