Sunday, April 29

SANS Vegas, Baby!

I am 99% sure I am going to SANS Network Security 2007 in fabulous Las Vegas. This year, the event runs from September 22 through the 30th. Read more about the event here.

No gambling or strip clubs --- just nerds, SANS and $26 Vegas buffets. I love nerd vacations.

Please send me an email if you plan on attending.

-Steve

News from Steveland

Lots of new and exciting things occurring in Steveland.


1. Even though I finished my degree months ago, I will finally receive my piece of paper for my MS in Information Assurance.
2. I have my OSCP exam coming up soon. Time to own or be owned.
3. I just began a new chapter in my information assurance career --- writing technical security course ware. I am thrilled to be a part of this opportunity. Unfortunately, I can not share the details at the point in time. Our time line for course completion is roughly six months.

-Steve

Friday, April 27

A great piece on VM Security

Should you care, take a look at this PDF on virtual machine detecting and security by Tom Liston and Ed Skoudis. This presentation has been around for awhile, however, it is worth the read.

One area of interest is the VMware's communication channel, which is used for:
  • shared clip board
  • file sharing
  • time sync
... the interesting thing, per this document, VMware uses a hard-coded value to authenticate to the command channel. It is always the same value.

Another interesting item is a deeper look at the guest's .vmx file. Just as one would add or remove items on a new server, the same holds true for a guest VM. In this case you would augment the settings within the .vmx file to limit the ability to fingerprint a VM (page 23).

Read the PDF here.

Friday, April 6

Secunia Software Inspector

I wanted to share a tool, created by Secunia, called Software Inspector. In short, it will scan your workstation or server and provide a patch level / vulnerability report.

Per their site:
The Secunia Software Inspector will inspect your operating system and software for insecure versions and missing security updates. A default inspection normally lasts 5-40 seconds, while a thorough inspection may take several minutes. Note: If you have anti-virus software or similar enabled, an inspection may increase significantly in duration.

This is a great tool for:

1. a quick verification of an imaged (or re-imaged) workstation or server.
2. establishing a quick baseline (or does your baseline need to be updated?)
3. a simple first step to hardening a development, security, or customer workstation / laptop.

Access the tool here. Tested on Windows only.

Remember to check the "Enable thorough ..." check box, as shown below.

RFP template from Foundstone

I was out playing on the Foundstone site for free security tools and found something quite nice. They were kind enough to provide a link to a RFP template. This might not seem all that exciting, however, it is much better than creating the damn thing from scratch. It might save you some time in the future.