InfoSecPodcast.com » Security Tools

MIT Lincoln Lab Network Security Software

Chris Harrington — Tue, 10 Feb 2009 19:08:05 +0000

MIT Lincoln Laboratory has developed a Network Security Analysis application known as NetSPA. In short, I am very impressed with this tool. NetSPA (Network Security Planning Architecture) correlates firewall rules / ACL’s with vulnerability data such as Nessus output. This tool then visually plots attack paths through an interactive interface that lets you model different scenarios. It also allows administrators to prioritize which vulnerabilities should be fixed first. Rather than just relying on the severity of the vulnerability we reliably factor in attack vectors based on current network security rules. We (IT Security Ops team) have been working with the development team and helping to provide test data and general feedback. This tool is so impressive that we will be implementing it as part of our security change management process. We will be able to visualize what a firewall rule change will do to our security posture for example.

Having access to this type of technology and the research community is one of the many benefits of working at one of the finest research laboratories in the world.

–Chris

Technorati Tags: MIT Lincoln Laboratory, NetSPA, Network Security

Record IM video on the network?

Chris Harrington — Tue, 01 Jul 2008 15:23:03 +0000

A friend of mine is works in the financial services market. His company has a need to record Instant Messenger video sessions (think AOL and MSN webcam ) and archive them. They need to do this on the network as opposed to having client software do it locally on the desktop. This is due to the varied desktop systems, only half are Windows based.

Anyone know of a commercial solution or open source libraries that could do this? I know many IPS’ can detect IM video but he needs to record. Is IM video even encrypted? Before you start with the privacy concerns this is done with full knowledge of both parties who are also employees of the same company. It is a pilot program at this point.

–Chris

Technorati Tags: AIM video, record, MSN Messenger

RFP for PenTesting

Chris Harrington — Wed, 11 Jul 2007 13:53:26 +0000

eWeek has a decent RFP template you can use when selecting a company to provide PenTest services. It’s not perfect but it is a great start if you have nothing. The RFP is on page 44 of the July9th issue.

If you happen to be looking for those services check out NMI InfoSecurity Solutions. They produce the best reports I have ever seen from a security services company. They also have a risk metric system (RSK) that makes it easy to track changes in your security risk level.

**Disclaimer** Yes, I used to work for NMI and no I did not receive compensation for this plug

–Chris

Technorati Tags: eweek, pentest, rfp, NMI

Declassified window film stops wireless / cell signals

Chris Harrington — Fri, 06 Jul 2007 14:50:16 +0000

I saw this one on Slashdot the other day http://science.slashdot.org/article.pl?sid=07/07/03/0228246&from=rss

Quote from article:

“Once manufactured under an exclusive contract with the US government, this recently declassified window film is now available to the public. But don’t expect to see it on store shelves anytime soon. Currently, it’s only available directly from the manufacturer, and at prices that will likely make it prohibitive for all but the wealthiest home owners. The two-millimeter-thick coating can block Wi-Fi signals, cell phone transmissions, even the near-infrared, yet is almost transparent… It can keep signals in (preventing attempts to spy on electronic communications) or out, minimizing radio interference and even the fabled electronics-destroying electromagnetic pulse generated by a nuclear blast.”

Think of the applications. How much do you think that stuff costs per foot???

–Chris

Technorati Tags: window film, declassified, wireless, cellular

List of Malware Analysis tool from SANS

Chris Harrington — Sat, 04 Nov 2006 03:07:23 +0000

The Internet Storm Center at SANS has a post with a list of Malware Analysis tools submitted mostly by readers. If you are thinking about dissecting that piece of malware you just found, take a look at this list of helpers. Unless you do this a lot you’ve probably never heard of most of these tools.

–Chris

Technorati Tags: SANS, Malware, Internet Storm Center

Malware Analyzing Sandbox

Chris Harrington — Sat, 04 Nov 2006 02:47:44 +0000

The clever folks over at Sunbelt Software have created a great free service to analyze malware samples called CWSandbox. How it works is you upload your suspected malware sample to their site. The CWSandbox then runs the malware and gives you a detailed report of what it did, it’s name if known, and a bunch of other cool information.

I found a post on nCircle’s blog that has a pretty detailed description of this tool. The next time you have a strange ZIP attachment upload it and see what CWSandbox says.

–Chris

Technorati Tags: CWSandbox, Malware, Sunbelt Software, nCircle

Free Windows Honeypot from NetVigilance

Chris Harrington — Thu, 02 Nov 2006 18:12:21 +0000

VA provider NetVigilance has released a free Honeypot for Windows called WinHoneyd. It is a low-interaction (it simulates services such as RPC, HTTP, FTP, etc.) honeypot based on the Open Source honeyd software written by Niels Provos. Instructions, sample configs and FAQ’s can be found on the NetVigilance site.

–Chris

Technorati Tags: WinHoneyd, honeypot, netvigilance, Niels Provos, honeyd

Ajax based port scanner

Chris Harrington — Fri, 27 Oct 2006 14:41:39 +0000

In the “WEB 2.0″ world we live in it was a matter of time before Ajax security tools showed up. Ener OPScanner, an Ajax based port scanner. I definitely wouldn’t start making plans to replace NMAP with it. It’s more a novelty and a useful way to can yourself when making basic firewall or ACL changes.

–Chris

Technorati Tags: Ajax, port scanner, security

Web based VMX file creator

Chris Harrington — Wed, 18 Oct 2006 11:35:20 +0000

If you do any sort of sandbox / Honyepot work like me you probably use VMWare Virtual Machines. When you create a VM the configuration settings are saved in a file with the .vmx extension. This file is a simple text file with name value pairs. Mike over at MikeTechShow.com posted a link to EasyVMX, which is a web based vmx configuration file creator. If you are looking for something more than just the VMWare VM creation wizard you should check this out.

–Chris

Technorati tags: VMWare, Miketechshow, easyvmx, vmx

Bootable Linux security distros

Chris Harrington — Wed, 27 Sep 2006 02:47:13 +0000

Darknet.org.uk has a pretty good list of Linux distributions that are geared to security tasks like pentesting, forensics and nsm. The good thing about this list is that these are Live CD’s. This means you can drop them into your CD a boot into a working Linux distro without affecting the currently installed operating system. Most do have to option for a complete hard drive install should you wish.

–Chris

Technorati Tags: Darknet, Linux, Live CD, security, whax, knoppix std, f.i.r.e