Have done more reading, got some new ideas. They have made the FOV wider rather than narrower however. My thinking so far.
Reading Summaries:
Automated Windows Patch Management Part 2
http://www.securityfocus.com/infocus/1762
Far more practical and specific. Deals with installation and strange bugs that may occur, their debugging and how to fix them. It also details settings required (OS and network). The last section details logging (very sparse and non-compliant) and the perl scripts by Ken Hoover for better monitoring.
Security experts bemoan poor patching
http://news.com.com/2100-7355_3-5164650.html?part=rss&tag=feed&subj=news
An article pointing to the importance of a decent SUS. The main problems are time-frame: 1 month to half the number of computers vunerable to a big hole and the speed at which patches are applied. Even if it takes a week for a company to update all its machines, that is still too long, but patches do need to be tested to ensure they don't b0rk critical services. There is also the usual whinge about crappy coding in the first place. This made me think about ways to prevent or reduce vunerabilities before the patch can be applied.
Vhata also mentioned SSH's privledge seperation model and integrating it into other apps, such as making the SUS client behave. The SUS client would need root priv's to install/patch, however monitoring need not.
I read a few things on honeypots too, namely:
http://www.trackinghackers.com/misc/faq.html
An interesting and brief summary of the types of honeypots (low to high interaction and research vs production), their advantages (no cruft, just malicious interaction i.e. fewer false positives and new false negatives, cheap and simple) and disadvantages (narrow view,introducing risk) and some basic concepts such as honeytokens (objects e.g. a word file that should not be accessed), data control (control the bad guy) and data capture (watch the bad guy).
http://www.spitzner.net/honeypots.html
Good intro to terms and concepts.
Honeypots are interesting me less and less and are looking more like a great research tool, but I want something more real world, large organisation related.
I read a bit about Sendmail's plans to integrate Yahoo's Domainkeys, a PKI attempt for SMTP. M$ also likes the idea.
I have also been looking around for some good Activism related security project possibilities. Nothing I am interested in yet. I did send an e-mail to the people at http://hacktivismo.com/ explaining my interests and asking them for ideas/advice. (I sent an e-mail to the CDC, awesome).
So what am I interested in:
Automated Windows Patch Management Part 2
http://www.securityfocus.com/infocus/1762
Far more practical and specific. Deals with installation and strange bugs that may occur, their debugging and how to fix them. It also details settings required (OS and network). The last section details logging (very sparse and non-compliant) and the perl scripts by Ken Hoover for better monitoring.
Security experts bemoan poor patching
http://news.com.com/2100-7355_3-5164650.html?part=rss&tag=feed&subj=news
An article pointing to the importance of a decent SUS. The main problems are time-frame: 1 month to half the number of computers vunerable to a big hole and the speed at which patches are applied. Even if it takes a week for a company to update all its machines, that is still too long, but patches do need to be tested to ensure they don't b0rk critical services. There is also the usual whinge about crappy coding in the first place. This made me think about ways to prevent or reduce vunerabilities before the patch can be applied.
Vhata also mentioned SSH's privledge seperation model and integrating it into other apps, such as making the SUS client behave. The SUS client would need root priv's to install/patch, however monitoring need not.
I read a few things on honeypots too, namely:
http://www.trackinghackers.com/misc/faq.html
An interesting and brief summary of the types of honeypots (low to high interaction and research vs production), their advantages (no cruft, just malicious interaction i.e. fewer false positives and new false negatives, cheap and simple) and disadvantages (narrow view,introducing risk) and some basic concepts such as honeytokens (objects e.g. a word file that should not be accessed), data control (control the bad guy) and data capture (watch the bad guy).
http://www.spitzner.net/honeypots.html
Good intro to terms and concepts.
Honeypots are interesting me less and less and are looking more like a great research tool, but I want something more real world, large organisation related.
I read a bit about Sendmail's plans to integrate Yahoo's Domainkeys, a PKI attempt for SMTP. M$ also likes the idea.
I have also been looking around for some good Activism related security project possibilities. Nothing I am interested in yet. I did send an e-mail to the people at http://hacktivismo.com/ explaining my interests and asking them for ideas/advice. (I sent an e-mail to the CDC, awesome).
So what am I interested in:
- Computer Security
- SUS
- Cross platform client/server method.
- Firewall rule integration, for intermediate protection.
- Modular. Core -> OS (XP,Gentoo,FreeBSD) -> Software (OS, individial apps).
- Priv Sep, possible other project.
- SPAM prevention
- SMTP extensions, PKI. Read more.
- DNS extensions. Read more.
- Honeypots
Trackbacks
Trackback specific URI for this entry
No Trackbacks