Filed under How To, Security
Everyone knows to check for unauthorized wireless access points within the business. What about unauthorized client access, though? What I’m talking about here is your employees connecting to other open wireless networks from their office!
It turns out that there are some really simple things you can do to discover if there are hosts from your network connecting to unprotected networks nearby and to figure out which hosts are the rogues. To do this testing we need just a few tools.
Wireless Sniffer
Any wireless sniffer will do provided it creates PCap based output files. Tools like Kismet, TCPDump and Airodump produce exactly what we’re looking for. Start out by simply looking for open wireless networks and configure your tool to store a packet capture file. You don’t need any encryption keys, you don’t need any special configurations, just turn it on and store the file!
Extracting Strings
NetBIOS broadcasts the workstation and domain [...] Continue Reading…
For organizations using VMware virtualization technologies, there are likely a number of different virtual machines in the environment, representing a number of platforms ranging from Windows desktops and servers to Linux and UNIX systems as well. Each of these will have an associated file with the VMX extension that contains the VM’s specific configuration details – hardware specifications, software information, and a number of settings that can definitively impact security and compliance for the environment hosting that virtual machine. Unfortunately, documentation for these files is sorely lacking, and auditors are often left to their own devices to determine what VM settings are enabled and what their impacts could be. Here we’ll take a look at settings that impact security, and how they should ideally be configured:
Goal: Disabling Copy & Paste operations between the VMware host and the VM guest
VMX Settings:
isolation.tools.copy.disable = “TRUE”
-Disables copy functionality
isolation.tools.paste.disable = “TRUE”
-Disables paste functionality
[...] Continue Reading…
So it’s that time of year again, we begin to hope that the winter months are behind us, the trees and flowers are starting to bloom (at least in Florida where I live), but most importantly – people are beginning to think about taking the CISA exam from ISACA in order to promote their audit careers!
So many of you are thinking, yes James, that’s right, I was thinking about that. Of course you were. That’s why twice a year, right before each of the CISA exams, we hold a CISA review class via our online vLive delivery system to help people prepare to pass the exam. Click here to learn more http://tr.im/MGnD.
The class itself doesn’t start until April, but it’s a good idea to sign up now to start preparing early. In fact, SANS has told me for people that are signing up early, and pay attention to our [...] Continue Reading…
Filed under How To, Security
A couple weeks ago I posted a blog article with some sample file hashes and domain names associated with the recent Google hacks (think APT or Aurora). More information on those file hashes can be found here.
Since then I’ve had quite a few people ask me, if you have a system that you suspect might have been compromised, how do you search that system for files that are malicious if you have a list of hashes that you know are malicious? In other words, you have a list of hashes and you want to know if there are any files on your file system that has the same hash value.
Disclaimer – before we continue you should know, hashes of malicious files are just one way of attempting to discover if your system has been compromised. Especially when dealing with a threat like APT, which is highly intelligent and adaptable, [...] Continue Reading…
It’s that season again, and auditors are starting to think about the next step in their careers. Many started the new year with resolutions, including educational goals. For an auditor, one of the educational eventualities that all auditors must eventually face is, is this the year I should become CISA certified?
ISACA only offers the exam twice a year, once in June and once in December each year. So taking the exam requires a little planning. If you’re one of those people that’s considering the exam this year, I have some advice for you. I’ve been teaching a CISA preparation class that I authored for the SANS Institute since 2005, and in all these classes I’ve taught, we’ve only ever had one student fail the exam. That being said, I have some advice for those of you considering taking the exam that I hope will help you to prepare and [...] Continue Reading…
Obviously there has been a lot of discussion in the news, on blog posts, even tweets, on the issue of the Aurora attacks and what they mean. This is certainly not a new threat. Evidence of this threat can be seen back to at least 2008 if not earlier (if you consider Titan Rain or other operations), but until now no one wanted to talk about it publicly. But in the background work has been in progress to discover techniques to stop the threat.
Enter the 20 Critical Controls…
In 2009 the Consensus Audit Guidelines / 20 Critical Controls were released to prioritize the information security controls that need to be implemented in order to combat known attacks (ie. think Aurora or APT). US federal government and commercial systems were being compromised by this threat and others and something had to change. But what was the tipping point? Why were these [...] Continue Reading…
In case you missed it, the $1,100+ discount on SANS top IT Audit course ends tomorrow, January 29. For more information on the class, please check here. I assure you, it’s a class you shouldn’t miss.
For a comprehensive course on how to identify critical controls, validate that the correct controls are in place and validate processes, consider the SANS 6 day course, “Advanced System & Network Auditing“. David Hoelzer is the SANS IT Audit Curriculum Lead and the author of several SANS IT Audit related courses.
I just found out about a discount code for SANS IT Audit training that’s only good until midnight on Friday January 29. Starting the last week of March, SANS is offering their top IT audit course as a “vLive”. This discount code gives you a total of $1,173 off of the price of the course but only until January 29! The registration code is “IN507″ and the registration link/course description is here.
vLive from SANS is essentially an online delivery mechanism that gives you a top instructor and industry professional presenting in real-time with online delivery. The class meets two times per week for six weeks, allowing you to participate from your home or office live or to pick up any missed sessions through a re-broadcast of the recorded content.
The course itself covers everything you need to know as an IT auditor to perform high quality technical audits in today’s [...] Continue Reading…
Filed under How To, Security
One of the issues that we have been dealing with extensively lately is the issue of auditing and automation. This has come most often been raised when we’ve been discussing how to address automating control assessments in conjunction with implementing the 20 Critical Controls. One of the core principles of the 20 Critical Controls is that organizations need to have the ability to automate security assessments in order to reduce risk detection times and allow for a more prompt response to detected threats.
One way to assist with the automation of any given assessment is to script your assessments and automate the scripts you write. This way your tests can work for you and can automatically respond in some way should a particular event be discovered. Rather than creating a mechanism to perform detection and alerting from scratch, why not use a mechanism that’s already built into most Microsoft Windows [...] Continue Reading…
As organizations continue to try to streamline operations during difficult economic times it becomes even more critical to make sure that your employees, whether in IT Audit or IT Security, have the right skill sets. For most of us this means that we need to rely on industry certifications and paid training opportunities to help keep our staff abreast of developing technologies and trends. Someone pointed me at a fantastic resource to help to map your needs to available training resources, both free and paid!
This site, Computer Security Training, provides a really nice roadmap style chart breaks the problem into five focus areas: Security Awareness, Introduction to Security, Intermediate Security, Security Practitioner and Security Expert. For each of these categories there is a set of excellent free resources followed by targeted subject matter training and certification options. This is an excellent tool to assist management in determining which training [...] Continue Reading…
