January 12, 2010 by escogido
False alarms
False alarms are IPS events that you do not want occurring in your implementation. There are two types of these alarms: false positive and false negative. Both are undesirable.
False Positive : A false positive means that an alert has been triggered, but it was for traffic that does not constitute an actual attack. This type of traffic is often referred to as benign traffic.
False Negative : A false negative occurs when attack traffic does not trigger an alert on the IPS device. This is often viewed as the worst type of false alarm, for obvious reasons.
True alarms
There are two types of true alarms in IPS terminology. Both true positives and true negatives are desirable.
True positive : A true positive means that an attack was recognized and responded to by the IPS device.
True negative : This means that nonoffending or benign traffic did not trigger an alarm.
Posted in Uncategorized | Leave a Comment »
December 19, 2009 by escogido
This attack involves an attacker who floods the switch with fake MAC addresses in an effort to cause the switch to flood all packets out of all its ports. MAC flooding is the attempt to exploit the fixed hardware limitations of the switch CAM table. For example the CAM table on the Cisco Catalyst 6000 series switch can contain 128000 entries; these 128000 entries are organized as 8 pages that can store approximately 16000 entries. CAM tables are limited in size. If enough entries are entered into the CAM table before other entries are expired, the CAM table fills up to the point that no new entries can be accepted. When that occurs, the switch will flood all ports with incoming traffic because it cannot find the port number for a particular MAC address in the CAM table. The switch, then, acts as a hub.
The Macof tool was released in 1999. Written in Perl code, the Macof tool floods a switch with packets containing randomly generated source and destination MAC and IP addresses. When the CAM table of the switch fills up with these addresses, the switch begins to forward all frames that it receives to every port.
Posted in Security | Leave a Comment »
December 14, 2009 by escogido
The Challenge Handshake Authentication Protocol (CHAP), described in RFC 1994, provides authentication after the establishment of the initial communication link between the user and CHAP. CHAP operation comprises a three-way handshaking procedure summarized in the following steps:
1. The CHAP authentication mechanism sends a “challenge” to the user following the establishment of the communication link.
2. The user responds to the challenge with a string produced by a one-way hash function.
3. The hash value transmitted by the user is compared with a hash result calculated by the authentication mechanism. If the two hash values are identical, authentication of the user is verified. If the values do not match, the connection
is terminated.
4. For increased security, Steps 1 through 3 are repeated at random time periods.
Posted in Security | Leave a Comment »
December 14, 2009 by escogido
In PAP, a user provides an unencrypted user name and password, which are compared with the corresponding information in a database of authorized users. Because the user name and password are usually sent in the clear, this method is not secure and is vulnerable to an attacker who intercepts this information. PAP is described in RFC 1334. In operation, after a communication link is established between the remote user and PAP, a user ID and password are transmitted repeatedly until authentication is completed or the communication is terminated. PAP is vulnerable to ID and password guessing. An improved approach is the Challenge Handshake Authentication Protocol (CHAP).
Posted in Security | Leave a Comment »
December 9, 2009 by escogido
WDM is a method of transmitting data from different sources over the same fiber optic link at the same time whereby each data channel is carried on its own unique wavelength over a fiber optic cable.Typically WDM is using to increase signaling and bandwidth capacity over single mode fiber optic cable, The result is a link with an aggregate bandwidth that increases with the number of wavelengths employed. In this way WDM technology can maximize the use of the fiber optic infrastructure that is available; what would normally require two or more fiber links instead requires only one. Dense Wave Division Multiplexing (DWDM) combines up to 64 wavelengths onto a single fiber. DWDM technology uses an ITU standard 100GHz or 200GHz spacing between the wavelengths, arranged in several bands at ~1500-1600nm. With DWDM technology, the wavelengths are close together (compared to CWDM), meaning that transponders are generally more complex and expensive than CWDM. However, with DWDM, the advantage is a much higher density of wavelengths, and also longer distances.
Coarse WDM (CWDM) are WDM systems with fewer than eight active wavelengths per fiber. CWDM can match the basic capabilities of DWDM but at lower capacity and lower cost. CWDM enables carriers to respond flexibly to diverse customer needs in metropolitan regions where fiber may be at a premium. The point and purpose of CWDM is short-range communications. It uses wide-range frequencies and spreads wavelengths far apart from each other. By design, CWDM equipment is compact and cost-effective as compared to DWDM designs.
Posted in Media | Leave a Comment »
December 8, 2009 by escogido
Authenticated Post Office Protocol (APOP) encrypts the user’s password during a POP session. The password is encrypted by using a secret that the user provides to the server long before the APOP session. The strength of the secret depends on number of factors including The complexity of password and how often it’s used.
There are three security concerns when using APOP :
1) The password used is not the same as the user login; therefore, a separate file must be used to keep this password. This becomes another point of failure and possible way to exploit.
2) Not all clients support APOP. This may lead organizations to settle for a more universal, although less safe method of authentication, such as the basic user name and password used by POP3.
3) APOP is concerned only with encrypting the user name and password and does not encrypt the e-mail messages itself.
Posted in Security | Leave a Comment »
December 5, 2009 by escogido
Listen up, listen up!
Here we go
It’s a fucked up world
A fucked up place
Everybody’s judged by their fucked up face
Fucked up dreams
Fucked up life
A fucked up kid
With a fucked up knife
Fucked up moms
And fucked up dads
There’s a fucked up a cop
With a fucked up badge
Fucked up job
With fucked up pay
And a fucked up boss
Is a fucked up day
Fucked up press
And fucked up lie…
Posted in Something to say | Leave a Comment »
December 5, 2009 by escogido
IPsec defines two modes that determine the extent of protection offered to the original IP packet.
When IPsec headers are simply inserted in an IP packet (after the IP header), it is called transport mode. In transport mode, the original IP header is exposed and unprotected. Data at the transport layer and higher layers benefits from the implemented IPsec features. Another way to think of this is that transport mode protects the transport layer and up. As such, when the IPsec packet travels across an untrusted network, all of the data within the packet is safe (based on the IPsec services selected). Devices in the untrusted network can see only the actual IP addresses of the IPsec participants.
IPsec offers a second mode called tunnel mode. In tunnel mode, the actual IP addresses of the original IP header, along with all the data within the packet, are protected. Tunnel mode creates a new external IP header that contains the IP addresses of the tunnel endpoints (such as routers or VPN Concentrators). The exposed IP addresses are the tunnel endpoints, not the device IP addresses that sit behind the tunnel end points.
Posted in Security | Leave a Comment »
December 5, 2009 by escogido
WAF is an intermediary device, sitting between a web-client and a web server, analyzing OSI Layer-7 messages for violations in the programmed security policy. A web application firewall is used as a security device protecting the web server from attack. Standard firewalls are designed to restrict access to certain ports, or services that an administrator doesn’t want unauthorized people to access. Web Application Firewalls are often called ‘Deep Packet Inspection Firewalls’ because they look at every request and response within the HTTP/HTTPS/SOAP/XML-RPC/Web Service layers. Some Web Application Firewalls look for certain ‘attack signatures’ to try to identify a specific attack that an intruder may be sending, while others look for abnormal behavior that doesn’t fit the websites normal traffic patterns. Web Application Firewalls can be either software, or hardware appliance based and are installed in front of a webserver in an effort to try and shield it from incoming attacks.
Posted in Security | Leave a Comment »
December 5, 2009 by escogido
In Single Sign-On (SSO), a user provides one ID and password per work session and is automatically logged on to all the required network resources and applications. Without SSO, a user normally must enter multiple passwords to access different network resources. In applying SSO, passwords should be transmitted or stored in encrypted form for security purposes. With SSO, network administration is simplified,a stronger password can be used, and resources can be accessed in less time. The major disadvantage of many SSO implementations is that once a user obtains access to the system through the initial logon, the user can freely roam the network resources without any restrictions.
Posted in Security | Leave a Comment »
