headers
Jude Naidoo | 1 Jun 2003 10:19
Picon

Re: Distressing, possibly life threatening emails from free accounts (yahoo, hotmail

Hi

The email header will also have the network address that connected to Yahoo.
Do you have a copy of the header ?

Thanks

Jude
----- Original Message ----- 
From: <khayes <at> eastbay.com>
To: "steve baker" <stephenbbaker <at> hotmail.com>
Cc: <security-basics <at> securityfocus.com>
Sent: Thursday, May 29, 2003 4:03 PM
Subject: Re: Distressing, possibly life threatening emails from free
accounts (yahoo, hotmail

>
> Unfortunately there isn't a clear way to do this since Yahoo is the middle
> guy and the mail headers were generated there.  We recently had a similar
> e-mail come in and we spoke to Yahoo directly.  While they were
sympathetic
> to the situation, they stated some sort of Court Order or Law Enforcement
> involvment would be required for them to give out information.
>
> Ken Hayes
> Network Administrator
> Eastbay / Footlocker.com
> Wausau, WI Offices
> (715) 261-9573
> khayes <at> eastbay.com
(Continue reading)

Permalink | Reply | 0 comments |
headers
Jimi Thompson | 2 Jun 2003 02:19
Picon

RE: About default sharing folders in Windows

><SNIP>
>
>I believe there might be a way in the registry to remove the
>administrative shares altogether, but whether there is or isn't you need
>to make sure you have strong passwords for the administrator account and
>you should assign a strong password to the Guest account even if you
>keep the account disabled.
</SNIP>

I strongly suggest renaming the local Administrator and Guest account 
to something that is not easily guessed at.  In addition, you should 
probably create "dummy" accounts named "Administrator" and "Guest" 
that have no rights/no group memberships and are disabled.  Monitor 
the dummy accounts closely for log in attempts.

If you machines are going to be exposed to the Internet, you will 
have to hack the registry to remove the all the default shares. 
Technet has several fine articles on this.
--

-- 
Thanks,

Ms. Jimi Thompson, CISSP, Rev.

"Those who are too smart to engage in politics are punished by being 
governed by those who are dumber." --Plato

---------------------------------------------------------------------------
----------------------------------------------------------------------------
(Continue reading)

Permalink | Reply | 10 comments |
headers
James Taylor | 2 Jun 2003 03:28
Picon
Favicon

Re: Security training Teaching material

For CISSP discussion and Exam thoughts also check out...

http://forum.cissp.com/ubbcgi/ultimatebb.cgi?ubb=get_topic&f=1&t=000127

Regards
James

--- Andrew Pretzl <arp <at> norlight.com> wrote:
> 
> 
> 
> 
> 
> The www.cccure.org website run by Clement Dupuis is an
> excellent source of
> information for studying for the CISSP exam. I would also
> recommend the
> CISSP Prep guide and the All in One Exam guide.
> AP
> =============================
> Andrew Pretzl - CISSP
> Network Engineer
> Norlight Telecommunications
> http://www.norlight.com
> =============================
> 

__________________________________
Do you Yahoo!?
Yahoo! Calendar - Free online calendar with sync to Outlook(TM).
(Continue reading)

Permalink | Reply | 0 comments |
headers
Brett Bisbe | 2 Jun 2003 17:38

Malware Removal


This is more of a continuation of another post. I am looking for a program 
to remove Spyware from a 2000 DC. I have tried Spybot and it will not even 
open to run the program, there are no errors or anything. I am wondering 
if there are any out there (preferrably free) that you could recommend. 

---------------------------------------------------------------------------
----------------------------------------------------------------------------
Permalink | Reply | 2 comments |
headers
Roland | 2 Jun 2003 06:11
Picon

RE: A new concept for security management?

Hi,

Check Point provide a managed solution, Safe <at> Office, not much more expensive
than a good quality ADSL Router,

http://www.checkpoint.com/products/smallbusiness/wizard/answer.html?111100

Cheers,
Roland
---------
www.secwiz.com
---------

_snip_____________________________________________

My question is this:  is there an MSSP (or some other acronym) that provides
security as a service?  My thought is to provide a secure tunnel from this
company's LAN to a remote LAN.  The remote LAN would be secure and managed
and provide that service for a monthly fee.

Is there anything like that out there or am I stuck trying to sell a
complete security solution of some sort to this company?

Thanks in advance for any help.

KC Smith

---------------------------------------------------------------------------
----------------------------------------------------------------------------
(Continue reading)

Permalink | Reply | 0 comments |
headers
Jimi Thompson | 2 Jun 2003 02:47
Picon

Re: About Operating Systems security

You stated in one of your later e-mails that you want to move certain 
things in your company toward open source products - fire walls, web 
servers, and databases.  In any case, the way to make your point is 
TCO  - total cost of ownership.

You must take the cost of procurement as the starting point.

What does the software cost?  What does the hardware it will require cost?

Next, what is the cost of managing this and keeping it running?

What do you have to pay an engineer or DBA that can administer the product?
How much are upgrades?
What about vendor support?
Will you have to retrain people to manage this product?

What is the projected life span of the product?

TCO = [(procurement cost) + (management cost) x life span ] x number of units

If you can run the numbers for the commercial package and compare 
them to the open source package, you should be able to see this to 
your managers.

Example - fire wall

Linux vs. Nokia Checkpoint Device

Procurement Costs
(Continue reading)

Permalink | Reply | 1 comment |
headers
Keenan Smith | 2 Jun 2003 08:09
Picon

RE: A new concept for security management?

Thanks for that answer and all the other good information from everyone.

I'm coming to the conclusion that one of the following 3 things is true:

1.  I wasn't clear about what my client wants
2.  What he wants doesn't exist
3.  What he wants doesn't exist because it can't or if it did, it would be
too hard/expensive to manage

I don't believe that 3 is true, so that leaves either 1 or 2.

My client doesn't want to invest in the cost of securing his network (where
have I heard THAT before?!?!) or the cost/effort of maintaining that
security.  Yes, just as most clients, he wants everything without having to
pay for any of it.  That aside, what my client wants, as best as I
understand it, is VPN access to an existing, secure network.  All access to
the outside world would be via that network.  This means that the only thing
that has to run on the client machines is the VPN client, everything else
would be handled by the network.  That way, all the standard security stuff
would be available, without the pain or cost of handling it himself.

Obviously, a typical network in a typical company would not allow an unknown
user to connect to their backend network, but I thought that there might be
a service of some sort that supplies that type of function.  Based on what
I've taken from this list and other research that I've done, something like
I describe doesn't exist, at least as a service that could be purchased.

I suppose the question is now, why not?  It seemed like a good idea when my
client asked me about it.  Am I missing something or did I just drink too
much last night?
(Continue reading)

Permalink | Reply | 1 comment |
headers
Robinson, Sonja | 2 Jun 2003 15:44

RE: Re[2]: Distressing, possibly life threatening emails from fre e accou nts (yahoo, hotmail

The sender did not indicate that this was spam or otherwise innocous e-mail,
chain mail, etc.   The sender indicated "possible life threatening" which is
extermely serious.

I realise that you can't always trace someone but most of the time you can
and most users are not savy enough to go through a number of chain proxies,
etc.   Not that its impossible, it is unlikely inmost cases.  But first
steps should be as indicated and if you can't traceback then atleast you can
bring what you have to LEO.  Most Local PD's don't have the expertise or
people to perform trace and if you can do most of it then it is helpful for
them - it cuts down on time.  In additon, 99% of e-mails can't be traced
because the user never saved the headers for LE.  If headers are not saved
then you have no hope.  I also have a number of contacts for local pd's and
I can get the victim in touch with those who can help. Part of my job is
digital forensics and investigations.  I would rather have a report now and
potentially be able to help now then to have a physical crime scene later if
the person was assualted or worse. 

I suggest that it is better to try to trace then to do nothing at all.  If
it sufficient for someone to write that they are receiving possibly life
thrreatening e-mail then it is our duty to try to help them with advice that
will help fund the culprit and hopefully protect thembby advising LEO.

Sonja Robinson, CISA
Network Security Analyst
HIP Health Plans
Office:  212-806-4125
Pager: 8884238615

[snip]
(Continue reading)

Permalink | Reply | 0 comments |
headers
Kristofer Mcconnell | 2 Jun 2003 13:56
Favicon

Free utiities

To all,

What are everyone's top 5 free utilities that help troubleshoot,
administer, and apply security to their networks, systems, and such? These
tools can be used from anything from networking to disk fragmenting. I like
trying new applications that help with the most mundane and trivial network
occurrences. I like applications that help me with my day to day operations
and are easy to use and interpret.

Thanks,
Kristofer Mc Connell
Web Admin
Prudential Financial

---------------------------------------------------------------------------
----------------------------------------------------------------------------
Permalink | Reply | 7 comments |
headers
James Lee Gromoll | 2 Jun 2003 22:06
Picon
Favicon

RE: W2K server "sniffer"

my
$.02

Ethereal on a seperate Linux or W2K box is about the best answer. Netmon is 
fine, but the one shipped with server only monitors traffic to and from the 
server. If you want to detect rogue traffic then the only real solution is a 
seperate box. Anyone who has ever run ethereal on a server in realtime mode 
can surely attest to some significant performance hit.

jlg

_________________________________________________________________
The new MSN 8: advanced junk mail protection and 2 months FREE*  
http://join.msn.com/?page=features/junkmail

---------------------------------------------------------------------------
----------------------------------------------------------------------------
Permalink | Reply | 0 comments |

Gmane