-
charlottebandit replied to the topic IPS Suggestions in the forum Hardware 11 years, 7 months ago
@scucci wrote:
We’re currently a small shop and we’ve been running a large external Intrusion Prevention system by ISS. We’re currently a small to medium sized company and we’ve run into issues with the IPS before. Due to it being external we’ve had an issue with the way our firewalls are setup running traffic through it. I’m also looking to…
-
charlottebandit replied to the topic Need security, but can't use it? in the forum Wireless 11 years, 7 months ago
Does the A/V equipment need access to the Internet? What about the internal network? Just wondering about that. Also, are you just running AP’s autonomously, or is it in a Controller environment?
I would make sure access to the network is done within a DMZ off the firewall. From there, they won’t have access to the internal network wit…[Read more]
-
charlottebandit replied to the topic Newbie Lab setup! in the forum Hardware 11 years, 8 months ago
@sh4d0wman wrote:
You could try some of the following attacks:
– Arp spoofing
– Vlan hopping
– Double tag vlan hopping
– Mac overflow attack
– Spanning Tree attackLook at the Allied Telesys website for attack info.
From the main page choose, “Solutions”, and then “Lan Security”. In the drop down menu you will find a summary of above listed… -
charlottebandit replied to the topic Putting your removable storage policies to the test, ideas and solutions please. in the forum Hardware 11 years, 8 months ago
Data leakage is a huge concern in various vertical markets such as finance, healthcare, and public companies. To combat that while teaching users on the importance of it is found in solutions that focus on Endpoint Security.
There are several EPS vendors out there although I’m mostly familiar with Cisco Security Agent. Apart from focusing on…[Read more]
-
charlottebandit replied to the topic Article for school. in the forum Wireless 11 years, 8 months ago
@cleanwithit0607 wrote:
Hello all. I’m writing an article about securing wireless in a HIPA enviroment. I have a few topics that I’m going to talk about, let me know if I need to add anything.
-Types of attacks, and why you should secure it in a Hipa enviroment.
-Roaming Security.
-Types of… -
charlottebandit replied to the topic Home Lab Opinions in the forum Hardware 12 years ago
@RoleReversal wrote:
When (if) my funds improve I’d also like to expand outside of the virtual lab with some cisco switching/routing hardware and some wireless to try some of the blended attack scenarios outlined in the pentest perfect storm series.
That would be a good thing because there’s so many security countermeasures you could do JUST…[Read more]
-
charlottebandit replied to the topic Home Lab Opinions in the forum Hardware 12 years ago
THat’s a sweet deal then. If you could find another with a little more RAM, you would be set because you’ll want to allocate more than 1GB per image for functionality.
Not only that, but this could also be a platform for you to either get your RHCE or MCSE if you want which is why I suggested more RAM. Either way, it’s a sweet deal.
Just w…[Read more]
-
charlottebandit replied to the topic Cisco Security in the forum Hardware 12 years ago
Cisco just had ACS 5.0 come out which is a complete overhaul for AAA services. What used to look like Windows 3.1 now looks sheek and slick. Much more functionality too.
Also waiting to get my hands on their new Spam & Virus Blocker product which was designed by Ironport for ALL Cisco partners. It’s supposed to have a 99% accuracy catch rat…[Read more]
-
charlottebandit replied to the topic Setting Up Lab in the forum Hardware 12 years ago
The thing with pentesting, is that you need SOMETHING to assess whether it’s a service or network. What I mean for service is whether it’s a web server, database server, data center, web services, or even an IP voice solution. By assessing the network, I mean attempting to assess targets through a real switch, real router, and multiple other s…[Read more]
-
charlottebandit replied to the topic Home Lab Opinions in the forum Hardware 12 years ago
What kind of images are you planning to run on it? Sounds like fun.
-
charlottebandit replied to the topic SQL Injection 201: Hacking the Application Firewall in the forum Web Applications 12 years ago
Excellent post Simon! You’re right that most web app f/w’s work off blacklists which doesn’t allow much room for proactive thinking. Although you can enter in your custom scripts, most wouldn’t know how to do that nor have the time to look into that.
-
charlottebandit replied to the topic IP Surveillance & network integration in the forum Physical Security 12 years ago
Pretty cool vid. The NERV truck was high-speed as hell!
-
charlottebandit replied to the topic Should I go for GCIH after CEH? in the forum GCIH – GIAC Certified Incident Handler 12 years ago
GCIH is primarily focused on Incident Handling which is a solid subject to focus on, although you may be better off focusing on GPEN (Network pentesting) and GWAPT (Web Application Pentesting) which is more of what you’re looking for.
Now of course most of these tracks assume little to no security to pull these off so I would also suggest strong…[Read more]
-
charlottebandit replied to the topic Am I a lost cause?… (need some pro help here). in the forum Career Central 12 years, 1 month ago
Silxp gave a great response. You said that you have 24 months to learn? Wow! You should be able to knock out the RHCE, RHCSS, CCSP, and either CEPT or LPT for a position into the security realm. Once there, then go forth and conquer!
As for the possible bankruptcy, that will kill your clearance even though they “say” it’s a case-by-case dea…[Read more]
-
charlottebandit replied to the topic Am I a lost cause?… (need some pro help here). in the forum Career Central 12 years, 1 month ago
There is a lot of liability for pentesting positions which is why it usually requires tons of experience not only on the pentesting side, but also excellent knowledge in several of these areas: systems, networks, databases, web apps/services, secure programming, security hardware, and forensics. So in order to get the experience with the above c…[Read more]
-
charlottebandit replied to the topic 802.1x Cisco and AD in the forum Hardware 12 years, 1 month ago
@scottr wrote:
How secure is 802.1x? Is it as easy to bypass as port security using mac addresses? Can you spoof the SID of a computer and join to the network or is there further verification that is done through the RADIUS server outside of just the machine or user SID? I am about to dig in and research this further but I figured this would be a…
-
charlottebandit replied to the topic Cisco Security in the forum Hardware 12 years, 1 month ago
@dynamik wrote:
Nice to see you too! I’m a little intimidated by the level of technical proficiency here, so I’m probably just going to lurk for the most part 😉
Don’t be intimidated dynamik. Nobody knows everything and all of us had to start somewhere too. Not only that but we’re able to share ideas and techniques here.
🙂
-
charlottebandit replied to the topic US Army Mil website mdw.army.mil and NATO Parliament http://www.nato-pa.int Defaced in the forum News from the Outside World 12 years, 1 month ago
Somebody’s tail is being reamed bigtime right about now.
-
charlottebandit replied to the topic What kind of lab, machines you have for your security testing? in the forum Other 12 years, 2 months ago
A little here and there but mostly stuff from work since we work lots with Cisco stuff.
-
charlottebandit replied to the topic Wireless Pen Testing Cards in the forum Wireless 12 years, 2 months ago
Not to say that wlan pen-testing is a dead subject however the enterprise-class wireless manufacturers have already migrated to 802.11n (draft-n) over G-networks. For the most part, b-band is rarely seen because of the security implications.
Having said that, more 802.11n enterprise-class APs are integrating security features to provide an…[Read more]
- Load More