Hi! This is the ezmlm program. I'm managing the
security-basics@securityfocus.com mailing list.
I'm working for my owner, who can be reached
at [EMAIL PROTECTED]
To confirm that you would like
archive@mail-archive.com
added to the security-basics mailing list, please send
an empt
We have a server that has been hacked. The hackers have put a tool that
turns of the IPC$ share. We checked the registry nothing there. It seems to
be time based but nothing comes up on the scheduler.
When we reboot for a while everyone can connect to the server but in a
minutes the ipc$ share dis
Hello!
I am looking for a good and secure Windows based Proxy Server other than
ISA Server with features like QoS, firewall, DHCP support, Integrated
with AD etc.
Regards,
---
Evaluating SSL VPNs' Consider NEOTERIS, chosen a
Degauss the tape or burn it.
Jeff.
-Original Message-
From: Birl [mailto:[EMAIL PROTECTED]
Sent: Monday, July 07, 2003 11:29 AM
To: [EMAIL PROTECTED]
Subject: RE: Secure Media Destruction
seaton: Date: Fri, 4 Jul 2003 08:01:38 +0800
seaton: From: Stephen Eaton <[EMAIL PROTECTED]>
seat
We are looking for a tool that will erase all data beyond recovery from a
hard drive. We going to get rid of few computers and do not want data to get
into anyone's hand. Both freeware and commercial ware are ok. Would prefer a
solution which is bootable from a cd (OS independent).
(Would prefer n
On Mon, 2003-06-30 at 10:52, Hyperion wrote:
> Hello all :)
>
> I have been taking a more detailed interest in my pc's security of late,
> and security for computers in general, and I am learning at quite a fast
> rate, although there is a great, great deal of information
Hello all,
My redhat 7.2 is getting hacked very frequently even i
got a firewall.appended bellow is the nmap output. What may be the loophole?
% nmap -sA 202.xxx.xxx.xxx
Initiating ACK Scan against isp.com ()
The ACK Scan took 275 seconds to scan 1542 ports.
Interesting ports on
Checkpoint a good white paper on where put it. It is obviously for their
product but you can use the paper as a knowledge base.
-SKP
-Original Message-
From: Potter, Tim [mailto:[EMAIL PROTECTED]
Sent: Thursday, June 26, 2003 1:50 PM
To: [EMAIL PROTECTED]
Subject: Simple Wireless Questi
e don't talk about their firewalls.
2-) It is, for the most part, illegal to run security tests on a network
that is not yours.
Be careful what you write about... you don't want to end up saying
something silly like... "IDS is useless".
On Fri, 2003-06-06 at 12:29, [EMAIL PROTE
http://www.bayarea.com/mld/siliconvalley/business/special_packages/security/
6151122.htm
SKP
---
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the t
iness experience of people reading this thread.
My question was clearly a marketing question regarding industry statistics.
IT is quiet stupid for people to say that statistics don't matter. Almost
all security projects are sold because someone read a statistic or does not
want to become one.
I would no access besides logs. Have them create a ticket anytime they need
a change.
-SKP
-Original Message-
From: khan rohail [mailto:[EMAIL PROTECTED]
Sent: Friday, June 20, 2003 12:45 PM
To: [EMAIL PROTECTED]
Subject: Center Control and Department's Firewall
Hello
We are in proc
n into one of opinion not fact. So folks,
> as SKP gets more and more frustrated, and stops using the list for
> serious business, maybe it has become time for us to get back to
> business. Just my .005 worth.
>
> Greg Kane
> SAIC
> Senior Systems Security Engineer
> CTS
diagnostics use MBSA (
http://www.microsoft.com/technet/security/tools/Tools/MBSAhome.asp ),
which enables you to scan your system for *most* known flaws.
Hit windows update every Thursday afternoon, as that is when 99% of
the patches are released.
Regards,
Shawn K. Hall
http://ReliableAnswers.com
more frustrated, and stops using the list for
serious business, maybe it has become time for us to get back to
business. Just my .005 worth.
Greg Kane
SAIC
Senior Systems Security Engineer
CTSF-IA
Fort Hood, TX
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent
Do you mean something more than what comes built in? The EFS?
Jeff
-Original Message-
From: Martin Smith [mailto:[EMAIL PROTECTED]
Sent: Wednesday, June 18, 2003 3:01 PM
To: [EMAIL PROTECTED]
Subject: Hard Drive Encrypting
Good Day,
I have a need to encrypt the har
;
if Word is used to protect certain parts of a document than it should not be
possible to use Word to unprotect that document just by saving in a
different format. A PDF is a good example. Once you set security on the PDF
document all PDF readers honor that security they don't let you save it
of the file. Using a Word doc as an
example, I would take the Word doc, highlight everything, copy and paste
it into a new Word doc and save it over the original "protected"
document. It would be a heck of a lot faster than the methods that have
been described.
Brian
--
Brian Eckman
How do vigilante software rate among scanning products?
-SKP
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Tuesday, June 17, 2003 12:16 AM
To: [EMAIL PROTECTED]
Subject: Re: Scanner Software Question
Importance: High
Retina is great. Whenever you run it,
protection is gone. No need to know the
password.
Microsoft evens documents this in their help file. Should this not be
considered a security violation from a user point of view
SKP
---
Evaluating SSL VPNs' Con
That makes absolutely no sense. Plus I am not looking for a philosophical
answer. I was looking statistics for marketing. Does anyone know of a good
reference site for firewall and other security statistics.
SKP
-Original Message-
From: Justin Pryzby [mailto:[EMAIL PROTECTED]
Sent
I remember once reading that X amount of firewall's are misconfigured. Does
anyone know where I can get this statistic from? We are making some new
marketing material and I would like to include this stat in it. A quotable
source would be great.
Thanks
SKP
---
I have been looking for the source of security training teaching material. I
was looking for teaching material in all fields of security including
forensics, basic security, CISSP readiness etc.
A point in the right direction will be very helpful.
SKP
---
The Hebrew University of Jerusalem maintain a very usable list of Microsoft
hotfixes and service packs.
http://secinfo.huji.ac.il/microsoft_patches.htm
If you want the information direct "from the horses mouth", then go to the
Microsoft Security site.
You can pick your base OS or a
that could get you into legal
trouble) should be stored encrypted within the database. In addition to
this, security features built into the database should be used and default
accounts disabled. Oracle comes with up to thirty (30) default usernames
and passwords, some of them with dba privelages
about download managers- do they pose are
security risk? Any known to be trojaned? The one I use is GetRight, does
anyone know if this one has known security issues?
Any thoughts appreciated, thanks.
Leon
Go to sourceforge.net and search for Firewall floppy. You will get lots
of already stripped down versions. You can run these firewalls from a
floppy and also from a hard drive if you want to enable logging.
Leo
Justyn wrote:
I'm a home user rather new to firewalls. I have a spare pc I want to u
Greetings,
I've read about a way to secure webservers, which must not be directly
exposed to the Internet, using a reverse proxy, e.g. MS ISA Server or
Squid on a UNIX box.
Now my question would be: Has anyone experience with that? Is it really
more secure (compared to firewalling and port forwar
I've been following the thread on FTP servers in the DMZ with interest.
I'm curious as to how it applies to a server providing VPN access using
Win2k Server's Routing and Remote Access.
Given that the VPN is supposed to give access to the private network to
external clients (who can authenticat
It seems this may be able to be done. Do a search for "Ethernet AUI
Sniffer". What that amounts to is disabling the transmit portion of an AUI
port. Sounds like you'll need a transceiver to convert from ethernet to aui
though. Good luck.
Jeff.
-Original Message-
From: Rory [mailto:[EMA
e a drive to
a
machine that's going to be donated or thrown away?
Preferably something thorough?
Thank You
Steve Champion
Sr. Data Security Analyst
The Methodist Hospital.
[EMAIL PROTECTED]
It is generally not good to change the OS parameters. If its detectable,
let it be. Best thing to do is to unplug all the holes on regular basis
and configure your firewall to work at its optimum.
Leo
Ethan wrote:
There was just a thread about this on the honeypot mailling list
([EMAIL PROTECT
IMHO SuSE is the best. As regards security, thats something you will
have to take care of yourself. All OSes are a bit insecure out of the
box. SuSE is easy to install and configure. They have a configuration
tool called YAST2 which is excellent. Its the most popular Linux distro
in Europe
nuary 7, 2003 7:45 PM
To: [EMAIL PROTECTED]
Subject: ghostly mail ports
Hi, im new to security and this is my first post, so be gentle :)
I have a fairly good understanding of the tcp/ip model and i think i
understand what ports are for! but i cant understand that on my box, i have
the 2 default
ituations
but not others:
4. 4) This computer network belongs to the Grommie Corporation and may be
used only by Grommie Corporation employees and only for work-related
purposes. The Grommie Corporation reserves the right to monitor use of this
network to ensure network security and to respond to
Are you Natting? If not you may have to open up the return UDP reply.
-Original Message-
From: Ahmed.Shazly [mailto:ahmed.shazly@;hotpop.com]
Sent: October 16, 2002 8:15 PM
To: [EMAIL PROTECTED]
Subject: Can't Resolve from behind firewall
Hi everyone,
I Just got a PIX 501 for my compa
In my opinion you can consider providing the option of secure /
encrypted access to the mail through the web.
regards
Leo
Link, Jennifer wrote:
We are looking at provided mail access via internet connection (home,
internet cafe, library etc.) and I'm trying to research what vulnerabilities
ex
catchier...) in order to appeal to
their clients and score brownie points with their large government
customer base who promote keeping the public in the dark.
I'm going to have to write angry emails to all the Foundstone employees
I know now...
Regards,
Greg van der Gaast
Ordina Publi
> And I'd say to visit Windows Update weekly, if not
> daily.
MS usually only posts updates on Thursday evenings - if updating
is a hassle for you - or checking every day is not an option,
I'd stick with Thursdays.
Regards,
Shawn K. Hall
http://ReliableAnswers.com/Virus/
Have you read the TRO? Foundstone is stopping use of their algorithm. I
think they a right to do that. Netobjects is free to release a product
with their own algorithm.
-Sanjay
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Thursday, October 10, 2002 11:45 A
NT breaks its passwords into two - encrypting each half separately.
Unfortunately, this makes it really easy to hack NT passwords, even if
you think you are using a good one.
-Original Message-
From: netsec novice [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 25, 2002 5:13 PM
To:
gt;BIG MAMA or BIG MAMMA
>
>Its a 60MEG text file!
>
>I CANNOT FIND IT ANYWHERE!!! PLEASE HELP!!
>
>If you have this file, PLEASE point me in the right direction
>to download/retrieve it!!
>
>Thank you!
>Kenny Ansel, Sytex Group
>Network Security Instructor
>
that nothing, not even
Veritas, was running at the time of this incident. Running a major backup during peak
network usage is a sure formula for killing the file server!
-Original Message-
From: NT Security
Sent: Wed 9/18/2002 8:59 PM
To: [EMAIL
ised managed for the hardware, wherease CP fw
mgmt is for the rulesets...
-Original Message-
From: Guerra, Ralph [mailto:[EMAIL PROTECTED]]
Sent: September 19, 2002 2:05 PM
To: 'Security Newsletters-TM'; 'Michael Bulebush';
[EMAIL PROTECTED]
Subject: RE: Checkpoin
BTW: just wanted to point out that my Corporation does have full and current
licenses for the number of devices we use NHM with :)
Sorry, no blackmail or today.
-P>
-Original Message-
From: Security Newsletters-TM
Sent: September 19, 2002 2:12 PM
To: 'Guerra, Ralph&#x
NOKIA is king. We run nothing but Nokia here. The hardware is robust, and
we use VRRP between two units for redundancy. Can be expensive though ...
-Patrick Best
Wireless Data Network Specialist
IP Engineering
Telus Mobility
(416) 684-3579
[EMAIL PROTECTED]
-Original Message-
Fro
7;s going on port
21 during this (or just before, obviously)? That might shed some light
on it.
Greg van der Gaast
Ordina Public West
Security Services
-Oorspronkelijk bericht-
Van: Mel [mailto:[EMAIL PROTECTED]]
Verzonden: Monday, September 16, 2002 12:43 PM
Aan: [EMAIL PROTECTED]
Onder
Chris,
That's a very nice list indeed! I too am saving it for reference. My
company also had no information security program to speak of when I started
here last year, so we're both pretty much in similar situations.
One area I didn't see you mention too much, although you d
Sorry for the length but this is a real problem to me!
I've spent a lot of time reading this forum but only recently, due to
budget cuts, been forced into a security position. And now I'm having a
BIG problem! One of my networks (NOT Knightworld.net!) has a file server
that is oc
Doe you use pop or have a Exchange server? (does the best answer get a
free cruise? :-) )
-Sanjay
-Original Message-
From: John D from Best Price Cruises [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, May 15, 2002 3:03 PM
To: Security-Basics Mailing List
Subject: Strange situation with
> I've read differing opinions about the ease of use of Slackware - what
> are your personal opinions? Is Slackware more secure 'out of the box'?
> From what I gather Slackware is a little harder to learn than Redhat,
> but a little more... configurable? Am I right? I have no problems with
>
]
Subject: Too much security?
Not sure if this is the right forum but here goes...
I seem to have "too much security" when trying to set up a VPN between
two
offices.
The setup: Remote user running Windows XP (or 2000, or 98, etc.) setting
up
a VPN to connect to a remote office.
Corpor
found Becky2 for
Win32 and Ximian Evolution for UNIX to suit most of my needs.
Of course, for the command line freaks, I must also mention 'mutt',
which can be compiled with Cyrus-SASL, too.
- Jonas
--
Security <[EMAIL PROTECTED]>
the LAN. The mail server inside the LAN will
only talk to the mail server in the DMZ on port 25 only.
If people need access to mail from outside the office than they should
be restricted to a VPN solution only. Even for a web based solution.
Most web based solutions have too many security issues
I wanted to download SamSpade from their website. Their
website is down since last several days. Does anyone have
any idea of any other place I can get it. Moreover please
recommend any similar tools. I want to trace someone using
proxy servers and would like to check the logs of proxy
How can one trace someone using proxy servers? Is there any
tools available for windows as well as *nix platforms?
Thanks
> Allowing any port (SSH included) go through the firewall\gateway to the
> internal network is quite a back door , SSH is not immuned , and as we
> seen not so long ago had a its share of security holes, I would suggenst ,
> if you need remote control over a computer , stick a
Use product from fwbuilder.org nice gui to help you do Nat and port
forwarding.
Sanjay
-Original Message-
From: Giri Sandeep [mailto:[EMAIL PROTECTED]]
Sent: Monday, April 22, 2002 12:08 PM
To: Muhammad Faisal Rauf Danka
Cc: snaqi; [EMAIL PROTECTED]
Subject: Re: IP AND NAT
Well,
For
Glenn
--
Glenn Schoonover, MCSE Director of Security and Internal Systems
[EMAIL PROTECTED] http://www.inter.net
12120 Sunset Hills Road Inter.Net
Suite 410Office : (703) 456-3917
R
> I meant really in the background... I know that something's running if it's
> in the system tray... ;)
>
> Can they run beyond the reach of ctrl-alt-del and the taskbar? If so, is
> there some way of detecting this (and any other programs) that may be
> lurking?
Yes, its very well possible, bu
> The desktops are cleared and protected now, but the file server space keeps getting
>chewed up by copies of the worm. Also, having an uncontained worm on the file
>servers is no good for my sleeping habits. How the heck can I get Nimda off my
>fileserver?
Try something like ServerProtect f
> I'm reading more papers about "how generate exploits", but where I can find
> good information about buffer overflow, smashing the stack, etc.
I just recently found a good example, which is actually going into the
details;
http://www.radsoft.net/security/mudge.html
Yo
What programming language/s is/are used for
developing a software firewall like ZoneAlarm or NIDS
like Snort or Scanners like netcat, nmap etc.?
Thanks
> Try turning the MTU down to something like 1394 or similar.
> This made a big difference on my home setup, running over a cable modem,
> YMMV.
Actually, the current recommendation of an MTU which should work in
any case is a nice number: 1414
--
Security <[EMAIL PROTECTED]>
on a open source UNIX or ignorant about ipf at all, please take a look
at:
http://www.obfuscation.org/ipf/ipf-howto.txt
or the HTML version:
http://www.obfuscation.org/ipf/ipf-howto.html
IMO, talking about security and Linux in one breath seems to be a common
issue on this list anyway. I suggest
Hi :
The textutils package resembles the GNU text file (actually, file contents)
processing utilities. Most of these programs have significant advantages
over their Unix counterparts, such as greater speed, additional options,
and fewer arbitrary limits. The programs that can be built with this p
Have you check for viruses?
// Patric
-Original Message-
From: Netsult [mailto:[EMAIL PROTECTED]]
Sent: den 17 mars 2002 07:00
To: Dean Fox; [EMAIL PROTECTED]
Subject: RE: someone stole my mail account to spam others :-(
It sounds like your email server is open to relay since someone
This is a fat32 format, there is no security tab.
"J
With regards to the below, how do you restrict access to administrator
only?
"John R
Did you say your boss was a moron about security... ;-)?
First, be careful. Unfortunately it could be construed as illegal
activity without a "get out of jail" note from your boss, your boss's
boss or someone of authority in your company.
Another possible approach might be to
Hello Pavel
I refer to the mail from 'leon' which refers to the following link[1]
which describes how you can sniff in a switched environment.
Actually, the techniques described in there are not The Right Way[tm] to
sniff out your switched environment, if you have access to your switch
configura
While we're talking about snort, I have two questions. Is it better to give snort
it's own machine, seeing that it will be in charge of about 15 machines, and I am
looking at either Demarc or ACID. Any comments anyone?
Thanks
On Mon, 11 Mar 2002 13:18:39 -0500
"Mike Carney" <[EMAIL PROTECTED
Why would this be? REgular users can execute cmd.exe?
-Original Message-
From: Milan Goellner [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, March 06, 2002 11:34 PM
To: [EMAIL PROTECTED]
Subject: Antw: scary site
This only works when being logged in as, at least, local Admin on 2k
I am running Citrix nfuse on a IIS 5 server and attempted to install the
urlscan.exe from M$. I have very limited knowledge on web servers and
everytime I install the urlscan it kills the ability of clients to download
the citrix web client (ica32t.exe) file. Like I said I have very limited
as they
> act.
>
> What good does retaliation really get you though (apart from a whole
> load of legal headache)? Wouldn't "recovery" be a better goal to aim
> for?
>
> Mark.
> --
> Mark CrosbieIDS/9000 Product Architect
> http://www.hp
here is the potential for
> MiM attacks to your encrypted VPN traffic).
>
> - --
> Jon Erickson Cryptologist and Security Designer Caspian
> 415.974.7081 D49B 4561 1078 0A72 DDF3 7250 8EF4 4681 587E 41DD 1728748
>
> > -Original Message-
> &g
You can do extactly this with the IEAK but if you ever had to use this
thing to manage a site it really sucks.
You could take away the url tool bar as well, and make a script that
will launch IE. and only allow through policy that script to run.
There are many options.
- Original M
t; to this subject, as I am, or just want a good read, I would highly
> recommend it.
>
> ISBN: 0-385-49531-5
> Doubleday Publishing
--
Chief Security Engineer | Daniel Fairchild [EMAIL PROTECTED]
Unix is like a wigwam -- no Gates, no Windows, and an Apache inside.
I have found the following information from arin.net
about 4.0.0.0. This is regarding my earlier post on
problem with zonealarm
GENUITY (NET-GNTY-4-0)
3 Van de Graaff Dr.
Burlington, MA 01803
US
Netname: GNTY-4-0
Netblock: 4.0.0.0 - 4.255.255.255
Maintainer: GN
I am using ZoneAlarm version 2.6.362. Now
yesterday I updated my MSN messenger from 4.5 to
version 4.6. After that whenever I connect through my
ISP, I get the following message upon connection:
"The firewall has blocked routed traffic from 4.0.0.0
(UDP Port 1028) to 4.0.0.0 (UDP Port
r than the obvious, buy a laptop with a wireless card and
search theory. Is there a network tool that would detect a wireless access
point being plugged in?
>
> As a security administrator, I would like to have the ability to know if a
user has purchased an access point and plugged it into m
Assign reservations IP to the MAC address's through your DHCP client on
what ever OS you are running.. Donot assign any IP's to any not hardcoded
address's.
It is alot of work to do manualy but if you build a script it should not
be that hard.
If you are using Windows NT/2000/.NET D
all i get is a menu with 10 options. I can
> choose any of them & they do the normal stuff like port forwarding, etc.
>
> Is their a way to get the prompt on the router. I mean what i may wanna try
> is to maybe install a sniffer or something like that on the router. In
> other wo
thanks for your help
>
>
>
> Ermelir
--
Chief Security Engineer | Daniel Fairchild [EMAIL PROTECTED]
Unix is like a wigwam -- no Gates, no Windows, and an Apache inside.
I am new in security but experienced in software
development. I am thinking of developing a software
firewall for desktops. I want it to work like ZoneAlarm.
Do you think C and C++ will be the best languages to
develop this software as well as the techniques of
socket programming
:47 +0100
DocValde <[EMAIL PROTECTED]> wrote:
> Hallo Enphourell Security,
> am Samstag, 26. Januar 2002 um 10:27:50 schrieben Sie:
>
> ES> Which OS do you guys think would make the best firewall, OpenBSD or Linux?
>
> What a question! My first thought was "The
Which OS do you guys think would make the best firewall, OpenBSD or Linux?
ven
more serious attacks exist in the external procedure server, listener, and
database instance.
>From the database perspective, you can download a free evaluation of
AppDetective for Oracle from www.oraclesecurity.net. It does pen testing and
va against an Oracle database. Takes both an inside-ou
not in the
> right conference / newsgroup. If this is so, please let me know. Otherwise,
> the two following questions would scoot me along to understanding what I
> need about basic security. Thanks.
>
> 1. Given port 80 (and only port 80) is open to the outside world, if someone
&
I was contacted by a company stating my sql server was probing their
network. the log files are as follows
log record count for source ip
10.10.10.2 10.10.10.2: 255 (this is the ip address of my sql server)
log record count for destination ip
log record count for destination nets
172.21.0.0 :
> A few options:
> 1) Citrix server - my guess is you don't want to set this up or pay for
> it, and you don't have the time. I'll skip it.
>
> 2) OWA - Outlook web access. This requires a proxy (works best with MS
> Proxy or ISA,) and a web server (IIS is built f
ll be encrypted from the
get go and we will live in a happier world...
heh
--
--
Enphourell Security
[EMAIL PROTECTED]
www.enphourell.com
---
Content of this electro
do not offer server or desktop products for the
> Unix-based OSes.
>
> Thanks,
>
> Rich Richenberg
> Technical Security Manager
> Peregrine Systems, Inc.
>
> 3611 Valley Centre Drive
> San Diego, California 92130
> (858) 350-5792
> fax (858) 481- 1751
> www.p
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/
tools/stkintro.asp
Links exist for both a new and existing installation.
- Original Message -
From: "Walter Wart" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, November 01
New Install
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/
tools/w2knew.asp
Existing Install
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/
tools/w2knew.asp
You might also want to check out cert.org and securityfocus.com as they both
, Intranet and Internet.
Im unsure if anyone has developed this kind of document before, but if
anyone has anything that they feel may help, please pass it on. Can anyone
help?
Thanks
_
CSIRT.WS (Computer Security Incident Response Team
_
CSIRT.WS (Computer Security Incident Response Team - World Site)
97 matches
Mail list logo
