|
EH-Net
|
|
May 22, 2013, 04:47:44 PM
|
 Show Posts
|
|
Pages: 1 ... 34 35 [36] 37
|
|
526
|
Resources / Tools / Re: Metasploit Anti-Forensic Investigation Arsenal (MAFIA)
|
on: May 12, 2010, 10:25:36 AM
|
These tools are really for an insider threat or an attacker that has been on your system for a while and want to make life a real mess. I don't see a normal attacker deploying these tools. Why would they bother?
I don't know how you interpret these tools to be for an insider or an attacker that has been around for a while. Quite the contrary if someone has been on your machine for some time. They DON'T want to sound off alarms or raise any red flags so the chances of them "stooping this low" would be viewed in my opinion as amateur. Borrowing from the overhyped Google (APT), Aurora attacks... The attackers took very cautious steps and remained inside of systems (supposedly) for quite some time undetected. I can assure you they didn't run around changing any time stamps. As Ketchup stated, changing the time stamps in fact in my opinion leads an investigator to stop relying solely on automated tools (EnCase, FTK, etc.) and actually perform more in-depth tasks to determine what occurred. There is a little known slash little talked about portion of many investigators who've often solely relied on the output from their automated tools only to come back getting burned because they overlooked something. Checksumming is key here and for those who haven't done any form of HIDS, I suggest getting familiar with doing so with writing output to an extremely protected box. It makes things *THAT* much simpler to recreate. Now from my POV... The part that would cripple any forensics investigation would be the use of crypto. Sure one can try the bruteforce approach but in the recent case of an attacker who encrypted data and held it for ransom ( http://www.healthleadersmedia.com/content/TEC-232554/Hacker-Holding-Virginia-Health-Records-for-10-million-Ransom.html) this poses a huge dent for anyone doing incident response, forensics, etc. There is little to be done other than hope you have as recent as possible a backup. Outside of rubber hose crypto ( http://en.wikipedia.org/wiki/Rubber-hose_cryptanalysis) you're hit. |
|
|
|
|
527
|
Ethical Hacking Discussions and Related Certifications / General Certification / Re: NYC Hack-a-thon
|
on: May 11, 2010, 03:20:58 PM
|
Well that was sent to me via the OWASP mailing list... At second glance it's not a "hacker" event in this forum's sense. More like a developer's (hacker) event. However, I wonder if I created an API to utilize Facebook's, Yahoo's, etc's, networks to instantly DoS a target upon a registration would it qualify for something... Say make an automated call to support some charity upon their registration would it qualify... Think about it, how many shows like say American Idol have those call in competitions... "You're So Silly API - Automagically enters you into a Depends for a Year contest" ( http://www.us.depend.com/) I'm sure these companies wouldn't want 'hackers' (non programmers/developers) at this particular event |
|
|
|
|
528
|
Resources / Tools / Re: OpenDLP - data loss prevention tool
|
on: May 11, 2010, 02:57:17 PM
|
You mean if I pay somebody else to support their own product, I don't have to always know everything about everything 24/7/365?
Somebody should tell my boss this.
Absolutely  Open Source is good for a lot of things. I use ZenOSS, OSSIM, Nagios, etc., constantly but I'm (I'd like to think) versed enough to diagnose what's going on when I have to. In an enterprise environment, there is often going to be instances one would need find equally versed administrators and engineers to maintain these applications. I can tell you firsthand you don't want to run into legacy things where support is non-existent. Costs you more in the long run. This is an altogether different argument I've seen and discussed before (FOSS vs. Pay for Play). At the end of the day, you would actually lose so much money migrating people away from MS Office for Open Office. For starters there is the training involved. At the enterprise level you're looking at potentially hundreds of thousands in lost money via lost hours because people would be learning as opposed to actually doing something productive. On the other hand, you're free from licenses... So what. So you spend say $100,000.00 in licensing costs for the year... Steep price? Is it a steeper price to pay when you lost say a $1,000,000.00 account because someone consistently forgets to " SAVE AS" for Windows compatibility? Sure its nice to get stuff for "free" (if you will) but there is almost always another unforseen cost. |
|
|
|
|
529
|
Ethical Hacking Discussions and Related Certifications / General Certification / NYC Hack-a-thon
|
on: May 11, 2010, 02:31:14 PM
|
Don, didn't know where to place this... If you want to move it to the appropriate location...We wanted to let you know about an upcoming hack event in your part of the world. Disrupt Hack Day ( http://disrupt.techcrunch.com/hackathon/ ) takes place May 22-23 in New York City. It will be a marathon session of hacking over Saturday night. The event is free and is being held over the weekend before the TechCrunch Disrupt conference. Although this is not a Yahoo! event, Yahoo! hackers will be participating and we hope you can join us. The Hack Day will mix 200 hackers, coders, developers and hardware geeks, with a whole lot of Red Bull and pizza, then let it all ferment overnight. Projects will be shown on stage on Sunday, and a variety of awards will be given. If you finish and present a project you’ll get into the main Disrupt conference for free (saving you $3,000). All the top hackers and projects will be covered by TechCrunch and other attending media. Participants can build whatever they’d like using publicly available APIs. After a judging round on Sunday, the judges’ favorite hacks will present during Disrupt alongside top startups, in front of the entire Disrupt event audience of 2,000 people on Wednesday, May 26. TechCrunch is a Technorati Top 5 blog that profiles startups, products and websites, it has over 4.5 million RSS subscribers. TechCrunch Disrupt is a three-day conference and startup competition. Attendees will meet the people behind the new startups, new products and new technologies driving disruption today. Startups go head to head to show their stuff and impress the audience and a panel of experts over multiple rounds of competition. Everyone gets stage time, but only one startup will take home a $50,000 top prize. Hack Day Info and Application: http://disrupt.techcrunch.com/hackathon/
|
|
|
|
|
530
|
Resources / Tools / Re: OpenDLP - data loss prevention tool
|
on: May 11, 2010, 02:20:05 PM
|
Nice find! I am actually in the process of looking for a DLP solution. Unfortunately the costs are extremely high (not compared to the fines that could be subjected if data was to leak) for the devices. I would definately need the "Future Plans" of...Perform real-time monitoring of PCs' network cards to report outbound sensitive data. That to me is a key feature for what I need it to do.
You know what's funny... I was at an 'organization' meeting last year, someone was talking of DLP and managed keys ( www.voltage.com) and I'm sitting and listening and I was 1) bored to be there 2) listening to a bunch of marketing nonsense 3) confused as to the end game... So you go out and purchase your fine piece of DLP (I use Oracle's IRM Desktop), disable USB connections, remove DVD burners, throw a machine into C2 mode. Removing printing, copy and paste functionalities, heck even remove the ethernet card why don't ya... This makes you ... How secure? Sure, to a certain degree, but it doesn't stop me from coming to work with my cellular equipped with a camera and taking snapshots. ... Alright, so we no throw in policies: "Thou shall not bring thy cellular to work..." Sometimes it gets so boring and cumbersome. Onto the ramblings I have about the Open Source model of OpenDLP" How many people here have seen some really cool, creative and useful open source tools throughout the years raise your hands!" me, me, me! ... "How many people here have seen some really cool, creative and useful open source tools go the way of the dinosaur when the developer gets bored, egos collide and now you're stuck in limbo raise your hands!" ... me, me, me... This (OpenDLP) for the enterprise is not something I would even play with. Small office under say 25, sure... When Murphy and his laws take over, I want support on the phone. Not having to jump on irc.freenode or a mailing list. Its a nice thought, project, work in progress whatever you'd want to call it, but I'd rather pay to sleep at the end of the day. |
|
|
|
|
531
|
Resources / Tools / Re: Metasploit Anti-Forensic Investigation Arsenal (MAFIA)
|
on: May 11, 2010, 01:51:51 PM
|
That's nothing that Samhain or any other HIDS can't protect against. As for anti-forensics on *nix, you don't need to introduce foreign programs which can trigger alarms, you can simply use the touch command to modify access, modification times. The issue with most antiforensic software it the cost increases as the analysis takes longer. However, antiforensics also conveys the sense that someone didn't quite know how to get in and out undetected so they instead tried to sabotage the entire system. " Evidence becomes so circumstantial, so difficult to have confidence in, that it's useless. " ( http://tinyurl.com/CSOAntiForensics) Countering with say Aide, Samhain, etc. with logs being written to another machine makes antiforensics useless as one can go back and recreate what's what. I started writing a program years back to counter a lot of this including the potential of hash collisions: http://www.infiltrated.net/scripts/saki.html I quickly got bored with the concept when I at the same time - wrote a heuristic based backdoor for Linux to counter myself and all of my hashing based on poisoning. |
|
|
|
|
532
|
Ethical Hacking Discussions and Related Certifications / Network Pen Testing / Re: Pentesting Server
|
on: May 11, 2010, 09:22:13 AM
|
No, i've been there with the it-consultant in charge, which i did some work for setting up SMB networks.
"Fiddling" with production servers is up until now just information gathering
Im asking on this forum to learn, not get criticized.
Im just looking for constructive criticism to learn, thats all.
So again, getting back to the previous comments made by others and myself: If you've been there AND HAVE done work for them, then why would you ask what kind of server are you hitting (is it Windows or is it a firewall?) "Fiddling" with production servers doesn't seem like something a company would tolerate unless they don't mind potentially losing business. So nothing you can add makes much sense. Most companies allowing security testing to be done almost ALWAYS 1) ask for business references 2) look for insurance policies, etc., so unless the principals of the company you're testing are 1) insane 2) completely void of understanding risk 3) eye dee 10 tees it smells fishy as heck period. If you're looking to learn is one thing. Looking to learn on a production server is outright stupidity and anyone allowing it should not be working on that server either. My PROFESSIONAL two cents. (Not that anyone's asked). Back to the learning curve. If you're truly just curious, stay away from potentially taking out a server as it seems (and I mean this constructively) you don't know enough to avoid causing potential harm to a production environment. I've performed quite a few pentests and have recurring companies on a quarterly basis. I can tell you firsthand the last thing you want to do is cause a potential outage. For those stating: "mimic the network with VMWare" while it may be a theoretical approach, one can't know about the patch levels on a machine in order to mimic it. The patch levels, the configurations, the user account/group configurations, etc to make it a feasbile test. You'd be pentesting nothing more than your own VMWare image, not a mirror of a target. Jonas, I suggest you focus on learning OUTSIDE of production servers. Since you seem to still be learning, explain to this 'company' that 'allowed' you to tinker with their servers that you don't want to potentially damage their business by possibly bringing down a production server. Be honest with them: "I'm learning and there is a risk by allowing me to tinker that I can bring down (DoS) your server inadvertently." They'll appreciate you more than finding out by you fiddling you cost them money. |
|
|
|
|
533
|
Ethical Hacking Discussions and Related Certifications / Network Pen Testing / Re: Pentesting Server
|
on: May 10, 2010, 10:21:15 PM
|
If i wasnt at school (in another country) i would jump in the car cracking the wep encryption they are still using, and then its pretty straight forward =)
For starters, you state go to school but your pentesting a server for a company in another country. So how would you even know what type of wireless encryption they're using? Sounds pretty fishy if you ask me. Hey if you can get the work more power to you but I can't think of a reputable company that would allow a student to fiddle with production servers. Secondly, your writing leads me to believe you're very inexperienced. A pentest - remotely - is usually an indication of a grey hat / black hat test most likely a blackhat since you have no idea what you're targeting (is it Windows or is it Fortinet). With that said, a blackhat is a blackhat is a blackhat. Brute forcing would be optimal way to go on THAT machine. There are alternative mechanisms to allow for non-noisy brute forcing with timing variables. Chances are (I would hope), whomever configured the Fortinet, configured it to solely allow trusted sites to SSH in so unless you can even ATTEMPT ONCE to log in, your SOL. In that case I would... Not go further into telling you what I would do because as stated, some things in your initial post just don't add up. |
|
|
|
|
534
|
Ethical Hacking Discussions and Related Certifications / Other / Re: Do you think media is responsible for misinterpreting the word hacking or hacker
|
on: May 08, 2010, 12:34:57 PM
|
Whenever I or our community (local security and hacking community) come across people using hacking or hacker in negative sense, we always raised our voice stating that hacking is not illegal. It is all about understanding how systems work.
The medias job is to report news and if you haven't noticed within the last decade or two, news has to be sensational in order to grab attention so that news media agencies can create revenue. If you saw the following two headlines, which do you think would be read first: Malicious Cracker infiltrates banking network Hackers hack into banking network Its all a matter of interpretation. Many tech journalist know the differences in a hacker and a cracker but at the end of the day, its all semantics. Would you call Alberto Gonzalez a hacker or a cracker. At the end of the day, him as a cracker HACKED into TJX. Either way you cut it, none are truly wrong. Let's take an alternative view of headline: "Marine Sniper Controls Attackers in Baghdad" versus "Marine Sniper Assasinates Attackers In Baghdad" or "Enhanced Interrogation" versus "Torture" It's all a matter of interpretation and the effect the media is seeking versus their intended audience. Do you blame the media? For what, their true underlying role is to create revenue via their reporting. It's an old argument that will never be corrected, there is no correction, there are opinions. |
|
|
|
|
536
|
Features / /root / Re: [Article]-Tutorial: SEH Based Exploits and the Development Process
|
on: May 07, 2010, 10:25:53 AM
|
Thanks! That is no problem. I might try make it a monthly thing, so if you have any suggestions let me know.
Article was cool. Corelan (since you linked it) has some very thorough works as does OpenRCE. I'd personally like to see more 'weaponization' articles, e.g. ActiveX anyone. It's surprising I didn't see mention of WinDBG in your article. pusscat has a wicked module (byakugan) that allows you to perform all sorts of stuff: (quoting) Real Time Heap Visualization, Buffer Identification and Hunting, Return Address Hunting... There are a lot of interesting and cool write-ups (yours included) lurking around, I wish I could find more WinDBG based content though. Olly is fine, Immunity - latest version is buggy - but nevertheless good. I find that WinDBG is a lot more powerful for windows debugging. I've just begun tinkering with Klockwork (Architect, etc.) and I'm definitely impressed and at times confused by a lot of it. I would have made mention in your article to those reading it, they may want to take a brief drive-by of Assembly programming and understand a little more about registers. E.g., you can manipulate other registers to eventually get control of EIP. You don't necessarily have to specifically target it outright. |
|
|
|
|
537
|
Ethical Hacking Discussions and Related Certifications / Other / Re: How did you get into hacking?
|
on: May 06, 2010, 04:04:32 PM
|
Lest I give away my age... It all started with... "Would you like to play a game?" I started my foray on a Coleco Vision Adam while I was young. Classmates and I swore we'd find the WOPR after the movie. This was a time when games like Buck Rogers and Dragon's Lair ( http://www.youtube.com/watch?v=YSinFyg6Y5Q) were the rage ... *sigh* oh how time flies. Hacking is hacking is hacking ... I began my professional career in IT Security about 13 years ago more or less (professional as in, I held my first security related position). I've always been somewhat of a tinkerer. I just enjoy technology, learning, etc. |
|
|
|
|
538
|
Ethical Hacking Discussions and Related Certifications / Compliance, Regulations & Standards / Re: HIPAA: Security Risk Analysis Matrix
|
on: May 06, 2010, 03:54:24 PM
|
What I've found to be helpful to me was using EDUCAUSE's Information Security Governance Assessment Tool as a template alongside ISACA's "COBIT Mapping ISO/IEC 17799 :2000 With COBIT" http://www.isaca.org/ContentManagement/ContentDisplay.cfm?ContentID=35228 into my own template worked wonders in mapping most standards and guidelines. (You need to be an ISACA member to download that file). I went through a few months in meshing those two into something I use (sorry its work related so I can't and won't post). EDUCAUSE has some great material there in regards to HIPPA ( http://net.educause.edu/ir/library/excel/EAF0507d.xls) which would obviously need to be customized. For anyone who've done any GRC work, one would know it is a broad (to me - boring) process. I found it best to make my own template since there is so much overlap. Dengar13: That linked Risk Assessment Report is ok, rather on the basic side, I implore you to check out the EDUCAUSE link as it encompasses a more complete and thorough walkthrough across all fields of compliance (technical and nontechnical) however, as stated, you'd need to spend time conforming it to your own business. |
|
|
|
|
539
|
Ethical Hacking Discussions and Related Certifications / Programming / Re: Can this be exploitable?
|
on: May 06, 2010, 02:09:56 PM
|
[quote author=pizza1337 link=topic=5421.msg28109#msg28109 A first chance exception of type 'System.IO.IOException' occured in system.dll the program'(3396) consoleapplicatioin1.exe: managed' has exited with code 0 (0x0). [/quote] Why don't you try running a debugger in the background and attach to the process to find out whether or not you can do anything with it: First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=00000000 ebx=00000001 ecx=77529bac edx=0013ed04 esi=0013ef1c edi=00000001
eip=00c583a6 esp=0013ece4 ebp=ffffffff iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010202
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\IBM\XXXXXXXX\SomethingWasHere.dll -
SomethingWasHere+0x83a6:
00c583a6 8b10 mov edx,dword ptr [eax] ds:0023:00000000=????????
0:000> g
(4b74.4b54): Access violation - code c0000005 (!!! second chance !!!)
eax=00000000 ebx=00000001 ecx=77529bac edx=0013ed04 esi=0013ef1c edi=00000001
eip=00c583a6 esp=0013ece4 ebp=ffffffff iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
SomethingWasHere+0x83a6:
00c583a6 8b10 mov edx,dword ptr [eax] ds:0023:00000000=????????
0:000> !exploitable -v
HostMachine\HostUser
Executing Processor Architecture is x86
Debuggee is in User Mode
Debuggee is a live user mode debugging session on the local machine
Event Type: Exception
Exception Faulting Address: 0x0
Second Chance Exception Type: STATUS_ACCESS_VIOLATION (0xC0000005)
Exception Sub-Type: Read Access Violation
Faulting Instruction:00c583a6 mov edx,dword ptr [eax]
Basic Block:
00c583a6 mov edx,dword ptr [eax]
Tainted Input Operands: eax
00c583a8 mov edx,dword ptr [edx+10h]
Tainted Input Operands: edx
00c583ab lea ecx,[esi+4]
00c583ae push ecx
00c583af push eax
Tainted Input Operands: eax
00c583b0 call edx
Tainted Input Operands: edx, StackContents
Exception Hash (Major/Minor): 0x10163335.0x10634435
Stack Trace:
SomethingWasHere+0x83a6
SomethingWasHere+0xaeb8
Instruction Address: 0x0000000000c583a6
Description: Data from Faulting Address controls Code Flow
Short Description: TaintedDataControlsCodeFlow
Exploitability Classification: PROBABLY_EXPLOITABLE
Recommended Bug Title: Probably Exploitable - Data from Faulting Address controls Code Flow starting at SomethingWasHere+0x00000000000083a6 (Hash=0x10163335.0x10634435)
The data from the faulting address is later used as the target for a branch.
0:000> g
(4b74.4b54): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=00000000 ebx=00000001 ecx=77529bac edx=0013ed04 esi=0013ef1c edi=00000001
eip=00c583a6 esp=0013ece4 ebp=ffffffff iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010202
SomethingWasHere+0x83a6:
00c583a6 8b10 mov edx,dword ptr [eax] ds:0023:00000000=????????
0:000> r eax=deadbabe
0:000> g
(4b74.4b54): Access violation - code c0000005 (!!! second chance !!!)
eax=00000000 ebx=00000001 ecx=77529bac edx=0013ed04 esi=0013ef1c edi=00000001
eip=00c583a6 esp=0013ece4 ebp=ffffffff iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
SomethingWasHere+0x83a6:
00c583a6 8b10 mov edx,dword ptr [eax] ds:0023:00000000=????????
0:000> r eax=deadbabe
0:000> g
(4b74.4b54): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=deadbabe ebx=00000001 ecx=77529bac edx=0013ed04 esi=0013ef1c edi=00000001
eip=00c583a6 esp=0013ece4 ebp=ffffffff iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010202
SomethingWasHere+0x83a6:
00c583a6 8b10 mov edx,dword ptr [eax] ds:0023:deadbabe=????????
0:000> g
(4b74.4b54): Access violation - code c0000005 (!!! second chance !!!)
eax=deadbabe ebx=00000001 ecx=77529bac edx=0013ed04 esi=0013ef1c edi=00000001
eip=00c583a6 esp=0013ece4 ebp=ffffffff iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
SomethingWasHere+0x83a6:
00c583a6 8b10 mov edx,dword ptr [eax] ds:0023:deadbabe=????????
0:000> r eip=eax
0:000> g
(4b74.4b54): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=deadbabe ebx=00000001 ecx=77529bac edx=0013ed04 esi=0013ef1c edi=00000001
eip=deadbabe esp=0013ece4 ebp=ffffffff iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010202
deadbabe ?? ???
0:000> !exploitable -v
HostMachine\HostUser
Executing Processor Architecture is x86
Debuggee is in User Mode
Debuggee is a live user mode debugging session on the local machine
Event Type: Exception
Exception Faulting Address: 0xffffffffdeadbabe
First Chance Exception Type: STATUS_ACCESS_VIOLATION (0xC0000005)
Exception Sub-Type: Data Execution Protection (DEP) Violation
Exception Hash (Major/Minor): 0x4e42002f.0x2059002f
Stack Trace:
Unknown
Unknown
SomethingWasHere+0xaeb8
Instruction Address: 0xffffffffdeadbabe
Description: Data Execution Prevention Violation
Short Description: DEPViolation
Exploitability Classification: EXPLOITABLE
Recommended Bug Title: Exploitable - Data Execution Prevention Violation starting at Unknown Symbol @ 0xffffffffdeadbabe called from SomethingWasHere+0x000000000000aeb8 (Hash=0x4e42002f.0x2059002f)
User mode DEP access violations are exploitable.
The following WinDBG sessions demonstrates control over EIP, EBX, etc., due to a crash. I removed the program name because its going through CERT right now, nevertheless I started fuzzing the application, caused an exception and followed through on finding a method to exploit after the exception. All I needed to do was show proof of concept as I was solely seeking to report an advisory not provide a 'weaponized' exploit eax= deadbabe ebx=00000001 ecx=77529bac edx=0013ed04 esi=0013ef1c edi=00000001 eip= deadbabe esp=0013ece4 ebp=ffffffff iopl=0 nv up ei pl nz na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010202 deadbabe ?? |
|
|
|
|
540
|
Ethical Hacking Discussions and Related Certifications / Web Applications / Re: Web filtering
|
on: May 06, 2010, 01:41:42 PM
|
I would like to ask you what web/url filtering application/solution do you use/recommend? I know that there are more than one question here but I would like to hear different opinions.
Best regards,
L.
My comment is, it depends on the environment to be bluntly honest. Not all solutions work in all environments, so this question is likely going to get you a mixture of answers. Not all wrong, not all right. I could assume you want low-cost (Open Source models) but I don't like to assume. You could want an enterprise solution in which event, a solution like Dans Guardian is seriously lacking. Where I work I recently replaced all of my FW-1's with a combination of Juniper's SRX and SSG's. The SRX's have the capability to work with Websense so we no longer needed Bluecoat. (Sayanora!) All works just fine however, I work at a SoHo/Mid-Sized corporate environment which works just fine for us. On my managed security side of things (customers of ours), I mainly use Juniper SSG's most of the time, since the costs involved with deploying an SRX at a small company is almost always intolerable. For these setups it also depends on a few factors before decisions are made, and almost always, they're different. How much time I want to spend configuring and deploying something, how creative I want to be, what's the tolerance of the client: Do they want pretty "Warning you shouldn't be seeing this" pages or would they settle for customization (aka default ugliness (Dan's Guardian default page is ugly)). For logging (do they want pretty or am I the one looking at the logs (when I do I pass them through Splunk and OSSIM filtering)) Plenty of questions each unique to each location. If it is a small office, you can take a look at Untangle which does web-filtering as well ( http://www.untangle.com/) if you don't want to go with Squid/Dans Guardian. If you want to do some creative-filtering with IPS/IDS/EPS (Extrusion Prevention System), you could cobble together a neat NSM using Squid, Sguil ( http://nsmwiki.org/Main_Page), pads, etc |
|
|
|
|
Loading...
|
GPEN - GIAC Certified Penetration Tester : Karen Millen Outlet as an example SFTP
