Posts

Showing posts from March, 2003

Review of Special Ops: Host and Network Security for Microsoft, UNIX, and Oracle Posted

Amazon.com just posted my five star review of Special Ops: Host and Network Security for Microsoft, UNIX, and Oracle . From the review: "Special Ops" is one of the most useful security books I've read -- and my library includes 92 titles acquired since 2000. "Special Ops" is not "Hacking Exposed" with a white-and-camouflage cover. While the "Hacking Exposed" series is more assessment- and enumeration-centric, "Special Ops" spends more time on proper installation and deployment of services and applications. Most usefully, "Special Ops" succinctly and powerfully addresses topics neglected by other security books.

Melissa Virus Four Year Anniversary

Four years ago today the Melissa virus caused lots of headaches and early morning calls. My then-fiance and I were getting photos taken when I received an "all officers" call. I spent the rest of the weekend at the AFCERT dealing with the virus. That event prompted our unit to establish a full-time anti-virus crew. My friend Stephen Northcutt of SANS fame reviews items for Amazon.com too. I was pleased to see he wasn't thrilled by the second edition of Firewalls and Internet Security , either.

Bejtlich Speaking at SANS NIAL 2003

While perusing the SANS site, I learned I will be speaking at the SANS National Information Assurance Leadership Conference at 1600 on 21 Jul 03. I was invited to speak but hadn't heard from anyone in authority. See you there?

CerbNG FreeBSD Kernel Module

This FreeBSD Forums post describes CerbNG , described thus: CerbNG is a kernel module for FreeBSD version 4.x (5.x version soon to come). Our main purpose is providing the administrator with tools for enforcing fine grained control for critical system applications/processes/environments, i.e. privileged daemons (not only those running with uid 0), and setuid programs. It appears TrustedBSD is already working on these sorts of topics, so we'll have to see how the community uses these tools.

Article on New AFNOSC

I just read an article describing the "new" Air Force Network Operations and Security Center (AFNOSC) at Barksdale AFB . I first heard about this concept three years ago when I was a captain in the AFCERT. Don't let the SSL certificate scare you -- I don't know why the Air Force Communications Agency feels the need to encrypt its Intercom newsletter!

Review of Firewalls and Internet Security, 2nd Ed Posted

Amazon.com just posted my three star review of Firewalls and Internet Security, 2nd Ed. From the review: I wish I could give "Firewalls and Internet Security, 2nd Edition" (FAIS:2E) more stars. I eagerly awaited the next edition of this security classic with the rest of the community. However, like many sequels, it fails to live up to expectations. Nine years ago the first edition was revolutionary. In 2003, despite the addition of skilled practitioner Avi Rubin, the authors make few original contributions to the security scene.

Vulnerability in IIS 5.0

Microsoft just posted details on a new vulnerability in IIS 5.0 . It exploits a buffer overflow condition in the part of the ntdll.dll component called by WebDAV . Read Microsoft's advisory to learn about patches and workarounds. The ISS X-Force advisory is helpful.

Review of Hacking Exposed: Linux, 2nd Ed Posted

Amazon.com just posted my five start review of Hacking Exposed: Linux, 2nd Ed. . From the review: I'm a big fan of the Hacking Exposed style of writing. All offensive theory is backed up by command line examples, followed by defensive countermeasures. Hacking Exposed: Linux, 2nd Ed (HE:L2E) follows this tradition, updating the content of the first edition and adding 200 pages of new content. Although I reviewed the first edition in Sep 01, reading the second edition reminded me of the challenges posed by securely configuring and deploying Linux systems.

Network Security Monitoring Case Study in Hacking Exposed, 4th Ed

The fourth edition of Hacking Exposed features a case study I wrote. It's called "Network Security Monitoring." You can see it in the table of contents , pages 2-7.