Robert,
One of my personal favorites, because it is cheap and easy to use, is
Alchemy Network Monitor. Check out Dek Software at
http://www.deksoftware.com/. I really like the way this company does
business and they have some great utilities. I use Alchemy Net Mon over
Whats Up simply due to c
Just thought I'd chip in an extra $0.02 on this but I am in the process of
reading this book and it is very good. New Riders always puts out quality
reads but when I saw the Sans GIAC stamp on it I was sold without turning
the book over to read the back. So far, I'm not disappointed in the least
Justin,
I think the comparison you are drawing is unfair because we are talking
about two OS' that are not even on the same playing field. MS is a HUGE
hacking target because of it's availability on the Internet. How many
websites do you know are hosted publicly on a Mac platform? How many
ent
From: Bejon Parsinia [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, March 20, 2002 11:49 AM
To: 'Eric Zatko'; [EMAIL PROTECTED]
Subject: RE: Nessus follow up question.
Eric,
Here is what I would suggest. Definitely go with dual boot over a virtual
OS installation. Why? I've used
Bob,
As far as I know, everything in that CD is good to go. However, if it will
make you feel better (and I suggest this because there may be patches or
newer versions available) go right to the source websites for each of these
utilities. Just download them from the web. The docs are great on
ar 20, 2002 at 09:48:56AM -0800, Bejon Parsinia wrote:
> Here is what I would suggest. Definitely go with dual boot over a virtual
> OS installation. Why? I've used VMWare and I've used Virtual PC, neither
> of them allow any kind of real performance. Case in point, I have a
Talk about a loaded question.
First of all, make sure you have a firewall on your network with solid rules
blocking all ports and allowing only the ones you need to access your
network open. And then only to selected IP Addresses (via NAT). You may
even want to consider rolling out software fir
Eric,
Here is what I would suggest. Definitely go with dual boot over a virtual
OS installation. Why? I've used VMWare and I've used Virtual PC, neither
of them allow any kind of real performance. Case in point, I have a P4 1.6
GHz PC with 512 MB of RAM, the guest OS always ran poorly. No ma
Here are the links you are looking for:
ftp://ftp.cisco.com/pub/mibs/oid/
ftp://ftp.cisco.com/pub/mibs/supportlists/pix/pix-supportlist.html
That should take care of ya.
Good luck,
Bejon
-Original Message-
From: Doug Wombles [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, March 12, 2002 2:5
Yes, snort can be configured on one of the open ports of the router. Most
likely the router's ports act as an unintelligent hub so all should be fine.
Good luck,
Bejon
-Original Message-
From: [C] Teodorski, Chris [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, March 12, 2002 10:11 AM
To: 'd
Pavel,
A NIDS cannot function properly in a switched network. Most sensors cannot
see through to other collision domains across a switch. What you would have
to do in order to make this work is, for example, on a Cisco Catalyst you
need to set up a vlan across the different segments so that the
post. :-)
There are newsgroups dedicated to some of the software I have mentioned
above. All of the sites have support available in some measure.
Best of luck to you!
Bejon Parsinia
-Original Message-
From: Guilherme Chapiewski [mailto:[EMAIL PROTECTED]]
Sent: Saturday, March 09, 20
IDS is an acronym that stands for Intrusion Detection System. Also referred
to as a NIDS, or Network Intrusion Detection System. It is an application
that sits on a desktop/server and sniffs packets on your network for
malicious or questionable behavior. A great example of an application like
t
I've had very good luck running Snort in my Win2k Office environment.
Recently, I've been extending the reporting capabilities of Snort by using
it with Demarc (www.demarc.com). Demarc is a web based front end for the
Snort NIDS engine and when configured through Demarc, all reported data is
stor
My opinion on the matter is simple, exclude the pertinent that could cause
harm or subscribe from a free web-based mail client like Hotmail or Yahoo.
Enjoy the 2 shinny pennies I just threw into the pot. :-)
Bejon
-Original Message-
From: Starks, Michael [mailto:[EMAIL PROTECTED]]
Sent
As far as memory serves, the concept of a token ring network consists of
passing data along until it reaches the required host machine on the
network. At that point, the packets do not forward past the target host.
By that reasoning, NIDS will only be partially successful unless you deploy
multip
I'd add the following:
-ListServ Subscriptions to Security related materials
-News Groups
-Compliment of appropriate websites url's
-Whois Utility
I'm sure there is more, but that is what sprang to mind.
Bejon
-Original Message-
From: Pradeep Pillai [mailto:[EMAIL PROTECTED]]
Sent: Mo
You have to declare these values as they are variables. Once you assign a
value to them, they will retain the IP. Then, every reference will be fine.
Otherwise, it has no idea. If you downloaded your rules set from Snort
directly, if memory serves, they default to a value of "any" for those
var
Here is some food for thought for you. A free program called Trillian,
which you can find from http://www.download.com, connects to MSN through
dedicated, configurable ports. This disables the need for H.323 protocol by
not including the extended functionality that MSN brings in the form of
Netm
uggestions. I greatly appreciate
your assistance.
Sincerely,
Bejon Parsinia
[EMAIL PROTECTED]
I don't know about login/logout times, but Demarc will capture all chatting
hitting the wire of MSN. I haven't tried Yahoo Messenger to see if it picks
that up. But keep in mind, you will want to download the latest Snort rules
to pick up on these chat applications activities. Of course, you ca
Just a thought, but you may want to look into AAA Radius Server type of
authentication and tracking as well. I use this technology for other
purposes but it has capabilities similar to what you are looking for and can
work in conjunction with various hardware.
Good luck!
Bejon
-Original Me
Matt,
I don't only want to toot Microsoft's horn, but I would suggest Windows 2000
Server (or Advanced Server if needed). MS has made some good strides with
integrating a greater level of security in Win2k. With the policies you can
create, Kerberos, and the usual file and user security (just t
Actually, I disagree slightly with what you have said here. This is a real
technical problem when programs like MSN Messenger have been found to have
vulnerabilities within them that can allow the exploitation of malicious
code. Last week when chatting with a fellow network admin across MSN, I
r
s (assuming
there is a trial demo available or you suggest a free app). :)
Sincerely,
Bejon Parsinia
[EMAIL PROTECTED]
Have you downloaded the "Root Certificates Update" from MS Update? This
should remove that message. MS has updated its certificates and your
machine is out of date. :) Shocker for MS eh?
Enjoy,
Bejon
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Thursda
eat chance that these ports are needed
for other applications. Speaking of Netmeeting, there are other ports
listed on the link I provided above that will also need to be restricted. I
suggest you set up deny rules for those ports as well.
Good luck!
Bejon Parsinia
-Original Message-
I'd suggest you check out Veritas Backup Exec Enterprise Edition. This has
the ability to backup data from network drives as well as the local box.
Bejon
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Domingos Costa
Sent: Wednesday, February 20, 2002 7
appened to me too.
/Violet Weed
Director
Roo Networks
Scotts Valley, CA
- Original Message -
From: "Bejon Parsinia" <[EMAIL PROTECTED]>
To: "Security-Basics (E-mail)" <[EMAIL PROTECTED]>
Sent: Tuesday, February 19, 2002 11:18 AM
Subject: Web Pilfering
Good day a
r any assistance you provide.
Sincerely,
Bejon Parsinia
. But, if this is a pure 2k environment, there are things you can do
with policies to restrict access. But that is another can of worms.
I hope this works for you.
Good luck!
Bejon Parsinia
-Original Message-
From: Rob Weiss [mailto:[EMAIL PROTECTED]]
Sent: Monday, February 18, 2002
31 matches
Mail list logo