GFI LANGuard – Review

I was given the honor of reviewing GFI LANguard network and security scanner. Right off the bat I notice that the interface is very intuitive & easy to use, which is important to a busy security professional that have better things to do with their time than fight with a messy
security tool.

The network scanning tool I normally use is called Retina.
When lining the two up, I have to say Retina is much more powerful, with many more options built in. It can drill way down and do intrusive scans where GFI LANguard v.9 is pretty vanilla. It gives you what you need and that is it.

The simplicity could be an advantage to a system admin doing a security job, because it really is straight to the point. The cost is definitely and advantage. GFI LANguard is about ½ the cost of the Retina Scan tool.

Retina Professional Edition 16 IP Pack – $995.00

GFI LAN Guard goes for about 300+ for 10 licences.

Nessus is considered one of the best network scan tools but its more expensive then both.

What I really like about Retina is that it allows you to scan in accordance with Department of Defense standards, SAN, and others. Languard does look at the SANS Top 20 report vulnerabilities.

If your looking for basic, down to Earth network & security scanner for your small to medium business needs, than GFI Languard is definitely the way to go because you will not beat the cost for the quality and support you get. Its going to give you a thorough assessment of the your systems and even tell you how to fix them. Buy this product!

Popularity: 1% [?]

You Hack US, We Nuke You!

The United States’ top commanding officer for the space and cyber domains told reporters last week that a cyber attack could merit a more conventional military response.

During a press briefing on Thursday, U.S. Air Force General Kevin Chilton, who heads the U.S. Strategic Command, told reporters that top Pentagon advisors would not rule out a physical attack on any force that attacks the United States through the Internet. Currently, the military’s networks are probed thousands of times a day, but the goal of attackers seems to be espionage, not to take down critical networks, he told reporters –

– Security Focus

I don’t believe that military force is the equivalent action for a cyber attack. Arrest and/or apprehension is the physical response necessary for criminal hackers attacking from other countries. Cyber counter-attacks are the correct response for government funded & coordinated attacks.

I think if the U.S. reciprocates a cyber attack x10 when other countries are playing little games, we’d get our message across effectively. We should do so in a well funded and covert way in which the enemy has NO DOUBT that the face slap came from a U.S, hand, but no proof at all allowing plausible deniability. It should be black Ops hacks, very well coordinated, very well funded and full time.

I don’t think the US can be complacent or wrecklessly meek in matters of cyber warfare. Instead, it must be fair, quiet and heavy handed when it comes to one of its most valuable asset, information.

Popularity: 5% [?]

Critical Infrastructure Infiltrated

So apparently, part of the U.S. critical infrastructure has already been exploited. It doesn’t surprise me. Its all fun and games with developers, engineers and scientists until their ass is getting hacked. They resist. They say “who the hell would hack this system” “HOW the hell would they hack it”. They cut corners and make excuses. Then, when the system is hacked, they blame it on the rain. The good news is that they know its been infiltrated.

I wonder why they didn’t design it as a closed network. Make all critical functions completely inaccessible to the outside world. It’s got me wondering if they even used an Information Assurance standard.

Popularity: 5% [?]

More GMAIL Problems

This was news I could not ignore because I really, really like Gmail. These hacks are ridiculous. I hope that google is getting a handle on this. It looks like the accounts are getting hacked with some sort of script that runs from a site or email while gmail is opened:

According to David Airey & gnucitizen.org:
The victim visits a page while being logged into GMail. Upon execution, the page performs a multipart/form-data POST to one of the GMail interfaces and injects a filter into the victim’s filter list. In the example above, the attacker writes a filter, which simply looks for emails with attachments and forward them to an email of their choice. This filter will automatically transfer all emails matching the rule. Keep in mind that future emails will be forwarded as well. The attack will remain present for as long as the victim has the filter within their filter list, even if the initial vulnerability, which was the cause of the injection, is fixed by Google.
– gnucitizen

As many of you already know on November 2nd, MakeUseOf.com’s domain was stolen from us. It took us about 36 hours to get the domain back. As we have pointed out earlier the hacker somehow managed to get access to my Gmail account and from there to our GoDaddy account, unlock the domain and move it to another registrar.

You can see the whole story on our temporary blog makeuseof-temporary.blogspot.com/

I wasn’t planning to publish anything about the incident or cracker (person who steals domains) and how he managed to pull it off unless I was completely sure about it myself. I had a good feeling it was a Gmail security flaw but wanted to confirm it before posting anything about it on MakeUseOf. We love Gmail and giving them bad publicity is not something we would ever want to do.

Now the thing is the domain name domainsgames.org is protected by Moniker and they hide all the contact info for it.

Domain ID:D154519952-LROR
Domain Name:DOMAINSGAME.ORG
Created On:22-Oct-2008 07:35:56 UTC
Last Updated On:08-Nov-2008 12:11:53 UTC
Expiration Date:22-Oct-2009 07:35:56 UTC
Sponsoring Registrar:Moniker Online Services Inc. (R145-LROR)
Status:CLIENT DELETE PROHIBITED
Status:CLIENT TRANSFER PROHIBITED
Status:CLIENT UPDATE PROHIBITED
Status:TRANSFER PROHIBITED
Registrant ID:MONIKER1571241
.
.
.
.
Name Server:NS3.DOMAINSERVICE.COM
Name Server:NS2.DOMAINSERVICE.COM
Name Server:NS1.DOMAINSERVICE.COM
Name Server:NS4.DOMAINSERVICE.COM

More at Makeusof.com

The Google Fix

Popularity: 18% [?]

Security Team of Barack Obama

Dear Secret Service,

Thank you for the fine work of protecting President George W. Bush. Regardless of my personal disagreements with about 90% of his administrations actions I wish nothing beyond a very irritating groin rash on the man who has been my president from 2000 – 2008.

I hope that you can do the same thing for President Obama. I am certain you’ll be proactive in your security techniques. I am definitely not questioning whether or not you are good at your job.

As an American citizen I just ask that you go one step further by looking at potential insider threats. I’m not trying to promote some sort of conspiracy theories or anything and I certainly don’t have any reason to believe that your current staff is stocked with traitors of the American Republic. I’m just pointing out potential threats.

To let harm befall such a great American who has become a symbol of hope for people around the world would be a serious blemish on YOU.

p.s. Congrats on the Win, President Obama

Popularity: 12% [?]

How to catch hackers on your wireless

Techdar talks about How to catch hackers on your wireless network and how to defend your Wi-Fi from future attacks

There are lots of tools around to help people carry out ARP-related exploits and if a malicious, Wi-Fi enabled neighbour decided to find out more about your network, this could be an effective way to do it. The good news is that there are some defences out there. The bad? They can be costly and don’t always deliver the protection you might expect.

Tools of Choice:

Arp Defender

AntiARP

Capsa

PromiScan

TEchdar

Popularity: 3% [?]

Why is Internet Safety Important

The amazing freedom and availability of the Internet lends itself to a few major dangers: Pr0n, malware and how to perform illegal and/or dangerous activities.

Whether it is a curious person seeking these things out or the child accidentally clinking the wrong link and getting bombard with explicit pop-ups, the items lists can be harmful to an impressionable mind. Policies must be enforced.

There are a few groups that should have limited exposure to certain types of information on the Internet. Children, mentally handicapped or psychologically damaged people in settings such as schools, homes, rehabilitation or correctional facilities and group homes should be blocked, tracked and monitored while accessing the Internet. Certain information could destroy them if they don’t yet have the capacity to understand or put certain information in the proper context.

Protection from Pornography & Malware

In a professional setting there should be a written policy against accessing and/or downloading unacceptable material such as pornography. These items should be actively blocked whether in a working environment or at home among minors accessing the same system. Allowing impressionable or fragile minds unlimited access to certain graphic material is irresponsible. The law is also a good reason why Internet safety is important. If you are the owner or charged with immediate control of the system being used for illegal activity, you could be partially or wholly liable for the activity. An example is substitute teacher Julie Amero

On October 19, 2004, Julie Amero was substituting for a seventh-grade language class at Kelly Middle School in Norwich, Connecticut. The teacher’s computer was accessed by pupils while the regular teacher, Matthew Napp, was out of the room. When Julie took charge, the computer started showing pornographic images.

On January 5, 2007, Amero was convicted in Norwich Superior Court on four counts of risk of injury to a minor, or impairing the morals of a child. Her sentencing was delayed four times after her conviction, with both the prosecution and judge not satisfied that all aspects of the case had been assessed.[1] The felony charges for which she was originally convicted carry a maximum prison sentence of 40 years

– wikipedia

The Kelly Middle School systems were actually infected with malware that allowed the explicit pictures to pop up.

Access to Dangerous information

From the Columbine shooters to the Virginia Tech massacre, most of the killers had a recorded history of mental illness and/or psychologically instability. In many cases, they used public and/or home computers belonging to their parents to research bomb making or even purchase guns.

Controlling access is the best way to get on the Internet safely. Maintaining privacy of users is another important step in Internet safety, however that is a matter of educating users particularly if the frequent Social networks such as facebook or myspace. They need to be instructed about the dangers of stalkers, perverts and predators looking specifically for impressionable minds.

We are the keepers of these impressionable and fragile minds. That is the reason Internet safety is important and why we must be mindful of these subjects.

Popularity: 9% [?]

Certification & Accreditation Change

Standard-issue security
Certification and accreditation process for national security systems to extend to the rest of government. A two-year-old effort to standardize processes for certifying and accrediting government IT systems could soon bear fruit, according to officials from several agencies.

The Committee on National Security Systems is preparing instructions for implementing a unified certification and accreditation (C&A) process that could be used on all national security systems, including those in the Defense Department and intelligence community, said Tony Cornish, chairman of the CNSS’ C&A working group.

At the same time, the National Institute of Standards and Technology plans to update its C&A guidance for systems covered by the Federal Information Security Management Act, said Ron Ross, a senior computer scientist and FISMA implementation lead at NIST.

“We are very close to producing a unified C&A process for the entire federal government,” Ross said in July at a government security symposium hosted by Symantec. “Within the next six to eight months, you are going to see a plethora of new things coming out” from CNSS and NIST.

CNSS’ instructions will be incorporated into NIST guidelines in its 800 series of special publications. Ross said a major update of SP 800-53 Rev. 2, “Recommended Security Controls for Federal Information Systems,” is expected in December, and a draft of the first revision of SP 800-37, “Guide for the Security Certification and Accreditation of Federal Information Systems,” is expected to be released for comment soon.

A single, governmentwide approach would make it easier for agencies to share data and cooperate with one another and with states, foreign allies and the private sector.

It could enable reciprocity, or the acceptance of other agencies’ C&A processes, without requiring recertification, and also could streamline acquisition processes by making it easier for vendors and developers to meet one set of standards.

C&A is a process for ensuring that IT systems are operating with an appropriate level of security. In the certification phase, the security of the system is documented; for accreditation, a designated authority signs off on the system’s fitness to go into operation. The concept has been around for some time, but there has been little standardization.

“In the past, we each had our own set of policies, and we didn’t look at each other’s,” said Sherrill Nicely, deputy associate director of national intelligence at the Office of the Director of National Intelligence.

FISMA requires C&A of information technology systems, but that does not apply to national security systems. And within the national security community, the military and intelligence sectors each have had their own way of doing things.

“Since about 1993, the Defense Department had its program, the Defense IT Security Certification and Accreditation Process,” said Eustace King, DOD chief of acquisition and technology oversight. “It worked pretty well” in a time before DOD’s emphasis on network- centric systems and information sharing, but it lacked enterprise visibility.

That C&A program was replaced with the Defense Information Assurance Certification and Accreditation Process. DOD was moving to the program in 2006 to harmonize military and intelligence processes when, a year later, it was expanded to include the rest of the national security community by bringing in the CNSS.

Through NIST, C&A procedures eventually will be standardized across all of government. However, policies do not change mind-sets, and old habits still remain one of the primary challenges to a standardized process. At DOD, there is a reluctance to accept reciprocity — that is, to give full credit to another agency’s C&A process without recertification, King said.

The intelligence community faces a similar hurdle, said Sharon Ehlers, an assistant deputy associate director of national intelligence.

“The cultural change has been the biggest challenge,” Ehlers said. “When it is not invented here, people don’t want to look at it.”

Popularity: 9% [?]

Ed Skoudis lists the Top 5 Worst Attacks of 1998 – 2002

That which does not kill us makes us stronger.
-Friedrich Nietzsche

In the November 2002, Information Security Magazine article, Infosec’s Worst NightMares, Ed Skoudis lists the Top 5 Worst Attacks of 1998 – 2002. Mr. Skoudis is the founders of Intelguardians Network Intelligence, LLC and is a handler of the very popular Internet Storm Center.

Mr. Skoudis mentions that the Top five major destructive attacks of 1998 – 2002 made many industries “battle-tested” and more likely to be proactive rather than reactive. The 5 year Worst Skoudis list is based on exploits that shook our very faith in the Internet and security of e-commerce.

1. Code Red (2001). July 13 2001, the worm attacked Microsoft IIS systems. By 19 July 2001, the worm had affected over 350,000 systems. SANS and Honeynet Project set up honey pots to capture the worm. But E-eye Digital Security Programmers did the most intense research on the worm and also named it. The worm exploited a vulnerability in the indexing software distributed with IIS, described in Microsoft’s MS01-033 patch. It was a buffer overflow attack. Some of the lessons learned: Keep systems patched, use of honey pots to capture malware, coordinated response helps to contain worms.

2. Nimda (2001). Shortly after 9/11, the Nimda worm was unleashed. It caused more damage financially than Code Red. There were rumors that it was China that released it to hurt the US further, but this is unlikely due to the nature of Nimda.

While it was bad, it had the appearance of a being written by a determined amateur, not a nation-state that spends $1 Billion annually on cyberwarfare capabilities. – Skoudis.

Nimda affected Windows 95, 98, Me, NT, or 2000 and servers running Windows NT and 2000. It was so affective because it attacked IIS, e-mail, browsers and network shares. This multi dimensional attack method could mark a trend in future cyberfare.

Lessons Learned: The importance of an incident response capability, disabling arbitrary scripts in e-mail and browsers.

3. Melissa (1999) & LoveLetter (2000). Both of these exploited malware through e-mail propagation. Melissa used Microsoft Word Macro virus and LoveLetter (I Love You Virus). The worm harvested the victims address book to forward itself to more victims which killed a lot of email servers. Lessons Learned: Many companies got serious about implementing anti-virus applications throughout the network.

4. Distributed Denial-of-Service (DdoS) attacks (2000). After all the panic of pre-Y2K, a completely new and unexpected storm hit major sites: Yahoo!, Amazon, CNN, E*Trade ZDNet and eBay. All by a single child hacker nicked named Mafiaboy. He had spread zombie flooding agents to hundreds of machines around the world and used them to attack sites with billions of useless packets. Lessons Learned: employ anti-spoofing filters.

5. Remote Control Trojan Horse Backdoors (1998 – 2000). In 1998, the Cult of the Dead Cow hackers group created the Trojan, Back Orifice which initially targeted Windows NT/9x. The tool allowed unskilled attackers to attack any vulnerable system. It also marked the rise of the “script kiddies” and produced a bunch of spin offs such as Subseven, Netbus and Hack-a-Tack.

Popularity: 11% [?]

Asset Labels: Security Markings

In the military one of the jobs I hated the most was what we called “ADPE”, Automated Data Processing Equipment custodian.  My job title was Equipment Control Officer (ECO).  My job was to ensure that every piece of equipment was present and accounted for.  We needed to know equipment status and keep track of its “life cycle” (life-cycle, is the purchase to decommission process that all ADPE goes through).  I did this for an entire military installation. Like I said, this was not my favorite thing to do.
But it was (is) very important.  Looking at the big picture, I noticed that literally millions of dollars worth of equipment had been lost prior to anyone taking ADPE seriously.  It got so bad that the U.S. government started really cracking down.  If units and organizations neglected to put security markings on their equipment, they were not allowed to purchase ANY new equipment (per base policy).  As the Equipment Control Officer, I started doing audits to ensure every thing was marked properly.

Before I saw the big picture, I thought it was a bit anal but the reality was that some of the equipment would get stolen, lost or just plain forgotten and in the long run this kind of neglect becomes extremely costly.
It is very important for organizations to account for all equipment.  The best way to do this is with a database and asset labels.  In the military we had our own asset labels, but companies like seareach offer very professional looking asset labels, asset tags, security labels and security printing.

Popularity: 3% [?]

Next Page »