ADMIN

Recommendations

Info

Features BlackHat 2010 BlackHat USA 2010 Learning from the Best The latest and greatest security issues By Kurt Seifried I’ve been to BlackHat twice now, and both times I have taken the same lesson home: If you think things are getting better in the field of computer security, you’re probably wrong. Over the years, progress has been made identifying bug types – currently the CWE lists 668 weaknesses in 120 categories – and some progress has been made with projects to identify and remove them systematically (e.g., OpenBSD has had remarkable success). However, you then come to the BlackHat conference and see a presentation like “HTTPS Can Byte Me,” in which Robert Hansen and Josh Sokol disclosed 24 vulnerabilities (Figure 1) that can compromise the integrity and security of SSLencrypted web traffic [2]. The problem is not so much a failing within SSL, but unless you’re taking extreme measures to protect network traffic against analysis (e.g., padding traffic out, introducing time delays, etc.), chances are, attackers will be able to glean information even if they can’t read the traffic directly. Also, consider the case of the wellmeaning web browser that attempts to be helpful. I guess people hate typ- Figure 1: Final HTTPS slide – 24 issues in all. ing in personal information, so almost all browsers support “auto-complete,” which automatically fills out form fields (e.g., name, address, and credit card number). Unfortunately, this feature can be abused by attackers (imagine that), allowing them to steal personal information saved within your web browser if you visit a web page. Using JavaScript, they can set it up so you don’t even have to type anything in – combined with a hidden IFRAME, you might never realize that it happened. The security talks are especially worrying – the ones in which researchers don’t find new vulnerabilities but simply quantify existing ones. In the case of SSL certificates, they scanned the Internet and found 1.2 million SSL-enabled websites [3] [4]. Among the problems found were certificates for reserved addresses (e.g., 192.168.1.2, a reserved IP address used by multiple sites) that never should have been allowed. Also, they found 50 percent of servers configured to allow SSLv2 (known to be insecure for 14 years). Now, I’m not a glass half empty kind of guy, but seeing 50 percent of servers configured insecurely is a bit depressing (which is probably why most security people buy beer in pitchers, not glasses). BlackHat isn’t an unending stream of bad news, however. Many of the presentations not only present problems but also discuss the solutions. The perfect example was a presentation called “Lifting the Fog” [5], in which Marco Slaviero scanned for memcached (a memory-caching program widely used to speed up web-based applications). He found many memcached servers open to the world, and by using two poorly documented commands, stat detail on (which enables debugging) and stats cachedump (which lists all the key names), he was able to retrieve all the items stored in the memcached server. And by “all” I mean everything; according to his presentation, he retrieved 136TB of data from 229 memcached servers. The good news is that securing your memcached is simple: Firewall it so that only local trusted systems can connect to it (and if you must use it over the Internet, set up a VPN to connect systems to it). This solution is not magical, but it drives home the point that you need to test and verify security measures using tools like Nmap [6] (which is how he found all the memcached instances). So, if you need an excuse (well, a work-related excuse) to go to Las Vegas, BlackHat, and Defcon afterward, they’re not only a lot of fun, but very educational. My only complaint is that with 10 tracks, chances are you’ll have to choose between two or more interesting talks, which is definitely a glass half full type of problem. n Info [1] Common Weakness Enumeration: [http:// cwe. mitre. org/] [2] HTTPS Can Byte Me: [https:// media. blackhat. com/ bh‐us‐10/ whitepapers/ Hansen_Sokol/ Blackhat‐USA ‐2010‐Hansen‐Sokol‐HTTPS‐Can‐Byte‐Me ‐wp. pdf] [3] SSL Observatory: [http:// www. eff. org/ observatory] [4] Internet SSL Survey 2010: [http:// blog. ivanristic. com/ Qualys_SSL_ Labs‐State_of_SSL_2010‐v1. 6. pdf] [5] Lifting the Fog: [https:// media. blackhat. com/ bh‐us‐10/ presentations/ Slaviero/ BlackHat‐USA‐2010 ‐Slaviero‐Lifting‐the‐Fog‐slides. pdf] [6] “Nmap scripting” by Eric Amberg, Linux Magazine, February 2008, pg. 68 34 Admin 01 www.admin-magazine.com
Backup & Disaster Recovery Georgetown University Chooses SEP sesam Backup Solution The Solution - SEP sesam Mike Yandrischovitz, Data Systems and Security Manager for the business school, consulted with other members of the user community and discovered SEP sesam. After contacting SEP, he downloaded and installed the software. In less than two hours, Mike, along with SEP assistance, was able to get backups for McDonough’s most critical applications. The decision to move from the old vendor was still difficult. Business school staff had invested a great deal financially and even more in time and lost productivity. Nevertheless it was decided to make a change to SEP sesam. The Situation Georgetown University’s McDonough School of Business (MSB), one of the most renowned business schools in the United States, called SEP sesam to replace their under-performing backup software. MSB is experiencing a period of strong program growth. The MSB Technology Canter has been tasked with keeping their IT systems up to date and required a state of the art backup system to ensure continuity of operations. After a brief discussion, SEP was able to analyze current problems and provide reliable backups for critical data. During the course of using the old solution, administrators were continually asked to reconfigure and restart their backup systems even though changes were not being made to the environment or the network infrastructure. The Challenge MSB’s new data and applications services requirements had outstripped its legacy backup software. The old solution was not flexible enough to meet new demands without continuous monitoring. The old system continually failed during overnight backup tasks. Each error and failed backup required a lengthy call to vendor tech support and often required custom code changes and hot patches. The situation finally became untenable when the software could not work with a newly purchased EMC DL3D1500 Disk Library. This final straw initiated an active search for a better and more effective backup solution. Backup & Disaster Recovery For more information visit: www.sepsoftware.com | www.sepusa.com “James Delmonico, at SEP, had us up and running in hours. I was getting substantial ‘heat’ from our user community because our backup solution was unstable. We were not able to get reliable backups using the old backup software. Thanks to the SEP sesam solution we had reliable backups almost immediately and restores of critical data for our customers’ everyday requirements were fast, easy and accurate. We are now a great fan of the software and the team at SEP,” said Yandrishovitz. “SEP engineers were even instrumental in using the SEP software to help diagnose a configuration problem with our new SAN. Isolating the problem, we were able to pinpoint an issue with the SAN Switch. The vendor reconfigured the switch and now, with the new software and new hardware, our backups are completed within time windows previously considered unattainable.” According to John Carpenter, McDonough Chief Technology Officer, “SEP sesam and their helpful engineers took a major worry off our plates. The new implementation has performed better than we expected. Our staff can now go home on time and I’vesaved the cost of acquisition of SEP sesam by returning scheduled overtime back to the operating budget. Backups that used to take a whole weekend are now complete in under eight hours.” Results “Implementing SEP sesam has been truly instrumental in easing our workload and providing a quality backup solution for all of our customers. The implementation has allowed us to use other equipment including our hundred-slot ADIC tape library, which was not available to us when using the previous solution. The time we spend working on backup related issues has been reduced by a factor of 90%. The acquisition cost for SEP sesam was less than our annual maintenance fee for the old back up solution. Call us one satisfied customer,” stated Carpenter.
Page 1 and 2: ADMIN Network & Security Rescue CD
Page 3 and 4: Welcome to Admin WELCOME ALL FOR AD
Page 5 and 6: Table of Contents SERVICE 8 Spacewa
Page 7 and 8: POWERHOUSE PERL 11 cool projects! F
Page 9 and 10: Spacewalk Features configuration fi
Page 11 and 12: Spacewalk Features Figure 2: Assign
Page 13 and 14: Spacewalk Features kickstart profil
Page 15 and 16: Icinga Features Table 1: States Opt
Page 17 and 18: Icinga Features ministrators only n
Page 19 and 20: Icinga Features Figure 6: Network o
Page 21 and 22: MySQL Forks and Patches Features th
Page 23 and 24: MySQL Forks and Patches Features In
Page 25 and 26: Exchange 2010 Features © peapop, F
Page 27 and 28: they can now synchronize text messa
Page 29 and 30: Backup Software Features data. One
Page 31 and 32: Backup Software Features tended), l
Page 33: Backup Software Features Two “wiz
Page 37 and 38: OCFS2 Tools ing. OCFS2 is fairly si
Page 39 and 40: OCFS2 Tools F Figure 2: Unspectacul
Page 41 and 42: To do this, you need to change the
Page 43 and 44: Synergy Tools Figure 1: Synergy as
Page 45 and 46: SystemTap Tools The SystemTap [3] t
Page 47 and 48: SystemTap Tools Instead of searchin
Page 49 and 50: Package Your Scripts Virtualization
Page 51 and 52: Linux Magazine ACADEMY curl U http:
Page 53 and 54: openVz VirtuAlizAtion live migratio
Page 55 and 56: OpenVZ Virtualization a number of c
Page 57 and 58: OpenVZ Virtualization OpenVZ kernel
Page 59 and 60: AND SAVE 30%! ADMIN Network & Secur
Page 61 and 62: Virtual Machine Manager Virtualizat
Page 63 and 64: Virtual Machine Manager Virtualizat
Page 65 and 66: Teamviewer Management and be contro
Page 67 and 68: NOV. 7-12 2010 24th Large Installat
Page 69 and 70: Chef Management Server Provides rec
Page 71 and 72: Chef Management ‐r http://s3.amaz
Page 73 and 74: Chef Management Figure 5: The clien
Page 75 and 76: Sysinternals Management AdInsight a
Page 77 and 78: Sysinternals Management Name Table
Page 79 and 80: PAM and Hardware Nuts and Bolts Fig
Page 81 and 82: November 13-19, 2010 • Ernest N.
Page 83 and 84: PAM and Hardware Nuts and Bolts to
Page 85 and 86:
ON NEWSSTANDS NOW ! UBUNTU USER MAG
Page 87 and 88:
modSecurity nutS And boltS complex
Page 89 and 90:
ModSecurity Nuts and bolts Insider
Page 91 and 92:
REAL SOLUTIONS FOR REAL NETWORKS Ea
Page 93 and 94:
Daemon Monitoring Nuts and Bolts Fi
Page 95 and 96:
VPns with SSTP nuTS And BoLTS Hands
Page 97 and 98:
VPNs with SSTP Nuts and Bolts Figur
Page 100:
DEDICATED SERVERS £59 FROM PER MON
show all

ADMIN

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?