Information Security Philippines

presents

What Works: PaulDotCom’s Penetration Testing Dojo: Core IMPACT Style

by Alan Paller and Paul Asadoorian

Tuesday, March 18 at 1:00 PM EDT (1700 UTC/GMT)

When beginning a security process at a consortium of non-profits, senior network security engineer, Paul Asadoorian of Pauldotcom began looking for a penetration testing tool that did network, web application and social engineering tests. The tool he purchased is low on manpower use, mostly self-maintaining and reliably proves the existence of network vulnerabilities. Please attend this webcast to find out why Paul selected CORE IMPACT and learn how it can help you safely perform network, web application and end-user penetration testing.

About the Speakers:

Alan Paller:

Alan is the Director of Research for the SANS Institute, responsible for overseeing all research projects ranging from the SANS Step-by-Step guides to the SANS digests to the Top Twenty Internet Security Threats. He the founder of the CIO Institute, and earned his degrees in Computer Science and Engineering from Cornell and MIT. Alan is the author of the EIS Book: Information Systems for Top Managers and How to Give the Best Presentation of Your Life. In 2001 the President named Alan as one of the original members of the National Infrastructure Advisory Council. The Federal CIO Council chose him as its 2005 Azimuth Award winner recognizing his vision and outstanding service to federal information technology.In 2007, CIO Decisions, eWeek , and Baseline magazines jointly selected Alan as one of the 100 most influential people in the Information technology field.

Paul Asadoorian:

Paul Asadoorian GCIA, GCIH, Founder & Chief Executive Officer Paul Asadoorian has over 5 years experience working in the information security field. His work experience covers both major corporations and academic institutions. He currently holds two GIAC (Global Information Assurance Certification) certifications in intrusion detection (GCIA, GIAC Certified Intrusion Analyst) and incident response (GCIH, GIAC Certified Incident Handler). Paul also sits on the GCIA advisory board, has spent one year as a GCIA authorized grader, and continues to stay involved in the SANS (SysAdmin, Audit, Network, Security) Institute. His research has appeared in the book Network Intrusion Detection, 3rd edition, and also in the SANS Reading Room web site. Paul has presented for numerous organizations and conferences, including MIT Security Camp, and ISACA (Information Systems Audit and Control Association). Paul graduated from Bryant College with a bachelor of science in Computer Information Systems.

Sign-up to attend the free webcast.

The threat vectors that target today’s software applications are constantly evolving. While commercial software security features are improving, vulnerabilities still exist.

Customized and proprietary software – those that power much of today’s business operations – are even more vulnerable, as hackers increasingly target applications that range from e-commerce platforms to legacy accounting systems.

As the number of companies deploying proprietary software on or near public networks continues to spike, concerns about application security are more acute than ever.

What steps can you take to protect your company?

An effective, proactive defense against today’s attacks and tomorrow’s threats requires the right combination of technology and expertise.

Making sure you have the right team in place, typically a blend of internal and external experts, is the first step. Methodically identifying and addressing your company’s vulnerabilities, and establishing a plan for ongoing defensive measures is the next.

This FREE whitepaper from Neophasis will help you better understand the threats your company is facing, and the immediate steps you can take to confidently secure your applications.

Download Neophasis’ Proactive Strategies for Securing Your Applications FREE Whitepaper

Viruses and threats are changing.

They are now more dangerous than ever. They are more discreet. They are faster. They are frequently designed to steal confidential information or money. They can even be ‘tailor-made’ to target each victim.

Malware Radar is a revolutionary breakthrough scanning technology developed by Panda Software.  Malware Radar has found banks, Fortune 500 companies, small businesses, and even government agencies infected with hidden malicious programs actively stealing information despite being “protected” by what they thought were the best antivirus and Internet security measures available.

Fast, comprehensive, and easy to use:

•     Works online - nothing to install
•     Finds and completely removes hidden malware
•     Works with all antivirus and security programs (does NOT replace them)
•     Leaves no trace on system after scan
•     Produces full comprehensive reports on system vulnerabilities and malware found

Take Malware Radar for a spin to get an automated malware audit.

Microsoft has released a free tool called Microsoft Office Isolated Conversion Environment, or MOICE, to help protect users from malware placed in Office files, a vector of attack that has recently gained popularity. 

MOICE converts Word, Excel and PowerPoint docs to their OpenXML counterparts and opens them in a quarantined environment to protect users’ computers from embedded malicious payloads designed to exploit holes in Microsoft Office. 

MOICE works in tandem with the File Block, a tool that allows administrators to establish group policies regarding users’ permissions to open certain file types.  Both tools work out of the box with Microsoft ffice 2007. 

Microsoft Office 2003 users need to install the Compatibility Pack for Word, Excel and PowerPoint 2007 Office File Formats first. 

There currently is no protection offered for users running versions prior to Microsof Office 2003.

http://support.microsoft.com/kb/935865

The Microsoft Threat Analysis & Modeling tool allows non-security subject matter experts to enter already known information including business requirements and application architecture which is then used to produce a feature-rich threat model. Along with automatically identifying threats, the tool can produce valuable security artifacts such as:

- Data access control matrix
- Component access control matrix
- Subject-object matrix
- Data Flow
- Call Flow
- Trust Flow
- Attack Surface
- Focused reports

Download from Microsoft

The National Security Agency (NSA) has published version 2 of its security guidelines for Mac OS X. The security documents are available in PDF format on their OS Guides page  for Mac OS X.

These documents for Mac OS X and Mac OS X Server represent best practices for securing the OS and are widely used by the industry as internal standards for configuring Mac OS X. The document is actually written by experts at Apple and endorsed by the NSA which says on its Website,” It is our belief that these guides establish the latest best practices for securing the products and recommend that traditional customers of our security recommendations use the Apple guides when securing Macintosh OS X 10.4.x and Macintosh OS X Server 10.4.x.”

Practices such as setting up admin accounts, generating passwords, the proper way to remove Classic, which can be a serious security problem for Mac OS X, managing the root account, and the use of Access Control Lists (ACLs) is covered.

Out of the box, Mac OS X is fairly secure, especially with respect to closed ports. However, for those in the enterprise who want to take advantage of every feature of Mac OS X to lock down and secure the OS against not only network but local intrusions, this is a must read.

http://www.nsa.gov/snac/downloads_macOSX10_4Server.cfm?MenuID=scg10.3.1.1

Microsoft on Thursday released an upgrade to its Windows Defender application, raising the version number from 1.1 to 7.0. The reason behind the version change is not clear, although the release does bring a redesigned user interface and new malware detection engine.

Windows Defender supports 64-bit operating systems, but no longer runs on Windows 2000, because Microsoft says the aging operating system has left mainstream support. WGA checking will also be enforced, meaning that Windows Defender will only remove “Severe” threats from computers that do not pass validation.

System Requirements:
- Supported Operating Systems: Windows Server 2003 Service Pack 1; Windows XP Service Pack 2
- Windows Defender no longer supports Windows 2000 as it went out of mainstream support in June 2005.

Kisgearth is a small perl script that gives you the possibility to convert your kismet xml logfiles to google earth kml files. You can apply a lot of filters and use sorting/ordering functions in order to get the best results.

Grab a copy of Kisgearth at: http://e-axe.mytty.org/kisgearth/

Microsoft Baseline Security Analyzer (MBSA) is an easy-to-use tool designed for the IT professional that helps small- and medium-sized businesses determine their security state in accordance with Microsoft security recommendations and offers specific remediation guidance.

Improve your security management process by using MBSA to detect common security misconfigurations and missing security updates on your computer systems.

MBSA is currently in v2.1 Beta. Version 2.0 is the stable version; Version 2.1 includes support for Windows Vista.

Download Microsoft Baseline Security Analyzer 2.1 Beta 

by Mark Joseph Edwards, News Editor, mark at ntsecurity / net - WindowsIT Pro

Rootkits are a growing problem, and as you might expect, the list of tools that can help you prevent rootkit infiltration is also growing.

The list of standalone tools that can help with rootkit detection and removal is also expanding. This week, I give you a list of the standalone detection and removal tools that I know about.

The alphabetical list below can be a resource to help you add some useful tools to your security toolkit. As with antivirus and antispyware tools, using multiple rootkit detection and removal tools is a good idea because not every tool can detect and remove every rootkit.

Of the tools listed, I’ve used RootkitRevealer, F-Secure BlackLight, Sophos Anti-Rootkit, and IceSword, all of which are from entities that I’m familiar with and trust to some extent or other.

(more…)