Re: Encryption Basics

2002-02-28 Thread Cflynn . Tech 

Recommending a book like applied cryptography to a beginner is like giving a 3 year 
old a car and telling them to drive, that book is okay I have a copy but you best know 
lots and lots of calculus cause that is what most of it is the actual algorithms.

This book looks like more of a beginners book:

Basic Methods of Cryptography
by Jan C.A. Van Der Lubbe
 List Price: $35.00
Our Price: $35.00
Availability: Usually ships within 6 to 7 days
from www.amazon.com

Also this book is great...
Computer Security Basics 
by O'Reilly chapter has a low level overview of encryption...


 



---
Regards,


On Mon, 25 Feb 2002 09:51:55  
 Bill Barrett wrote:
>You know these kind of relpies really annoy me.  For the beginner a google
>search will turn up lots of resouces, many of them with incorrect
>information.  It can be very intimidateing for those just starting out in
>the field.  We that know more should help those that are tring to learn.
>After all we were all once there too.  If you are going to post a reply
>post something that actually has some helpful information in it.
>
>That being said, try:
>http://www.counterpane.com/labs.html
>http://www.crypto.com/
>
>A exellent book is Applied Crypography by Bruce Schneier available at
>Amazon for about $40 last time I checked.
>
>-WTB
>
>[EMAIL PROTECTED] writes:
>>At 07:38 21.02.02 -0500, [EMAIL PROTECTED] wrote:
>>
>>>What sources would you suggest for getting basic info on encryption? (How
>>>it works, software sources, best practices in business settings, etc.)
>>
>>First I would try to consult a search engine like www.google.com or so.
>>After that I would consult a library in order to find some good books.
>>
>>>Michelle Horner
>>>Outcome Technology Associates, Inc.
>>
>>Dominik
>>
>>
>>--
>>http://www.code-foundation.de
>>217.229.69.207 - - [14/Oct/2001:02:29:41 +0200] "GET
>>/MSADC/root.exe?/c+dir
>>
>>Microsoft? Where do you want to surf today?
>>
>
>
>
>


Is your boss reading your email? Probably
Keep your messages private by using Lycos Mail.
Sign up today at http://mail.lycos.com

RE: Cisco VPN client

2002-02-27 Thread Cflynn . Tech 

I just wanted to add that I have not heard of an instance that IpSec was run over port 
1 its designated port is UDP 500, per the RFC. That is for the ISAKMP/Oakley 
tunnel connection. Then uses IP 50/51 ESP and AH for the IpSec section of the 
transmision. This is news to me...where did you obtain these facts from??? curious to 
know.
---
Regards,


On Fri, 22 Feb 2002 10:06:05  
 Smith, Chris wrote:
>Check the policy/configuration of the VPN concentrator.  The previous
>version (3.0,3.1) provided the ability to wrap the encrypted IKE/IPSEC
>traffic in a UDP packet.  This provided the ability to prevent the traffic
>from being corrupted due to NAT translation, and simplified firewall
>rulesets as well.  The downside is UDP isn't stateful, so WinProxy (or any
>other  firewall) may deny the return traffic from the VPN concentrator to
>the client.  Placing a rule in the firewall to let the udp traffic in from
>the concentrator IP address over the specific UDP port (1 is default)
>may solve your problem.  
>
>RTFL - Read The Fine Logs to determine the traffic being denied.
>
>Chris Smith
>
>-Original Message-
>From: Cflynn . Tech [mailto:[EMAIL PROTECTED]]
>Sent: Thursday, February 21, 2002 10:55 AM
>To: [EMAIL PROTECTED]; Tumarinson, Max
>Subject: Re: Cisco VPN client
>
>
>Are you passing both phase 1 and Phase 2 ... ??? Can you ping anything in
>the local LAN??
>---
>Regards,
>
>
>On Wed, 20 Feb 2002 12:11:38  
> Tumarinson, Max wrote:
>>I am trying to set up Cisco VPN client 3.5a behind a Winproxy 4.0h.  I
>>am able to authenticate, however I can reach anywhere on the LAN.  I
>>looked in Winproxy support site and they have a document how to fix it.
>>However, that solution did not work for me.  Does anybody have any
>>idea/suggestion how to approach this problem.
>>
>>Thanks
>>***
>*
>>This message contains confidential information and is intended only
>>for the individual named.  If you are not the named addressee you
>>should not disseminate, distribute or copy this e-mail or its attachments.
>>Please notify the sender immediately by e-mail if you have received this
>>e-mail in error and delete this e-mail from your system.
>>
>>E-mail transmission cannot be guaranteed to be secure or error-free
>>as information could be intercepted, corrupted, lost, destroyed,
>>arrive late or incomplete, or contain viruses.  Amalgamated Bank therefore
>>does not accept liability for any errors or omissions in the contents of
>>this message which arise as a result of e-mail transmission.  If
>>verification is required please request a hard-copy version.
>>***
>*
>>
>>
>
>
>Is your boss reading your email? Probably
>Keep your messages private by using Lycos Mail.
>Sign up today at http://mail.lycos.com
>
>


Is your boss reading your email? Probably
Keep your messages private by using Lycos Mail.
Sign up today at http://mail.lycos.com

Re: Cisco VPN client

2002-02-22 Thread Cflynn . Tech 

Are you passing both phase 1 and Phase 2 ... ??? Can you ping anything in the local 
LAN??
---
Regards,


On Wed, 20 Feb 2002 12:11:38  
 Tumarinson, Max wrote:
>I am trying to set up Cisco VPN client 3.5a behind a Winproxy 4.0h.  I
>am able to authenticate, however I can reach anywhere on the LAN.  I
>looked in Winproxy support site and they have a document how to fix it.
>However, that solution did not work for me.  Does anybody have any
>idea/suggestion how to approach this problem.
>
>Thanks
>
>This message contains confidential information and is intended only
>for the individual named.  If you are not the named addressee you
>should not disseminate, distribute or copy this e-mail or its attachments.
>Please notify the sender immediately by e-mail if you have received this
>e-mail in error and delete this e-mail from your system.
>
>E-mail transmission cannot be guaranteed to be secure or error-free
>as information could be intercepted, corrupted, lost, destroyed,
>arrive late or incomplete, or contain viruses.  Amalgamated Bank therefore
>does not accept liability for any errors or omissions in the contents of
>this message which arise as a result of e-mail transmission.  If
>verification is required please request a hard-copy version.
>
>
>


Is your boss reading your email? Probably
Keep your messages private by using Lycos Mail.
Sign up today at http://mail.lycos.com

Re: ms ip-sec question

2002-02-19 Thread Cflynn . Tech 

Everything that MS does has flaws !!! I think that the MS is not for Microsoft but 
Must S_ _k!!!
I do not even think that they do true IpSec but a Microsoft derived highbred that uses 
an IpSec engine that runs over an L2TP tunnel instead of the norm UDP 500 
ISAKMP/OAKLEY tunnel. 
I do know that MS website has docks on how to set an IpSec tunnel up with L2TP which 
puzzles me...hey but that is MicroSoftGood Luck...I do not like MS VPN 
capabilities at all and have used them quite a bit.
---
Regards,


On Tue, 12 Feb 2002 20:20:47  
 leon wrote:
>-BEGIN PGP SIGNED MESSAGE-
>Hash: SHA1
>
>Hi everyone,
>
>Just curious if there were any known flaws with m$'s implementation
>of ip-sec?
>I know that some of their protocols have issues (pptp, ms-chap, and
>the lan-man hash).
>
>Does have anyone have any links discussing this?
>
>Thx,
>
>Leon
>
>PS: as far the cert thread(s) go all I can say is a - q and if anyone
>has the exam cram or braindump for r - z let me know ;)
>
>-BEGIN PGP SIGNATURE-
>Version: PGPfreeware 6.5.8 for non-commercial use 
>
>iQA/AwUBPGm/adqAgf0xoaEuEQJrKwCgkIr1ML4JUetI0k5sPOCKEjLHqrIAoPnj
>pePMGjmt3/NNfmUv9lLCxQLx
>=i88T
>-END PGP SIGNATURE-
>
>


Is your boss reading your email? Probably
Keep your messages private by using Lycos Mail.
Sign up today at http://mail.lycos.com

Re: Feedback on BlackICE...

2002-02-05 Thread Cflynn . Tech 

I think that ISS and BlackICE are both garbage...Try Network-1's CyberwallPLUS if they 
get the added feature of intrusion signature adding it will be 100% locked in there. I 
hear that the feature is immenent. 

http://www.network-1.com  

You can get a trial too.

-C
---
Regards,


On Fri, 1 Feb 2002 11:01:16   
 Robin Lynn Frank wrote:
>On Thursday 31 January 2002 10:02 am, Sean D. Ackley wrote:
>> Although BlackIce will not stop outgoing connections, ISS has clearly
>> stated they intend to always block trojans, and malicious traffic.  
>> Whatever that may be.  If you find a trojan, spyware, or other malware (not
>> currently blocked), ISS will include that in future updates.
>
>That is a bit like closing the barn door after the horse is gone.  I've used 
>BlackICE in the past and found it effective at blocking incoming threats.  I 
>still prefer the approach of ZA/ZAP and others as it offers more protection 
>from trojans, spyware, etc,
>-- 
>Robin Lynn Frank
>
>Director of Operations
>Paradigm-Omega, LLC
>
>For security reasons, no attachments or HTML content will be accepted.
>
>Copyright ) 2002.  All rights reserved.  Unauthorized reproduction or 
>distribution is prohibited.
>http://paradigm-omega.com   --   http://paradigm-omega.net
>


Is your boss reading your email? Probably
Keep your messages private by using Lycos Mail.
Sign up today at http://mail.lycos.com

Re: VPN Speed

2002-01-21 Thread Cflynn . Tech 

Just watch out I have seen cases that the clients in L2TP or IPSec mode cause issues 
if running a host resident IDS or Firewall as the clients do not have a full feature 
firewall imbedded. 
---
Regards,


On Thu, 17 Jan 2002 17:27:31  
 Winsley de Oliveira wrote:
>Mike
>
>
>You can use Sonicwall firewall to make your VPN
>tunnels.
>
>Take a look at www.sonicwall.com
>
>If you have any doubts, just ask me.
>
> --- Mike Carney <[EMAIL PROTECTED]> escreveu: > Hello
>everyone,
>> 
>> I am tasked with trying to find a faster VPN
>> solution for our company.
>> Currently we use Microsoft's VPN service running
>> PPTP.  Could anyone provide
>> links that explain the different encryption
>> technologies and the speed that
>> relates to products that are on the market?  Thanks
>> in advance for all those
>> who reply.
>> 
>> Mike 
>
>=
>Winsley de Oliveira
>
>___
>Yahoo! GeoCities
>Tenha seu lugar na Web. Construa hoje mesmo sua home page no Yahoo! GeoCities. I 
>facil e gratis!
>http://br.geocities.yahoo.com/
>


Is your boss reading your email? Probably
Keep your messages private by using Lycos Mail.
Sign up today at http://mail.lycos.com

Re: VPN Speed

2002-01-19 Thread Cflynn . Tech 

I really do not think that the encryption itself will cause a catastrophic time gain 
from one to another.
You will have to get a beefier system setup or a decent hardware box that will do vpn 
connections. Also, if not already done you can try segregating the VPN traffic from 
generic internet/internal network traffic.
Nortel and CISCO both have good VPN solutions [hardware boxes] depending on how much 
$$$ you want to spend. I prefer Nortels Contivity line myself, they do, do VPN'ing 
better then CISCO but I give kudos' to CISCO for all there routing/firewalling 
hardware.
If you want to use a current system that is in-house then you will be going with a 
software based VPN solution such as Raptor or Checkpoint. Although these are great as 
well they tend to be slower then a hardware box, reason being they are doing all the 
windows stuff as well behind the scenes.
If you go this route try Raptor PowerVPN [www.symantec.com] now called Symantec 
PowerVPN v6.5 easy to configure, manage, and is decent for speed and cost.
So you know the different types of encryption that are regularly used are IPsec [DES 
and 3DES - Difference between the 2 is 3DES just checkes the hash 3 times instead of 
once], L2TP, and PPTP. Also, you will want to look at how you are setup to 
authenticate as well, if you are using a third-party 2-factor authentication or RADIUS 
then it may slow you down and appear to be a performance issue on the VPN side of 
things. I have seen this happen when I worked for Raptor, and at my current job 
[Interop Software Tester for another Firewall Co.]


Good Luck
C
---
Regards,


On Wed, 16 Jan 2002 15:34:18  
 Mike Carney wrote:
>Hello everyone,
>
>I am tasked with trying to find a faster VPN solution for our company.
>Currently we use Microsoft's VPN service running PPTP.  Could anyone provide
>links that explain the different encryption technologies and the speed that
>relates to products that are on the market?  Thanks in advance for all those
>who reply.
>
>Mike
>


Is your boss reading your email? Probably
Keep your messages private by using Lycos Mail.
Sign up today at http://mail.lycos.com

RE: Any ideas?

2002-01-18 Thread Cflynn . Tech 

Is your outlook server running web access? Nevermind I see that it is. It looks like 
the traffic is standard HTTP since it is coming to a dest. port of 80, I would also 
track what traffic usually comes over the src prts 1568, and 1136 off the top of my 
head I am not certain. I would if nothing else make sure that your Outlook server is 
patched, and also if not setup to do so I would strongly recommend that you setup your 
web access to use SSL instead of standard HTTP if not already done.
---
Regards,


On Tue, 15 Jan 2002 11:58:36  
 Reichert Holger wrote:
>Hello Trevor
>
>first of all as you may guess, (nobody else replied), i think that this list
>is not the right one to post such events.
>I propose to cross post it to  [EMAIL PROTECTED]
>
>There you're more likely to find the specialists in logfile reading.
>I myself am only a beginner in intrusion analysis, but what I've read by
>this time the first two Packets from Snort show the third part of the TCP
>3-way-handshake.
>So to know if there has been ever a complete TCP connection you should
>search your logfiles for SYN/ACK which your machine sent to 12.224.241.144
>and SYN which 12.224.241.144 sent to your site.
>Only if you see all these Pakets there has been an active TCP-Connection to
>your server.
>If you only see these ACK, there are two possibilities:
>1) You've been scanned with ACK to see if your server is listening on
>Port 80
>   If you only see these ACK's to this server you should take this for
>serious, because the attacker allready knows your server
>2) Somebody has spoofed your IP-Adress and scanned another host with
>SYN/ACK Packets.
>
>The last Packet in your mail says definitly that there has been a connect.
>But for the analysation im not yet smart enough.
>For more assistance in discovering if your server got compromised there is
>another list
>[EMAIL PROTECTED]
>For help with interpreting snort messages search in snort.org or ask
>questions in their mailing list.
>Probably you can get advise from your local CERT. Try to phone them and ask
>for routines you should go through.
>
>For future problem solving I suggest to use Tripwire which is one
>possibility to know fast if you were compromised.
>
>Best wishes
>
>Holger Reichert
>www.holysword.de
>[EMAIL PROTECTED]
>
>
>Trevor wrote:
>___
>Hi all,
>
> These are entries from my Snort IDS logs and my firewall logs for the IP
>address reported by Snort.  It looks like an attempt to get into our Outlook
>Web Access server. If it was a hack how could I tell if it was successful or
>not?  I did a google on it and did not come up with much
>
>[**] [1:882:1] WEB-CGI calendar access [**]
>
>[Classification: Attempted Information Leak] [Priority: 3]
>
>01/08-12:54:08.793287 12.224.241.144:1136 -> 63.xxx.xxx.xxx:80
>
>TCP TTL:51 TOS:0x0 ID:2276 IpLen:20 DgmLen:730 DF
>
>***AP*** Seq: 0xF608349  Ack: 0xFC8B5BF0  Win: 0x8ECD  TcpLen: 20
>
>
>[**] [1:882:1] WEB-CGI calendar access [**]
>
>[Classification: Attempted Information Leak] [Priority: 3]
>
>01/08-18:53:45.398355 12.224.241.144:1568 -> 63.xxx.xxx.xxx:80
>
>TCP TTL:51 TOS:0x0 ID:5645 IpLen:20 DgmLen:818 DF
>
>***AP*** Seq: 0x5C2AE779  Ack: 0x36609C29  Win: 0x8ECF  TcpLen: 20
>
> 
>Jan 09 21:53:31.093 x httpd[339]: 121 Statistics: duration=4.23
>id=51ZeM sent=544 rcvd=707 srcif=Vpn4 src=12.224.241.144/3172
>cldst=63.xxx.xxx.xxx/80 svsrc=192.xxx.xxx.xxx dstif=Vpn3
>dst=192.xxx.xxx.xxx/80 op=GET
>arg=http://www.venocoinc.com/exchange/forms/IPM/NOTE/frmRoot.asp?index=0&obj
>=5DDB3712FA5CD411A7EF00A0C9E0A0180700085F598189CED211A7BD00A0C9E0A01
>800AC4A6B6AC011B1CB7FD411BC78001083FC5826006245B2&command=op
>en result="302 Object moved" proto=http rule=6 
>
>Thanks for the help
>
>Trevor Maingot 
>* 805-745-2121
>* 805-455-9660
>*   805-745-1926
>* [EMAIL PROTECTED]
>
> 
>
>


Is your boss reading your email? Probably
Keep your messages private by using Lycos Mail.
Sign up today at http://mail.lycos.com

Re: Firewall: a basic question

2002-01-07 Thread Cflynn . Tech 

Host resident in the Kernel...
---
Regards,


On Sun, 06 Jan 2002 02:17:26  
 ashley thomas wrote:
>hi,
>
>which is the lowest layer where a firewall can be implemented ?
>i guess, it is network layer (layer 3)
>
>in that case , how is firewall implemented on bridges , which is a layer 2 
>device ?
>
>thanks
>ashley
>
>
>
>
>_
>Chat with friends online, try MSN Messenger: http://messenger.msn.com
>
>


Is your boss reading your email? Probably
Keep your messages private by using Lycos Mail.
Sign up today at http://mail.lycos.com

RE: windows XP and firewalls

2002-01-02 Thread Cflynn . Tech 


The only thing that comes to mind off the top of my head is one 
of the following. Dynamic porting is being used somewhere maybe 
by your isp where the USP and TCP ports open are not the correct 
ones inbound (most likely not the case.) Have you thought of NAT 
as an issue? If you have a none routable network internally and 
routing is not an option then it is a no go. This would only be 
a good thought if the boxes will not get out with the firewall turned 
off. It may be a firewall interop issue. I work in QA for a firewall 
comp. and it is frequent that when we dont work with a product setup 
topology it will lock the boxes off from the internet.
Not to mention one last thing if XP's personal firewall is turned on and you are using 
a third party host resident firewall good luck it reeks havoc on the box may be your 
issue as well.

Good Luck
---
Regards,

 
 

---
Regards,


On Sat, 29 Dec 2001 18:19:27  
 Chris Chandler wrote:
>If you are using NPF there is a setting in there to add a range of IP
>addresses for your home network and even settings that allow it to
>"learn" from outbound connections from the client computers. These can
>be found under the advanced settings
>
>-Original Message-
>From: Cami Boyd [mailto:[EMAIL PROTECTED]] 
>Sent: Thursday, December 27, 2001 11:17 PM
>To: [EMAIL PROTECTED]
>Subject: windows XP and firewalls
>
>I have a home network that has windows XP.  I did have Norton firewall
>on here, and now sygate firewall.  If my firewall is on, my clients in
>my home network aren't able to access the internet.  I have opened the
>UDP and TCP ports that I was supposed to open, and they still can't help
>me any, can any of you give me any suggestions to be able to try?  Thank
>you!  Sincerely, Cami Boyd
>
>
>P.S. the clients all have windows ME on them
>-- 
>It's not that life is too short, it's that your dead for so long!
>
>
>
>__
>Your favorite stores, helpful shopping tools and great gift ideas.
>Experience the convenience of buying online with Shop@Netscape!
>http://shopnow.netscape.com/
>
>Get your own FREE, personal Netscape Mail account today at
>http://webmail.netscape.com/
>
>
>
>


Is your boss reading your email? Probably
Keep your messages private by using Lycos Mail.
Sign up today at http://mail.lycos.com