I’ll be drawing up a diagram either tonight or tomorrow, or when I’m done with the network, but essentially what I am going to do is build a pfSense box out of the old P3 550 box, and run two switches on two separate NICs which will be appropriately designated in the software so there is as little chance as possible of crossover.

If you run a Wordpress blog and haven’t removed the code in footer.php which displays the version of wordpress you’re on, I would suggest doing so.  It’s a little security by obscurity-ish, but it’s one more small barrier against common vulnerabilities you may be passed over on if the attacker doesn’t know what version you’re on.

Thursday afternoon I ended up going into the hospital again for more post-tonsillectomy bleeding. It wasn’t as bad as it was on Monday but I still had to go under and they put another stitch in, along with the cauterization. I went from having 0 surgeries in my life to 3, all in the last 2 weeks. Hopefully this last one actually fixed the problem, but from what I am told the bleeding is purely random.

I picked up a couple more flash drives to replace the cheap ones I lost. A Patriot 8GB and a Sandisk 4GB (with U3). I was playing around with the U3 apps on Thursday before I had to abruptly head into the emergency room. I’ll be doing more of that today, and also fooling around with the Windows Server 2008 installation I did on a partition on my T61p. I used the guide at http://www.win2008workstation.com/wordpress/ to convert the install into a workstation with the full Aero experience along with wireless network connectivity. I haven’t created a virtual machine using the Hyper-V beta yet, but I did enable it, and will be doing that today.

I went awhile without an update. The Ubuntu article before this was actually written about a week ago, but I had not gotten a chance to get on and publish it, and did end up publishing it a little incomplete, which is why I am going to do another update in a few weeks on Ubuntu.

The past two weeks have been pretty busy for me, both professionally and personally. I’ve been studying for Linux+, GCIH, CISSP, and now CEH. The basic plan is to have CEH and GCIH done by the end of next week if I hear back from EC-Council soon enough. I’m also looking at switching to AMU from Strayer because I feel their program will be a better fit for me.

I did a little packet analysis at home the other night for someone in an IRC room I frequent. A sysadmin from a university came in and was having trouble identifying some traffic on his network. A quick check of the pcap file that he sent me revealed it was simply CUPS traffic, whether or not it was authorized was another story since he did not appear to know what CUPS was, but did mention that his network had both Windows and Linux workstations. It was fun in any case.

Among the many projects I have, is a desire to setup another computer dedicated to running some virtualized servers in VMware Server, probably a bunch of Ubuntu LAMP setups from their server cd. The idea would be to go a route similar to how LSO (learnsecurityonline.com) does their capture the flag contests. Perhaps I will email them and ask how they set their boxes up, whether it is in a VM or not.

Day Two was more about DC than it was Shmoocon. We managed to hit up some of the presentations while also making sure to visit with the various vendors and talk with some real security gurus at the same time.

Unlike the first day, this was more about one presentation for me than any of the others.

Read more »

I’d like to point out some of the places I go at least once or twice a week in order to stay current in the network security field.

Official/Semi-Official channels:

The SANS Internet Storm Center (ISC):  http://isc.sans.org

Secunia:  http://secunia.com

SecurityFocus:  http://www.securityfocus.com

US-CERT Current Activity page:  http://www.us-cert.gov/current/current_activity.html

Unofficial:

Slashdot:  http://slashdot.org

Google News (Sci/Tech and Business):  http://news.google.com

InfoSecNews Mailing List:  http://www.infosecnews.org

Hi folks,

I’m Chris, as you probably have already figured out. After a number of different attempts at getting a website up that I actually liked, I’ve settled on what you see here now. It is still undergoing a bit of tweaking, but should be fully up to standards here in the next few days.

This is going to be my semi-professional line of communication to anyone interested in hearing what I have to say, and who are or want to be a part of my network. There will be more information along this line in the About section of the site eventually, so I don’t need to expand too deeply on what this whole thing is about.

I hope you learn something from me, and I hope I can learn something from you too.

Recently I have been taking various training courses and tests covering different aspects of computing and network security.  I’d like to share some of my experience and opinions here.

Brainbench:  I took the free Computer Forensics, and Network Security tests they offered.  These were fairly comprehensive tests, and I thought they gave me a pretty decent representation of my knowledge.  As far as the applicability of the tests though, there does not appear to be very much merit as far as a bullet on your resume, so I would reccomend these purely for self-assessment purposes.

SANS:  In prepration for the GSEC test I have taken the practice exams, and they seem to be pretty much what they are advertised to be, not quite as difficult as the real thing, but definitely required knowledge of the material.  I feel more confident in taking my test after taking these practice exams.

CERT VTE:  I completed the Forensic Specialist course on here, and while there is no test, the sheer volume of information is staggering.  There are also extremely detailed labs available which actually put you into virtual machine and let you accomplish a set of tasks.  Absolutely wonderful stuff.

A news item from SANS today.  Those of you running Sun Java JRE may want to ensure you are removing old versions upon upgrading, as any Java applet can go ahead and request what version of JRE it wants, making your upgrade effort for naught.  The diary entry includes links to install/uninstall instructions.

Also over at SecurityFocus there is an interview with Bill Cheswick, who started the Internet Mapping Project which eventually evolved into software for mapping corporate and government networks.  It’s a very good read, touching on firewalling, logging, NIDS, IPS, how to fight DDOS attacks, and the future of BGP/DNS.

I will be upgrading to Wordpress 2.1 sometime Wed or Thurs, as I mentioned in yesterday’s entry.

A hectic schedule and general lack of manpower has kept me from updating this as often as i’d like.

Instead of a spare time sort of hobby project, this got shuffled around behind the scenes, and gave birth to another project.  We are starting an actual company to offer our services, although this website may undergo some alterations in order to feed off of that.  I believe this will become a sort of voice of the company into the general populace of the security focused individuals on the web.

More will be announced soon, the company we are starting will be primarily focused on data recovery, network penetration/vulnerability scanning, and forensics to a degree.  However, we will also offer the usual services you might find at Geek Squad or what not, just on more of a footnote basis.  The primary focus will be providing businesses enterprise solutions for the aforementioned.

The website is http://www.digifixsolutions.com and will serve as our banner to the world.  Advertising will ramp up in the real world, with some being devoted to online solutions.  Hopefully we will be successfull in our endeavour.

It’s been awhile since we posted anything here. Things have been busy in my personal life, and I haven’t had time to sit down and work on much.

I am looking for ideas as far as methods and concepts for Intrusion Detection go. Right now my short-term project is to finish building a few servers with parts I have laying around and setup a small network to test out various concepts on, as well as forensics.

Another thing i’m trying to get started on is something that allows easier tracking of events stemming from an alarm on the IDS.

Is there a way to self-train in forensics without spending a couple firstborn children on Encase?

-Chris