Those of you who have followed my column know that I am a big fan of Linux. In addition to that, my column focuses on the trials and tribulations of getting my employers computing environment out of the Stone Age and rebuilt with security in mind from the get go. All of this while being hamstrung by an almost nonexistent budget. Therefore, a secure, easy-to-install Linux distro with efficient management capabilities would be a welcome addition to my arsenal of free software.

So when I was tasked with finding out a little bit about EnGarde Secure Linux and saw the description on their web site (quote below), I was immediately intrigued with the opportunity of giving it a trial run and letting EH-Net readers know whether or not it is worth their time.

del.icio.us

Discuss in Forums (4)

Editor's Note: Guardian Digital announced the release of EnGarde Secure Community 3.0.18 (Version 3.0, Release 18) on Dec 4, 2007. This release includes many updated packages and bug fixes, some feature enhancements to Guardian Digital WebTool and the SELinux policy, and a few new features. This review was done with a prior release.

Review by Chris Gates, CISSP, CPTS, CEH

If you want to get into security visualization this is the book for you. This book gives you everything you need to get started in the field. You may be asking yourself why you should care or want to be interested in Security Visualization. In Chapter 1 the author sums it up nicely. “Visualizations make abstract data more coherent...In many cases, visualizations seek to display large amounts of information in a compact but useful way.”


Before we get into the review, I'll disclose that I know the author and he gave me a review copy. I don't think this makes it easier for the author to get a good review, in fact, I think it makes it harder because I expect a lot from the author. Its his fault I'm into computer and information security and I have taken courses that he taught, so he had high expectations to meet.

del.icio.us

Discuss in Forums (5)

Free Sample Chapter Available Below - "One Night on my ISP"

In Part 1, Intro to Reverse Engineering - No Assembly Required, we extended the series of coding articles for non-programmers with an area of high interest in the infosec community. We're proud to be able to bring you the highly anticipated follow-up complete with screen shots, sample code and applications. This one is long and detailed, so strap yourselves in for some great educational content.

This paper is designed to outline some essential reverse engineering concepts, tools and techniques - primarily, debuggers and using the debugging process to reverse engineer application functions and algorithms. It is assumed you have knowledge of basic assembly and C programming. An understanding of Win32 programming and API calls is also helpful. This tutorial does not necessarily have to be read in order (although it is strongly advised), as some sections do not contain information that directly relates to subsequent sections. However, if you begin skipping around and find that you have trouble understanding a concept, or feel like you missed an explanation, it would be best to go back to previous sections of the tutorial and read them first.  

del.icio.us

Discuss in Forums (14)

The best offense is a good defense.  This is a very famous phrase most often attributed to football, but it can be applied to many areas of life especially information security.  Diligent patching is a must, but even when done religiously (in conjunction with faithful anti-virus updates), vulnerabilities still exist.  There has never been more of a need for an Intrusion Detection System (IDS) than right now.  Attackers are more skilled and the tools they use more elaborate. We simply can't be everywhere at once and need IDS to be the eyes in the back of our head.

del.icio.us

Discuss in Forums (4)

Last time we went over the C programming language in an introductory article specifically focusing on getting the security professional on the road to coding (or at least the road to understanding). This time around we extend the series of coding articles for non-programmers with an area of high interest in the infosec community, reverse engineering.

This paper is intended as an introduction to reverse engineering for someone who has no experience whatsoever on the subject. You should have some basic knowledge of C programming, and access to a Windows or Linux box (preferably both) using the x86 architecture (i.e., your average computer). No knowledge of assembly code, registers, or the like is assumed, although it helps. The "Introduction" section of the paper is intended for the newcomer who has little or no understanding of what reverse engineering is and may be skipped by those looking for more technical details.

del.icio.us

Discuss in Forums (14)

Editor's Note: We're proud to be able to bring you the first article in this great, new column from Craig Heffner. This column is aimed squarely at those in the InfoSec field who are tired of hearing that you truly can't be a security professional without knowing how to code.

Why even learn to program at all?

Not everyone will have a need to learn programming. I'm sure there are many people who are quite accomplished in the field of computer security and have never written a program. Personally, I constantly find myself modifying programs to add or change their functionality, or just writing my own. And needless to say, if you are going to be doing any type of exploit discovery, you will need some programming knowledge.

Without raising the "to code or not to code" argument, here is the way I look at it: hacking is about controlling a computer and making it do what you want - often when it is not designed to do so. A computer by itself is nothing but a bunch of silicon, wires, and metal. Software controls the computer, and, if you can control software, well...there ya go. :)

del.icio.us

Discuss in Forums (13)

Learn BackTrack Inside & Out
Directly from Mati at ChicagoCon 2008s

The Ethical Hacker Network (EH-Net) proudly releases the only Official Version of BackTrack 2 that not only adds Metasploit 3 to the toolset but is also packaged as a VMware Virtual Appliance. Here are just a few of the features added by the projects lead developer, Mati Aharoni, specifically for the EH-Net Community:

• Metasploit updated to latest svn, all dependencies upgraded
• Added fabs patches for msfgui
• Aircrack-ng updated to 1.0 svn, all dependencies upgraded
• Tcpdump patched (security fix)
• Firefox updated to latest
• Firefox links, favorites and home page
• A few more lib fixes for old nasties in BT2 final

del.icio.us Slashdot It!

Discuss in Forums (30)

For those of you who are not familiar with BackTrack, here's a brief description directly from the project's web site, http://www.remote-exploit.org/:

BackTrack is the result of merging the two innovative penetration testing live linux distributions Auditor and Whax. Backtrack provides a thorough pentesting environment which is bootable via CD, USB or the network (PXE). The tools are arranged in an intuitive manner, and cover most of the attack vectors. Complex environments are simplified, such as automatic Kismet configuration, one click Snort setup, precompiled Metasploit lorcon modules, etc. BackTrack has been dubbed the #1 Security Live CD by Insecure.org, and #32 overall.

Review of Course Offered at ChicagoCon 2009s 

When looking at the hot security topics of the day, penetration testing AKA ethical hacking has got to be near the top of everyone's list. With the onslaught of compliance regulations, this self-testing process is virtually required by law. As with any technical process (even one as sexy as legal hacking for a living), there is bound to be standards, training and, of course, certifications to go along with it. This one is no different. As we all know, a certification is not the end all - be all in the IT world. And as most know, I am fond of saying that a certification is a baseline of knowledge and by no means meant to be an indicator of expert status. But you have to start somewhere.

OK... so I want to be a professional hacker. Where do I start? Who offers this training? With all popular IT fields, there are a multitude of certifications. Which one do I choose? If I have no experience, how do I start? If I have IT experience, where do I jump in? Well, without causing a huge debate, a lot of companies now use the format of sending their staff to a highly regarded training facility with the end goal of attaining some type of certification. Like it or not, that is the reality. A recent US DoD report (Document 8570.01-M) states their intentions to require certifications for security positions. So let's just continue with the assumption that no matter where you end up on your road to becoming a professional penetration tester, training and a certification is likely somewhere in your plans.

del.icio.us

Discuss in Forums (16)