Thursday, November 30

(IN)SECURE

Check out the new December edition of (IN)SECURE magazine.

Friday, November 17

From www.security-forums.com

I thought I would post a reply I made to www.security-forums.com. A poster wanted to know how he, a programmer, could go about getting into security.

Link to my post at www.security-forums.com
Registration required, I know. Dumb.

Hello,

Use your background as a web programmer to boost your chance to get into infosec. Start looking into application security, something like owasp. I would also recommend you also shore up any weakness in networking or systems administration.

Pass. Pass on the hype. As far as certs, pass on the CISSP - that is a management cert. You are not ready for it anyway. The CISSP is a management-centered cert for people with 4 years direct, full time security experience. I recognize this cert blows the doors off the HR dept door. I am not addressing this amazingly confusing fact in this post.

Read. Read blogs, read books, just read. Make best efforts to learn while reading.

Here are some of my favorites

*Protect Your Windows Network

*The TAO of Network Security Monitoring

*Inside Network Perimeter Security

*Malware: Fighting Malicious Code

*Counter Hack Reloaded

Volunteer. Find a church, school, a not for profit, or a networked dumpster that might let you help. Maybe they need some help rolling out a new AV solution, maybe they do not have one, and maybe their only server sits under a sprinkler head – who knows. Who cares?!? You do! Help them, make something better, and build your experience.

Build a lab. Learn VMware. Understand the value of a good lab. Get access to some networking equipment. Do not forget to download your favorite ISO files from the newest *.nix distro. Download / Burn / Install or if using VMware, download the distro, mount it under “use ISO Image” and boot away. Simple.

Team Up. Find someone who will have nerd-night with you. Nerd night is your officially allocated learning time, with someone who has similar interests. Build that VM server, test running IE as an unprivileged account using psexec and visit a bunch a bad sites and scan for malware …. This is something I will be testing soon, for no real reason.

Get your degree. If you do not have your BS, go get it. View the "centers of academic excellence" of the NSA. Google on it. I am working on my masters in information assurance / network security at Capitol College.

Meet people. Want to learn more and meet others in the industry? Search for local 2600 or ISSA groups. If nothing is available or if those groups do not meet your needs, start your own group. I started IndySec -> Indysec.blogspot.com

Do not quit. I put a lot of time, money, and effort to get my position in Infosec. I failed several times to land a position in Infosec. I could have quit and not swallowed my pride to try again, but then I would not have a rewarding career.

Who am I? I am a simple person that works hard.
I understand I have a lot to learn. I am also somewhat of a newbie to Infosec.

Know your goals, do your best, when unsure – ask someone who knows, and never quit.

Saturday, November 11

Google Chat

I use gmail and enjoy their in-browser chat client. In case you don't already know, that communication is in clear text ... sniff sniff.


A quick solution is to add an "s" to your url string (nothing new here).
httpS://mail.google.com/

When I have more time I will take a look at the cookie that's set by gmail chat and the related communication / reference. During a quick test last night, Wireshark complained about some of the captured traffic not being compliant ... more to come.

Friday, November 10

NIST

NIST has a new draft on Intrusion Detection titled: "Guide to Intrusion Detection and Prevention Systems".

Here is a link to the PDF.

I have *not* had a chance to read the entire paper, however I did find Appendix C very interesting.

Snip:
The lists below provide examples of tools and resources that may be helpful.
Print Resources
  1. Bace, Rebecca, Intrusion Detection, Macmillan Technical Publishing, 2000.
  2. Bejtlich, Richard, Extrusion Detection, Addison-Wesley, 2005.
  3. Bejtlich, Richard, The Tao of Network Security Monitoring: Beyond Intrusion Detection, Addison-Wesley, 2004.
  4. Crothers, Tim, Implementing Intrusion Detection Systems: A Hands-On Guide for Securing the Network, 2002.
  5. Endorf, Carl et al, Intrusion Detection and Prevention, McGraw-Hill Osborne Media, 2003.
  6. Kruegel, Chris et al, Intrusion Detection and Correlation: Challenges and Solutions, Springer, 2004.
  7. Nazario, Jose, Defense and Detection Strategies Against Internet Worms, Artech House Publishers, 2003.
  8. Northcutt, Stephen and Novak, Judy, Network Intrusion Detection: An Analyst’s Handbook, Third Edition, New Riders, 2003.
  9. Rash, Michael et al, Intrusion Prevention and Active Response: Deployment Network and Host IPS, Syngress, 2005.
It is interesting to see who did and did not make the list. I would have added a few others, however I am not NIST. Additionally, I found this publication to be more of a management overview as opposed to a technical document. Better off reading number 2 and 3 from the above list IMO.

IndySec 2

IndySec 2 is next Thursday, November 16th @ 6:30PM

IndySec 2 Blog Link