Best IT Documents.com Blog


Security Guide for Wireless Communications

Posted in Networking (340) by Guest on the June 30th, 2010

The next time you pick up that car phone to conduct last-minute business on the way to the airport, take a second to consider whether it would matter if your conversation were overheard by an AT&T executive, or some other third party. Unless both parties are using encryption or scrambling devices, wireless communications are not secure. They may be intercepted and listened to, either intentionally or accidentally. 

Although it is illegal to intercept, publish or use a cellular or other wireless communication without the consent of either one or both parties to the communication (depending on state law), there now are many well-publicized episodes of “personal” communications creating fertile fodder for the supermarket tabloids or being used to the detriment of the unknowing participants to the conversation.  

From our perspective, there are at least two major areas of concern with the security of wireless communications. First, as a general business matter, we need to ensure that any sensitive corporate information is not shared with the outside world unintentionally. Also, as a legal matter, it is likely that because they are susceptible to easy interception, wireless communications that otherwise would be shielded from disclosure by the attorney-client privilege would not be accorded this protection.  

While the contents of your business calls might not be juicy enough to merit headlines on the front page of the National Enquirer, unintentional disclosure could prove damaging to your competitive position in the marketplace. Likewise, unintentional disclosure could compromise your position in critical potential litigation.   

By incorporating simple measures into your routine, you can reduce potential risks to Corporate:

Make a conscious effort to limit your use of wireless communications devices to discussion of issues that are not sensitive;

At the beginning of your wireless calls, advise the other party that you are using a wireless device and that he or she should appropriately limit the discussion; and

When in doubt about the sensitivity of the information you may be discussing, err on the side of caution and do not discuss it over wireless devices.  Don’t let the ease and convenience of your wireless communications devices lure you into the trap of needlessly compromising the integrity of sensitive corporate information.

http://www.bestitdocuments.com/Services.html

Comments Off on Security Guide for Wireless Communications

Guiding Principles for Software Security

Posted in Application (380) by Guest on the June 29th, 2010

Behind every attack & security problem is – bad software

A major concern is that security professionals are often un-aware the problem is – bad software

Encrypt your data lines?

The riskiest category of software today is Internet-enabled apps

“Using encryption on the Internet is the equivalent of arranging an armored car to deliver credit card information from someone living in a cardboard box to someone living on a park bench.”

The Most Effective Technique Is Simple

To protect yourself you must

Begin early to think about security,

Know your threats,

Design for security

Test your design thoroughly

Security is not an add-on, but a fundamental property of software

Never completely secure

You must recognize security is one concern among many

Cost

Reusability

Usability

Robustness

Software is not only bad, but attractive

Hackers/crackers want to make your software misbehave

Are they malicious or altruistic?

Full disclosure

Script kiddie

Cracker

Why is software insecure?

Systems are complex, hard to analyze, & hard to secure

Extensible

Ubiquitous

Interdependent [apps, networking, & OS]

Avoid Attack then Patch Approach to Security

Patches are only for Known problems

Patches often create new problems

Patches often go unapplied

Patches fix symptoms

It is cheaper both ways

Bugs are much less expensive to find and fix during development

You avoid the potential attacks and user dissatisfaction

Comments Off on Guiding Principles for Software Security

Principles of Software Security

Posted in Application (380) by Guest on the June 29th, 2010

Secure the weakest link

Low-hanging fruit is picked first, I.e. Attack end points, not encrypted links

Risk analysis ID’s the weakest link

Apportion resources according to risk

Practice defense in depth

One layer is never enough

Overlapping & redundant

  

Fail securely

Failure is unavoidable

Allow least privilege

Only the minimum access is allowed

For the minimum time

  

i.e. – Temporary root privilege

Compartmentalize

Break system into encapsulated units

Keep it simple

Complexity increases risk

Harder to fix

  

Choke points approach

Promote privacy

Not necessarily security, but desirable

Give out only minimum data, ‘need to know’

Remember that hiding secrets is hard

Binaries can be reverse engineered

  

Insider attacks are the most common attack

Be reluctant to trust

Don’t assume shrink-wrap software is secure

Beware of customer support

Don’t trust trusted software too far

  

Use your community resources

Open trusted sourcing

Comments Off on Principles of Software Security

Assurance of trustworthiness

Posted in Security (1500) by Guest on the June 29th, 2010

It’s all a “confidence” game.

Providing adequate confidence that …

… Data will not be altered or misused.

… Only authorized access is allowed.

… Customers’ wishes are being honored.

Recent surveys of online consumers

70% said privacy was important to them, but only 40% read privacy statements

53% use the same usernames and passwords on multiple sites

91% would be more likely to do business with a company that verified its privacy practices with a third party

84% think that third party verification should be a requirement

Comments Off on Assurance of trustworthiness

Loose Unix Technical Security Notes

Posted in Security (1500) by Guest on the June 22nd, 2010
When you start talking about lots of bytes, you get into prefixes like kilo, mega and giga, as in kilobyte, megabyte and gigabyte (also shortened to K, M and G, as in Kbytes, Mbytes and Gbytes or KB, MB and GB). The following table shows the multipliers: 
Basic UNIX commands
Note: UNIX is case sensitive. The commands below are lower case. If you try them in upper or mixed case they will not work. Any file names that are created are case sensitive as well. Files testfile1 and TESTFILE1 are 2 different files. 
man manual page – man cp will display a “manual page” for the cp command. All UNIX commands have manual pages. You can get more information on the commands below by using the man command 
manual page – will display a “manual page” for the command. All UNIX commands have manual pages. You can get more information on the commands below by using the man command
man command-name  
cat list contents of a file – cat file1 will display the contents of file1 on the screen.  
list contents of a file – will display the contents of file1 on the screen.
cd change directory – cd testdir will take you from the current directory that you are in, to the subdirectory testdir. If you want to go to a directory that is not a subdirectory of the directory that your are currently in, you must qualify the entire path name, such as:
  change directory – will take you from the current directory that you are in, to the subdirectory testdir. If you want to go to a directory that is not a subdirectory of the directory that your are currently in, you must qualify the entire path name, such as:
cd /sei/testdir/documents will take you to that directory (if it exists).  
cp copy command – cp file1 file2 will copy file1 to file2. It will create file2 if it does not already exist, and it will rewrite file2 if it does exist. (Note: permissions for the file will not be copied unless you use the -p option. The permissions will be set to the default for any new file when you do a copy. See the permissions section for more info on permissions.) 
copy command – will copy file1 to file2. It will create file2 if it does not already exist, and it will rewrite file2 if it does exist. (Note: permissions for the file will not be copied unless you use the option. The permissions will be set to the default for any new file when you do a copy. See the permissions section for more info on permissions.)  
diff difference command – diff file1 file2 will compare file1 with file2 and display the differences.
difference command – will compare file1 with file2 and display the differences.  
echo echo command – echo $PATH will display the value of the variable PATH on the screen. You can echo any environment variable command to see what value it contains. For more information on PATH or any other environment variable, see the environment variables section.
echo command – will display the value of the variable PATH on the screen. You can echo any environment variable command to see what value it contains. For more information on PATH or any other environment variable, see the section. 
find find command – find testdir -print will find files in the testdir directory and print them. find is usually used with an argument which specifies the type of file or directory you wish to find. find testdir -ctime 2 -print will find all files within the testdir directory which have changed in the last 2 days. (-ctime is the argument for specifying the check for date/time, and the 2 means 2 days.) For a list of the arguments available, see man find for the manual page on the find command. 
find command – will find files in the testdir directory and print them. is usually used with an argument which specifies the type of file or directory you wish to find. will find all files within the testdir directory which have changed in the last 2 days. (-ctime is the argument for specifying the check for date/time, and the 2 means 2 days.) For a list of the arguments available, see for the manual page on the command.  
grep search command – grep Mark file1 will search through file1 for the character string “Mark”, and will display all lines within the file that contain “Barb”. To search for a string (that includes spaces) use quotes as follows: grep “this is a test” file1 will search file1 for the string “this is a test”. You can use the wildcard character “*” to search several files for a string. For example: grep DR112898 *.txt will search all files in the current directory that end with “.txt” for the string DR112898, and will display the filename where this string is found, as well as the line that the string was found on. 
search command – will search through file1 for the character string “Mark”, and will display all lines within the file that contain “Barb”. To search for a string (that includes spaces) use quotes as follows: will search file1 for the string “this is a test”. You can use the wildcard character “*” to search several files for a string. For example: will search all files in the current directory that end with “.txt” for the string DR112898, and will display the filename where this string is found, as well as the line that the string was found on. 
Below is an example of the grep command using a wildcard character. In this example, the current directory is being searched for the string “name”, and all files in the directory are to be searched. The command entered and the output generated are listed below:
/home/user-name/testdir >grep name *
test.file.1:This is a test file. The name of this file is test.file.1
test.file.2:This is a test file. The name of this file is test.file.2
test.file.3:This is a test file. The name of this file is test.file.3
test.file.haha:This is a test file. The name of this file is test.file.haha 
Four files within the current directory contained the string “name”, and are listed along with the line within the file that contains that string. 
ls list command – ls will create a list of all of the files and directories that are in the “current” directory. If your are currently in the /home/userid directory, saying ls will list only those files and subdirectories that are in /home/userid. If you have a subdirectory of testdir within this directory, and you wish to list those files, type: ls testdir and the contents of the testdir directory will be listed. (See the example in the Permissions section for an example of output from the ls command and an explanation of each piece of information.) 
list command – will create a list of all of the files and directories that are in the “current” directory. If your are currently in the /home/userid directory, saying will list only those files and subdirectories that are in /home/userid. If you have a subdirectory of within this directory, and you wish to list those files, type: and the contents of the testdir directory will be listed. (See the example in the Permissions section for an example of output from the command and an explanation of each piece of information.)  
mkdir make directory – mkdir testdir will create a directory called testdir. It will be a subdirectory of whatever directory you happen to be in when you issue the command.
make directory – will create a directory called testdir. It will be a subdirectory of whatever directory you happen to be in when you issue the command.
more more command – more file1 will display the contents of file1 on the screen, but unlike the cat command, it will only show you a screen at a time (rather than scrolling by all at once) and let you scroll through it by pressing the space bar.  
more command – will display the contents of file1 on the screen, but unlike the command, it will only show you a screen at a time (rather than scrolling by all at once) and let you scroll through it by pressing the space bar.  
mv move command – mv file1 file1.1 will move or rename file1 to file1.1
move command – will move or rename file1 to file1.1
pwd print working directory command – pwd will display the current directory that you are in.
print working directory command – will display the current directory that you are in.  
rm remove command – rm file1 will remove file1. This works for files only, not directories (unless you use the -r option à see command options below). You can remove more than one file at a time by saying: rm file1 file2 file3 which will remove all three files.
remove command – will remove file1. This works for files only, not directories (unless you use the -r option see command options below). You can remove more than one file at a time by saying: which will remove all three files.
rmdir remove directory – rmdir dir1 will remove the directory named dir1. This will only work if directory dir1 is empty.
remove directory – will remove the directory named dir1. This will only work if directory dir1 is empty.  
touch touch command – touch file1 will update the change date/time for the file. It will not change the contents of the file in any way, but there are times when you may want to do a find or list files based on the last time they were updated, and if you want a specific file to be included in that list, you can “touch” it to update the date/time attribute for the file. 
touch command – will update the change date/time for the file. It will not change the contents of the file in any way, but there are times when you may want to do a find or list files based on the last time they were updated, and if you want a specific file to be included in that list, you can “touch” it to update the date/time attribute for the file. 
whence whence command finds executeable files – whence emacs will display the directory where the emacs executeable resides. This command can be used with any executeable. If you try whence cp the output of the command will tell you that the cp command can be found in the /usr/bin directory.
whence command finds executeable files – will display the directory where the emacs executeable resides. This command can be used with any executeable. If you try the output of the command will tell you that the command can be found in the /usr/bin directory. 
navigating between directories – If you are copying a file from one directory to another, and both directories are subdirectories of the same directory, you can short cut as the following examples show:
If you are copying a file from one directory to another, and both directories are subdirectories of the same directory, you can short cut as the following examples show:  
To copy file1 from /home/user-name/testdir to /home/user-name, and if the current directory is /home/user-name/testdir, do the following:
cp file1 ../ The “../” will back you up one subdirectory.
The “” will back you up one subdirectory. 
To copy file2 from /home/user-name/testdir to /home/user-name/srcdir, and if the current directory is /home/user-name/testdir, do the following:
cp file2 ../srcdir This will back up one directory, and then go forward one directory
This will back up one directory, and then go forward one directory to the srcdir directory and copy the file there. 
To print files.
* pr filename 
You can, as a user, create or destroy directories on the tree beneath you. This means that root can kill everything but root, and you can kill any that are below you. These are the
mkdir pathname
rmdir pathname 
Once again, you are not alone on the system…
who
To see what other users are logged in to the system at the time. If you want to talk to them:
write username 
Will allow you to chat at the same time, without having to worry about the parser. To send mail to a user, say
mail
And enter the mail sub-system. To send a message to all the users on the system, say  
wall
Which stands for ‘write all’. By the way, on a few systems, all you have to do is hit the <return> key to end the message, but on others you must hit the cntrl-d key.
To send a single message to a user, say
write username 
This is very handy again! If you send the sequence of characters discussed at the very beginning of this article, you can have the super-user terminal do tricks for you again.
A little about Unix architecture: The root directory, called root, is where the system core files and utilities resides. After this come a few ‘sub’ root directories, usually to group things (stats here, privileged stuff here, the user log here…). On a Unix system is the root prompt is a # (pound sound or superuser prompt). 
Under this comes the superuser (the operator of the system), and then finally the normal users directories and files. 
The way the Unix system was written, everything, users included, are just programs belonging to the root directory.
pwd 
This shows your account. separated by a slash with another pathname (account.), possibly many times. 
To connect through to another path, or many paths, you would type:
path1/path2/path3 
And then you are connected all the way from path1 to path3. You can run the programs on all the paths you are connected to. If it does not allow you to connect to a path, then you have insufficient privileges, or the path is closed and archived onto tape. You can run programs this way: 
path1/path2/path3/program-name
To see what you have access to in the end path type:
ls
For a list of files and programs you can run in the current directory. You can connect to the root directory and run it’s programs with:
/root 
The wildcard character in unix, if you want to search down a path for
a game or such, is the *.
ls /*
. (the dot) current directory – the dot can be used as sort of an abbreviation for the current directory. For example: cp /home/user-name/test.file.1 . Will copy the file test.file.1 from the /home/user-name directory, to the directory that you are in. The long way to write this would have been cp /home/user-name/test.file.1 /home/myuserid
current directory – the dot can be used as sort of an abbreviation for the current directory. For example: Will copy the file test.file.1 from the /home/user-name directory, to the directory that you are in. The long way to write this would have been 
COMMAND OPTIONS
Most UNIX commands have options that you can use with them, and they all follow this format: command -x argument 
where command is the name of the UNIX command, -x is the option (can be -l, -r, -p etc.) and argument is whatever you’re sending the command.
An example: rm -r dir2 
Using the -r option with the rm command will allow you to remove the dir2 even though it is a directory -not a file- and even though it has subdirectories and files within it. The -r command will remove any files and subdirectories under dir2, and then remove dir2 itself.
An example: ls -l 
Using the -l option with the ls command will list all files and directories, and will also display their attributes – date and time last updated, owner of the file, permissions (see below for an explanation of permissions), size of the file.
An example: ls -l *.C 
The wild card character * (asterisk) can be used to display files with a similar naming convention. This example will list all files whose name ends in .C
Note: when using the wild card character to list files, using just * to list ALL files will not list those that begin
with . (dot). To list files that begin with . you must say:
ls -l .* or ls -l .abc*. The first example will list all files whose name begins with a dot, and the second will list all files that begin with .abc.
or . The first example will list all files whose name begins with a dot, and the second will list all files that begin with . 
Permissions
If you want superuser privs, you can either log in as root, or edit your account. so it can say
suThis now gives you the # prompt, and allows you to completely by-pass the protection. The wonderful security conscious developers at bell made it very difficult to do much without privileges, but once you have them, there is absolutely nothing stopping you from doing anything you want to.
UNIX has modes or “permissions” on files and directories which say who has read and/or write access to them. The following line is a line of output from an ls -l command which listed the files in a directory.
-rw-r–r– 1 user-name IRSTSUPT 127 Jun 16 16:20 test.file.3
|———-| These permissions show that the owner of the file, has read and write access, and those in the same “group” (IRSTSUPT) have read access and all others have read access.
| the “1” is a level number. All files within this directory have a “1”, and subdirectories within this directory have a “2”.
 
|——-| user-name is the “owner” of the file. It was created by userid user-name and also resides in a file owned by user-name.
 |——–| IRSTSUPT is a “group” name. Users are defined within a group, and permissions can be defined at the group level.
|—-| 127 is the size of the file (in bytes). 
|———| date and time are the next piece of information from the ls display. This is the date/time the file was last updated. 
|———–| test.file.3 is the file name
-rw-r–r– 1 user-name IRSTSUPT 127 Jun 16 16:20 test.file.3
drwxr-xr-x 2 user-name IRSTSUPT 8192 Jun 17 12:44 testdir/
The above 2 lines are taken from the output of an ls -l command, and the permissions can be read as follows: 
The first character tells you if it is a file or a directory. The first line shows a “-” and is a filename, the second line shows a “d” and is a directory. 
The remaining characters are split out into 3 groups of 3 for a total of 9 characters. The first group of 3 characters, are the permissions for the owner of the file. The second group of 3 characters are the permissions for the group, and the third group of 3 characters are the permissions for any user on the system that is not the owner, or part of the “group”. 
For the first group, describing the owner’s permission, the first line (for test.file.3) shows “rw-” which means that the owner, has read and write access. The “-” in the third position shows that this is not an executable file. The second line (for testdir) shows “rwx” which means that the owner of this directory has read and write access, as well as the permission to execute files from this directory.
For the second group, describing the group’s permissions, the first line (for test.file.3) shows “r–” and specify what permissions anyone in the “IRSTSUPT” group have. In this case, they have read only access to this file. The second line (for testdir) shows “r-x” which means that anyone in the group has read access, and executable access. 
For the third group, describing “other users” permissions, the first line (for test.file.3) all users outside of the owner and the group have read only access. For testdir, all users outside of the owner and the group have read access and executable access. 
Generally, only the OWNER of a file has write access, but everyone else has read access.
The chmod command (change modes) allows you to change the permissions of a file. (If you don’t have write access to a file, then you don’t have the authority to change the permissions of a file.) There are several ways to use the chmod command, and these can be viewed by doing a man chmod to get the manual page for chmod. One method is listed below: 
You can use the values listed below and add them together to come up with the mode you want to give a file. If you are creating a file that you want to have read and write access to, and everyone else needs read only access, your “mode” would be 644. This is derived by adding 0400 (permits read by owner) and 0200 (permits write by owner), and 0040 (permits read by group) and 0004 (permits read by others). The total is 644. The command to change a file to this mode would be: chmod 644 file1  
When you create a new file, this mode is the default. If you want to give others in your group write access, the command would be chmod 664 file1
mode values
** values for owner **
0400
Permits read by owner.
0200
Permits write by owner.
0100
Permits execute or search by owner.
** values for group **
0040
Permits read by group.
0020
Permits write by group.
0010
Permits execute or search by group.
** values for other users **
0004
Permits read by others.
0002
Permits write by others.
0001
Permits execute or search by others.  
Input, Output, Redirection and Piping
UNIX commands will always write their output to the “standard output file” which for us is the screen. You can redirect the output to a file if you wish.
For example: diff file1 file2 > diff.out
 The differences between file1 and file2 will be written to diff.out rather than the screen. This is very useful when you know that the output will be large and will take up more than one screen. diff.out will be created when this command is issued, and you can then browse the file using vi or emacs.
There are times when you want to feed the output from one command into another file. This is called piping. Lets say for example that you wanted to compare 2 files, and check to see if the difference between the two files happened to be a character string “AAAA”. You can accomplish this by doing the following:
 
diff file1 file2 | grep AAAA
The output from the diff command will be “piped” (using the “|” symbol) to the grep command, which will read diff’s output and search for the string “AAAA”. The output from the grep will be written to the screen (standard out).
 
The more command is one that is “piped” to quite a bit. If you are going to execute a command that you know will have a large output, and you don’t necessarily want to redirect the output to another file, you can “pipe it to more”. For example:
 
diff file1 file2 | more will compare file1 and file2, and send the output to the more command which will only display the output one screen at a time. If you don’t pipe to more, and you have output that is larger than one screen, the output will scroll by on your screen and you’ll miss all but the last screenfull.
will compare file1 and file2, and send the output to the command which will only display the output one screen at a time. If you don’t pipe to more, and you have output that is larger than one screen, the output will scroll by on your screen and you’ll miss all but the last screenfull.
 
Control Characters
CNTRL-d On the Unix system is the abort key. Watch how many times that you hit this, since it also a way to log off the system!
On the Unix system is the abort key. Watch how many times that you hit this, since it also a way to log off the system!
 
CTL-c (The Control key and the character c) can be
used to break out of a process.
(The Control key and the character c) can be used to break out of a process.
ESC-k (The Escape key and the character k) can be used to recall the last command entered on the command line. If you continue to press the k key, you can recall previous commands entered.
(The Escape key and the character k) can be used to recall the last command entered on the command line. If you continue to press the k key, you can recall previous commands entered.
 
Profile files and Environment variables
There are files which can be created in your home directory which will set up default values for your UNIX environment which will apply to your logon only. These files are called .profile and .kshrc .
.profile
Your .profile file gets executed every time you log on. The following is a sample of a .profile file:
# Profile Example
export PATH=/sample/testdir:/testsample/tools/bin:.
export PS1=’$PWD >’
. sample.script
sample.script
#end of profile example
 
The .profile can set environment variables by using the export command. In the example above, the PATH variable and the PS1 variable are being set. When a variable is “exported” it is available as long as you are logged on. Each time you log on, your .profile is executed, and these variables are set and “exported” so that they are accessible while you are logged on. A few of the system variables are described below.
 
The line in the sample profile which reads . sample.script is an example of how to execute a script file from your .profile. A script file is a type of executable file, and if you wish for a certain script file to be executed at logon time, you can accomplish this by adding a “. (dot) followed by a space and the script file name.
environment variables 
PATH – The PATH variable contains the list of directories which will be searched anytime you enter a command. When you enter a UNIX command, such as cp to copy a file, this will be executed out of the /usr/bin file. If you enter a command, which is not recognized as a “UNIX” system command (such as cp), your PATH will be searched to find the executable file you are trying to run. When your PATH is searched, the first time that the executable file is located in a directory, that copy of the executable file will be run. In the .profile example above, there are 2 directories listed in the PATH. The first is /sample/testdir and the second is /testsample/tools/bin. If you were trying to run a program (issue a command) named report_oscirs and there was a copy of this in both directories, the one that would be executed would be the one found in /sample/testdir since it is the first directory listed in your PATH. You can display the list of directories in your PATH by using the echo command: echo $PATH will display the contents of the PATH variable. Whenever you wish to reference the content of an environment variable, you must preface the variable name with $. 
The variable contains the list of directories which will be searched anytime you enter a command. When you enter a UNIX command, such as to copy a file, this will be executed out of the /usr/bin file. If you enter a command, which is not recognized as a “UNIX” system command (such as cp), your PATH will be searched to find the executable file you are trying to run. When your PATH is searched, the first time that the executable file is located in a directory, that copy of the executable file will be run. In the example above, there are 2 directories listed in the PATH. The first is /sample/testdir and the second is /testsample/tools/bin. If you were trying to run a program (issue a command) named report_oscirs and there was a copy of this in both directories, the one that would be executed would be the one found in /sample/testdir since it is the first directory listed in your PATH. You can display the list of directories in your PATH by using the echo command: will display the contents of the PATH variable. Whenever you wish to reference the of an environment variable, you must preface the variable name with. 
PS1 – The PS1 variable contains what is displayed as your UNIX prompt. When you logon to UNIX, the default prompt is $. The prompt is where you enter your commands. You can set your PS1 variable to any value you wish to have displayed on your command line. Some choose to have the name of the machine that they are working on displayed (hostname) and some prefer to display the name of the current directory. 
– The variable contains what is displayed as your UNIX prompt. When you logon to UNIX, the default prompt is. The prompt is where you enter your commands. You can set your variable to any value you wish to have displayed on your command line. Some choose to have the name of the machine that they are working on displayed (hostname) and some prefer to display the name of the current directory.
To display the contents of the current directory, you can reference the PWD variable. (See below.) The example in the .profile sets the PS1 variable equal to the contents of the PWD variable by setting it to $PWD. 
PWD – The PWD variable contains the name of the current directory. The current directory is the directory you are in at the moment.
The variable contains the name of the current directory. The current directory is the directory you are in at the moment.
.kshrc 
Your .kshrc file gets executed every time you log on. It can also perform exports on environment variables like the .profile does. However, this file can also set aliases which the .profile file can not do. (If you put an alias in your .profile, you won’t receive any errors, but the alias won’t work.) The following is an example of a .kshrc file:
# sample .kshrc file
export PCIPADDR=x.x.x.x
export DISPLAY=$PCIPADDR:0
alias dir=”ls -l” 
aliases
An alias is a name that you can set, that represents a command or any character string. For example, you could set up an alias called dir that would execute the ls command:
alias dir=”ls -l” 
This may be handy for commands you use a lot, and have trouble remembering the name of, or you just want a short cut. An alias can be set by typing in the above command on the UNIX command line, or it can be entered into your .kshrc file. If you want the alias to always be around, you should enter it into your .kshrc file. 

http://www.bestitdocuments.com/Services.html

Comments Off on Loose Unix Technical Security Notes

FIPS 196

Posted in Security (1500) by Guest on the June 9th, 2010

Entity authentication using public key cryptography

  

Extends and clarifies ISO 9798 entity authentication standard

Signed challenge/response protocol:

Server sends server nonce SN

  

Client generates client nonce CN

  

Client signs SN and CN and returns to server

  

Server verifies signature on the data

Mutual authentication uses a three-pass protocol

Server sends client signed SC as final step

  

Inclusion of CN prevents the previous chosen-protocol attacks

  

Vulnerable to other attacks unless special precautions are taken

http://bestitdocuments.com/Services.html

Comments Off on FIPS 196

Basic Windows Incident response tools

Posted in Security (1500) by Guest on the June 8th, 2010

 

Tool

Use

Netstat.exe Displays protocol statistics and current TCP/IP network connections.
Arp.exe Displays and modifies the IP-to-Physical address translation tables used by address resolution protocol (ARP).
Net.exe Net used with [ ACCOUNTS | COMPUTER | CONFIG | CONTINUE | FILE | GROUP | HELP |   HELPMSG | LOCALGROUP | NAME | PAUSE | PRINT | SEND | SESSION | SHARE | START | STATISTICS | STOP | TIME | USE | USER | VIEW ] allows user to stop and start services, add remove users, etc.
Nbtstat.exe Displays protocol statistics and current TCP/IP connections using NBT (NetBIOS over TCP/IP).
Route.exe Manipulates network routing tables.
Cmd.exe Starts a new instance of the Windows XP command interpreter
Fport.exe  TCP/IP Process to Port Mapper
Handle.exe  This handy command-line utility will show you what files are open by which processes, and much more.
Pslist.exe Process Information Lister
Psinfo.exe local and remote system information viewer
Psloggedon.exe Logon Session Displayer
Listdlls.exe DLL lister Lists executable and the DLLs that support them
Filemon.exe Filemon is an application that monitors and displays all file system activity
Ntfsinfo.exe Sdisplays NTFS information
Portmon.exe Portmon is an application that lets you monitor serial and parallel activity on your local system, or any computer on the network that you can reach via TCP/IP
Processexplorer.exe Process Explorer shows you information about which DLLs processes have loaded and which handles they have opened.
Regmon.exe Regmon is an application that monitors and displays all Registry activity on a system.
Tcpview.exe TCPView is a Windows program that will show you detailed listings of all TCP and UDP endpoints on your system, including the owning process name, remote address and state of TCP connections.
Tdimon.exe TDImon is an application that lets you monitor TCP and UDP activity on your local system. It is the most powerful tool available for tracking down network-related configuration problems and analyzing application network usage.
Tokenmon.exe The security activity Tokenmon monitors includes the following-Logon/logoff, Enabling and disabling of privileges, Impersonation, Process creation/exit
MD5sum.exe Print or check MD5 checksums.
PromiscDetect.exe Checks for possible sniffer activity on the local box
Nc.exe (Netcat) utility which reads and writes data across network connections, using TCP or UDP protocol. It is designed to be a reliable “back-end” tool that can be used directly or easily driven by other programs and scripts. At the same time, it is a feature-rich network debugging and exploration tool, since it can create almost any kind of connection you would need and has several interesting built-in capabilities.
Dumpreg.exe Somarsoft DumpReg is a program for Microsoft Windows that will dump registry values in an easy-to-use listbox. Options include finding all registry key or values whose name or data matches a specified string, filtering so only the matching items are shown, copying to the clipboard, printing. For Windows NT, the time of last modification is shown and there is an option to sort by time, which makes it easy to find recently modified registry entries. 
DumpACL.exe Somarsoft DumpAcl is a security auditing program for Microsoft. It dumps the permissions (DACLs) and audit settings (SACLs) for the file system, registry, printers and shares in a concise, readable listbox format, so that holes in system security are readily apparent. DumpAcl also dumps user, group and replication information. DumpAcl is a must-have product for Windows NT systems administrators and computer security auditors.
MD5.exe Integrity file checker – gets the hash of a file and after transport to ensure image integrity
DD.exe dd reads and writes data by blocks, and can convert the data between formats. dd is frequently used for devices such as tapes which have discrete block sizes, or for fast multi-sector reads from disks. The conversions can accommodate computers that require de-blocking, conversion to/from EBCDIC and fixed length records.
Comments Off on Basic Windows Incident response tools

Logfile Auditing Spectrum

Posted in Security (1500) by Guest on the June 7th, 2010

Things to consider: 
 
Full Administrative Audit Trail
 
All management operations logged 

Full User Audit Trail 

All session activity (login, logout, timeout)
 
All network flows (not just web)
 
All System Events
 

Support for External Syslog Servers

http://bestitdocuments.com/Services.html

Comments Off on Logfile Auditing Spectrum

CIRT and other Incident sources of information

Posted in Security (1500) by Guest on the June 6th, 2010

Audit Evidence Requirement. IS Auditing Guideline. Information Systems Audit and Control

Computer Security Incident Handling: Step-by-Step. System Administration Networking and Security (SANS) Institute Publications.

Computer Security Incident Response Policy. The Center for Information Technology.

Detecting Signs of Intrusion. CERT Coordination Center. Carnegie Mellon Software

Prepare to respond to intrusions. CERT Coordination Center.

Responding to Intrusions. CERT Coordination Center.

Incident Reporting Guidelines. CERT Coordination Center.

NSA Glossary of Terms Used in Security and Intrusion Detection by Greg Stocksdale

How to Form a Skilled Computer Incident Response Team by Peter Stephenson

Handbook for Computer Security Incident Response Teams (CSIRTs) by Moira J. West-Brown, 

Don Stikvoort, and Klaus-Peter Kossakowski. 

Forming an Incident Response Team by Danny Smith

Establish policies and procedures for responding to intrusions. CERT Coordination Center.

Expectations for Computer Security Incident Response. The Internet Society.

Responding to Intrusions by Klaus-Peter Kossakowski

List of Security Tools. CERT Coordination Center.

Network Intrusion Detection An Analyst’s Handbook by Stephen Northcutt

Biermann, E., Cloete, E. and Venter, L. (2001). A Comparison of Intrusion Detection Systems. Computers & Security

ClickZ Stats Staff, Population Explosion, (2005), Available at: http://www.clickz.com/stats/sectors/geographics/article.php/5911_151151

CERT® Coordination Center, (2005) CERT Coordination Center Statistics 1988-2003, Available at: http://www.cert.org/stats/cert_stats.html

Debar H., Dacier M., Wespi A., (1999) Towards a taxonomy of intrusion detection systems, Computer Networks

Lippmann R.,et al., (1998) Evaluating Intrusion Detection Systems, The 1998 DARPA Off-line Intrusion Detection Evaluation. First International Workshop on Recent Advances in Intrusion Detection (RAID), Louvain-la-Neuve, Belgium

Lunt, T. (1993) A survey of intrusion detection techniques, Computers and Security

Morakis, E., Vidalis, A., Blyth, A. J.C. (2003a). Measuring Vulnerabilities and their Exploitation Cycle, Elsevier Information Security Technical Report, Vol. 8, No. 4

Morakis, E., Vidalis, S., Blyth, A.J.C. (2003b). A Framework for Representing and Analysing Cyber Attacks Using Object Oriented Hierarchy Trees. Second European Conference in Information Warfare, UK, pp235-246

http://www.bestitdocuments.com/Incident_response.html

 

Comments Off on CIRT and other Incident sources of information

Radious Authentication

Posted in Security (1500) by Guest on the June 5th, 2010

Remote authentication for user services

Provides an authentication server for one or more clients VPN, Wreless or legacy (dial-in hosts)

Client communicates with RADIUS server via encrypted communications using a shared secret key

Radious Protocol:

Client forwards user access request to RADIUS server

Server replies with

Reject access

Allow access (based on password)

Challenge (for challenge-response protocol, eg CHAP)

If challenge-response is used, client forwards challenge to user, user sends response to client, which forwards it to server

One RADIUS server may consult another (acting as a client)

Comments Off on Radious Authentication

Data Archiving Landscape Today

Posted in Security (1500) by Guest on the June 4th, 2010

Databases

Structured data

Application specific

Performance driven

Limited solutions available

  

  

Email

Out of control

Semi-structured data

Well-understood applications

  

  

Distributed files

Unstructured data

Content searchable (documents)

Non-content searchable (media)

SRM/HSM type solutions

Emerging data indexing solutions

  

  

Mainframe files

Semi-structured data

HSM solutions

Many products and decades of experience but little growth

Comments Off on Data Archiving Landscape Today

Why Backups alone are not enough

Posted in O S (375) by Guest on the June 3rd, 2010

Poor policy management


No Standards or procedures


No indexing or search capabilities

Poor segmentation

Data is “consolidated” on media haphazardly according to source time and place rather than according to policy

Data sharing the same media cannot be truly expired

Retrieval requests will bring back unrelated data

Unworkable as everything we need archives for…

Legal discovery process

Long-term retention

Distant-future recoverability


Consistency of data

 

Comments Off on Why Backups alone are not enough

Powerpoints – Project Training Slides

Posted in Projects (400) by Guest on the June 2nd, 2010
Comments Off on Powerpoints – Project Training Slides

Sample – TGIS – Scope of Work

Posted in Business (600) by Guest on the June 2nd, 2010

System Planning, Design and Implementation

Route Design Analysis and
Seasonal Field Activity Support

Software Development

GIS System Automation

Hardcopy and Digital Product Development

Data Quality Assurance and Reporting

Documentation and Standards

Requirements gathering continues (will continue throughout the project)

Engineering data (mostly in-house)

  

Route design and seasonal field activity processes

Oracle and GIS development environments completed

Multiple development sites

Multiple “production” sites

Software development activities have begun

Borehole Data Viewer/Editor

Lab Data Viewer/Editor

Data preparation and loading has begun

 

Formal data quality assurance effort begins shortly

http://bestitdocuments.com/Services.html

 

Comments Off on Sample – TGIS – Scope of Work

Sample Visio – What is a File System?

Posted in O S (375),Visio Samples - Stencils (457) by Guest on the June 1st, 2010

The software used to organize and manage the data stored on disk drives. In addition to storing the data contained in files, a file system also stores and manages important information about the files and about the file system itself.  

Modern File Systems

UFS:  The archetypal Unix file system still widely available from Unix vendors such as Sun and HP.

VxFS: The Veritas File System, a commercially developed file system available on a number of Unix platforms including Sun and HP.

NTFS: The file system designed by Microsoft for Windows NT.


Support for Large File Systems –UFS

Designed at a time when 32-bit computing was the norm.

Originally only supported file systems of up to 2^31 or 2 GB.

Most current implementations have been extended to support larger file systems.

Sun extended UFS in Solaris 2.6 to support file systems of up to 1 TB(2^40 bytes).


Support for Large File Systems –VxFS

 

The maximum file system size supported by VxFS depends on the operating system on which it is running.

For instance,

HP-UX 10—- max FS size is 128 GB.            

HP-UX 11 —-max FS size is  1 TB.


Support for Large File Systems-NTFS

NTFS provides a full 64-bit file system, theoretically capable of scaling to large sizes.

However, other limitations result in a “practical limit” of 2 TB for a single file system.

Unix Inode.vsd

 

http://bestitdocuments.com/Services.html

Comments Off on Sample Visio – What is a File System?

Public-key-based Authentication

Posted in Security (1500) by Guest on the June 1st, 2010

Simple PKC-based challenge/response protocol

Server sends challenge

  

Client signs challenge and returns it

  

Server verifies clients signature on the challenge 

Vulnerable to chosen-protocol attacks

Server can have client sign anything

  

Algorithm-specific attacks (eg RSA signature/encryption duality)

 

http://bestitdocuments.com/Services.html

Comments Off on Public-key-based Authentication