headers
Saqib Ali | 1 Sep 2005 02:11
Picon
Gravatar

Re: Thin-clients: THE Solution to the Security problem

answer to your question is not easy. and it will depend on the type of
organization in question.

Maybe you can start by serving inidividual application using Citrix,
instead of the whole desktop. This way you can measure user's
feedback. Click here for similar discussion on Slashdot <
http://slashdot.org/article.pl?sid=04/12/28/2212243 >

Start by publishing Internet Explorer on Citrix, and require your
users to use it from Citrix instead of their local copy of IE. Lock
down IE, and use anonymous accounts for Internet Explorer. This way
you can lock down the IE to your heart's desire. Also publishing IE
'anonymously' on Citrix will further secure the environment, as the
anonymous profiles can be deleted on a nightly basis. However one
issue with 'anonymous' access to Citrix applications, is that the user
can not maintain their preference or even their bookmarks.

> Now if we replace all of these PCs with thin-clients, whereby they will access servers (may be Terminal
Servers) to get their mails, get Web access, does it not eliminate the potentially large pool of
'vulnerable' machines, and hence greatly decrease the Risk Exposure of an organisation's network?
> 
> Is this the solution to manage Security more effectively?

--

-- 
In Peace,
Saqib Ali
http://www.xml-dev.com/blog/
Consensus is good, but informed dictatorship is better.
(Continue reading)

Permalink | Reply | 0 comments |
headers
Boubacar Fadiga | 1 Sep 2005 01:53
Picon
Favicon

RE: Outlook Security

Hi,
I had this problem since I got to Outlook 2003.
With this version, you can hold several .pst
and have separate passwords.
You can then put your folders wherever you want.
My 2cts.
BF

-----Message d'origine-----
De : Thiago Lima lst [mailto:thiagolima <at> webforce.com.br] 
Envoyé : vendredi 29 juillet 2005 23:03
À : security-basics <at> securityfocus.com
Objet : Outlook Security

 
	I'm searching for tools to enhance outlook (local pst) security. 
	
	- I'd like to encrypt some folders in the pst ( not all folders )
	- And if it is possible I'd like to hide some folders. And show then
only if a password or key is entered. 

	I'm googling for it and can't find anything that looks like this.
Does any one know any tool like this?

Thanks a lot,
Thiago lima.
Permalink | Reply | 5 comments |
headers
McKinley, Jackson | 1 Sep 2005 02:11

RE: University Degree or CISSP

 From personal experience Ive found it works both ways.  Sure having the
degree and cert will get you pas the first cut but then it really
starts.  So you impress the managers with your cert and degree's in what
ever field and you get your second interview.  Now what happens?

Well normally you meet the team leader and his "head" tech.  Most of the
time they wont be all that impressed with your papers and want you to
prove you have the ability to take what you have learnt in the class
room to the real world where you don't have access to everything and you
have the all important and biggest road block to troubleshooting... The
customer :P ahahha

Ive seen people that look REAL good on paper and one sticks out from
them all.. Hired as a lvl3 engineer in a SOC, then we all had to cover
him for 2 mths till we just gave up and it was plain to the manager and
he was asked to leave... He had it all, Masters, CCNP, MCSE, etc, etc...
What he didn't have was a clue about the real world..  Give him a fault
and he couldn't work it back, just didn't have the "Stuff" you get from
hands on experience.

What I guess I'm saying is that its not just about your bits of paper..
But its more about you.  Personally I have a couple and they are
normally so I can make it past the recruitment companies cutting.. Then
its all about my work experience, my thirst to learn more and what I
sell to employers as "My abilities to see things other people don't"  :P
Since this is what I do as a threat analyst..

Think about where you want to be doing in 5, 10, 15 years...  Find what
you need to do those jobs and start doing it,  always making sure you
are moving, moving sideways or forward never backwards..
(Continue reading)

Permalink | Reply | 0 comments |
headers
Kelly Martin | 1 Sep 2005 02:05
Picon
Favicon

Re: SF new article announcement: The great firewall of China

Micheal Espinola Jr wrote:
> Meh. This just goes with the standard security best practice: Block
> everything and allow only what you need.
> 
> Do I block China?  Yep.  Korea?  Yep.  Russia?  Yep.  Etc, etc...

Does anyone know of an accurate list of IP address blocks mapped to 
various countries? Doing a WHOIS after an attack or SSH brute-force 
attempt is rather reactive... this whole approach doesn't make the 
server any more secure, but 1) it limits the user of compromised 
machines in large emerging economies as attack launching points, and 2) 
it makes your logs much shorter and easier to read. :)

Regards,

Kelly Martin
moderator
Permalink | Reply | 0 comments |
headers
Jason Coombs | 1 Sep 2005 02:37

Re: Computer forensics to uncover illegal internet use

Dave,

You're substantially oversimplifying and producing rhetoric rather than teaching the issues as a
result... Not that rhetoric is a bad thing, I like rhetoric.

First of all, finding a bag of white powder on the ground isn't sufficient for a lay-person to conclude that
they are in possession of drugs.

Finding a bag, testing it for contraband, and then leaving it there can be reckless endangerment, and the
proper thing to do is to call authorities immediately upon suspicion of a dangerous substance, but the
first thought you should have is for safety and health, and that means you call the fire department.
Immediately presuming a crime has occurred and calling the police is not necessarily the right action.

I have seen people harmed by other people's panic reaction to what they believe is evidence of a crime. The
vigilante emotion and the opportunity to do something exciting (play cops and robbers) is completely
inappropriate and can rise to the level of a crime itself -- though most often it results only in civil
liability (i.e. you can be sued for improperly handling such an incident, where your actions and
finger-pointing harm others)

The suggestion that every person who picks up such a bag is guilty of possession is just wrong, even though
the best advice is to not touch the bag.

Neither of us are attorneys, but you're arguing from your experience with casework on the law enforcement
side while my experience and detailed conversations on these matters with capable defense attorneys
makes this issue look very different from the defense side.

You're excluding from your consideration all of the exception scenarios where no crime occurs.

Generally-speaking, intent matters. A person who innocently ends up in possession of contraband but does
not intentionally possess it is not guilty of the crime of possession. Perhaps you were unaware of that?
(Continue reading)

Permalink | Reply | 1 comment |
headers
Bill Stout | 1 Sep 2005 02:41

RE: Thin-clients: THE Solution to the Security problem

Your network is still exposed to processes running in IE or launched
from IE on the Metaframe servers.  IE is a major vector, but so is
Outlook.  Anything that brings in foreign (untrusted) content is a
vector, and you users will demand the usability which they're accustomed
to (like cut and paste, save-as, mailto).

Be aware that users on the same server share exposure to malware.  How
comfortable would you be if your Windows XP desktop had other users
logged in?

A thin client is an attempt to apply network sandbox security.  It's as
secure as the isolation is strict.  If you have a path to it, malware on
that system also has a path to you.

You may want to explore different techniques to contain untrusted
content while maintaining usability.  (Hint-hint, check our website).

Bill Stout
www.greenborder.com

-----Original Message-----
From: Saqib Ali [mailto:docbook.xml <at> gmail.com] 
Sent: Wednesday, August 31, 2005 5:12 PM
To: sf_mail_sbm <at> yahoo.com
Cc: security-basics <at> securityfocus.com
Subject: Re: Thin-clients: THE Solution to the Security problem

answer to your question is not easy. and it will depend on the type of
organization in question.
(Continue reading)

Permalink | Reply | 2 comments |
headers
Jason Coombs | 1 Sep 2005 03:11

Re: Computer forensics to uncover illegal internet use

> advocating the willful destruction
> of evidence ... of crimes against
> children??

Yes. Wipe the drive and get on with business. Do a better job next time of keeping the company's vulnerable
Windows computers from being used by third-parties to swap warez, porn, MP3s, and unauthorized copies of
Hollywood movies. Do a better job of keeping the spyware out. Do a better job of protecting employees from
the risk that all of this nonsense creates for everyone.

Spyware-initiated, or Web site-forced downloads of child pornography is NOT a crime against a child.
You're insane if you think otherwise. You cannot possibly be advocating automatic prosecution of any
person who comes within a certain distance of data that are deemed, in violation of the First Amendment, to
be 'contraband' under present-day statutes.

Obscenity laws are unconstitutional and they are also wrong.

Keep this stuff out of the workplace, or you cause enormous harm for absolutely no reason.

Why wouldn't a terrorist organization spread child pornography as widely as possible throughout the
business computers of its enemy nations?

What better way to bring the nation to its knees than by exploiting the vulnerabilities in its own systems?

Sincerely,

Jason Coombs
jasonc <at> science.org

-----Original Message-----
From: "Craig, Tobin \(OIG\)" <tobin.craig <at> va.gov>
(Continue reading)

Permalink | Reply | 0 comments |
headers
dave kleiman | 1 Sep 2005 03:27

FW: Computer forensics to uncover illegal internet use

Jason,

Remember I have the utmost respect for you and have valued your opinion on
many occasions, but I have to disagree here on several points.

> Dave, Edmond, and Jason,
>
> How many times have you worked on, or been involved indirectly as a
> consultant in, real-world criminal cases or corporate investigations
> that involve child pornography offenses where the evidence is obtained
> entirely from computer hard drives and server log files?

Very many actually, you are more than welcome to check with the local DA and
Computer Crimes offices. I am also a FDLE certified LEO.

>
> Attempting to give the hard drive to the company's attorney guarantees
> that attorney-client confidentiality is created with respect to the
> hard drive and the entire incident, whether or not the attorney
> advises that it is necessary, in the situation at hand, to report the
> incident to law enforcement. It also forces the attorney to
> contemplate more fully just what the proper response is to the
> situation. You do not want, under any circumstances, the hard drive to
> be in any person's possession, or for there to be any way for the
> company's possession of the drive to result in particular individuals
> being associated with that ownership -- certainly not the original
> employee who was supposedly the one who had 'exclusive control or
> access' -- because the truth is that nobody knows whether that
> employee was the one who had exclusive control, and it is always the
> case that the employee was not the only person to have potential
(Continue reading)

Permalink | Reply | 0 comments |
headers
Brill, Sven A | 1 Sep 2005 03:28

RE: SF new article announcement: The great firewall of China


>Does anyone know of an accurate list of IP address blocks 
>mapped to various countries? Doing a WHOIS after an attack or 
>SSH brute-force attempt is rather reactive... this whole 
>approach doesn't make the server any more secure, but 1) it 
>limits the user of compromised machines in large emerging 
>economies as attack launching points, and 2) it makes your 
>logs much shorter and easier to read. :)

Sort of. It's not 100%, and it's not fool-proof. If you are sure that
you want to drop whole countries, check it http://www.ip-to-country.com/
. The actual database is free to download  as a CSV file here:
http://ip-to-country.webhosting.info/downloads/ip-to-country.csv.zip ,
and from there you can either use it as-is, import it into a database,
or simply filter out the ranges you are interested in and drop them. 

Sven

--
Sven Brill
Information Risk Management
KPMG, LLP
99 High Street
Boston, MA 02110
Phone: 617-988-1629
Fax: 617-988-0890
Mobile: 617-803-9602 

*****************************************************************************
The information in this email is confidential and may be legally privileged.  It is intended solely for the
(Continue reading)

Permalink | Reply | 0 comments |
headers
McKinley, Jackson | 1 Sep 2005 04:41

RE: Computer forensics to uncover illegal internet use

 Micheal Cottingham wrote:
> The point of an investigation is to obtain evidence. Only to obtain
evidence. Furthermore, law enforcement would perform the exact same
techniques to uncover the evidence, > but by your definition, they too
would be breaking the law. 

I'm not sure about within the US but there are laws in place within
Australia that allow for law enforcement to do thing that would normally
be breaking the law if it is deemed to be required for the purpose of
investigation or apprehension of a crime / criminal.

Micheal Cottingham wrote:
> If an investigation finds that the accused employee is not guilty,
that's the end of that investigation. 

I wouldn't attempt to do any investigation without legal advise.. When I
comes to something like underage p*** then you are painting the
defendant with a very messy mark, and should it turnout that they where
in fact not guilty or "framed" by some third party you have brand them
with a stigma that will not go away.

When looking at this "kind" of issue we must handle with the greatest of
care.. Better still when dealing with any employee / personnel utmost
care must be take so as to not create the chance of being hit with a
defamation case or worse...  This is not just a compromised system /
server that some scriptkiddie has "owned" its lives, the suspect,
family, children, parents... The list goes on...

-----Original Message-----
From: Micheal Cottingham [mailto:security <at> michealcottingham.com]
(Continue reading)

Permalink | Reply | 0 comments |

Gmane