I was tired today.. maybe it was the material, or the fact that I had to
break my college routine and wake up early in the morning... but I was
beat. Regarding the IEM, the material could be a little better. Some of
the tools that were mentioned are not used so much today, but the
methodology still applies. NSA doesn't endorse any of the tools, but to
be an IEM, requires you use tools to complete several baseline
activities I'll list below.
The nice thing about the IAM and IEM is that it provides a "repeatable
framework" for security assessments and evaluations. Each organization
is different, so it's up to the security people performing the
evaluation to gather up their skill sets and use what works for them for
their particular environment.
There are 10 baseline activities that an evaluation covers:
- Port Scanning
- SNMP Scanning
- Enumeration & Banner Grabbing
- Wireless Enumeration
- Vulnerability Scanning
- Host Evaluation
- Network Device Analysis
- Password Compliance Testing
- Application Specific Scanning
- Network Sniffing
Most of the activities are pretty basic, and knowing how to use your
tools effectively will make all the difference. I realized I haven't
done much with SNMP, and I can also work on improving my skills with
netcat. We didn't do anything with wireless, since we were on an
isolated LAN segment.
If you want more information on the IEM or IAM, check out
IATRP. You can also view the
presentation slides used during the lectures.
Posted by Marcin on Thursday, January 18, 2007 in
School and
Security.
This semester, I am taking the IEM as part of a class that will be
assigned to evaluate my university's network security. Last semester, I
was a team leader in an
IAM,
an
assessment
of my school's organizational information security. The IAM is two full
days,
as well as the IEM. I am taking classes through Security
Horizon, co-founded by Russ Rogers
and Greg Miles, who wrote the books on NSA
IAM
and NSA
IEM.
I'll post my thoughts throughout the day and after today's training
session. In the meantime, you can see
Russ',
Bejtlich's,
and other's
comments.
Posted by Marcin on Thursday, January 18, 2007 in
School and
Security.
The time is nearing and I will have to move my site to a new host. Along
with the move, we'll undergo a domain name change to
www.tssci-security.com as well. Currently we're hosted on a dedicated
FreeBSD server running Apache, and I'm pretty happy with it. I'd like a
host that offers UNIX/Linux and SSH access and doesn't force me use
those pesky management panels (except for phpMyAdmin) or anything like
that..
Can anyone recommend a hosting provider or perhaps have room to spare on
their server and is interested in subletting? Also, I'd like to hear
your opinions on dynamic DNS providers like
No-IP, DynDNS and
FreeDNS. Shoot me an email or comment
here.
Posted by Marcin on Monday, January 15, 2007 in
News and
Other.
Volume 6 of the Uninformed Journal
is out. This issue contains the following:
Engineering in Reverse
Exploitation Technology
I'll follow up with comments later. Not sure which one's I'll end up
reading, but I will make an effort to at least read one of articles.
Posted by Marcin on Sunday, January 14, 2007 in
Security.
To anyone who has `register_global` turned on for PHP versions 4 thru
4.4.3,< 5.1.4, update your Wordpress;
2.0.7RC1
is available. The exploit takes
advantage of code flaws in wp-trackback.php.... again, allowing a SQL
injection admin hash disclosure.
Thanks dominik at the Basecamp for the
heads up. I don't need to update this time though.. :p
Posted by Marcin on Thursday, January 11, 2007 in
Security.
