A few security blogs from well known players in NetSec...
Marty Roesch, author of Snort and CTO 0f Sourcefire, here
Joel Esler of Sourcefire and ISC handler, here
Richard Bejtlich, author, Director of Incident Response for GE and former head of TaoSecurity, here
Tenable Security, here
Dr. Anton Chuvakin, author, security researcher and consultant, here
RaDaJo blog, Raul Siles, David Perez and Jorge Ortiz, here
Joanna Rutkowska, security researcher, here
This is obviously just a small sampling, but the point is, there is an absolute glut of information out there provided by very smart and experienced people. Every time you read one of these blogs or some security website, listen to a podcast, participate in a webcast or do some free online training, you're adding to your cumulative knowledge, increasing your value and making yourself a sharper analyst..
Wednesday, January 13, 2010
Tuesday, January 12, 2010
2009 Data Breaches
The Identity Theft Resource Center released their yearly report on data breaches, found here.
Malicious attacks surpassed human error for the first time in three years. One shocking stat is that of the 498 breaches reported, only six (yes six!) had any kind of encryption or strong security features guarding the data. Companies still continue to fall down on basic steps to safeguard their customers or clients data, and it doesn't look like it's getting any better...
Malicious attacks surpassed human error for the first time in three years. One shocking stat is that of the 498 breaches reported, only six (yes six!) had any kind of encryption or strong security features guarding the data. Companies still continue to fall down on basic steps to safeguard their customers or clients data, and it doesn't look like it's getting any better...
Monday, January 11, 2010
SANS AppSec 2010 - San Francisco
Identifying TCP Retries
When looking at packet dumps, distinguishing TCP retry packets from network scanning is straightforward. Look for these characteristics:
- Source ports will remain the same across all packets, as this is the same connection attempt.
- The TCP Sequence numbers will also remain the same, for the same reason.
- IP ID numbers will increment, because the sending host is creating a new packet each time.
- Time stamps will increment equally. This is due to the TCP back-off algorithm that waits an increasing amount of time before resending the next retransmission attempt. Usually the time before attempts will double; for example 3, then 6 then 12 seconds between attempts.
Wednesday, January 6, 2010
Linux SysAdmin Newsletter
nixCraft has a nice newsletter for Linux users with answers to common (and not so common) questions posted by users of the site. You can go to their site to sign up. Today's email included questions like how to set port forwarding in Mac OS X, how to turn on SELinux protection in RedHat/CentOS and for the newer users, how to determine which services are enabled at boot time...
Subscribe to:
Posts (Atom)