The book ends with some more advanced content, namely using Snort as an Intrusion Prevention device. You can setup Snort to block packets that match a signature, using Inline Snort, or you can have Snort reconfigure routers and firewalls to block offending IP addresses, using SnortSam. I've experimented with Inline Snort as part of a honeypot, but, as the author points out, this is not yet production-safe, as it can easily be used by attackers to disrupt network availability.
Hey, Koziol's book covers Intrusion Prevention and IPS. Lots of detail.
I would have to agree, Intrusion Detection technology is by no means plug and play... You need more than just a user manual, you have to understand what is actually going on and tune your IDS appropriately.
Snort holds an inherent advantage over closed source IDSs, in that the IDS itself can be tailored and customized for each individual deployment to a level not possible for closed source competitors.
Very interesting point. It looks like, at least for IDS, the open source business model will always win out. How can you make an application truely customizable if you don't have source-level access? In situations where adaptability is important or even critical, such as IDS, the open source model will always win.
"In order for an IDS to be effective, or in some high-bandwidth cases, even usable, detailed network and business context must be applied to the IDS. In a nutshell, IDSs are not as plug-and-play as firewalls or other security applications."
This hits the nail right on the proverbial head. So many articles in the security industry focus on "IDS failures". If you don't know your network, servers, routers, and what they should be doing, you can't implement IDS effectively.
Very important topic, Im glad this point so often missed made it into this book. Should be a good read.
A British computer administrator has been accused of hacking into 92 networks operated by the US military and the space agency Nasa. US investigators say one break-in shut down navy systems immediately after the September 11 terror attacks. Authorities say two of the computer systems were at the Pentagon. The intrusions also made inoperable the network that serves the military district for Washington. Authorities have disclosed indictments in northern Virginia and New Jersey against Gary McKinnon, 36, of the Hornsey, north London. He was indicted on eight counts of computer-related crimes, including break-ins at six private companies. Court records in Virginia said McKinnon caused £566,000 in damage to computers in 14 states. In New Jersey, McKinnon was accused of hacking into a network of 300 computers at the Earle Naval Weapons Station in Colts Neck, and stealing 950 passwords.
Because of the break-in, which occurred immediately after the terrorist attacks, the whole system was effectively shut down for one week, officials said. That station replenishes munitions and supplies for the Atlantic fleet. "This was a grave intrusion into a vital military computer system at a time when we, as a nation, had to summon all of our defences against further attack," said US Attorney Christopher Christie in Washington. McKinnon, if found guilty, faces a maximum penalty of five years in federal prison and a £157,000 fine, Christie said. Christie confirmed that officials are weighing whether to seek McKinnon's extradition from England, a move that would be exceedingly rare among international computer crime investigations.
The MPAA sues and destroys every legitimate business that they could have made some sort of deal with.. and they move to Iran.
When are these bozos gonna realize that internet entertainment content is here to stay? Hopefully this will make them make fair deals with exisiting internet content distributors.
MMORPGs will move towards having a real economy, where people live out their lives totally online. When you can make more money hunting monsters in a cave than coding in a cube, ill jump in too!
At least they have 2 more chances for Best Picture or Best Director. They definitely deserved the ones they got.
See, right there, that was the attitude of the members of the academy. Jackson has got two other chances for oscars, so no need to give it to him now. Totally moronic and makes the oscars even more illrelevant to me.
Despite the proliferation of tech toys and work devices in people's lives, the gap between the tech-savvy and the techno-confused keeps growing, a monumental failure of our arrogant and elitist tech industries.
Arrogant? You assume that technology == better quality of life. Not true. Did the possibility ever enter your head that maybe some (most?) people don't want anything to do with technology? A significant portion of the population chooses not to embrace cell phones, computers, pdas, etc. because of the hassle. I envy those that don't have to worry about their boss ringing the cell phone at 3am on a saturday to fix some firewall. Sometimes i wish i could pile all of my "tech miracles" into a big pile and set them afire. And move off to a ranch in montana.
for geeks to realize that doing a project "right", doesn't matter worth a shit. Businesses have one ultimate goal, and that is to deliver a profit. Get in more in return than what is put in. When customer's attitude, the market, or any subset of infinite things cause direction to change; the delivered product must change as well. Take it from good ole' Bobby Shaftoe and "Display some adaptability".
Are you going to comply or are you going to fight it out? You know you have the support of the slashdot community if you take the path less traveled. Best of luck!
Does it seem like the only purpose of suing M$ is to get some PR for your company? I can't tell you how many people in management at my company learned of Lindows after the lawsuit...
Better yet, post a story to slashdot about a contest with a prize of 10k, read all the responses moded at 4 and above, spend a weekending coding a few of em up, and cash in!
However, there is a problem with it that I see: 5 images from a set of 25 means 53,130 potential combinations. This would be much easier to crack by brute force than a standard alphanumeric password with its billions of possibilities and millions of likely choices
What they dont mention is that pictoral passwords are intended to be used in an ATM enviornment, rather that on a LAN. The PIN for your ATM is only 4 numerics long, not even alpha-numeric. A brute forcer can do 2 million/sec on a 800mhz pc, it would brute the entire key space in a millisecond in ATMs.
The reason why PINs are only 4 digits is the other compensating controls you have in the banking enviornment.
1) There is an extremely limited interface to the ATM (just keypad and and a few multi-use keys).
2) The physical security of an ATM, these suckers are actually safes that are resistant to bomb blasts, rednecks trying to tow them away with their 1/2 ton chevys, etc.
3) The PINs are stored on a crypto device, not physically at the ATM, that destroys itself if it is pried open.
So, this would be good for banking applications, but not good on your LAN... for obvious reasons.
A multi-billion dollar industry was created by writers of malware; anti-virus, tripwire, IDSes. Why would any large security company want malware authors to be caught?
That wouldn't help. His system needs to present the plain-text data to some other system.
Oh yea... good point, well then, there are loads of nice symetric (2 way) crypto packages out there. Use the new AES, even MS has APIs (CryptoAPI, which ships with Win2k) out there to encrypt and decrypt transparently to the application/programmer.
As long as you send all your customer data to one way crypto heaven (MD5, SHA1), whats the big deal? If attackers easily snark in through the latest IIS sploit, and on into your SQL Server, your data is protected.
We live in a country where 10 children are killed by hand guns every day. But Smith and Wesson doesn't worry that the FBI will come arrest them because someone used their technology to commit a crime. The law targets illegal uses of technologies, not the technologies - at least where there is a legitimate and legal use of that technology. Yet because of our extremism when it comes to copyright law, we ban technologies that threaten copyright interests whether or not they have legitimate, independent uses.
I am astounded that LL would respond so foolishly. What a horrible comparison. 99.999% of content on file sharing services (kazaa, gnutella, et all) is copyrighted, and is being distributed illegally. If 99.999% of the bullets fired from handguns were used to murder people; governments, and society in general, would outlaw the production of handguns in a heartbeat.
Slashdot Mirror
The book ends with some more advanced content, namely using Snort as an Intrusion Prevention device. You can setup Snort to block packets that match a signature, using Inline Snort, or you can have Snort reconfigure routers and firewalls to block offending IP addresses, using SnortSam. I've experimented with Inline Snort as part of a honeypot, but, as the author points out, this is not yet production-safe, as it can easily be used by attackers to disrupt network availability.
Hey, Koziol's book covers Intrusion Prevention and IPS. Lots of detail.
It looks like a lot of ISPs could use these book too. ;)
I would have to agree, Intrusion Detection technology is by no means plug and play... You need more than just a user manual, you have to understand what is actually going on and tune your IDS appropriately.
A big middle finger to all of the idiots that don't belive in full disclosure:
Cisco IOS Exploit
You can also easily create the exploit using hping2.
A worm spreads by itself. A virus requires a human to do something stupid, like click on an attachment.
Snort holds an inherent advantage over closed source IDSs, in that the IDS itself can be tailored and customized for each individual deployment to a level not possible for closed source competitors.
Very interesting point. It looks like, at least for IDS, the open source business model will always win out. How can you make an application truely customizable if you don't have source-level access? In situations where adaptability is important or even critical, such as IDS, the open source model will always win.
Maybe time to put some money into Sourcefire?
"In order for an IDS to be effective, or in some high-bandwidth cases, even usable, detailed network and business context must be applied to the IDS. In a nutshell, IDSs are not as plug-and-play as firewalls or other security applications."
This hits the nail right on the proverbial head. So many articles in the security industry focus on "IDS failures". If you don't know your network, servers, routers, and what they should be doing, you can't implement IDS effectively.
Very important topic, Im glad this point so often missed made it into this book. Should be a good read.
A British computer administrator has been accused of hacking into 92 networks operated by the US military and the space agency Nasa. US investigators say one break-in shut down navy systems immediately after the September 11 terror attacks. Authorities say two of the computer systems were at the Pentagon. The intrusions also made inoperable the network that serves the military district for Washington. Authorities have disclosed indictments in northern Virginia and New Jersey against Gary McKinnon, 36, of the Hornsey, north London. He was indicted on eight counts of computer-related crimes, including break-ins at six private companies. Court records in Virginia said McKinnon caused £566,000 in damage to computers in 14 states. In New Jersey, McKinnon was accused of hacking into a network of 300 computers at the Earle Naval Weapons Station in Colts Neck, and stealing 950 passwords.
Because of the break-in, which occurred immediately after the terrorist attacks, the whole system was effectively shut down for one week, officials said. That station replenishes munitions and supplies for the Atlantic fleet. "This was a grave intrusion into a vital military computer system at a time when we, as a nation, had to summon all of our defences against further attack," said US Attorney Christopher Christie in Washington. McKinnon, if found guilty, faces a maximum penalty of five years in federal prison and a £157,000 fine, Christie said. Christie confirmed that officials are weighing whether to seek McKinnon's extradition from England, a move that would be exceedingly rare among international computer crime investigations.
Ugh... not dinesh jotwani!!!
The MPAA sues and destroys every legitimate business that they could have made some sort of deal with.. and they move to Iran.
When are these bozos gonna realize that internet entertainment content is here to stay? Hopefully this will make them make fair deals with exisiting internet content distributors.
MMORPGs will move towards having a real economy, where people live out their lives totally online. When you can make more money hunting monsters in a cave than coding in a cube, ill jump in too!
At least they have 2 more chances for Best Picture or Best Director. They definitely deserved the ones they got.
See, right there, that was the attitude of the members of the academy. Jackson has got two other chances for oscars, so no need to give it to him now. Totally moronic and makes the oscars even more illrelevant to me.
the second-best thing to do at four in the morning
What could be better than sitting in the basement with for unbathed geeks, rolling dice and pretending to be dwarv.......
Ahhhh... Sex! That's what your talking about.. Hrm... Judging by my sex life, I disagree. Ill take the smell geeks..
Despite the proliferation of tech toys and work devices in people's lives, the gap between the tech-savvy and the techno-confused keeps growing, a monumental failure of our arrogant and elitist tech industries.
Arrogant? You assume that technology == better quality of life. Not true. Did the possibility ever enter your head that maybe some (most?) people don't want anything to do with technology? A significant portion of the population chooses not to embrace cell phones, computers, pdas, etc. because of the hassle. I envy those that don't have to worry about their boss ringing the cell phone at 3am on a saturday to fix some firewall. Sometimes i wish i could pile all of my "tech miracles" into a big pile and set them afire. And move off to a ranch in montana.
for geeks to realize that doing a project "right", doesn't matter worth a shit. Businesses have one ultimate goal, and that is to deliver a profit. Get in more in return than what is put in. When customer's attitude, the market, or any subset of infinite things cause direction to change; the delivered product must change as well. Take it from good ole' Bobby Shaftoe and "Display some adaptability".
Are you going to comply or are you going to fight it out? You know you have the support of the slashdot community if you take the path less traveled. Best of luck!
Does it seem like the only purpose of suing M$ is to get some PR for your company? I can't tell you how many people in management at my company learned of Lindows after the lawsuit...
Better yet, post a story to slashdot about a contest with a prize of 10k, read all the responses moded at 4 and above, spend a weekending coding a few of em up, and cash in!
Now that's evil!
How long till someone scripts up a nice "code red/nimda" self propagating malware that runs rampant across the internet using this new flaw?
If so... it is going to be even worse.. It was next to impossible to get all the IIS servers on the net updated. Imagine updating every AIM client.
However, there is a problem with it that I see: 5 images from a set of 25 means 53,130 potential combinations. This would be much easier to crack by brute force than a standard alphanumeric password with its billions of possibilities and millions of likely choices
What they dont mention is that pictoral passwords are intended to be used in an ATM enviornment, rather that on a LAN. The PIN for your ATM is only 4 numerics long, not even alpha-numeric. A brute forcer can do 2 million/sec on a 800mhz pc, it would brute the entire key space in a millisecond in ATMs.
The reason why PINs are only 4 digits is the other compensating controls you have in the banking enviornment.
1) There is an extremely limited interface to the ATM (just keypad and and a few multi-use keys).
2) The physical security of an ATM, these suckers are actually safes that are resistant to bomb blasts, rednecks trying to tow them away with their 1/2 ton chevys, etc.
3) The PINs are stored on a crypto device, not physically at the ATM, that destroys itself if it is pried open.
So, this would be good for banking applications, but not good on your LAN... for obvious reasons.
Uhh... can you see the implications for this and pr0n sites? Hrmm... Jenna Jameson, then Ron Jeremey... crap what was the rest of my password??!!?
A multi-billion dollar industry was created by writers of malware; anti-virus, tripwire, IDSes. Why would any large security company want malware authors to be caught?
That wouldn't help. His system needs to present the plain-text data to some other system.
Oh yea... good point, well then, there are loads of nice symetric (2 way) crypto packages out there. Use the new AES, even MS has APIs (CryptoAPI, which ships with Win2k) out there to encrypt and decrypt transparently to the application/programmer.
As long as you send all your customer data to one way crypto heaven (MD5, SHA1), whats the big deal? If attackers easily snark in through the latest IIS sploit, and on into your SQL Server, your data is protected.
We live in a country where 10 children are killed by hand guns every day. But Smith and Wesson doesn't worry that the FBI will come arrest them because someone used their technology to commit a crime. The law targets illegal uses of technologies, not the technologies - at least where there is a legitimate and legal use of that technology. Yet because of our extremism when it comes to copyright law, we ban technologies that threaten copyright interests whether or not they have legitimate, independent uses.
I am astounded that LL would respond so foolishly. What a horrible comparison. 99.999% of content on file sharing services (kazaa, gnutella, et all) is copyrighted, and is being distributed illegally. If 99.999% of the bullets fired from handguns were used to murder people; governments, and society in general, would outlaw the production of handguns in a heartbeat.
Speaking of this... here is cmdrtaco's first usenet post... looks like he has a "thing" for mickey