headers
Ivan . | 1 Aug 2007 03:12
Picon

Re: Fw rule set question

there  are useful ICMP types, depends on your network

http://www.samag.com/documents/s=9365/sam0004i/0004i.htm
http://www.cymru.com/Documents/icmp-messages.html

cheers
Ivan

On 7/31/07, Juan B <juanbabi <at> yahoo.com> wrote:
> hi,
>
> I am evaluating a Fw rule set.
>
> I see that source quench,icmp unreacheble and time
> execeeded (all icmp) is allowed from the internet to
> the internal network. this is a cisco pix. is it a
> requirmnet that those rules will be opened? what
> happened if I disbale them? is there a security risk
> here? I dont rememmber seeing those rules opened in
> any fw I saw..
>
> thanks a lot !
>
> Juan
>
>
>
> ____________________________________________________________________________________
> Got a little couch potato?
> Check out fun summer activities for kids.
(Continue reading)

Permalink | Reply | 2 comments |
headers
dave.long | 1 Aug 2007 15:05
Picon

Re: RE: Fw rule set question

The point is that these ICMP messages will not elicit replies, so cannot be used to 'enumerate' networks.
They could potentially be spoofed to create some sort of DoS attack, but the difficulties involved make it
an unlikely method to use.

If you're going to allow any ICMP from the Internet, these are the messages you'd want (plus, maybe, Echo Reply).

Dave
Permalink | Reply | 0 comments |
headers
Christian_Moldes | 1 Aug 2007 16:16
Picon
Favicon

Re: Business Case

Some resources that may be useful are:

THE BUSINESS CASE FOR NETWORK SECURITY: ADVOCACY, GOVERNANCE, AND ROI
Cisco Press, ISBN : 1-58720-121-6 


The Information Systems Security Officer's Guide: Establishing and Managing an Information Protection
Program, Second Edition
Butterworth Heinemann, ISBN: 0750676566


Surviving Security: How to Integrate People, Process, and Technology, Second Edition
Auerbach Publications, ISBN: 0849320429


If I were you I will start with security awareness
providing semi-daily security news regarding security incidents: breachs, defaced websites, hacked
companies, etc. 

I also will look for help in the upper management to be the project owner of the security initiatives. Having
support and enforcement from the upper management is critical. How do you get that, use security awareness.

Best regards,

Christian J. Moldes
CISM, CISSP, CISA, MCSE:Security, CCNA, PCI QSA
ISMS Lead Auditor (ISO 27001:2005)
Permalink | Reply | 501 comments |
headers
Miguel Dilaj | 1 Aug 2007 19:49
Favicon

Re: Fw rule set question

Ivan . escribió:
> there  are useful ICMP types, depends on your network
>
> http://www.samag.com/documents/s=9365/sam0004i/0004i.htm
> http://www.cymru.com/Documents/icmp-messages.html
>
> cheers
> Ivan
>
> On 7/31/07, Juan B <juanbabi <at> yahoo.com> wrote:
>   
>> hi,
>>
>> I am evaluating a Fw rule set.
>>
>> I see that source quench,icmp unreacheble and time
>> execeeded (all icmp) is allowed from the internet to
>> the internal network. this is a cisco pix. is it a
>> requirmnet that those rules will be opened? what
>> happened if I disbale them? is there a security risk
>> here? I dont rememmber seeing those rules opened in
>> any fw I saw..
>>
>> thanks a lot !
>>
>> Juan
>>
>>     

I see the point in allowing network troubleshooting traffic (ICMP,
(Continue reading)

Permalink | Reply | 1 comment |
headers
Miguel Dilaj | 1 Aug 2007 19:51
Favicon

Re: Business Case

Christian_Moldes <at> hotmail.com escribió:
> Some resources that may be useful are:
>
> THE BUSINESS CASE FOR NETWORK SECURITY: ADVOCACY, GOVERNANCE, AND ROI
> Cisco Press, ISBN : 1-58720-121-6 
>
>
> The Information Systems Security Officer's Guide: Establishing and Managing an Information
Protection Program, Second Edition
> Butterworth Heinemann, ISBN: 0750676566
>
>
> Surviving Security: How to Integrate People, Process, and Technology, Second Edition
> Auerbach Publications, ISBN: 0849320429
>
>
> If I were you I will start with security awareness
> providing semi-daily security news regarding security incidents: breachs, defaced websites, hacked
companies, etc. 
>
> I also will look for help in the upper management to be the project owner of the security initiatives.
Having support and enforcement from the upper management is critical. How do you get that, use security awareness.
>
> Best regards,
>
> Christian J. Moldes
> CISM, CISSP, CISA, MCSE:Security, CCNA, PCI QSA
> ISMS Lead Auditor (ISO 27001:2005)
>
>
(Continue reading)

Permalink | Reply | 501 comments |
headers
Arjuna Scagnetto | 1 Aug 2007 13:14
Picon
Picon
Favicon

802.1x security hole ?

hi,

recently i've discovered this article
"An initial security analysis of the IEEE802.1x standard"
( 6 Feb 2002 )

In it the authors show that a session hijacking against 802.1x stardard 
is possible. (read it for details)

but making some research i've found on page 85 of  IEEE802.11 STD 2007:

"In an RSNA, deauthentication also destroys any related PTKSA, group 
temporal key security association (GTKSA), station-to-station link 
(STSL) master key security association (SMKSA), and STSL transient key
security association (STKSA) that exist in the STA and closes the 
associated IEEE 802.1X Controlled Port.
If pairwise master key (PMK) caching is not enabled, deauthentication 
also destroys the pairwise master key security association (PMKSA) from 
which the deleted PTKSA was derived."

Since the authors don't answer me i would ask to all of you if you think 
or better if you know if the attack suggested is still possible or not?

thanks in advance
Arjuna Scagnetto
Permalink | Reply | 0 comments |
headers
nl | 1 Aug 2007 22:48
Picon

Security on asp.net (and other serverside scripting languages)

Hello list,

first i've to say that i'am not a programmer and I'm researching for a
friend..
So I'am sorry if I sound a bit unqualified So I thought it's good to start
here and find some experts ;-)

Currently they write cgi's for their webbased application (I think
everything with c++) Webserver is MS IIS. They need to access a MS SQL
Database and among other and Process AuditLogfiles (sort, display, etc.) 

They're thinking about to move over to .NET but there's been a discussion
about security...

Can you tell me, whats state of the Art using for Server side-Scripting
today?
Perhaps somebody could post a link/doc
comparing the different "solutions", pro's & cons and especially security
consideration.

Thank You!

Regards
Tom
Permalink | Reply | 0 comments |
headers
Justin Ross | 2 Aug 2007 01:36

RE: which of these ways (if any) are the best to switch to it sec?!?

 Well you could parlay your router, switch, server experience into a
network security career. The first thing you should decide is what
security position interests you? Penetration tester, network security,
policy/risk management, auditing, secure programming consultant,
forensics? There is a plethora of security jobs/specialties out there,
each requiring different skill sets (Programming, Engineering, hacking,
etc.) and experience.

My advice initially wouldn't be to go down the CEH path, because it is
more penetration testing/hacking focused; and without experience, I'm
not sure that will be a valuable cert to get your foot in the door. It's
just not that necessary of a certification, though I have noticed that
more DOD contractors/civilian employees are getting it (after they get
their CISSP usually). While penetration testing is a great career, it
also requires (in my opinion) a programming background or at least
fairly in-depth knowledge of programming, and while CEH doesn't make you
a penetration tester, it also doesn't make you a security
expert/professional either. 

You could go the CCSP (Cisco Certified Security Professional) route,
which requires a CCNA which may help you should you get a job in network
support. I would also recommend the CISSP, and though I rarely recommend
the Security+, in your case (depending on your experience/knowledge
level) may be very beneficial. The CISSP is almost like a high school
diploma for security professionals, if you don't have it you will lose a
lot of opportunities. You might just get by reading the security+ book
too and not take the certification, because it's value is questionable
like the A+ (in my opinion).

I would also recommend reading as much security information that you can
(Continue reading)

Permalink | Reply | 0 comments |
headers
Sam Evans | 2 Aug 2007 04:04
Picon

Information Security and Outsourcing IT Services

All,

Couple of questions --

The company I work for is currently going through an investigative 
exercise looking at outsourcing IT services.  I was wondering if anyone 
has some white papers or other information around how to manage a 
security environment given that a potential large portion of the 
employees are outsourced based.

Secondly, does anyone have information regarding outsourcing an 
operational security component of an organization as well as information 
security / governance?

Thanks in advance!
Permalink | Reply | 0 comments |
headers
corey | 2 Aug 2007 00:45

Re: RE: New Spam Technique

Hi,

The  <at> Mail dev team have created a module for spamassassin which uses the sa engine to scan the content of PDF
attachments and append the spam score to the score of the email message -- and it WORKS!

http://blog.atmail.com/?p=61


or:

http://freshmeat.net/projects/pdfassassin/
Permalink | Reply | 3 comments |

Gmane