InfoSec Blog

Do you need to add SSL to a Rails app on Ubuntu (with Apache2)? If so, I've compiled a guide to help you get this common setup running.

There is a lot of information on iptables (the Linux firewall) out there, but most of them focus on ingress rules. This post focuses on how to create EGRESS rules, which are key to server security.

Within our homes, small and medium business settings, and enterprise environments we use data. We manipulate it, we report on it, we use it to create more data, we may ship it off site, we bring it in, and we send it out. While we need all of it to do our jobs; are we watching or keeping up with where we are placing it?

Maltego from Paterva is to information gathering as Nmap is to port scanning or Nessus is to vulnerability scanning. It’s an all in one, Swiss army knife toolkit for everything related to online information gathering.

Does deleting a file on a computer really mean its lost forever? Short answer: no. Longer answer: it depends, but probably not. Given you are still reading this that must mean you are wondering “depends on what?”.

There are occasions in technology where events or results inspire feelings of mystery. Those, "it must be magic" moments when our existing body of knowledge is incapable of processing the situation. I encountered one such event today, so I thought I would share a bit.

I was doing some work on a very large log correlation server recently. By large I mean copious amounts of log files, not necessarily large in size. Essentially, the chief task was that I needed to audit what was being kept as online history. As you, dedicated readers, remember PCI-DSS requires one year of history to be kept online. That can mean quite a bit of data in most cases. Being both technically-adept and lazy, I turned to the "find" command.

IP Addressing schemes that mimic life models of land animal herds.

Who said analyzing firewalls and network devices was something tedious and cumbersome? Well your problems are over: Introducing Nipper, the network device configuration parser.

So what is Splunk? At its core Splunk is a search engine. It was designed to allow any data from an infrastructure device to be indexed and searched. Any output from applications, servers and network devices can be “eaten” by Splunk. However, Splunk has become more than just a standalone product. The current 3.x series of the product has opened up the internal API and exposed it to allow outside development of new applications on top of the Splunk core. This post is going to touch on some of the capabilities available to developers looking to get even more out of their Splunk installation. I am going to be discussing two elements of Splunk that a user can customize and enhance in the current product release: Spunk UI customization and RESTful applications.

There is no doubt that virtualization is the hot trend right now. Many companies are beginning the transformation of virtualizing their infrastructure or are in the planning stages to do so. Virtualization has many benefits but it also has some hidden costs and pitfalls many organizations don’t consider when adopting it. I wanted to touch on two issues which don’t seem to be widely known or understood with respect to virtualization: security and compliance.

Web application testing tools are a dime a dozen these days. This post is a short list and description of the tools my colleagues and I use during our web app testing engagements. There are many more tools, both freeware and commercial, that can be used to assist in testing.

Ever since it’s debut, Microsoft Windows 2008 Server has awed security and systems administrators with its complex and innovative features. With threats becoming each day more immanent and efficient, security system administrators face the tedious task of protecting Microsoft’s new giant. In this article we compiled some of the industries best practices such as NIST to show you some of the features and ways to reduce your windows 2008 servers’ exposure.

The use of a centralized log server has often been highlighted in many of today’s security best practices. The constant need to collect, retain and protect these sensitive security event log files sometimes overwhelm security and systems administrators, especially in large corporate environments. When properly configured, security event logs are used to track user activity and access on specific systems or objects, and is a key element when tying to piece up the chain of events leading to a security incident. Many security administrators might know how cumbersome it is to manage such security event log files, and sometimes seek third party vendors to help them manage their security log files. The truth is that many of these problems can be solved using native features of your server operating system.

In this article you will learn how to identify and remediate one of the most common DNS vulnerabilities.

How many times has your email inbox been flooded with unsolicited email messages? How many times do you have to say that you do not want Viagra, nor interested in any sort of pharmaceutical drugs offered on these messages? Do you catch yourself sometimes thinking how good it would be if you could get rid of all that spam?

This article is going to cover the first phase of an assessment: information gathering and reconnaissance. I have put together a list of the top 10 most useful utilities and websites I use on a daily basis for security related assessments.

With the rise in focus on security there has emerged a set of security requirements that enterprise software vendors must consider or else they run the risk of watching their sales pipeline come to a screeching halt. The following are ten "must have" requirements that I have come across while doing some proof of concepts:

They are everywhere from Airports to Starbucks, at every corner, users have access to complementary free internet. But have you ever wondered what lurks beneath those innocent hotspots?

On more then one occasion individuals entering the United States have been stopped and the content of their laptops or other electronic devices has been inspected. Not only inspected but on multiple occasions had their laptops confiscated. Their files, email, and pictures searched for any contraband. While this may shock some or enrage your sense of civil liberties the courts have upheld these searches in the name of securing our borders. While I do have strong feelings about this I took my thoughts past my opinions and thought about my travels for work.

With the seemingly endless number of security products, utilities and information sites available today the thought of putting together a set of tools to perform routine security tasks might seem daunting. It can be, but it doesn’t have to be. Over the next few entries I am going to walk through how someone would put together a security tool chest that can be used for almost all day to day security needs.

Many may have heard of the Red Flags Rule and know that businesses need to make changes to comply with these rules. However, many institutions are still unclear of how this rule can affect them. On top of that US Financial institutions face a mandatory deadline of November 1, 2008 to comply with 3 new US Fair and Accurate Credit Transactions Act (FACT Act) regulations referred to as the Red Flag rule.

Getting a handle on physical security part 2. A top ten list of items that can be used to increase the physical security of your environment.

Getting a handle on physical security. The top five things you can do to the exterior of your building to increase physical security.

There are a lot of good reasons for implementing a AAA (authentication, authorization, and accountability) solution in your network - not the least of which is to make the management of user accounts easier.

I think of it as catapulting data...and it is a push technique. In this type of scenario, I hesitate to install any type of server on the Windows computer since a) I know it already exists on the Unix side most likely and b) I do not typically like to increase management overhead and adding any such server to the Windows computer will most likely do so.