download issue 27 here - Help Net Security

More documents

Recommendations

Info

Here are some of the Twitter feeds we follow closely and can recommend to anyone interested in learning more about security, as well as engaging in interesting conversations on the subject. If you want to suggest an account to be added to this list, send a message to @helpnetsecurity on Twitter. Our favorites for this issue are: @hal_pomeranz Hal Pomeranz - Independent IT security consultant, SANS Institute faculty fellow. http://twitter.com/hal_pomeranz @wimremes Wim Remes - Information security manager at Ernst & Young. http://twitter.com/wimremes @RafalLos RafalLos - Security evangelist, blogger, and WebAppSec SME at HP. http://twitter.com/RafalLos @CiscoSecurity Security technology, events and news. http://twitter.com/CiscoSecurity www.insecuremag.com 22
We security folks are often blamed for treating our users (or customers, if you want) as less than competent. We generally expect users to consider what we say as information security gospel, but that doesnʼt happen very often. Many users have questions, and if we are lucky they may voice them. Personally, I have found that when I take the trouble to explain the reason behind my decree, people are more likely to comply. You can file that under the “user education” category, if you will. I have a small home server that I use and abuse for various purposes, and tracking the various trends and attempts of ssh bruteforcing has always been a source of endless amusement. But one day, the following questions sprung into my mind: "Could I actually use that information? Could I get something useful from it?" With that in mind, I set about working on starting logging the passwords. I will not go into the details now - suffice to say I wanted something that was low maintenance, worked and did not require another server process or modifying the sshd code. I ended up using a custom pam module to log the source, the username and the password of each attempt, and I created honeypot users to monitor these attempts. Each bruteforce attempt creates a log entry that looks something like this: host = estpak.ee : username = shoutcast : password = shoutcast I let that setup run for a few months, specifically from December 2009 to July 2010. Letʼs see if the collected data can help us answer some questions. www.insecuremag.com 23
Page 5 and 6: The dramatic increase of vulnerabil
Page 7 and 8: Employees admit they would steal da
Page 10 and 11: Swedish company BlockMaster is a ne
Page 12 and 13: Network visibility continues to be
Page 14 and 15: Monitor the connection Understandin
Page 16: Cisco ASA: All-in-One Firewall, IPS
Page 19 and 20: computer for online banking, and fo
Page 21: Common web single sign-on and authe
Page 25 and 26: Letʼs take a look at the top 20 us
Page 28 and 29: If youʼre part of the quintessenti
Page 30 and 31: The five key tenets to PCI-complian
Page 32: SOURCE Barcelona 2010 (www.sourceco
Page 35 and 36: the liability for their security ri
Page 37: Oops!Backup (www.net-security.org/s
Page 40 and 41: Security was comparatively easy. Hu
Page 42: The mobile IT architecture is compl
Page 45 and 46: II. Data flows and systems Create a
Page 47 and 48: Further restrict payment card netwo
Page 49 and 50: Infected flash drive blamed for US
Page 51 and 52: 5 million domains serving malware v
Page 53 and 54: Firewalls and operating systems usu
Page 56 and 57: Authors: Merike Kaeo I Pages: 768 I
Page 58: BlindElephant: Open source web appl
Page 61 and 62: However, the introduction of an OOB

download issue 27 here - Help Net Security

Create successful ePaper yourself

Delete template?

Save as template?