InfoSec Blog

Do you need to add SSL to a Rails app on Ubuntu (with Apache2)? If so, I've compiled a guide to help you get this common setup running.

There is a lot of information on iptables (the Linux firewall) out there, but most of them focus on ingress rules. This post focuses on how to create EGRESS rules, which are key to server security.

Today it’s not if your organization will have an electronic incident it’s when will that incident occur. Regardless of the type of incident there is a high likelihood your organization will need to collect digital evidence and build some form of a case file. However, it is often in the first moments after an incident is detected that crucial mistakes are made by the organization.

Multifactor authentication can best be described as a string of authentication methods from two or more of the three categories of factors. Considered a form of strong authentication, Multifactor authentication is used to create a higher form of assurance on protected assets.

Two Factor authentication has become a standard when non-repudiation or higher assurance is needed to protect an asset.

Within our homes, small and medium business settings, and enterprise environments we use data. We manipulate it, we report on it, we use it to create more data, we may ship it off site, we bring it in, and we send it out. While we need all of it to do our jobs; are we watching or keeping up with where we are placing it?

Maltego from Paterva is to information gathering as Nmap is to port scanning or Nessus is to vulnerability scanning. It’s an all in one, Swiss army knife toolkit for everything related to online information gathering.

Does deleting a file on a computer really mean its lost forever? Short answer: no. Longer answer: it depends, but probably not. Given you are still reading this that must mean you are wondering “depends on what?”.

There are occasions in technology where events or results inspire feelings of mystery. Those, "it must be magic" moments when our existing body of knowledge is incapable of processing the situation. I encountered one such event today, so I thought I would share a bit.

I was doing some work on a very large log correlation server recently. By large I mean copious amounts of log files, not necessarily large in size. Essentially, the chief task was that I needed to audit what was being kept as online history. As you, dedicated readers, remember PCI-DSS requires one year of history to be kept online. That can mean quite a bit of data in most cases. Being both technically-adept and lazy, I turned to the "find" command.

IP Addressing schemes that mimic life models of land animal herds.

Who said analyzing firewalls and network devices was something tedious and cumbersome? Well your problems are over: Introducing Nipper, the network device configuration parser.

In the first two parts of this series we discussed installing the SuSe Linux operating system. The first in the series took you through the first half of the installation while the second finished the install off. The install served to get you a base installation of SuSe Linux. If you have a default build for SuSe that you prefer then by all means use it just make sure to open the appropriate firewall ports for Splunk and administering the system (22 and 443 to start with more to be added as we go into parts 4 and 5 of this series). With that said let's setup a basic Splunk instance on the server. Now that the Linux operating system is installed it is time to install the latest instance of Splunk...

Most people are unaware that the documents they create and edit using Microsoft’s Office suite of products contain a large amount of data related to the documents life-cycle. While usually benign and not very interesting, this data can become quite valuable in a forensic investigation. It can help establish timetables of when a file was last accessed or modified. An examiner can even extract the last few users who edited the file and the previous locations the document was stored.

So what is Splunk? At its core Splunk is a search engine. It was designed to allow any data from an infrastructure device to be indexed and searched. Any output from applications, servers and network devices can be “eaten” by Splunk. However, Splunk has become more than just a standalone product. The current 3.x series of the product has opened up the internal API and exposed it to allow outside development of new applications on top of the Splunk core. This post is going to touch on some of the capabilities available to developers looking to get even more out of their Splunk installation. I am going to be discussing two elements of Splunk that a user can customize and enhance in the current product release: Spunk UI customization and RESTful applications.