background preloader

Home - The Community's Center for Security

Home - The Community's Center for Security - Supplying offensive security products to the world Professional Security Testers resources warehouse Institute - The SANS Security Policy Project Welcome to the SANS Security Policy Resource page, a consensus research project of the SANS community. The ultimate goal of the project is to offer everything you need for rapid development and implementation of information security policies. You'll find a great set of resources posted here already, including policy templates for twenty-seven important security requirements. Find the Policy Template You Need! There is no cost for using these resources. Over the years a frequent request of SANS attendees has been for consensus policies, or at least security policy templates, that they can use to get their security programs updated to reflect 21st century requirements. This page will continue to be a work in-progress and the policy templates will be living documents. We'll make improvements and add new resources and sample policies as we discover them. Is it a Policy, a Standard or a Guideline? What's in a name?

Forensic Analysis of a Live Linux System, Pt. 1 1. Introduction During the incident response process we often come across a situation where a compromised system wasn't powered off by a user or administrator. This is a great opportunity to acquire much valuable information, which is irretrievably lost after powering off. I'm referring to things such as: running processes, open TCP/UDP ports, program images which are deleted but still running in main memory, the contents of buffers, queues of connection requests, established connections and modules loaded into part of the virtual memory that is reserved for the Linux kernel. Sometimes the live procedure described here is the only way to acquire incident data because certain types of malicious code, such as LKM based rootkits, are loaded only to memory and don't modify any file or directory. Other problems arise when we plan to take legal actions and need to comply with local laws. 2. This article is divided into four related sections: 2.1 Fitting to the environment Step 2: Media mounting

Infosec Writers Text Library Disclaimer: Content in this library are provided "as is" and without warranties of any kind, either express or implied. InfoSec Writers does not warrant the use or the results of the use of the content in terms of their correctness, accuracy, reliability, or otherwise. In no event shall InfoSec Writers be liable for any damages - indirect, consequential or whatsoever - from usage of the content provided here. However, we are dedicated to providing QUALITY content, so we encourage you the reader to voice your queries or suggestions with regard to the technical accuracy/validity of any such content in this library. Email us: along with a CC to the respective writer. Re-posting ANY material, edited or not edited, (including files, text, design) off this site for public use is prohibited without prior authorization from us (or the respective owner/writer). To submit a text click here. - Computer Security Division - Computer Security Resource Center Virus Bulletin : Independent Malware Advice Institute - SANS Top-20 2007 Security Risks (2007 Annual Update) Critical Security Controls for Effective Cyber Defense Over the years, many security standards and requirements frameworks have been developed in attempts to address risks to enterprise systems and the critical data in them. However, most of these efforts have essentially become exercises in reporting on compliance and have actually diverted security program resources from the constantly evolving attacks that must be addressed. In 2008, this was recognized as a serious problem by the U.S. The Critical Security Controls focuses first on prioritizing security functions that are effective against the latest Advanced Targeted Threats, with a strong emphasis on "What Works" - security controls where products, processes, architectures and services are in use that have demonstrated real world effectiveness. Top 20 Critical Security Controls - Version 5 This work is licensed under a Creative Commons Attribution-NoDerivs 3.0 Unported License.

Flexible One-Time Password MetaSystem High security multifactor authentication using aseries of single-use "passcodes" does not needto be expensive. In fact, it can be free... Generate your own unique set ofPrintable Paper Passcards right now: What is "Multi-Factor Authentication" . . . and why might you need it? Almost without exception, today's Internet users prove their identity online using a fixed account name and password. The trouble with a username and password is that they never change. To hear or read more about the important and fascinating topic of "Multi-Factor Authentication", you are invited to listen to the free audio (mp3) podcast Leo Laporte and I produced to address this topic. To learn more about the design, operation, and security of GRC's Perfect Paper Passwords system, you are invited to listen to a detailed description of the background and operation of this system, including a detailed discussion of the design and development path that led to this result.

Packet Crafting for Firewall & IDS Audits (Part 1 of 2) With the current threat environment that home and corporate users face today, having a firewall and IDS is no longer a luxury, but rather a necessity. Yet many people do not really take the time to make sure though that these lines of defense are indeed working properly. After all, it is very easy to invalidate your router's entire ACL list by making a single misconfigured entry. The same can be said for your firewall, whereby one poor entry into your iptables script, for example, could leave you vulnerable. It is best to not blindly rely on the output of certain automated tools when auditing devices that safeguard your valuable computing assets. This article is the first of a two-part series that will discuss various methods to test the integrity of your firewall and IDS using low-level TCP/IP packet crafting tools and techniques. Benefits of packet crafting There are some side benefits to learning how to audit your firewall and IDS though the use of packet crafting. Assumptions

Penetration testing Anti-Virus test file Additional notes: This file used to be named ducklin.htm or ducklin-html.htm or similar based on its original author Paul Ducklin and was made in cooperation with CARO.The definition of the file has been refined 1 May 2003 by Eddy Willems in cooperation with all vendors.The content of this documentation (title-only) was adapted 1 September 2006 to add verification of the activity of anti-malware or anti-spyware products. It was decided not to change the file itself for backward-compatibility reasons. Who needs the Anti-Malware Testfile (read the complete text, it contains important information)Version of 7 September 2006 If you are active in the anti-virus research field, then you will regularly receive requests for virus samples. Other requests come from people you have never heard from before. A third set of requests come from exactly the people you might think would be least likely to want viruses "users of anti-virus software". The good news is that such a test file already exists.

Emerging Threats How to Encrypt Your File System Protecting your data has become more important than ever. Let's look at some options for encrypting Linux file systems. Everyone has either a laptop or a netbook or a desktop that carries, in many cases, some personal information – credit card numbers to buy those important system upgrades, Facebook logins, account numbers, incriminating photos of our high school days, etc. They are all stored on our systems in various forms, including cookies. Never mind that hackers are breaking into systems at an unprecedented rate (OK, most of them are Windows systems) requiring a defensive response from users. All of this has pointed out the need for encrypting our file systems for our protection. Encryption/Decryption If you want to look at encryption a little more, there is a reasonable introduction that talks at a very high level about how encryption works. Working with Encryption and Linux There are basically three options when talking about encrypting your data on a Linux system. ecryptfs EncFS