Secure Tomorrow » system security

But MOM! I wanna connect to the internet NOOOW

Kevin Blanchard — Sun, 20 Aug 2006 21:01:00 +0000

Pedro Bueno over at SANS ISC had some great advice to share. Something I have been preaching myself for quite a while.

During one of those past weekends I was installing and configuring some honeypots. I decided to try different Operating Systems to see which one would fit better for my needs.

As I already had a perfect NAT for one IP, nothing more natural that I already put the IP address on the OS during installation, right? Yep, WRONG! The reason is that if you install an internet facing OS (like my NAT was providing me), maybe there will be not enough time to apply the patches (even offline patches, from CDs or Pen Drivers).

So, my Tip of the Day, is for whatever OS that you are installing, if you can’t unplug physically the network, choose to not configure the NICs during installation. In this way, you will have enough time to check which Services will be running in your machine, and turn it down before someone explore your unpatched OS, because if you are installing a fresh OS, chances are that some applications/services are already outdated and you may be a victim of some bot of the day…

Nmap 4.00 is here

Kevin Blanchard — Sat, 04 Feb 2006 01:19:00 +0000

Not much more to say about it. If you use it, you are probably as excited as I am. If you don’t… then go download it. It’s a valuable tool that should be in any security engineers arsenal.

Related links:
Documentation: http://www.insecure.org/nmap/docs.html
Download: http://www.insecure.org/nmap/download.html
Release Announcement: http://www.insecure.org/stf/Nmap-4.00-Release.html

Nmap + Perl > case of the Mondays

Kevin Blanchard — Sat, 10 Dec 2005 08:56:00 +0000

SANS diary had a neat little trick posted a couple weeks back. For those of you who use Nmap quite a bit or as part of their day to day at work, here’s a tip that might help make your work week a bit more bearable. You are aware of the XML output from Nmap but what the heck do you do with it? Perl has a module that just might help you out called NMAP::Parser. This might make your job analyzing or reacting to your findings a bit easier. If you still aren’t 100% clear on how you might use it, here is more information along with an example.