April 30, 2008
Once again I find a nifty tool via Darknet. CDPSnarf lets you passively capture CDP packets and see the yummy goodness inside.
For those who don’t know, CDP stands for Cisco Discovery Protocol. It can be used to discover information about neighboring devices. For example, if I am on a Cisco router that has several interfaces and I want to know what is connected on each interface, I can execute ‘show cdp neighbors detail.’ This lovely command will tell me all about those neighboring devices with the following caveats:
- The devices are Cisco devices.
- CDP is enabled
Here is a good overview of CDP.
As the saying goes, “Knowledge is power.” The more we know about the target network, the easier it is to get past the crunchy outer shell and snack on the chewy center.
April 29, 2008
A few weeks ago I wrote about participating in Cyber Defense Competitions as a Red Team member. This weekend I had the opportunity to do so again. This time with a bunch of High School students.
This weekend was the annual IT Olympics event that is put on by Iowa State. The event is an opportunity for the High School students who participate in the IT-Adventures program to get together and compete. There are three competitions:
- Game Design
- Cyber Defense Competition
While the robotics and game design competitions were very interesting, I was there for the CDC. The Red Team didn’t actually get to start attacking until Saturday morning, so I volunteered to show up on Friday and help the students with anything they might need during the setup period. These kids are amazing.
Twenty-fourish teams showed up and we had about 20 Red Team members. In my previous post I mentioned three ways in which you can provide value to the students when participating in this type of event:
- Keep good notes
- Write down remedies
- Attend the debrief
I am happy to say that we accomplished all three goals. Probably the best decision made was to setup a Wiki with pages for each team where we could all keep notes as the contest progressed. These notes then became the outline for our talks with the teams in the debrief.
If you have never had the opportunity to work with kids that are interested in IT, I highly recommend you find a way to do so. It is truly a rewarding experience.
April 24, 2008
Good Morning/Afternoon/Evening depending on where you are or when you read this. Another day full on interesting bits on the intarwebs.
http://www.liquidmatrix.org/blog/2008/04/23/its-a-hump-day-miracle/ – Dave Lewis talks about the difference between the reality of work as a CISO compared to the work of the average 9-5er. He is interested in your feedback.
Vladuz goes down. A case study for corporate activism – Richard Stiennon talks about cross jurisdictional cooperation between law enforcement agencies and companies.
My Information Security and Privacy Convergence Webcast Now Available – Realtime IT Compliance – Rebbecca Harold did a webcast for ISSA that is now available.
Security4all: The dangers of Web 2.0: information gathering tactics 101 – Benny Ketelslegers has a post up about the information we leave behind as we interact on the web. He points to a tool called maltego which can help you see what is out there.
Data Classification Is Dead – rmogull has put forth an interesting perspective on Data Classification.
Vulnerability notifications? – Keels Leune talks about customer notification when no verifiable breach has occurred and if it is warranted.
How to audit an Internet Facing Server with Nessus – The folks over at Tenable have some guidance on using Nessus to audit and Internet facing server.
Darknet points us to a nifty tool called Pash-the-Hash that allows us change our credentials in memory.
That’s it for now. Have a great morning/afternoon/evening.
April 23, 2008
Lot’s if interesting stuff today. So here we go:
CNN.Com, Politically Motivated DDoS, and Asymmetric Warfare – A very insightful look at cybercrime and asymmetrical warefare.
Navigating the PCI DSS Standards… – Rafal Los has a good overview of the PCI update to 6.6.
New Phishing Scam Targetting Economic Stimulus Payments – mxlogic has a post about a new phishing scam.
5 Reasons Why IT Security People Shouldn’t Ignore Cloud Computing – Craig Balding tells us 5 reasons we should be paying attention to cloud computing now.
A little judicial oversight please – Martin McKeay has a good post about privacy and the need for enforcement agencies to have access to information, but with appropriate judicial oversight.
Information Week’s Virtual NAC Tradeshow – Jennifer Jabbusch points out that there is an virtual trade show being delivered by Information Week. If she recommends it, you should go check it out.
Logs – A double-edged sword? Beating PCI Fines by bad security practices? -Declan Ingram gives and interesting and potentially worrisome issue with logs and PCI fines.
How to Make Security a Presence in Your Organization – Frank Cassano has some good tips on how to increase the impact of you security awareness program.