At 02:10 20/04/2000 +0700, **Henky**, has written a message, and here is
the reply :
>http://detik.com/net/2000/04/19/2000419-202322.shtml
>
>Nah kan.....kalau sudah begini masih mau dibilang anak kecil ?!?!
>
>PANGGIL PULANG TUH anak !!!!! Langsung PROSES HUKUM ajalah !!!
laporkan ke FBI saja
Berdasarkan SANS NETWORK SECURITY ROADMAP 1999 yang 'brosur' nya dikirim ke
saya
[tolong disimpan baik baik bagi yang butuh, saya nggak mau ngetik untuk
kedua kalinya]
Where to find the right information
What are some incident response centers ?
Australian Computer Emergency Response Team (AUSCERT)
http://www.auscert.org.au/
email : [EMAIL PROTECTED]
call
+61 7 3365 4417
CERT(sm) Coordination Center
http://www.cert.org/
email: [EMAIL PROTECTED]
call +1 412 268-7090
Defense Information Systems Agency Center for Automated System Security
Incident Support Team (ASSIST, for DoD sites)
http://www.assist.mil/
email : [EMAIL PROTECTED]
call +1 800 357-4231
Federal Computer Incident Response Capability (FEDCIRC)
http://www.fedcirc.gov/
email : [EMAIL PROTECTED]
call +1 888 282-0870
Forum of Incident Response and Security Teams (FIRST)
http://www.first.org
email: [EMAIL PROTECTED]
Federal Bureau of Investigation (FBI) - national Infrastructure Protection
Center (NIPC)
http://www.fbi.gov/nipc/index.htm
email : [EMAIL PROTECTED]
Nearest FBI Field Office can be found at: http://www.fbi.gov/contact/fo/fo.htm
What are some of the good security web sites?
http://www.cerias.purdue.edu/coast/
http://www.telstra.com.au/info/security.html
http://www.nsi.org/compsec.html
http://www.securityportal.com/
http://www.tno.nl/instit/fel/intern/wkinsfec.html
ftp://ftp.porcupine.org/pub/security/index.html
http://www.boran.com/security
http://www.icsa.net
government security web sites:
http://www.itpolicy.gsa.gov
http://www.cit.nih.gov/security.html
http://www.nswc.navy.mil/ISSEC
http://cs-wwww.ncsl.nist.gov
What are some common Internet attack methods in use today ?
Exploitation of vulneribilities in vendor programs (e.g: exploitation of
buffer overruns in SUID programs to obtain root shells)
Exploitation of cgi-bin vulnerabilities.
Email bombing, spamming and relaying through other sites
exploitation of misconfigured anonymous FTP and web servers.
exploitation of named/BIND vulnerabilities.
exploitation of mail transfer agents and mail readers
denial of service (DoS) attacks using various methods
sending hostile code and attack programs as mail attachments
What are some of the frequently targeted UNIX system binaries and directories ?
if you think your site may have been invaded by an intruder, chances are
they tried to replace one of the following system binaries:
/bin/login
/bin/ls
/usr/etc/in.telnetd
/usr/sbin/ifconfig
/usr/etc/in.ftpd
/bin/df
/usr/etc/in.tftpd
/usr/lib/libc.a
/usr/ucb/netstat
/usr/ucb/cc
/bin/ps
Or they may have modified one of these files:
/.rhosts
/var/yp/* (nis maps)
/etc/hosts.equiv
/bin/.rhosts
/etc/passwd
/etc/group
root environment files (.login, .cshrc, .profile, .forward)
intruders often hide their files using hidden directories in: /tmp,
/var/tmp, /etc/tmp, /usr/spool, and /usr/lib/cron
common ones are "..." or "..(space)" or "..(backspace".
*locations may vary on different versions of UNIX
What are some common security problems that continue to plague many sites ?
* sites do not dedicate staff or sufficient resources to improve and
maintain network and information security.
* support personnel does not have the necessary upper management support or
the authority to deploy approriate security measures.
* sites do not install vendor patches for known security problems
* sites do not monitor (e.g., use Intrusion Detection Systems), or restrict
network access to their internal hosts
* sites do not use sufficient authentication and authorization systems for
remote access (e.g., unencrypted telnet access from the internet)
* sites do not implement or enforce procedures and standards when
installing new devices on their network
* sites still place too much emphasis on "security through obscurity"
* sites do not use host and network based auditing and intrusion detection
tools.
What types of security tools might best fit your needs and what are the
most popular tools in use today ?
host based auditing tools: COPS, NCRP, crack, tiger, Tripwire, logcheck,
tklogger, safesuite, netsodar, lsof, LTAuditor, eNTrax , NOSAdmin
Network traffic analysus & intrusion detection tools: tcpdump, synsniff,
NetRanger, NOCOL, NFR, RealSecure, Shadow
Security Management and Imrprovement Tools: crack, localmail, smrsh,
logdaemon, npasswd, op, passwd+ S4-kit, sfingerd, sudo, swatch, watcher,
wuftpd, LPRng, Kane Security Analyst, Enterprise Security Manager,
Enterprise Administrator
Firewall, Proxy and Filtering Tools: fwtk, ipfilter, ipfirewall, portmap
v3, SOCKS , tcp_wrappers, smpad
Network Based Auditing Tools: nmap, nessus, SATAN, Safesuite
Encryption Tools: md5, md5check, PHP, rpem, UFC-Crypt, Tripwire, rpm -v
One Time Password Tools: OPIE, S/Key
Secure Remote Access and Authorization Tools: RADIUS, TACACS+, SSL, SSH,
Kerberos
[udah segini dulu, cape sih nulisnya]
>
>
>
>Henky
>-= Pernah jadi korban =-
cek dong dari log, dari IP mana.
-------
AFLHI 058009990407128029/089802---(102598//991024)
- Kirim bunga untuk handaitaulan & relasi di jakarta www.indokado.com
To unsubscribe, e-mail : [EMAIL PROTECTED]
To subscribe, e-mail : [EMAIL PROTECTED]
Netika BerInternet : [EMAIL PROTECTED]
