Canberra Running Man

Ah, after 2 months of not writing on the ol' blog I am back and all fired up for another year in IT and Tech. Currently it is 38.7'C outside (101.66 'F for those at home) perfect inside air-conditioned blogging conditions.

I am putting together a little competition. In honour of the Defcon Running Man competition, I am going to try to run a similar event in the Australian National Capital.

More details will follow. Cheers.

Using Sun Virtualbox Remote Desktop/Display

Long time, no write; I know.

I have been putting in the hours learning new things. Here is a tip for you if you are using Virtual Box and want to use the remote desktop/display.

http://itknowledgeexchange.techtarget.com/server-virtualization/using-vrdp-to-view-virtualbox-virtual-machines-remotely/

By using your own IP rather than the one provided by NAT you will be able to access the Remote Display/System in the VM on the port you have provided on the settings for the machine.

Google reader

I have been using Google reader for a while, please check out some of the stories I have highlighted. I read about 30 blogs a day and highlight something from some of them each day.

 

Enjoy.

MS08-067 exploit in the wild

I am sure by now that many have read about Trojan.Gimmiv exploiting the new critical update for Windows Operating System. The update addresses a vulnerability with RPC calls which can be referenced from SMB connections. Worms such as blaster utilised this method to propagate last time. Best now to get your patches up to date

Time away from the screen

Well it has been some time since I wrote on both of my blogs, www.averagejoesecurity.com and www.thatintranetsecurityguy.com I suppose you could say I have been busy with other things, like work and other social activities. You will see a lot more posting over the coming months.

 

Vanity search shows google indexed me in facebook

I wouldn't call myself a conceited person, but the odd vanity search does reveal interesting results every now and again. But this morning I did a vanity search and my facebook profile page was the number one result.

However it wasn't just my own page but pages of my other contacts that were reveled as being friends of mine. hmmm...

Using the open search of facebook in this way you could build an excellent model of who a persons contacts are and the relationships between them. For example I could repeatedly wget the page and find the differences in the results. I could then map these results to a relationship diagram.

Nice, Open Source information strikes again

Network Perimeter

Today SANS has commented on the growing network perimeter (link). While this is fair comment, especially that it does occur in most organisations, it does not have to be like this.

Statements like:

There are a surprising number of people that do not know all the servers connected to their network (especially internet facing ones), or all the links in to the network. One of the worst examples I’ve come across was an organisation that had 8 links to other organisations with people connecting to a server in the middle of their network. Purpose? Unknown. The links had been in place for 5 years and most of the IT staff had rotated out of the area. The bills were being paid monthly and because the cost was relatively low, nobody questioned the charges.

should be a thing of the past. Bad documentation, especially when help desk tools are so prevalent, is just bad organisation (and poor management). Ensuring that this does not happen comes down to a rigorous change process and enforcement of policy.

In addition to the points that Mark Hofman (although he generally outlines them in his piece) you should really be aware of:

• the Endpoint - Big point here, this can be the weak point on your network, What information can be uploaded and downloaded from the endpoint? What classification do you give to that data? Has a TRA or RMP done on the Remote access solution (RAS)? Do you allow people to use their own equipment? Is the equipment secured adequately? Can you enforce that the Endpoint has patches that the rest of your SOE has? Virus definitions and malware signatures up to date? Solutions like Citrix Enterprise Gateway ca check your endpoint for compliance.
  
  


• the Network that the information passes through - Not many people are aware of how fragile the common network infrastructure is, and how readily it can be exploited. HackADay give a round up of cracking the GSM A5 Cracking.
  
  


• the reliability of the network can also be a concern, how can you ensure uptime on remote hops
  
  
  
• New, seemingly small, changes to the environment - This has caught me by surprise many times. Changes requested by users not scoped properly requiring massive changes in the environment. This could include things like the change to the whole infrastructure.
  
  


• Support agreements - when a new product comes on board make sure you know how they are supported by the vendor. Do they require dial up lines, additional VPN hardware, additional devices (because you don't allow anyone to connect that does not have your SOE)

Over to you :)