Roman Schlegel | 1 Nov 07:11 2006

Re: File Integrity Monitoring

On 01/11/06, s1n04k0 <at> aol.com <s1n04k0 <at> aol.com> wrote:
> I am looking for a File Integrity Monitoring solution and currently
> looking at
> Tripwire. Does anyone know of any similar or better solution?
>
> Any feedback is appreciated.
>
> Thanks
>

Hi,

I have been using samhain before, which seemed to do the job quite
well. I only used it in a single-server environment though and did not
use all of the features.

http://www.la-samhna.de/samhain/

Cheers,

Roman

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
(Continue reading)

Subbarao Chitturi | 1 Nov 11:13 2006
Picon

Vulnerability Assessment of a EAL 4 system

I am looking at a Linux server which has been
accredited as a EAL4 system by IBM.  During the
assessment, I was looking for standard Linux
protections like iptables, ssh etc.  On this server,
there is no iptables.

Regardless, I would like to know how to evaluate a EAL
4 system.  What do you need to look for in the EAL 4
system in production that could become vulnerable?

Thank you in advance for any help.

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------

nikhil | 1 Nov 05:08 2006

Re: File Integrity Monitoring

There are many File Integrity Monitoring tools available out of which some are Sharewares & some are
Freewares/Open Source. 

a) SAMHAIN file integrity / intrusion detection system:

Desc : Samhain is a multiplatform, open source solution for centralized  file integrity checking /
host-based intrusion detection on POSIX systems (Unix, Linux, Cygwin/Windows). It has been designed to
monitor multiple hosts with potentially different operating systems from a central location, although
it can also be used as standalone application on a single host.

URL : http://www.la-samhna.de/samhain/

b) Another file integrity checker (Afick) :

Desc : Afick is a fast and portable intrusion detection and integrity monitoring system, designed to work
on all platform (it only needs perl and standard modules), including windows, linux, unix. The
configuration syntax is very close from tripwire/aide.

URL : http://sourceforge.net/projects/afick/

c) GFI LANguard System Integrity Monitor 3.0:

Desc : GFI LANguard System Integrity Monitor is a utility that provides intrusion detection by checking
whether files have been changed, added or deleted on a Windows 2000/NT system. If this happens it will
alert the administrator by email. Since hackers need to change certain system files to gain access, this
utility provides a great means to further secure any servers that can be attacked.

URL : http://www.download.com/GFI-LANguard-System-Integrity-Monitor/3000-2653_4-10175457.html

d)  Data Sentinel:
(Continue reading)

Daniel Cid | 1 Nov 15:18 2006
Picon

Re: File Integrity Monitoring

You could try ossec. It does file integrity monitoring
in a scalable and centralized fashion (with the
data stored in a central server). It is also very
simple to install and runs on Linux, *BSD, Solaris,
AIX, HP-UX and Windows.

Link: http://www.ossec.net

Thanks,

--
Daniel B. Cid
dcid ( at ) ossec.net

--- s1n04k0 <at> aol.com escreveu:

> I am looking for a File Integrity Monitoring
> solution and currently 
> looking at
> Tripwire. Does anyone know of any similar or better
> solution?
> 
> Any feedback is appreciated.
> 
> Thanks
> 
>
________________________________________________________________________
> Check out the new AOL.  Most comprehensive set of
> free safety and 
(Continue reading)

Kenton Smith | 1 Nov 22:21 2006
Picon

Re: Re: Enterprise Level Email Encryption

That has got to be one of the worst shameless plugs I've seen in a while. Instead of spreading untruths about
other products why not just tell us why yours is better?
The corporate versions of PGP have full control over keys so that you can add/remove/revoke etc. There are
also PKI services that will give you the same kind of capabilities with S/MIME.
If I was the person asking for help I'd be sure to strike your company off the list.

Kenton

P.S. Oh yeah, "Why would you install software in a company that breaks laws, and cripples the company,
legally?" I can't think of anyone who would want to do this. If that's your gimmick you might find that
calling your potential customers stupid doesn't work so well.

----- Original Message ----
From: "lyal.collins <at> key2it.com.au" <lyal.collins <at> key2it.com.au>
To: security-basics <at> securityfocus.com
Sent: Tuesday, October 31, 2006 1:27:15 PM
Subject: Re: Re: Enterprise Level Email Encryption

Why would you install software in a company that breaks laws, and cripples the company, legally?

S/MIME and PGP lock company data into the hands of individuals - definitely bad news!
Voltage isn't much better.

Problems occur when staff leave but don't unlock their data, password/key changes means older emails are
not accessible anymore and blackmail opportunities et al are created by using such software.

Consider Key2Mail instead - provided the requested functionality, and allows the company to meet the law.

---------------------------------------------------------------------------
This list is sponsored by: Norwich University
(Continue reading)

Joe_Wulf | 1 Nov 20:38 2006
Picon

RE: File Integrity Monitoring

I've produced a variation on the file integrity theme with a Unix shell script.
The product is called 'zlister'.
It was designed to satisfy a need and not necessarily the same need with bells
and whistles like tripwire.
The tool is a primary csh script supported by a number of awk scripts.  No need
to compile anything.  Designed to
efficiently execute on any Unix platform, build file system listings and
differentiate across runs what's changed
within the filesystem (not their contents).  CRC/MD5 values are an optional
characteristic.  Once ran, any file
in the file system can be 'found' in seconds with full path and associated
details (a la 'ls').  Older versions
exist on the net today, its not a tool for sale.  I freely share it for
everyone's benefit.  I tweak it and update
it as my time permits.  It functions on Linux, HP-UX, Solaris, DEC, AIX---don't
know about SGI or CRAY as I've
never been able to touch one (anyone GOT an SGI or CRAY) and wanna give these a
test run and show me the results?

I've been adding some functionality recently to accommodate RHEL AS4 and Sun
Solaris 10 (open, commercial and SPARC).
Once I've completed these recent mod's I'd be happy to share the new version.
Older ones can be found by standard
yahoo searches for zlister.  My preferred site that I share with is
'metalab.unc.edu', so supporting them is a
good achievement I appreciate.

R,
-Joe Wulf, CISSP, USN (RET)
 ProSync Technology Group, LLC
(Continue reading)

Patrick Wade | 1 Nov 22:18 2006
Picon

Norwich MSIA

Hi All,

Does anyone have experience with the online MSIA degree that I see
advertised here all the time? If so is it worth the cost?

Thanks,
Patrick

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------

Craig Wright | 1 Nov 21:56 2006
Picon

RE: Reverse Engineering: Legal or illegal?


It all depends on where you are, what you are reversing and how good the
other sides lawyers are.

In the US the DMCA covers a large amount of issues with reversing
software. This is valid software mind you. As for the initial part of
the post, a virus writer has no recourse. The act of writing a virus is
in itself illegal and you can not initiate an action to protect an
illegal act.

So there is no downside to reversing a virus. Though it is technically
still illegal, it is not criminal and there is no civil recourse against
you.

Regards
Craig

-----Original Message-----
From: listbounce <at> securityfocus.com [mailto:listbounce <at> securityfocus.com]
On Behalf Of evb
Sent: Wednesday, 1 November 2006 7:10 AM
To: security-basics <at> securityfocus.com
Subject: RE: Reverse Engineering: Legal or illegal?

IAAL, and consider the following site a good place to start to think
about
the problem:

http://www.chillingeffects.org/reverse/faq.cgi

(Continue reading)

apaez1084 | 1 Nov 17:14 2006
Picon

Mcafee security

i got a problem. I have all the users computer under a domain. And all the users are part of the domain user
group. So they have very limited access. The thing about it is that it wont update the computers. I have to
change them to domain administrator. I dont want this users to administrtor of anything. But i want to keep
the mcafee antivirus updated along with the OS. I give them admin access there goes everything. 

Some one help me with this. I need all computer to download the updates for mcafee and the OS and anyother
software that needs to keep getting updated. 

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------

apaez1084 | 1 Nov 17:19 2006
Picon

Re: Re: Re: router access control list

Ok now that i got and read and learned all this. I need one last push i think i can do this on my own. 

I need to allow Only port 3390, 3389 from comin in and also http, email and ftp. Im going to be placing it on the
ATM0 interface because from what i read is going to be where the packets are going to be coming in. 
what would be my access list command. 

Just one last push guys please. 

thank you

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------


Gmane