Thursday, September 30, 2010
Risk Homeostasis as Applied to Information Security.
Wednesday, September 15, 2010
I've seen the Vulnerability...and it is us!!!!
Hi, while I was in San Francisco at the RSA conference, and while attending a lot of sessions I have begun to develop many thoughts that apply to my day job and can be abstracted further and applied to Information Security so here is the first.
I've seen the vulnerability in the system and it is us.
What do I mean by this? Simply Our own internal divisions, politics, agenda's, and Silo's create a vast and gaping vulnerability that can be and is being exploited or used against us. These divisions create gaps and blind spots that we either can't see or choose not to see common vulnerabilities that surround us.
Tuesday, August 31, 2010
Username | Password | Estimated time for a desktop PC to crack | Actual crack time | Type of attack |
G1 | password | common (It would be cracked almost instantly) | 32 sec | Cryptographic analysis |
G2 | Password | common (It would be cracked almost instantly) | 7 sec | Dictionary Attack |
G3 | password1 | About 117 days | 7 sec | Dictionary Attack |
G4 | password12 | About 11 years | 7 sec | Dictionary Attack |
G5 | password123 | About 417 years | 22 sec | Cryptographic analysis |
G6 | password1234 | About 15 thousand years | 26 sec | Cryptographic analysis |
G7 | About 6 days | 7 sec | Dictionary Attack | |
G8 | About 3 years | 67 sec | Cryptographic analysis | |
G9 | About 237 years | 7 sec | Dictionary Attack | |
G10 | About 17 thousand years | 7 sec | Dictionary Attack | |
G11 | About a million years | 7 sec | Dictionary Attack | |
G12 | P@ssw0rd1234 | About 100 million years | 7 sec | Dictionary Attack |
|
Friday, February 13, 2009
February 13, 2009
Hewlett Packard recently released a new security patch to fix an authentication bypass vulnerability in specific network printers. This write up is to serve as a reminder of the importance of securing network printers in general. Network printers are frequently overlooked when securing office networks; sometimes left with default configurations and not patched, they represent a risk to the office network environment.
Network based printers are much more than just a print device. They typically have full operating systems, hard drives, and a full complement of communication services. Built-in services such as ftp, tftp, e-mail, web server, and snmp are increasingly the target of choice for hackers wanting to remain undetected and to gain a foothold in the office network. Because network printer devices are frequently left unsecured with default passwords and utilizing factory default settings they are easy targets.
Example attacks against printers include bridging between networks (i.e wireless to LAN or vice-versa), sniffing network traffic to steal sensitive data, redirection and spoofing of network traffic, malware distribution and email spam generation.
Applicable Devices:
All network printing devices, multifunction copiers, and network based fax machines.
Recommendations:
The following are some basic recommendations for printer security in all environments.
· Keep printers up-to-date with latest firmware releases
· Change the default passwords and settings
· Turn off unnecessary services and features
· Consider requiring authentication to print and to use other services (particularly with multifunction devices)
· If available, encrypt the printer’s hard disk
· Include printers in periodic vulnerability assessments of office networks
· Use appropriate network segmentation, ensuring that printers are separated from networks with critical services
· Use printer accounting features and review logs regularly
· When disposing of printers wipe the hard disk drive
References:
It's Not Exciting, but Neglecting Printer Security is Dangerous:
http://www.itbusinessedge.com/cm/blogs/weinschenk/its-not-exciting-but-neglecting-printer-security-is-dangerous/?cs=13617
Certain HP LaserJet Printers, HP Color LaserJet Printers, and HP Digital Senders, Remote Unauthorized Access to Files:
http://h20000.www2hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01623905
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4419
Highlighting Printer Security Issues:
http://www.itworld.com/071101networking
Monday, February 9, 2009
Widley used open source incident response and forensic tool goes comercial
One of the live CD incident response and forensic tools which is widely used in the Information Security Industry and one that I have been using for quite some time has gone commercial. Helix from e-fence has been an open source platform since it inception, however, they have announced a new model where by users subscribe to their forum for $14.95 /month for their base model.
A little digging has uncovered a site that is still distributing Helix2008 R1 get it while you can there most certainly will be no more public releases of this platform. The Forensics and Incident response communities do have other viable options but, none to date have been maintained as well or as robust in their tool sets for tasks related to forensics and incident response.
Thursday, December 11, 2008
Time is Approaching
I've been spending some time lately preparing for my upcoming presentation on Dec. 17. my presentation title "Is Your Data Exposed". Items I'll be discussing include: do your business needs create liabilities/vulnerabilities/opportunities, Change and Configuration management, when security products fail you, and of course a few demonstrations. There will be a lot to get in in such a short time.
Who:
IIA (Institute of Internal Auditors - Salem Chapter)
What:
"Is Your Data Exposed"
When:
Wed. Dec 17 11:30am - 1pm
Where:
J James (Salem, OR)
For E-Discovery, Forensic Analysis, Vulnerability Assessment, or Incident Response Services in Salem, Corvallis, or Albany Oregon Check out my website: www.infosecuritypro.com
Friday, November 14, 2008
Presentation
I have been asked by the "The Institute of Internal Auditors" to give a presentation on Information Security. The Tittle of my presentation "Is Your Data Exposed" will focus on ways in which data is quickly compromised through outdated methodologies and antiquated protections. The date is Wednesday, Dec 17, 2008, 11:45 - 1:00pm. Save the date.