2008年2月19日星期二
OS Fingerprinting
OS Fingerprinting, also called TCPIP stack fingerprinting, is the process of determining the identity of a remote operating system by analyzing packets received from that host. There are two types of OS fingerprinting:active and passive. Passive OS fingerprinting identifies the remote operating system by sniffing (capturing) packets exchanged between the source and remote systems. Active OS fingerprinting is the process of sending packets to a host and interpreting the response or lack thereof from that host.
2008年2月11日星期一
Spy in the making
A former employee of Ericsson, who was made redundant in the recent wave of job cuts was sentenced yesterday to eight years in prison for espionage. Afshin Bavand (46) handed secret company documents to the Russian intelligence agency last year, a move that could have harmed Sweden's national security. Also convicted were two of Bavand's co-workers for complicity in industrial espionage for gathering some of the information and giving it to Bavand. In an unusual move, the Stockholm district court sealed the documents that were used in evidence, and also imposed a court order preventing witnesses from discussing the case for 20 years. Bavand was arrested last November, while meeting a Russian diplomant who has been accused of being an intelligence agent. Sweden later expelled two Russian diplomats for “activities not compatible with their diplomatic status.” The documents are alleged to have contained information on mobile and fixed telephony systems. While Ericsson is also a defense contractor, there doesn't appear to have been any documents regarding Ericsson's defense products. Ericsson makes radar systems for defence programmes, including for the JAS-39 Gripen fighter planes made by Sweden's Saab and Britain's BAE Systems.
Ericsson hired Afshin Bavand in 1995 as a Test and Verification Engineer for the Transmission Systems Unit based in Stockholm. Bavand, an Iranian, attended Baguel Universitiy in the Philippines to study mechanical engineering and then went on to attned a technical school in Sweden. the fact that he is Iranian is relevant only in that it created his social circle.
Upon being hired at Ericsson, he socialized with other Iranian workers. He also was a member of a tight-knit Iranian community with ties to Iranians in other countries.
Sometime during his employment, Bavand started taking home documents from work. At first, he primarily took paper copies of documents. However, as the capacity of floppy disks and CDs grew, he started taking home electronic copies of documents. According to him, this was a common practice to that people could work at home or just study up to be better at their job. Although physical security is actually very strong at Ericsson facilities, somebody carrying out a few documents or a CD containig thousands of documents in a coat pocket would easily go unnoticed.
Ericsson hired Afshin Bavand in 1995 as a Test and Verification Engineer for the Transmission Systems Unit based in Stockholm. Bavand, an Iranian, attended Baguel Universitiy in the Philippines to study mechanical engineering and then went on to attned a technical school in Sweden. the fact that he is Iranian is relevant only in that it created his social circle.
Upon being hired at Ericsson, he socialized with other Iranian workers. He also was a member of a tight-knit Iranian community with ties to Iranians in other countries.
Sometime during his employment, Bavand started taking home documents from work. At first, he primarily took paper copies of documents. However, as the capacity of floppy disks and CDs grew, he started taking home electronic copies of documents. According to him, this was a common practice to that people could work at home or just study up to be better at their job. Although physical security is actually very strong at Ericsson facilities, somebody carrying out a few documents or a CD containig thousands of documents in a coat pocket would easily go unnoticed.
security quotes
There is no common sense without common knowledge.
MICE.. motivation of hackers to engage in malicious activities
Money, Ideology, Coercion, Ego
This is related to the 'Charney Theorem' as Scott Charney likes to call it.
Scott is the Chief Security Strategist at Microsoft and was previously in charge of the Deportment of Justice Intellectual Property and Computer Crime Unit.
His theorm is that at any time, 3 percent of the population will commit a crime if offered the opportunity.
Risk equation includes 4 components: value, threat, vulnerability and the countermeasures.
Risk =( Thread x Vulnerability / Countermeasures ) x Value
MICE.. motivation of hackers to engage in malicious activities
Money, Ideology, Coercion, Ego
This is related to the 'Charney Theorem' as Scott Charney likes to call it.
Scott is the Chief Security Strategist at Microsoft and was previously in charge of the Deportment of Justice Intellectual Property and Computer Crime Unit.
His theorm is that at any time, 3 percent of the population will commit a crime if offered the opportunity.
Risk equation includes 4 components: value, threat, vulnerability and the countermeasures.
Risk =( Thread x Vulnerability / Countermeasures ) x Value
2008年2月8日星期五
BND and Project Rahab
Spies among us
Germany
Germany is widely known to be among the most active intelligence collectors in the world. German maintians a very large intelligence organization, called Bundesnachrichtendienst(BND). Although its primary focus was the Eastern Bloc, the BND has always engaged in a significant amout of industrial activity.
Project Rahab is a BND effort to hack into computer networks and compromise systems in the Global Information Infrastructure. It began in the early 1990s and continues to this point.
One of Project Rahab's major reported successes includes infiltration of the SWIFT system, which is one of the world's major financial networks. SWIFT facilitates the transfer of trillions of dollars a day among financial institutions around the world.
Germany
Germany is widely known to be among the most active intelligence collectors in the world. German maintians a very large intelligence organization, called Bundesnachrichtendienst(BND). Although its primary focus was the Eastern Bloc, the BND has always engaged in a significant amout of industrial activity.
Project Rahab is a BND effort to hack into computer networks and compromise systems in the Global Information Infrastructure. It began in the early 1990s and continues to this point.
One of Project Rahab's major reported successes includes infiltration of the SWIFT system, which is one of the world's major financial networks. SWIFT facilitates the transfer of trillions of dollars a day among financial institutions around the world.
2008年1月24日星期四
Web-enabling mainframes: Security flags are raised
By Johanna Ambrosio, Contributing Editor
01 Mar 2002 SearchSecurity
Ask five experts about the security issues raised by connecting mainframes to the Web, and you're likely to get five different shades of gray. One thing they all agree on, however, is that there's been no big-ticket cracking incidents into Big Iron -- at least not yet.
Some observers said that the mainframe remains pretty secure, even after being connected to the Web, because most crackers just don't understand the environment well enough to get in. Mainframes have long been isolated from the outside world by dint of being on an internal SNA or other network that hackers generally can't penetrate. So there's been little opportunity for people to learn the machines well enough to get in. Windows and Unix remain crackers' tools of choice, experts say, because of the platforms' low cost. Also, the complexity of the mainframe keeps many would-be bad guys out.
Stu Henderson, an independent security consultant in Bethesda, Md., maintains that the mainframe's basic architecture makes it the most secure computing platform around, even when connected to the Web.
"In every case that I'm aware of, hackers get into mainframes only when there's a back door open," he said, "either when it's been done on purpose or when systems software has been installed improperly."
In addition, he maintains, the types of security holes that are open are "widely different" from company to company, so there's little if any possibility of creating a kit that "code kiddies" can use to break into mainframes around the world.
Then, too, Henderson says that Big Iron is inherently more secure against viruses because of its "trusted computing" architecture. "You won't find boot-sector viruses unless someone deliberately puts them there or lets them in," he said.
Not everyone shares his optimism. Most organizations "assume the mainframe is secure," said Patricia Fisher, president and CEO of security consultancy JANUS Associates Inc. in Stamford, Conn. "But we find we can quite easily circumvent those controls and get access to the data." And now organizations are connecting those "less than secure" machines to the Internet, she said. It's a critical area, especially given the times we're living in, Fisher added, because so much of the country's critical infrastructure -- nuclear power plants, telephone-system switches and other things -- are run by mainframe.
Jim Keohane, president of Multi-Platforms Inc., a Levittown, N.Y.-based consulting company, said that the mainframe is at higher risk than ever. As IBM and other Big Iron suppliers morph their proprietary operating systems into more "open systems" types of software -- as has been the case with IBM's OS/390 taking on more Unix-like characteristics -- the security risks increase.
"Also, the mainframe is still new to the Web," Keohane maintained, so crackers and other black-hats haven't yet figured out how to exploit the situation.
Still, most large enterprises are at least experimenting with ways of modernizing the life of their mainframe and all the information in it. By one reckoning, 70% of corporate data is still stored on host computers. Putting a Web interface on old applications is a way around having to completely architect legacy systems to get corporate information into new hands.
So, clearly, customers are looking to blend the best of the old with the new. So to make sure the corporate jewels remain safe, there are a few things customers can do. First, make sure to have a multi-disciplinary team select and implement any Web-to-host solutions. There are literally dozens of sub-disciplines involved in this endeavor, including different types of security concerns for mainframe systems software as well as all the sub-systems and applications involved.
Second, take some time to plan. Problems often occur when "someone in marketing says hey, let's do this, and the CIO says okay, and then it becomes a rush job," Henderson said. "No one has time to think about what they're connecting or how to secure it."
Gary Goldberg, general manager for applications at Information Builders Inc. in New York, said there are different security issues depending on what's being done. "With an intranet application, everything's inside the firewall, so there are no [security] issues there," he said. But if giving external customers or partners access to mainframe data, one has to be "extremely careful."
Goldberg talks about three levels of protection: at the internet networking level, via public-key infrastructure or encryption, for instance; at the systems software level, traditionally handled by TopSecret or ACF2 or RACF mainframe security packages; and at the data level, usually handled by the specific application associated with the data. Whatever you do must address all three levels to be really secure, he suggested.
Another thing to consider is the approach you use to open up the mainframe. One can provide direct links into the mainframe data, by hosting the Web application directly on the mainframe, or you can stage the application by moving the relevant information to another server that then communicates with the mainframe only to get the information each day, or for each request. Some observers maintain that the second approach -- of staging -- is more secure because then the application's entire user community isn't banging around inside the mainframe.
However Peter Goldis, an independent consultant in Cambridge, Mass. specializing in technical aspects of computer security and an "ethical hacker" into mainframes, disagrees. "Once you move user authentication off the mainframe, it can be a problem depending on how secure the other box is," he said. "The mainframe data is no longer protected by centralized access-control software."
To help alleviate some of these concerns, Multi-Platforms' Keohane suggests a centralized security product, one that allows customers to set different business rules for different applications or subsets of data. "You can say that certain subsets of users can have access to certain types of resources on Tuesday from 10 to 11 p.m.," he explained.
JANUS' Fisher recommends that companies treat a Web-connected mainframe just like they would any other distributed machine. Firewalls and intrusion-detection systems are a must, said Fisher. And by all means, do a penetration test, she added. "You need to find out if you have problems, and if you do then you can figure out how to close the gaps."
Just like any other area of security, it ultimately comes down to understanding your risk and making decisions about how to best protect that based on the resources you have to spend on it. "As a customer of a bank who can now write checks or get my balance from anywhere in the world on the Internet, I think it's a good thing" to Web-enable mainframe applications, Goldis said. "But as a security person, I have to say I think we're going backwards. Things aren't what they used to be."
01 Mar 2002 SearchSecurity
Ask five experts about the security issues raised by connecting mainframes to the Web, and you're likely to get five different shades of gray. One thing they all agree on, however, is that there's been no big-ticket cracking incidents into Big Iron -- at least not yet.
Some observers said that the mainframe remains pretty secure, even after being connected to the Web, because most crackers just don't understand the environment well enough to get in. Mainframes have long been isolated from the outside world by dint of being on an internal SNA or other network that hackers generally can't penetrate. So there's been little opportunity for people to learn the machines well enough to get in. Windows and Unix remain crackers' tools of choice, experts say, because of the platforms' low cost. Also, the complexity of the mainframe keeps many would-be bad guys out.
Stu Henderson, an independent security consultant in Bethesda, Md., maintains that the mainframe's basic architecture makes it the most secure computing platform around, even when connected to the Web.
"In every case that I'm aware of, hackers get into mainframes only when there's a back door open," he said, "either when it's been done on purpose or when systems software has been installed improperly."
In addition, he maintains, the types of security holes that are open are "widely different" from company to company, so there's little if any possibility of creating a kit that "code kiddies" can use to break into mainframes around the world.
Then, too, Henderson says that Big Iron is inherently more secure against viruses because of its "trusted computing" architecture. "You won't find boot-sector viruses unless someone deliberately puts them there or lets them in," he said.
Not everyone shares his optimism. Most organizations "assume the mainframe is secure," said Patricia Fisher, president and CEO of security consultancy JANUS Associates Inc. in Stamford, Conn. "But we find we can quite easily circumvent those controls and get access to the data." And now organizations are connecting those "less than secure" machines to the Internet, she said. It's a critical area, especially given the times we're living in, Fisher added, because so much of the country's critical infrastructure -- nuclear power plants, telephone-system switches and other things -- are run by mainframe.
Jim Keohane, president of Multi-Platforms Inc., a Levittown, N.Y.-based consulting company, said that the mainframe is at higher risk than ever. As IBM and other Big Iron suppliers morph their proprietary operating systems into more "open systems" types of software -- as has been the case with IBM's OS/390 taking on more Unix-like characteristics -- the security risks increase.
"Also, the mainframe is still new to the Web," Keohane maintained, so crackers and other black-hats haven't yet figured out how to exploit the situation.
Still, most large enterprises are at least experimenting with ways of modernizing the life of their mainframe and all the information in it. By one reckoning, 70% of corporate data is still stored on host computers. Putting a Web interface on old applications is a way around having to completely architect legacy systems to get corporate information into new hands.
So, clearly, customers are looking to blend the best of the old with the new. So to make sure the corporate jewels remain safe, there are a few things customers can do. First, make sure to have a multi-disciplinary team select and implement any Web-to-host solutions. There are literally dozens of sub-disciplines involved in this endeavor, including different types of security concerns for mainframe systems software as well as all the sub-systems and applications involved.
Second, take some time to plan. Problems often occur when "someone in marketing says hey, let's do this, and the CIO says okay, and then it becomes a rush job," Henderson said. "No one has time to think about what they're connecting or how to secure it."
Gary Goldberg, general manager for applications at Information Builders Inc. in New York, said there are different security issues depending on what's being done. "With an intranet application, everything's inside the firewall, so there are no [security] issues there," he said. But if giving external customers or partners access to mainframe data, one has to be "extremely careful."
Goldberg talks about three levels of protection: at the internet networking level, via public-key infrastructure or encryption, for instance; at the systems software level, traditionally handled by TopSecret or ACF2 or RACF mainframe security packages; and at the data level, usually handled by the specific application associated with the data. Whatever you do must address all three levels to be really secure, he suggested.
Another thing to consider is the approach you use to open up the mainframe. One can provide direct links into the mainframe data, by hosting the Web application directly on the mainframe, or you can stage the application by moving the relevant information to another server that then communicates with the mainframe only to get the information each day, or for each request. Some observers maintain that the second approach -- of staging -- is more secure because then the application's entire user community isn't banging around inside the mainframe.
However Peter Goldis, an independent consultant in Cambridge, Mass. specializing in technical aspects of computer security and an "ethical hacker" into mainframes, disagrees. "Once you move user authentication off the mainframe, it can be a problem depending on how secure the other box is," he said. "The mainframe data is no longer protected by centralized access-control software."
To help alleviate some of these concerns, Multi-Platforms' Keohane suggests a centralized security product, one that allows customers to set different business rules for different applications or subsets of data. "You can say that certain subsets of users can have access to certain types of resources on Tuesday from 10 to 11 p.m.," he explained.
JANUS' Fisher recommends that companies treat a Web-connected mainframe just like they would any other distributed machine. Firewalls and intrusion-detection systems are a must, said Fisher. And by all means, do a penetration test, she added. "You need to find out if you have problems, and if you do then you can figure out how to close the gaps."
Just like any other area of security, it ultimately comes down to understanding your risk and making decisions about how to best protect that based on the resources you have to spend on it. "As a customer of a bank who can now write checks or get my balance from anywhere in the world on the Internet, I think it's a good thing" to Web-enable mainframe applications, Goldis said. "But as a security person, I have to say I think we're going backwards. Things aren't what they used to be."
订阅:
博文 (Atom)