RSSRichM

Interview: Jayson E. Street of Stratagem 1, Dissecting the Hack

| November 1, 2010

jayson_street_headshot-shadow.jpgTo say that Jayson E. Street has done a lot in his lifetime is an understatement to say the least. Jayson has overcome more in his short life than most people could even fathom. Jayson manages to cope with all of these lowlights including homelessness and cancer with a dark and genuinely funny sense of humor. He doesn’t come off as someone with such a hard life, and, unless you specifically ask, you would have no idea how far he has come. Join me as I take you on a journey through an eye opening interview with one of the up and coming voices of the information security community. Before we get started, here’s Jayson’s official bio:

Jayson is an author of the book "Dissecting the Hack: The F0rb1dd3n Network" from Syngress Publishing (Read Rich’s Book Review). His consultation with the FBI and Secret Service on attempted network breaches resulted in the capture and successful prosecution of the criminals involved. In 2007 he consulted with the Secret Service on the Wi-Fi security posture at the White House. He has also spoken at DEFCON, BRUCON, UCON and at several other ‘CONs and colleges on a variety of Information Security subjects. He also was the co-founder of and a speaker at ExcaliburCon held in Wuxi China. He was an expert witness in two cases against the RIAA. He is a lead trainer for the Incident Handler Certification for the EC Council. He is also a current member on the Board of Directors for the Oklahoma InfraGard Chapter and Vice President for ISSA OKC. Jayson is also a longtime member of the Netragard "SNOsoft" research team. He is a highly carbonated speaker who has partaken of pizza from Beijing to Brazil. He does not expect anybody to still be reading this far, but, if they are, please note that he was chosen as one of Time’s Persons of the Year for 2006. ;-) (If you want to know more, just use the Googles).

But it is what’s not in his bio that interested me the most. I’m sure you will agree and be inspired.

Active Image
Active Image del.icio.us

Discuss in Forums {mos_smf_discuss:RichM}

Continue Reading

Spiceworks Redux: Review of v3

| August 31, 2008

spiceworks_logo.gifLast year I wrote up a review of Spiceworks v2. There were a few minor issues that I had with this application billed as "Free IT Management Software," but overall I felt it was a solid product.  Recently, I received an email notifying me that the latest iteration of Spiceworks was released. I thought it might be interesting to look over version 3, highlight the newest and best features, and see if the cons have been improved.

Disclaimer: I am not nor have I ever been affiliated with or otherwise compensated by Spiceworks.

Basic Install

As with the previous versions, the install of Spiceworks couldn’t be more straightforward.  It uses a few questions to configure the scanning, ensuring that it has the necessary passwords for any and all boxes running on the network.  The first change that stands out immediately, is the GUI.

Active Image
Active Image del.icio.us

Discuss in Forums {mos_smf_discuss:RichM}

Continue Reading

Review: EnGarde Secure Linux (LiveCD)

| December 6, 2007

engardelogo.gifThose of you who have followed my column know that I am a big fan of Linux. In addition to that, my column focuses on the trials and tribulations of getting my employers computing environment out of the Stone Age and rebuilt with security in mind from the get go. All of this while being hamstrung by an almost nonexistent budget. Therefore, a secure, easy-to-install Linux distro with efficient management capabilities would be a welcome addition to my arsenal of free software.

So when I was tasked with finding out a little bit about EnGarde Secure Linux and saw the description on their web site (quote below), I was immediately intrigued with the opportunity of giving it a trial run and letting EH-Net readers know whether or not it is worth their time.

Active Image
Active Image del.icio.us

Discuss in Forums {mos_smf_discuss:RichM}

Editor's Note: Guardian Digital announced the release of EnGarde Secure Community 3.0.18 (Version 3.0, Release 18) on Dec 4, 2007. This release includes many updated packages and bug fixes, some feature enhancements to Guardian Digital WebTool and the SELinux policy, and a few new features. This review was done with a prior release.

Continue Reading

DIY IDS

| August 11, 2007

ossec_logo.jpgThe best offense is a good defense.  This is a very famous phrase most often attributed to football, but it can be applied to many areas of life especially information security.  Diligent patching is a must, but even when done religiously (in conjunction with faithful anti-virus updates), vulnerabilities still exist.  There has never been more of a need for an Intrusion Detection System (IDS) than right now.  Attackers are more skilled and the tools they use more elaborate. We simply can't be everywhere at once and need IDS to be the eyes in the back of our head.

There are many great products out there, but as an introduction to IDS, I wanted to focus on OSSEC-HIDS. OSSEC-HIDS is a great application to get your feet wet and open up the more advanced concepts of intrusion detection.  OSSEC agents will run on virtually all OSes including Solaris, OS X, Linux and Windows (2000 and XP).  The server itself is Linux based.  The configuration is fairly straightforward as outlined below.  This is a very basic introduction and should be considered a jumping off point.

Active Image
Active Image del.icio.us

Discuss in Forums {mos_smf_discuss:RichM}

Continue Reading

The Business Case for HDD Wiping

| June 12, 2007

Active Image
Active Image del.icio.us

Discuss in Forums {mos_smf_discuss:RichM}

burned_computer_sm.jpgThis month's installment is inspired by all of the other tasks that require our attention which allows important things to slip through the cracks.  What amounts to general laziness is really just a symptom of a much bigger problem: lack of time.  As administrators we are expected to keep all machines (basically if it plugs into a wall, we should have encyclopedic knowledge about it) up to date, users should always be productive, oh and maintain a secure yet usable network.  If that was the end it might be manageable, but of course there is always several "special" projects that require research, testing and most importantly time to implement.  Therefore I understand when a menial task like formatting a hard drive doesn't get done, but I can't say that lack of time is a justifiable excuse.

Continue Reading

The 6 Steps of Incident Handling in Action

| May 2, 2007

Active Image
Active Image del.icio.us

Discuss in Forums {mos_smf_discuss:RichM}

wisemanIncident handling is a specialized field which is done best after proper training, guidance and experience.  However, if you follow the six core steps to incident handling, you will have a better chance of recovering favorably from an unforeseen incident.  The example below is an actual incident I experienced recently.  I have outlined the steps taken as they pertain to the six steps of Incident Handling.

I offer up this outline not as an example of the perfect Incident Handling Process but rather as a good faith gesture to the community. There is a Latin Proverb that states, "A wise man learns by the mistakes of others, a fool by his own." I believe a wise man also learns from the experiences of others. Hopefully this month's column puts both of us on a path towards wisdom.

Continue Reading

BCP and DRP from Scratch

| April 1, 2007

Active Image
Active Image del.icio.us

Discuss in Forums {mos_smf_discuss:RichM}

dr-dilbertThis month's column has been quite a learning experience. Well not the column as much as what I discovered in the process of getting management buy-in for a Business Continuity Planning/Disaster Recovery Planning (BCP/DRP).  In all of the information I have read, three main objectives need to be met in order to develop a BCP/DRP good plan. The major emphasis (and motivation behind this column) is point one:

1.         Management buy-in

2.         Develop the plan (Leave 4 – 6 months for this step)

3.         Ability to test and verify plan

Once I approached management they were extremely excited and asked me to come up with a disaster recovery plan in a week.  I explained that BCP/DRP takes a long time to create and requires feedback and input from key management members, and that rushing it would create an inaccurate plan.  As I watched the decision maker's eyes glaze over, he mumbled something about off site storage of backup tapes and walked away.

And thus my learning experience kicks into high gear.

Continue Reading

Jabber Takes a Swing at RichM

| March 2, 2007

Active Image
Active Image del.icio.us

Discuss in Forums {mos_smf_discuss:RichM}

boxingglovesLast month I explained that I wanted to reduce my organization's dependence on AIM due to its lack of security and the fact that we cannot control what takes places on their servers.  I also mentioned that I was fairly new to jabber, and, due to lack of experience, I was hoping for a hand or two to help sort out the install/config process.  While I did receive many alternative recommendations, sadly I didn't get a single volunteer willing to help shoulder the responsibility of bringing any easy to follow tutorial (aimed at the uninitiated) to the EH masses.  Determined to make it happen, I soldiered on. Sadly I have fallen short, I am approximately 70% done but have hit some fun snags which are listed below. Hopefully I can enlist the help of the EH-Net faithful for a little help.

Continue Reading