web-archive-net.com » NET » S » SHORTINFOSEC.NET

Total: 241

Choose link from "Titles, links and description words view":

Or switch to "Titles and links view".
  • Information Security Short Takes: Dead-man Door Blueprint
    biometric attributes of the person which are stored in a database and always include weight measurement thus preventing a second person piggybacking with the first person I recommend a retina scan and weight measurement since a fingerprint is very easy to fool even seen on Mythbusters Blueprint Functional specification of a dead man door For the purpose of the specification the doors of the dead man door will be named inside door connecting the deadman door to the highly secure area outside door connecting the deadman door to the rest of the facility The deadman door should comfortably accommodate 1 person The entire floor of the dead man door should be connected to a scale sensors for weight measurement The inside wall surfaces of the deadman door should be smooth and not have any ledges which may be used to trick the scale by supporting oneself on them Both doors of the deadman door must open outward from the door enclosure Doors should be bulletproof and at least 50 of the door surfaces should be bulletproof glass preferably standard EN1522 class FB 2 or higher stopping a 9mm Luger fired at 5 m Both doors should be equipped with door closer to close the door without human intervention Both doors of the deadman door must be equipped with electronic locks controlled by a common controller All electronic locks should have a mechanical lock override for emergency conditions Both doors of the deadman door must be equipped with minimum two open door sensors for redundancy When entering the dead man door each door should open under the following conditions approved authentication key card or key card pin keypad and other door lock is locked and there are no open door sensor alerts on the other door The person inside the dead man door should have a selector to indicate in which direction he will go which door to unlock When inside the deadman door each door should open only under the following conditions the other door is locked and there are no open door sensor alerts on the other door approved biometric authentication and weight of authenticated person is within acceptable variation of database value biometric authentication should always authenticate to the parameters of the person whose key card was used to enter the dead man door A mechanical override unlock of any door should always raise a silent alarm regardless of conditions All sensors and authentication mechanisms of the dead man door should be connected to a central monitoring and alarm system and each non normal event should raise at least a silent alarm and lock the deadman door Panic conditions A dead man door is a very powerful system access control system but can be very dangerous if panic conditions are not taken into account Automatic controls a predefined timer for passing through a dead man door must be set up If within that time the second door does not open and close an immediate alarm should be raised

    Original URL path: http://www.shortinfosec.net/2008/05/dead-man-door-blueprint.html (2016-04-27)
    Open archived version from archive

  • Information Security Short Takes: Understanding Penetration Testing Methodology
    segment offices Trophy a resource that the testers are tasked with extracting or destroying Malicious attackers usually stand to gain benefit from the attack and if the valuable resource is identified it can be tagged as a trophy to be won by the pen testers Bear in mind that sometimes the trophy may not be a physical item but a loss of functionality or service that can tarnish the reputation of the company Test vector the attack channel or set of channels that the pen testers will use during the test Test type which type of test will the pen tester perform Black box the pen tester performs the attack with no prior knowledge of the infrastructure defence mechanisms and communication channels of the target organization Black box test is a simulation of an unsystematic attack by weekend or wannabe hackers script kiddies Gray box the pen tester performs the attack with limited knowledge of the infrastructure defence mechanisms and communication channels of the target organization Gray box test is a simulation of a systematic attack by well prepared outside attackers or insiders with limited access and privileges White box the pen tester performs the attack with full knowledge of the infrastructure defence mechanisms and communication channels of the target organization White box test is a simulation of a systematic attack by well prepared outside attackers with insider contacts or insiders with largely unlimited access and privileges This element differentiates from what kind of malicious attackers is the company trying to protect itself Each next test type is not a super set of the previous one For proper penetration testing one has to perform all three types of test Process The penetration test must be approved by top management with proper signed decision The decision to perform a pen test and it s details must be maintained as highly guarded secret which is known only to the top management the security officer of the company and internal audit The supplier of the test pen tester must be a credible and trusted company with relevant experience Prior to top management approval the supplier must provide a detailed pen test plan to be approved by the the security officer This test plan must include details about the target the trophy the test vector locations to be tested sources of pen test attack like phone numbers ip addresses etc the test type white gray or black box names and references of all persons that will perform the pen test to be approved by the buyer list of tools and methodologies that will be utilized during the pen test method of protecting any collected confidential information during the pen test method of self auditing the entire pen test process method of buyer auditing the entire pen test process time period of the pen test This test plan when approved will be amended to the pen test contract which should also include the following A clause for penalties for any damages caused by the pen

    Original URL path: http://www.shortinfosec.net/2008/05/understanding-penetration-testing.html (2016-04-27)
    Open archived version from archive

  • Information Security Short Takes: Hiding Information in Plain Sight - Steganography
    Security Categories antivirus 2 audit 1 biometrics 1 Blog carnival 8 business continuity 9 competition 2 Computer security 42 Databases 3 disaster recovery 2 encryption 13 forensics 11 fraud 7 GPS 1 How To 29 Incident Management 7 information security 194 information strategy 78 Instant Messaging 2 malware 1 microsoft 9 Network security 22 penetration testing 38 Physical security 4 privacy 21 SLA 6 software development 14 Solution building 34 steganography 2 Templates 2 training and certification 4 trojan 1 windows 6 Site Meter BlogCommunities Hiding Information in Plain Sight Steganography A very common theme in action movies is walking away with the stolen goods in plain sight Although popular in movies the subject of hiding information is often overlooked in information security Here is an analysis of how easy it is to hide valuable information in harmless files The art and science of writing hidden messages in such a way that no one apart from the sender and intended recipient even realizes there is a hidden message is known as Steganography Generally a steganographic message will appear to be something else a picture an article a shopping list or some other message This apparent message is the covertext There are many ways to use steganography in electronic communications A hidden text can be transported in an image a music file another text file executable file or even in the TCP IP stream Here is an example The following text file is hidden within the image Below is the original image used for hiding the file a standard test image also known as Lenna a cropped image from a Playboy magazine centerfold picture of Lena Söderberg Below is the image of Lenna with the hidden file inside it The only user detectable difference is the file size But to most

    Original URL path: http://www.shortinfosec.net/2009/01/steganography.html (2016-04-27)
    Open archived version from archive

  • Information Security Short Takes: Thrown in the Fire - Database Corruption Investigation
    a security officer And this is a type of incident that the security officer will be called upon to investigate simply because the management needs an independent observer and has doubts both in the operator as well as the manufacturer Here is what to do when thrown into the fire Prerequisites Do not let the manufacturer s expert be the one that leads the investigation If he insists to be involved make it clear that this is your investigation and that he has to ask permission for and explain any action he wants done on the database and application during the investigation Know a bit of SQL or bring someone that you trust that knows SQL Tools of the trade Toad for Oracle and Query Analyzer MS SQL Server Management Studio for SQL Server Event viewer for Windows and Syslog and text log files for Unix Linux Notepad hi res camera or screenshots for everything Incident Investigation Process Gather as much information as possible even gossip Talk to the witnesses of the incident Establish who else worked with the application during the incident discovery Document the events that lead to the discovery of the problem and their timeline Document any data involved in the process account numbers exact names values currencies anything that can be found in the database Do this for both the clean and and corrupt data Gather screenshots of the application of the events that lead to the discovery of the problem Establish a time interval of the incident Choose a database backup closest to the time the incident has been identified and Request that a database restore be done and the users to verify that the restored database is in good condition If the database is good then the incident occurred between that backup and now If the database is bad repeat with an earlier backup Repeat until you find the closest good and bad backups the incident has occurred sometime in that interval If possible try to reproduce the conditions of the incident Starting from the known good state a non corrupt database ask the users to repeat their activities Observe Film the user while performing the activities in the application Run a profiler logger type of tool while the users are working to capture all backend activities on the database Follow through until the application is closed and all sessions are torn down there can be a closing script that is a problem Identify key data repositories Consult the documentation and captured queries if available to identify the tables that the corrupt data is kept in If there is no usable source use trial and error The tables are usually named in a logical manner related to their purpose so match them to the statement of events to find which tables are relevant In order to confirm that the right tables are identified find at least some of the documented data involved in the incident in these tables Don t be disappointed if you

    Original URL path: http://www.shortinfosec.net/2008/09/thrown-in-fire-database-corruption.html (2016-04-27)
    Open archived version from archive

  • Information Security Short Takes: Competition - Computer Forensic Investigation
    penetration testing 38 Physical security 4 privacy 21 SLA 6 software development 14 Solution building 34 steganography 2 Templates 2 training and certification 4 trojan 1 windows 6 Site Meter BlogCommunities Competition Computer Forensic Investigation Shortinfosec is hosting a computer forensics competition In the competition you will have to analyze a submitted disk image for incriminating evidence as per the scenario below Scenario The investigators suspect that the employee was doing the following illegal activities Sniffing IP traffic on the network Creating back doors to his PC Stole and copied a CD ROM with confidential content Downloaded copyrighted music Used a specific penetration tutorial document to perform most of his actions The investigators found his PC turned off They performed a DD copy of the surviving partition and sent it to you for investigation Competition materials Download the evidence image here compressed as hdb 1 img rar hdb 1 img rar rar compressed disk image containing hdb1 img dd Verification sum of hdb 1 img dd SHA 1SUM 60642d113d40 cb 583 df 0b0654 cbc 83 ffca 63f886 Rules of the competition Each competitor should submit his summary report indicating only the number of discovered evidence as a comment to this post to establish time of solution Each competitor should submit a detailed description of the utilized process of to discover the evidence in an email sent to shortinfosec at gmail dot com All solutions must be submitted before midnight CET 20 th of August 2008 The ultimate goal is to find one incriminating evidence for each suspicion It is fully acceptable to submit a result with less evidence found if you feel that there is no other evidence to be found or you cannot discover it The incriminating evidence may be disguised renamed compressed Each competitor can withdraw and resubmit a better evidence before the submission deadline You can use any type of investigative tools that you need as long as you maintain the integrity of all evidence proven by a SHA 1 or MD5 hash The utilised tools must be documented in the detailed submission Reward Unfortunately there are no financial rewards to this competition The first competitor to discover all evidence or the competitor who discovered the most evidence before the deadline will be the winner His result will be presented as an analyzed solution on Shortinfosec Also if the winner owns a blog or a site it will receive a separate detailed review on Shortinfosec All other submitted results regardless of discovered evidence will be published in the results as honorable mentions with links to their respective blogs sites We hope to have a good and fruitful competition Related posts Tutorial Computer Forensics Evidence Collection Tutorial Computer Forensics Process for Beginners Talckback and comments are for the competition 8 02 PM Email this post Labels competition forensics penetration testing 12 comments Sniffer said I think i got two files man One is an MP3 and one is some type of tutorial Wasn t too difficult to find

    Original URL path: http://www.shortinfosec.net/2008/07/competition-computer-forensic.html (2016-04-27)
    Open archived version from archive

  • Information Security Short Takes: Competition Results - Computer Forensic Investigation
    Recovery Center Location Avoiding security complications when servicing desktop equpment Fuzzing with OWASP s JBroFuzz Mitigating Risks of the IT Disaster Recovery Test Internet Security Categories antivirus 2 audit 1 biometrics 1 Blog carnival 8 business continuity 9 competition 2 Computer security 42 Databases 3 disaster recovery 2 encryption 13 forensics 11 fraud 7 GPS 1 How To 29 Incident Management 7 information security 194 information strategy 78 Instant Messaging 2 malware 1 microsoft 9 Network security 22 penetration testing 38 Physical security 4 privacy 21 SLA 6 software development 14 Solution building 34 steganography 2 Templates 2 training and certification 4 trojan 1 windows 6 Site Meter BlogCommunities Competition Results Computer Forensic Investigation The Computer Forensic Investigation Competition is closed and here are the results What was there to be found Tshark sniffer part of the wireshark suite in moodle enrol paypal db NetCat tool for backdoor creation renamed as MyTool exe in moodle auth ldap An MP3 of Sergio Mendes Brasil 66 Mas Que Nada renamed as html document in moodle auth imap A TrueCrypt rescue disk ISO renamed as MyDoc doc in moodle lib geoip Documents OSSTMM Penetration Testing Methodology with penetration details in deleted file osstmm en 2 1 pdf in moodle enrol Finding the above was suffucient to win the competition Alternatively instead of OSSTMM you could find the below two items A decoy metasploit developers guide pdf in moodle lib geoip Documents actually that document has nothing to do with direct hacking unless you discover the metasploit framework remnants of a deleted metasploit framework in moodle lib geoip Documents Who did the investigation in chronological order of reporting the findings earliest first Lawrence Woodman Found 4 incriminating pieces of evidence Missed the real penetration tutorial and focused on the dummy Metasploit Tareq Saade Found

    Original URL path: http://www.shortinfosec.net/2008/08/competition-results-computer-forensic.html (2016-04-27)
    Open archived version from archive

  • Information Security Short Takes: Security Information Gathering - Brief Example
    Location Avoiding security complications when servicing desktop equpment Fuzzing with OWASP s JBroFuzz Mitigating Risks of the IT Disaster Recovery Test Internet Security Categories antivirus 2 audit 1 biometrics 1 Blog carnival 8 business continuity 9 competition 2 Computer security 42 Databases 3 disaster recovery 2 encryption 13 forensics 11 fraud 7 GPS 1 How To 29 Incident Management 7 information security 194 information strategy 78 Instant Messaging 2 malware 1 microsoft 9 Network security 22 penetration testing 38 Physical security 4 privacy 21 SLA 6 software development 14 Solution building 34 steganography 2 Templates 2 training and certification 4 trojan 1 windows 6 Site Meter BlogCommunities Security Information Gathering Brief Example When embarking on a security evaluation the first stop for security information gathering is the Internet Only connecting to the target public servers and DNS yields a wealth of information So here is an example what can be learned in a couple of minutes of checkup about a company domain from it s public servers while NOT DOING ANYTHING ILLEGAL Domain Name Servers DNS Name servers are the first target of every information gathering Once you know the domain name of a company you should check it s DNS Here is what it will give you The DNS Server provider by checking who owns the IP you ll know whether it s in house hosted DNS or outsourced If it s in house such a DNS server can be a prime target for inbound attacks and such servers are less secure simply because the internal IT department is torn between administering all kinds of stuff The level of isolation of zone transfers A zone transfer is a completely legitimate function of a DNS server which is used to feed domain information from the primary server to the secondary servers If it s open to any outsider he she can collect a list of all hosts registered in the domain for possible attack targets Most zone transfer attempts will fail but even the way they fail gives an excellent information Failed with message REFUSED or NOAUTH you can communicate to the server on the appropriate port TCP 53 but zone transfer is not allowed Even so you can try to attack the server via TCP SYN flood on that port Failed with message connection failed you can t connect to the appropriate port forget about zone transfers and TCP SYN flood Mail Exchanger MX Mail exchangers are mail servers specifically dedicated to receiving e mail for the target company domain They usually are not the main corporate mail servers but information from them can be useful to understand what types of adversaries are on the other side if you choose an e mail vector of attack And here is the summary of info from the MX Mail server provider by checking who owns the IP you ll know whether it s in house hosted MX or outsourced If it s in house such a MX server can be a

    Original URL path: http://www.shortinfosec.net/2009/02/security-information-gathering-brief.html (2016-04-27)
    Open archived version from archive

  • Information Security Short Takes: BackTrack 4 Penetration Test Distro - First Glance
    and safer Steganography Passing through the defenses Choosing a Disaster Recovery Center Location Avoiding security complications when servicing desktop equpment Fuzzing with OWASP s JBroFuzz Mitigating Risks of the IT Disaster Recovery Test Internet Security Categories antivirus 2 audit 1 biometrics 1 Blog carnival 8 business continuity 9 competition 2 Computer security 42 Databases 3 disaster recovery 2 encryption 13 forensics 11 fraud 7 GPS 1 How To 29 Incident Management 7 information security 194 information strategy 78 Instant Messaging 2 malware 1 microsoft 9 Network security 22 penetration testing 38 Physical security 4 privacy 21 SLA 6 software development 14 Solution building 34 steganography 2 Templates 2 training and certification 4 trojan 1 windows 6 Site Meter BlogCommunities BackTrack 4 Penetration Test Distro First Glance Remote exploit just published the beta of the BackTrack 4 Penetration Testing Live CD While the distro looks the same at first glance it has had a major overhaul under the hood Backtrack is moving away from SLAX and this version is based on Ubuntu 8 10 The backtrack toolset has matured and is full of useful tools which are organized in a meaningful way What is still missing from this distro is some functionality available from the past some refinement and better hardware support for wireless drivers First off the drivers Although a lot of wireless drivers are supported Tested with 3 different Intel chips and one Atheros Cisco there is still a very strong issue with Broadcom drivers The live CD comes loaded with the b43 driver but it has a lot of issues with the newer Broadcom boards Unfortunately the Broadcom STA drivers are not included and since it s a live CD there is very little point in downloading and compiling something that will run only for that session I

    Original URL path: http://www.shortinfosec.net/2009/02/backtrack-4-penetration-test-distro.html (2016-04-27)
    Open archived version from archive