Wednesday, January 13, 2010

Security Blogs

A few security blogs from well known players in NetSec...

Marty Roesch, author of Snort and CTO 0f Sourcefire, here

Joel Esler of Sourcefire and ISC handler, here

Richard Bejtlich, author, Director of Incident Response for GE and former head of TaoSecurity, here

Tenable Security, here

Dr. Anton Chuvakin, author, security researcher and consultant, here

RaDaJo blog, Raul Siles, David Perez and Jorge Ortiz, here

Joanna Rutkowska, security researcher, here

This is obviously just a small sampling, but the point is, there is an absolute glut of information out there provided by very smart and experienced people. Every time you read one of these blogs or some security website, listen to a podcast, participate in a webcast or do some free online training, you're adding to your cumulative knowledge, increasing your value and making yourself a sharper analyst..

Tuesday, January 12, 2010

2009 Data Breaches

The Identity Theft Resource Center released their yearly report on data breaches, found here.
Malicious attacks surpassed human error for the first time in three years. One shocking stat is that of the 498 breaches reported, only six (yes six!) had any kind of encryption or strong security features guarding the data. Companies still continue to fall down on basic steps to safeguard their customers or clients data, and it doesn't look like it's getting any better...

Monday, January 11, 2010

SANS AppSec 2010 - San Francisco

Send your developers to learn secure coding. The number one way to guard against vulnerabilities is to eliminate them to begin with!

Identifying TCP Retries

When looking at packet dumps, distinguishing TCP retry packets from network scanning is straightforward. Look for these characteristics:

  1. Source ports will remain the same across all packets, as this is the same connection attempt.
  2. The TCP Sequence numbers will also remain the same, for the same reason.
  3. IP ID numbers will increment, because the sending host is creating a new packet each time.
  4. Time stamps will increment equally. This is due to the TCP back-off algorithm that waits an increasing amount of time before resending the next retransmission attempt. Usually the time before attempts will double; for example 3, then 6 then 12 seconds between attempts.

Wednesday, January 6, 2010

Linux SysAdmin Newsletter

nixCraft has a nice newsletter for Linux users with answers to common (and not so common) questions posted by users of the site. You can go to their site to sign up. Today's email included questions like how to set port forwarding in Mac OS X, how to turn on SELinux protection in RedHat/CentOS and for the newer users, how to determine which services are enabled at boot time...

Blog Archive