Alvin Oga | 1 Jun 04:04 2004

Re: DNS and SMTP


hi ya

> On Fri, 2004-05-28 at 09:16, kaps lock wrote:
> > Hi All,
> > I am a security new bie.I would like to know or
> > atleast if somebody can have me some pointers to good
> > turtorials on

read ... the first 10 pages of all the links that google
returns for each "search string" you give it .. 

> > 1)DNS
> > basically i want to be able to understand everything
> > about DNS ,using nslookup,dig inorder to be a good
> > security analyst.

knowing how to use the wrong tools wont help  with being
a "security analyst"
	- what kind of analyst ??
	( writing articles for general public or for teaching
	( security classes for certification ?

as it has been pointed out ... read both books about DNS
by cricket liu ( not just the oreilly one )

- you/we will never know "everything" about dns

> like how i could determine OS of a
> > dns server ,
(Continue reading)

David Schwendinger | 1 Jun 15:44 2004

RE: ISP reconfiguring cable modem?

I think an equally important question besides the "is it technically
possible" is: Is it or should it be legal for ISPs to reconfigure equipment
belonging to its subscribers, let alone doing it without telling them about
it?

David T. Schwendinger

-----Original Message-----
From: Paul Kurczaba [mailto:paul <at> myipis.com] 
Sent: Thursday, May 27, 2004 3:12 PM
To: security-basics <at> securityfocus.com
Subject: ISP reconfiguring cable modem?

On this ZDNet article
(http://zdnet.com.com/2100-1107_2-5218720.html?tag=zdaresources), it
mentions that to help prevent spam, comcast could remotely reconfigure the
cable modem if it sees that user is sending out a bunch of spam. How is it
possible to remotely configure the cable modem? Would it be a TCP/IP or
cable signal that would reconfigure the modem? If it is TCP/IP, couldn't a
hacker screw up the modem? If it is a cable signal, what happens if the
cable user bought the modem at best buy or compusa (it wouldn't be ISP
specific)

-Paul Kurczaba

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
(Continue reading)

David Gillett | 1 Jun 17:44 2004

RE: ISP reconfiguring cable modem?

  DOCSIS.  Most cablemodem ISPs exert control over the cable modems
remotely.

David Gillett

> -----Original Message-----
> From: Paul Kurczaba [mailto:paul <at> myipis.com]
> Sent: Thursday, May 27, 2004 12:12 PM
> To: security-basics <at> securityfocus.com
> Subject: ISP reconfiguring cable modem?
> 
> 
> On this ZDNet article
> (http://zdnet.com.com/2100-1107_2-5218720.html?tag=zdaresources), it
> mentions that to help prevent spam, comcast could remotely 
> reconfigure the
> cable modem if it sees that user is sending out a bunch of 
> spam. How is it
> possible to remotely configure the cable modem? Would it be a 
> TCP/IP or
> cable signal that would reconfigure the modem? If it is 
> TCP/IP, couldn't a
> hacker screw up the modem? If it is a cable signal, what 
> happens if the
> cable user bought the modem at best buy or compusa (it wouldn't be ISP
> specific)
> 
> -Paul Kurczaba
> 
> 
(Continue reading)

steve | 1 Jun 15:13 2004

Computer Forensics

I recently wrote the list inquiring about firms that folks would recommend
for computer forensics, and thanks for the replies.  I have the list of
recommendations if anyone wants the company names.  An interesting aspect of
the responses was to define what is meant by Computer Forensics.  I think it
would be good to hear from the list as to what we believe makes up the
commonly understood realm of Computer Forensics.  Here is how I have seen
Computer Forensics traditionally defined, into these areas:

    Electronic Discovery
    Forensic Analysis
    Expert Testimony

Below is how the Information Systems Audit and Control Association (ISACA)
www.isaca.org defines Computer Forensics.  The only area where I would not
totally agree with their definition is that the outcome of the work does not
necessarily have to be for use in a court of law.
2.1 Computer Forensics
2.1.1 Computer forensics can be defined as the process of extracting
information and data from computer storage media using the available
technology and establishing its accuracy and reliability for the purpose of
producing the same as evidence in a court of law.

2.1.2 The challenge to computer forensics is actually finding this data,
collecting it, preserving it and presenting it in a manner acceptable in a
court of law.

2.1.3 Computer forensics primarily involves exploration and application of
scientifically proven methods to gather, process, interpret and utilise
digital evidence to:

(Continue reading)

Kelly Martin | 1 Jun 18:07 2004
Picon

SecurityFocus new article announcement

The following article was published on SecurityFocus today:

H.323 Mediated Voice over IP: Protocols, Vulnerabilities & Remediation
By Thomas Porter, Ph.D  Jun 01, 2004

This paper provides an overview of the H.323 (VoIP) protocol suite, its
known vulnerabilities, and then suggests twenty rules for securing an
H.323-based network.

http://www.securityfocus.com/infocus/1782

--8<--cut here---8<---
Kelly Martin kel <at> securityfocus.com http://www.SecurityFocus.com
SecurityFocus Infocus - content editor ph+001 (403) 261-5468

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------

Craig, Jason | 1 Jun 17:25 2004
Picon

RE: Removing Local Admin Rights...

Correct, most Adobe products (and many others) try to write to reg keys on
startup and certain directories.  With Regmon and Filemon, one can set the
appropriate perms for only those keys nescessary.  If I recall correctly,
Palm software has similar issues.  With the Palm software, rather than
changing lots of perms to install, we just give that user local admin
rights, install, configure and take away admin rights.  Everything runs fine
after.

-jc

-----Original Message-----
From: Simon Taplin [mailto:simont <at> pop.co.za] 
Sent: Saturday, May 29, 2004 8:37 AM
To: Craig, Jason
Cc: security-basics <at> lists.securityfocus.com
Subject: Re: Removing Local Admin Rights...

Most of the Adobe products don't run properly unless the User is part of the
Power User Groups or higher for whatever reason. I remember that InDesign
1.5 needed to install Japanese fonts if the user was part of the Users
group.

Simon

Craig, Jason wrote:

> Jay,
> 
> None of our users have admin rights.  Most apps will run fine.  We've 
> run into quirks with label printer software, and the usual problems 
(Continue reading)

Craig, Jason | 1 Jun 17:30 2004
Picon

RE: Removing Local Admin Rights...

I'm a little concerned over the need to repair so many systems.  We have a
small devl shop with programmers running as local admin and I haven't had to
touch one of their machines (except for upgrades, etc) in years.  We try to
educate our programmers and users alike as to best practices.  Perhaps your
users are doing things they shouldn't be?

-jc

-----Original Message-----
From: Faisal Masood [mailto:faisyuet <at> wol.net.pk] 
Sent: Monday, May 31, 2004 1:43 PM
To: simont <at> pop.co.za; 'Craig, Jason'
Cc: security-basics <at> lists.securityfocus.com
Subject: RE: Removing Local Admin Rights...
Importance: High

I'm working in a development environment. My developers need to register
application DLLs most often. They also want to do ASP debugging, SQL
debugging, MTS debugging. 

For these requirements I've to give my users local admin access. But result
is that we get at least a system every week for repair.

What is the solution to this issue?

Regards
Faisal Masood

-----Original Message-----
From: Simon Taplin [mailto:simont <at> pop.co.za]
(Continue reading)

David Gillett | 1 Jun 18:41 2004

RE: Removing Local Admin Rights...

  MY preferred solution is to give developers two machines --
an old/small/slow one for browser/email/etc which is treated
just like any other user's machine, and a development box on
a sandbox network that they can trash to their heart's content,
because IT won't fix it.

Dave Gillett

> -----Original Message-----
> From: Faisal Masood [mailto:faisyuet <at> wol.net.pk]
> Sent: Monday, May 31, 2004 1:43 PM
> To: simont <at> pop.co.za; 'Craig, Jason'
> Cc: security-basics <at> lists.securityfocus.com
> Subject: RE: Removing Local Admin Rights...
>
>
> I'm working in a development environment. My developers need
> to register
> application DLLs most often. They also want to do ASP debugging, SQL
> debugging, MTS debugging.
>
> For these requirements I've to give my users local admin
> access. But result
> is that we get at least a system every week for repair.
>
> What is the solution to this issue?
>
> Regards
> Faisal Masood
>
(Continue reading)

Burton M. Strauss III | 1 Jun 19:06 2004
Picon

RE: ISP reconfiguring cable modem?

Sure it's legal - it's in the TOS you signed when you purchased service.

Same as with a car - just because you own it doesn't give you the right to
drive across my lawn.

-----Burton

> -----Original Message-----
> From: David Schwendinger [mailto:dschwendinger <at> BlackbirdTech.com]
> Sent: Tuesday, June 01, 2004 8:44 AM
> To: paul <at> myipis.com; security-basics <at> securityfocus.com
> Subject: RE: ISP reconfiguring cable modem?
>
>
> I think an equally important question besides the "is it technically
> possible" is: Is it or should it be legal for ISPs to reconfigure
> equipment
> belonging to its subscribers, let alone doing it without telling
> them about
> it?
>
>
> David T. Schwendinger
>
> -----Original Message-----
> From: Paul Kurczaba [mailto:paul <at> myipis.com]
> Sent: Thursday, May 27, 2004 3:12 PM
> To: security-basics <at> securityfocus.com
> Subject: ISP reconfiguring cable modem?
>
(Continue reading)

steve | 2 Jun 15:35 2004

Outlook Web Access

We are still running Exchange 5.5 and until we start our Exchange 2003
migration we want to improve the way we are running Outlook Web Access (OWA)
in terms of security.  We use SSL.  We prohibit traffic to the box other
than port 80 and 443.  Other than the obvious recommendations of using the
recommended OWA install and hardening the OS where OWA is running does the
list have any other recommendations on protecting the OWA box?  For
instance, can OWA be configured to run on Linux/Apache instead of Windows
2000/IIS5?

Thanks

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------


Gmane