InfoSec Tools, Tips & Thoughts » Networking

Live Hacking CD based on Ubuntu?? Get out!!

William McBorrough, MSIA, CISSP, CISA, CRISC, CEH — Fri, 12 Feb 2010 23:14:50 +0000

Dr. Ali Jahangiri, the well known security expert and author of Live Hacking: The Ultimate Guide to Hacking Techniques & Countermeasures for Ethical Hackers & IT Security Experts, is pleased to announce the launch of the Live Hacking CD, a new Linux distribution designed for ethical hacking. The Live Hacking CD contains the tools and utilities you need to test and hack your own network but using the tools and techniques that more malicious hackers would use.

Download it here: http://www.livehacking.com/cd-dvd/download.htm

Read the full press release here: http://www.free-press-release-center.info

Backtrack 4 Final Released!! Backtrack is a linux-based penetration testing suite of tools used...
Cloud-based…hacking?? I assigned my class a research paper on the security...
Free episodes of Hakin9 Magazine posted Hakin9 is a source of advanced, practical guidelines regarding the...

Free episodes of Hakin9 Magazine posted

William McBorrough, MSIA, CISSP, CISA, CRISC, CEH — Tue, 09 Feb 2010 20:19:01 +0000

Hakin9 is a source of advanced, practical guidelines regarding the latest hacking methods as well as the ways of securing systems, networks and applications. I have provided a few recommended copies to download as pdf. Get them here.

CISSP All In One Book FIFTH EDITION has been released The fifth edition of this best-selling comprehensive CISSP training resources...
More on Forensics… Follow what the NOVA Information Assurance Strike Team is up...
Brevity is the soul of…..getting yourself infected with all kinds of nasties! Would you click on the link : http://www.click-here-to-give-me-access-to-all-your-computer-files.com? No? How...

Protecting Wireless Network From Hackers and Neighbors

Guest Blogger — Mon, 01 Feb 2010 17:33:07 +0000

Local wireless networks, which provide information to receive and send to the Internet, have become part of the houses and offices. Where as it is less expensive than wired networks and allows for roaming between the two offices to remain in contact with the electronic devices. But experts warn of the penetration it by the strangers or intruders in order to sabotage it.

According to views of the U.S. experts, unsecured homes networks can also be used by the neighbors in order to spam bots download unauthorized material on the rights of the songs and music, and even pornographic material without knowing the owner, which had led to legal proceedings. In particular, it is difficult to identify the person or organization that used the network. One person was detained when he stopped his car in front of a U.S. charitable organization and used its network to communicate with the Internet.

The offices of small businesses were opened that do not have secured internal networks to penetrate the large companies that make business with them; this also is applied to the home network. To overcome the problems the experts proposed to change the passwords on wireless networks from time to time and installation of cryptographic keys to the codes can be changed according to a regular basis. The radio signals can be adjusted so as not to fall outside the walls of the office.

Finally, the use of advanced software to scan wireless networks secures the development of local home and office computers “in the case of the shadows!”

Author: Shrif S Kassem
Article Source: EzineArticles.com
Provided by: Latest trends in mobile phone

Protect the Internal Network From Hackers Attention! All the hackers on the systems of various according...
Beware of Free Internet Connections Many hotels,coffee shops and other such establishments offer free wireless...
A Guide to Computer Security As the number of people connecting to the Internet continues...

100+ Open Source Security Tools

William McBorrough, MSIA, CISSP, CISA, CRISC, CEH — Sat, 30 Jan 2010 18:57:11 +0000

Security testing or assessment is a process to determine that an Information System adequately protects data and maintains intended functionality from the following points:

Confidentiality: A security measure which protects against the disclosure of information to parties other than the intended recipient(s). Often ensured by means of encoding, using a defined algorithm and some secret information known only to the originator of the information and the intended recipient(s) (a process known as cryptography) but that is by no means the only way of ensuring confidentiality.

Integrity: A measure intended to allow the receiver to determine that the information which it receives has not been altered in transit or by other than the originator of the information. Integrity schemes often use some of the same underlying technologies as confidentiality schemes, but they usually involve adding additional information to a communication to form the basis of an algorithmic check rather than encoding all of the communication.

Authentication: A measure designed to establish the validity of a transmission, message, or originator. It allows a receiver to have confidence that the information it receives originated from a specific known source.

Authorization: The process of determining that a requester is allowed to receive a service or perform an operation.

Availability: Assuring information and communications services will be ready for use when expected. Information must be kept available to authorized persons when they need it.

Non-repudiation: A measure intended to prevent the later denial that an action happened, or a communication took place, etc. In communication terms, this often involves the interchange of authentication information combined with some form of provable time stamp.

I’ve listed 100+ free and open source tools used in security testing here.

keimpx – New Open Source SMB Credential Scanner keimpx is an open source tool, released under a modified...
How many security tools can you fit on your key chain? When I first started running Ubuntu as my laptop OS...
5 Open Source Alternatives to Microsoft Office The Microsoft Office productivity suite has risen to become the...

Backtrack 4 Final Released!!

William McBorrough, MSIA, CISSP, CISA, CRISC, CEH — Tue, 12 Jan 2010 20:47:44 +0000

Backtrack is a linux-based penetration testing suite of tools used by security professionals to perform assessments. Backtrack has been fully customized as a penetration testing tool.

BackTrack 4 (codenamed “pwnsauce”) includes a new kernel, a larger and expanded toolset repository, custom tools that you can only find on BackTrack, and more importantly, fixes to most major bugs that we knew of. You can install and use it as your primary operating system, run it as a live cd, from a usb drive, or as a virtual machine.

Some of the tools included in the suite are: Metasploit, Kismet, Autoscan, Nmap, Ettercap, Wireshark, etc. These tools can be used for network, system and wireless reconnaissance, enumeration and penetration.

I use the backtrack suite in teaching my ethical hacking class. It is a great tool for anyone interested in learning to perform security assessments.

Other suites with similar functionality can be found in a previous post.

How many security tools can you fit on your key chain? When I first started running Ubuntu as my laptop OS...
Metasploit 3.4.0 Hacking Framework Released – Over 100 New Exploits Added Metasploit provides useful information and tools for penetration testers, security...
Live Hacking CD based on Ubuntu?? Get out!! Dr. Ali Jahangiri, the well known security expert and author...

Virtual Networking and Security Training Tool

William McBorrough, MSIA, CISSP, CISA, CRISC, CEH — Mon, 04 Jan 2010 22:04:30 +0000

As someone who works in an environment where I have access to networking and security equipment, I am more fortunate than most students in my classes who are trying to break into the networking and/or security fields but lack the necessary access to needed equipment to get the hands-on experience that is usually a prerequisite for employment. As I try to make my classes as practical as possible, one challenge I face is how to get my students as much hands-on access to real equipment as much as possible. There are limited number lab hours especially for students who have to work (most of my students are professional working adults).

This week, I am in a Cisco Security Faculty Development boot camp where college professors are trained on the Cisco CCNA curriculum and given tools with which to better present that information in their courses. We are using Cisco Packet Tracer version 5.2.1 which is a network simulation software that allows students to experiment with network configuration and behavior. As I’ve never used Packet Tracer before, I am very impressed with this tool. The ability to simulate local and wide area networks will be a great tool top better acquaint my students with networking and security equipment (atleast Cisco’s incarnation of them). I try to keep my classes as vendor independent as possible but as the underlying principles are essential the same, if you can configure one, you can figure out the other vendors.

VMware is also a great tool for training tool. It allows you to install/run different operating systems in software. Using VMware player or the free version of VMware server, I have my students practice with various linux operating systems or virtual appliances. See http://www.vmware.com/appliances/ for devices that have been ported to run as a virtual appliance.

SAHI – Web Automation & Application Security Testing Tool Sahi is an automation tool to test web applications. Sahi...
Skipfish-Web Scanning Security Tool from Google Google has released an open-source Web security scanner called Skipfish...
Lynis – Security and System Auditing Tool Lynis is an auditing tool for Unix (specialists). It scans...