FREE: you can’t beat that - SANS Vulnerability Assessment Webinar

Dr. Eric Cole the author of Security 401: SANS Security Essentials, is providing an extracted 30 minute module on Vulnerability Assessment from Security 401. Dr. Cole believes that this will help you to improve the security of your organization. SANS is making this segment available through SANS OnDemand at no cost. Give it a try at
http://www.sans.org/info/25398

As a SANS student and participant in one of Dr. Cole’s classes I am sure that it will be worth while.  Besides you can’t beat free.

The insecure VLAN

As promised the second part in our series on utilizing Yersinia to exploit insecure network infrastructure designs. This blog focuses on VLAN hopping. First let me say that early on in my pilgrimage to security enlightenment and network utopia (not that I am there yet) I was guilty of the same pitfall that many organizations continue to believe. That belief being, that VLANs are a way to secure network segments. Unfortunately that is not the case. VLANs are purely a way to segment traffic. With strong access lists and port controls they will help to assist in increasing network security, but as a stand alone item they have nothing to do with security. Readers flame on.

With this in mind lets exam how to exploit the unsubstantiated belief that VLANs will secure independent network segments. To do this once again we will go to our wonderful friends in Spain, David and Alfredo and their great tool Yersinia.

Connect your system locally to the switched infrastructure that you would like to exploit. Fire up Yersinia in its graphical mode “yersinia –I” from your beast of a linux machine. Because as the boys in Spain say when asked about a Windows version. “ No, it does certainly not. Perhaps some nice fellow could port yersinia to Windows and make you happy.”

Read the rest of this entry »

Exploiting the Core

This is the first in a two part blog about utilizing Yersinia to check out the security of your routers and switches. While there are many different exploits and areas of concerns in the routing infrastructures and designs of today, I am going to focus on two areas. Today’s blog is focused on man in the middle attacks (MITM) against routers, specifically, utilizing Yersinia to insert your attack machine in the middle of an HSRP configuration.

——————-

WARNING****Audit Notes

I wanted to put this early on in this post to ensure everyone knows how destructive this tool can be to ones network. This is a very invasive and dangerous exploit for the network. My usual approach is to talk with the IT manager about multiple exploits in this class and to inform them that in my belief it is better to receive a hard copy of the configs and document a simulated attack. If the customer wants us to proceed with a live attack, I always have signed documentation that ensures they know and accept the risks.

Read the rest of this entry »

What is more important password expiration, complexity or something else?

I was holding a conversation today about password expiration and I have decided it isn’t so much about the password strength or the time between password changes. Looking at it passwords are a primary method used to control access to resources. Because authenticated access is seldom logged, a compromised password is a way to explore a system without causing suspicion. An attacker with a compromised password can access any resource available to that user. So it really comes down to protecting the area that passwords are stored not.

A great example is using a password cracker like Ophcrack, you can crack the password “Fgpyyih804423″ in 160 seconds. Most people would consider that password fairly secure. The Microsoft password strength checker rates it “strong”. Now granted it is using Rainbow tables, but ultimately if you your SAM file or /etc/passwd /etc/shadow files are compromised your pretty much history. Additionally, if you limit failed attempts with lock outs (or a limited time lockout) I think you are going to prevent the brute force attacks.

Read the rest of this entry »

Blog Focus

Through the course of the days, weeks and months of mucking through the security arena I have been thinking about all the neat tricks, shortcuts and tools that I have discovered or been introduced to. In an effort to share these and more importantly have a reference to go back to when I need them again a blog has been developed. I hope that everyone viewing this can gain and more importantly share their knowledge through this site.