Recently in Security Category

“I have benefited from Eric's many articles he has written on Digital Identity for digitalidworld.com .
Having observed the nascent industry as it emerged from the public wrath over hailstorm and palladium -- to the founding of the Digital Identity conference; I see identity as a valuable complement to technologies that will be in the hands of many consumers.

I've always believed that identity is more closely related to reputation than the Go/No-Go binary of check pointed interrogatives. There's no better example of the emerging identity sphere than your presence here, in the blogosphere which is built from the ground up to champion who you know reputation interchange.”

Download Digital ID World Conference 2006 Presentations & Audio

Update!

This content appears to have been plagarized in large part from the online resources of James Messer: Secrets of Network Cartography: A Comprehensive Guide to nmap

As its name implies, nmap is a network mapping utility. Provide nmap with a TCP/IP address, and it will identify any open "doors" or ports that might be available on that remote TCP/IP device. The real power behind nmap is the amazing number of scanning techniques and options available! Each nmap scan can be customized to be as blatantly obvious or as invisible as possible. Some nmap scans can forge your identity to make it appear that a separate computer is scanning the network, or simulate multiple scanning decoys on the network! This document will provide an overview of all nmap scanning methods, complete with packet captures and real-world perspectives of how these scans can be best used in enterprise networks.

The Ethical Hacker Network - Nmap from an Ethical Hacker's View Part 1

describe[s] Nmap from the viewpoint of a hacker and at the same time give a clear, step-by-step method of attaining a good level of proficiency. After completing this 2 Part Series and having practiced the techniques described, one should not only be able to sit at a "roundtable" discussion with advanced security professionals and "hold their own" in a discussion concerning Nmap, but also utilize this great tool in their own network

Nice little script to automate mysql dump and backup to a remote server, in this case google mail, with encryption of the content, there should be no problem storing sensitive information on your gmail account.

Gmail, GPG, and Backups via Email


#!/bin/bash DATE=`date %F-%R`; BZFILE=/tmp/$DATE.sql.bz2; GPGFILE=$BZFILE.gpg; mysqldump --all-databases | bzip2 -c --best > $BZFILE; gpg --encrypt -r me@example.com $BZFILE; echo 'MySQL backup from abominus is attached' | mutt -a $GPGFILE \ -s '[backup] MySQL backup' self@gmail.com rm $GPGFILE;


Thorough steps to set up your own certificate authority!

Be your own Certificate Authority (CA)

these certificates are good only for personal use or for use in your intranet in order to provide a secure way to login or communicate with your services, so that passwords or other data is not transmitted in the clear.

good idea, more secure, less chance of someone guessing or brute forcing your password.

Setup the SSH server to use keys for authentication

SSH server can be set up in various ways, but in this document I’ll describe how it can be configured to:

* only support connections through the 2nd version of the SSH protocol (SSH-2)
* use 2048-bit DSA keys for user authentication, without permitting authentication with passwords
* allow only a specific group of users to connect

• Captive: The first free NTFS read/write filesystem for GNU/Linux
• NTFS-3G Read/Write Driver
• Howto : Write To Windows NTFS Drive From Ubuntu (ntfs-3g)

UbuntuHashes - Community Ubuntu Documentation

This page contains all of the md5 hashes for the different versions of Ubuntu, including Kubuntu, Edubuntu, and Xubuntu. Links to static HTTP pages with hash information for the same files is also provided.

Secure to 128 bit AES... good enough for OS and access... wrap truecrypt around anything beyond that!

Welcome to CE-Infosys Pte Ltd

The FREE CompuSecｮ Software is a full product version without any limitations. It is not a demo or trial version. It is provided "as is" at the time of distribution without any warranty. The product has been thoroughly tested and no bugs were known at the time of the product release. However, we cannot guarantee that the product works with all possible PC configurations nor is 100% bug free. CE-Infosys commits to maintain the product and provide future releases. Customer feedback and recommendations are welcome. The product is free in object code, but not in source code. Please read carefully the license agreement during the product installation.

Command below create a new service you can call to launch a System Account level cmd prompt. Think of this like root on Linux or other *nixes... Put a shortcut on your desktop with shortcut keys like CTRL-ALT-S and you can spawn this window with some hotkeys.


sc delete testsvc
sc create testsvc binpath= "cmd /K start" type= own type= interact
sc start testsvc
echo sc start testsvc > c:\testsvc.cmd

Note that interact above is part of the second line of the command window...

Antimail : Running CMD.EXE as Local System

Many times in the past I had to run an interactive command-line shell under the Local SYSTEM account. That is, a CMD window on your desktop running under the system account. This technique is extremely useful in many cases, for example to debug ERROR_ACCESS_DENIED type errors that are coming from a system service.

Building a Human Firewall: Raising Awareness to Protect Against Social Engineering > Is Security Awareness Needed?

Human firewall often refers to the end user, but the first line of defense is actually the stakeholders of the information technology processes, which are the DMZ of the human firewall architecture.

Did you know when you remove or delete a file from your computer it is still there? That it can be easily 'unerased' and restored to fully readable status? Before erasing a file to be really secure you must write 'random' data over that file. In windows xp this can often be accomplished by moving a file with the same name to that folder and overwriting that file there. This is a quick fix, but not as secure as using a program like eraser.

I've tested eraser and it is stable, reliable and easy to use.

Eraser - Free secure data erase tool to wipe files on your hard drive

Eraser is an advanced security tool (for Windows), which allows you to completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns. Works with Windows 95, 98, ME, NT, 2000, XP, Windows 2003 Server and DOS.
Eraser is Free software and its source code is released under GNU General Public License.

The patterns used for overwriting are based on Peter Gutmann's paper "Secure Deletion of Data from Magnetic and Solid-State Memory" and they are selected to effectively remove magnetic remnants from the hard drive.

The best write up I've seen on setting up FreeNX.

HOWTO Access A Superfast Linux Desktop From Anywhere Using FreeNX | Biohackery

FreeNX allows superfast and secure access to your Linux box from anywhere in the world. This HOWTO is a step-by-step guide for configuring the nxserver, generating custom encrypted keys, and using a combination of Live-CD and USB thumbdrive to create a portable nxclient for remote access.