securing a system

Lisa Kachold lisakachold at obnosis.com
Sat Jul 9 00:26:07 MST 2011 

Please join us at Maker Bench in Tempe for our first presentation at the new
location on *Linux Attack Vectors*.  As always this is a full-duplex linux
event with welcome participation from Linux Community.   We will follow up
with hands on analysis of individual machines, so bring anything with a
kernel that you might you want us to check out.

Please update your hackfest schedule to include our new Tempe location and
time on the 2nd Saturday of every month 3PM - 6PM.

Please see http://plug.phoenix.az.us <http://phoenix.plug.az.us/> site
schedule also.

An example complete schedule also appears at http://hackfest.obnosis.com:

Excerpt:

Monthly security presentation labs, with open community participation occur
every month on the Second Saturday in Tempe at the Maker
Bench<http://www.makerbench.com/?page_id=1202>(3-6PM) and Third
Saturdays (Noon-3PM) in Chandler at
Ganglplankhq.com. <http://ganglplankhq.com./>

This interactive lab and presentation format covers industry news, specific
protection issues in linux, ongoing industry tool development, RFC scripts,
exploits & net neutrality.

Ethical and legal, as well as liability aspects of security testing are
covered as we investigate the strange world of computer insecurity from our
portly Penguin perspectives.

Hackfests are specially scheduled demonstrations that include open member
participation hacking, cracking, exploits and IDS.
Hackfests are open encroachment events with designated targets.

We also provide information and tools to modify cable modems for DOCSIS 2.0
JTAG to USB and no-solder pin.

Hack test your installations, networks, and program source using Linux
Security distro tools.

2nd Saturday 3-6PM Tempe meeting facilities generously provided by
MakerBench <http://www.makerbench.com/?page_id=1202>.

3rd Saturday Noon-3PM meeting facilities generously provided by
Gangplankhq.com <http://gangplankhq.com/> in Chandler.

Plan on being able to use live CDs, or USB jump drives to follow along, if
you bring your laptop and targets are announced. Since we have a VMware
Server, you can pre-request a specific target or make arrangements to have
your code ported to one of our virtuals and hit with Metasploit or Rapid 7
Community edition.  Open network access is unlimited (with "play nice"
rules).

Feel free to call or email me if you get lost or have questions.



On Wed, Jun 15, 2011 at 9:16 AM, Steve Phariss <sphariss at gmail.com> wrote:

> Hi Lisa,
>
> This post was just the very basics.  There will be several of us looking at
> the attack vector and logs.  There are things I will not have control over
> and I have let my concerns (many of them you mentioned, it's good to know I
> am on the right track <G>  )be known to the hiring company.  Good point of
> using an alias.
>
> I know that minimizing the attack vectors is generally best, that is why I
> would like to (if possible) eliminate one of the DBs.  If not possible,
> secure both as well as possible.
>
>
> On Wed, Jun 15, 2011 at 8:17 AM, Lisa Kachold <lisakachold at obnosis.com>wrote:
>
>> Hi Steve!
>>
>> I would be very careful about specifics to a list; especially if you plan
>> to later advertise you work there.
>>
>> Using another name or alias for security questions is generally best.
>>
>> See my suggestions below.
>>
>> On Tue, Jun 14, 2011 at 10:41 PM, Steve Phariss <sphariss at gmail.com>wrote:
>>
>>> I may have a job putting a compramised system back into production
>>> (actually we are moving them from Ubuntu to a RHEL VM...)
>>>
>>
>> Be sure to do your feasibility research BEFORE making a technical
>> recommendation.   A feasibility  plan takes into consideration ALL of the
>> various daemons and services as well as other things which much connect and
>> network (iSCSI for instance).   What will you do if one of their programs
>> (Mason-CM) won't work with RHEL VM?
>>
>>>
>>> I am still lacking some details but they are running apache, Mysql AND
>>> Postgres, Drupal, and something called  *Mason*-*CM.  I am not sure why
>>> the two DBs but if there is not a good reason I will move them off of one or
>>> the other.
>>> *
>>
>>
>> Mason-CM is required for one of their apps.  You will break upwards
>> compatibility if you move them. Run both.
>>
>>> *
>>> Anyone have any good docs on securing Apache, Drupal, the DBs, or
>>> Mason-CM?
>>> *
>>
>>
>> That's too blanket of a question.  Apache/SSL/postgresql all have
>> insecurities based on version.
>> Everything can be "hacked" or configured just to work, not to work
>> securely.
>>
>> Apache runs with many additional features, for instance mod-proxy.
>> Drupal runs with third party contributed modules -- not all secure as the
>> government learned last year in a famous hack.
>> DB's are only as good as the underlying security model.
>> Read the docs for Mason-CM (but again it's going to be dependent for sql
>> injection protection on the underlying code base or app).
>>
>> The best I can suggest is to run Rapid7 Nexpose security scanner against
>> your configuration and mitigate each thing one by one.
>>
>> But before you rebuild, you might take a minute to determine the "attack
>> vector".
>>
>>> *
>>> Thanks
>>>
>>> Steve
>>> *
>>> ---------------------------------------------------
>>> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
>>> To subscribe, unsubscribe, or to change your mail settings:
>>> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>>>
>>
>>
>>
>> --
>> (602) 791-8002  Android
>> (623) 239-3392 Skype
>> (623) 688-3392 Google Voice
>> *
>> *Server Engineer/Security Administrator
>> HomeSmartInternational.com <http://www.homesmartinternational.com>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>>
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>



-- 
(602) 791-8002  Android
(623) 239-3392 Skype
(623) 688-3392 Google Voice
**
HomeSmartInternational.com <http://www.homesmartinternational.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20110709/a30dfc20/attachment.html>

More information about the PLUG-discuss mailing list