security
SITE SECURITY ISSUES
Updated: 10/21/02; 12:46:56 AM.

activeRenderer vs 1.2.1 Released

Features OPML inclusion - a step towards transclusion




© copyright 2002
by Marc Barrot

Click here to send an email to the editor of this weblog.

Permalink
Thursday, June 13, 2002

So Long, And Thanks For All The Passwords

This catchy phrase is printed on the cool openBSD t-shirt I got at the expo.

Sysadmins being the cheeky fellows they are, a roster of clear text passwords captured on the conference wireless network is posted at the door of the 'terminal room'.

This room is actually sponsored by Apple Computers and filled with G4s and iMacs, which is quite a new sight for a Unix geek convention.

Even more impressive, among the thousand of laptop toting sysadmins roaming the Monterey Conference Center, almost 1 in 4 is equiped with some variant of iBook or Powerbook.

I'm currently sitting at one of the laptop tables in the 'terminal room', next to Jordan Hubbard actually: on the 12 laptops sitting on the table, 5 are coming from Apple.

11:02:38 PM  Permalink  comments:   Google It!  


Honeypots and Honeynets

marcusin Yesterday's tutorial, Marcus Ranum presented the latest data on the cracker population, as gathered by the honeynet group, and, while talking way too fast for a presentation, made a good case for honeypots as tools for intrusion detection.

Marcus defines a honeypot as "a security resource whose value lies in being probed, attacked, or compromised".

He further distinguishes between production honeypots, which are "low interaction" systems - giving the attacker access to limited resources thru some sort of emulation - designed to secure an organization, and research honeypots, which are "high interaction" systems - basically giving the attacker control of a whole server - targeted at counter intelligence and gaining information on the so called "black hat" community.

Production honeypots are getting easy to set up, thanks to a new breed of tools. I learned about honeyd during the tutorial, it compiles on most flavours of BSD, GNU/Linux and Solaris, and emulates dozens of systems, including several variations of Windows.

The nice thing about a honeypot is nobody is supposed to access it as long as it's not advertised. Therefore, any traffic directed at the honeypot is probably suspect. Any traffic coming out of the honeypot is definitely suspect and should trigger an alarm.

Therefore, an honeypot, coupled with a station running a network sniffer such as snort, fits nicely as a network-wide intrusion detection system.

5:47:11 PM  Permalink  comments:   Google It!  


Mail Sending Mistakes

A follow up on David Blank-Edelman Perl for System Administration tutorial on Tuesday.

David emphasized the 3 rules a sysadmin should respect when programming some script that reports by email to its master:
  • Beware of overzealous message sending: you don't want your mailbox to be flooded by the same message repeating itself
    • Build delay functions into the code.
    • send aggregate messages
  • Do not waste the subject line of the message: it is made for quick, to the point, if short information.
  • Make sure the message body is relevant: include the answers to following questions - who, where, when, what, why, what next.
I think we should add a fourth rule these days, that mitigates the third one some: do not assume you'll be the only person reading the message.

All SMTP traffic goes out in the clear, and is a prime target for any network sniffer. This is not paranoïa, this is renewed experience.

If your script report includes sensitive or revealing data, encrypt it (with GnuPG for instance, and Ashish Gulhati's Crypt::GPG module) before sending it, or store it on some restricted access web server, and include a link in the body of the message.

5:14:43 PM  Permalink  comments:   Google It!  


June 2002
Sun Mon Tue Wed Thu Fri Sat
            1
2 3 4 5 6 7 8
9 10 11 12 13 14 15
16 17 18 19 20 21 22
23 24 25 26 27 28 29
30            
Apr   Aug