http://directwebremoting.org/blog/joe/2008/12/04/xss_filtering.html
Wednesday, December 17, 2008
Tuesday, December 16, 2008
Fun with tshark (wireshark) command line
Submitted by daryl on Mon, 11/24/2008 - 23:33
* sniffer
* tshark
* visualization
* wireshark
Get csv output of source and destination IP addresses from a pcap (wireshark or tcpdump) capture file.
tshark -r file.pcap -T fields -E separator=, -e ip.src -e ip.dst
Creates a file similar to:
192.168.1.105,192.168.1.120
192.168.1.105,192.168.1.120
192.168.1.120,192.168.1.105
192.168.1.120,192.168.1.105
72.14.247.83,192.168.1.105
192.168.1.105,72.14.247.83
72.14.247.19,192.168.1.105
192.168.1.105,72.14.247.19
192.168.1.105,74.53.76.3
74.53.76.3,192.168.1.105
192.168.1.105,72.14.247.83
72.14.247.83,192.168.1.105
Then if you have afterglow installed you can create a visualization of the source and destination information by doing the following:
(from the $HOME/afterglow/src/perl/graph directory)
tshark -r file.pcap -T fields -E separator=, -e ip.src -e ip.dst | perl afterglow.pl -c color.properties > file.dot
This creates a filter of the data for drawing a direct graph using neato.
Now using neato create a gif file to display a visualization of the data.
neato -Tgif -o test.gif ./file.dot
1. Good end point security assumes the network is hostile.
2. Good network security assumes the end point is hostile.
3. Good data security assumes the user is hostile.
Thursday, December 11, 2008
http://csrc.nist.gov/publications/nistpubs/800-40-Ver2/SP800-40v2.pdf
Wednesday, December 10, 2008
Sunday, December 7, 2008
http://support.microsoft.com/kb/953252
Saturday, December 6, 2008
Friday, December 5, 2008
Wednesday, December 3, 2008
http://www.passlogix.com/products/v-GO_sharedaccountsmanager/benefits/
http://www.zeltser.com/network-os-security/security-incident-survey-cheat-sheet.html
http://www.darkreading.com/blog/archives/2008/12/cheat_sheets_fo.html
http://www.zeltser.com/network-os-security/security-incident-questionnaire-cheat-sheet.html