Cell Phone as Home Phone

Dock And Talk: http://phonelabs.com/prd05.asp

Here is a pretty cool little device that converts your cell phone into your home phone. It is compatible with a number of wireless home phones on the market.

It's listed for $160, which is comprable to good 2.5 or 5.8 GHz phone sets out there.

Torpedo Comics

Torpedo Comics, New online comics store started by the drummer from System of a Down.

The store isn't even up and running yet, but the message board is. it's currently a small online community of comic fans...but I've been enjoying it.

Microsoft Security Analyzer

http://www.microsoft.com/technet/security/tools/mbsa2/default.mspx

This is a good tool to scan systems remotely for security issues.

The checks that are of interest:
1. Security Patches
2. Weak passwords
3. Firewall running

Here are the pros & cons

Pros:
1. Can scan multiple systems
2. Does several good security checks
3. Easy to use GUI

Cons:
1. No command line
2. No plain-text/CSV report option

Default Password List

Every once in a while it's nice to know the default password for a specific device or software package.

http://www.virus.org/default-password/view/All/1/

This is a nice collection of the default passwords for a wide range of products with and easy to use search.

'nuff said

SONET Basics

Here is the link:
http://www.iec.org/online/tutorials/sonet/topic01.html

SONET defines a technology for carrying many signals of different capacities through a synchronous, flexible, optical hierarchy. This is accomplished by means of a byte-interleaved multiplexing scheme. Byte-interleaving simplifies multiplexing and offers end-to-end network management.

The first step in the SONET multiplexing process involves the generation of the lowest level or base signal. In SONET, this base signal is referred to as synchronous transport signal–level 1, or simply STS–1, which operates at 51.84 Mbps. Higher-level signals are integer multiples of STS–1, creating the family of STS–N signals in Table 1. An STS–N signal is composed of N byte-interleaved STS–1 signals. This table also includes the optical counterpart for each STS–N signal, designated optical carrier level N (OC–N).

Solaris & Active Directory

Here is the Link:
http://blog.scottlowe.org/2006/08/15/solaris-10-and-active-directory-integration/

This is the best guide I've seen to getting the two to work together. I've worked on this before and have to say the initial documents from Sun were a little confusing.

This document seems to be pretty straight forward. Of course until I get my lab back up and running I can't try this out.

Snort Signature Writing

Here is the link:
http://www.snort.org/docs/snort_htmanuals/htmanual_2.4/node14.html

Here are the basics...

Rule format:
Action Protocol SrcIP SrcPort Direction DestIP DestPort (Packet Sig. | Msg)

Example:
alert tcp any any -> 192.168.0.1/24 111 (content "|00 01 86 a5|"; msg: "mountd access")

Dynamic rules sets are also explained.

CISCO: DoS Prevention

Here is the link:
http://www.ciscopress.com/articles/article.asp?p=345618&rl=1

This is a excerpt from the book Cisco Firewall Router Security

A Denial-of-Service (DOS) attack can cause immense harm to your business. In this chapter, you can learn how to deal with such an attack, and minimize the damage done.

There are links to other chapters, but this excerpt will give you some information on detecting DoS attacks, on implementing ACLs, and tuning IP settings to help prevent or at least survive as DoS attack.

DTrace for Fun and Profit

Here are the links:

Yeah, there is no way to sum up any of the info in the blog in a useful way. So check out these links, they provide different resources to learn the DTrace tools in Solaris.

• http://developers.sun.com/solaris/articles/dtrace_example.pdf
• Dynamic Tracing (DTrace) in the Solaris 10 OS, this article is a learn-by-example guide.
• http://www.sun.com/software/solaris/howtoguides/dtracehowto.jsp
• The DTrace How to Guide is intended to help a new user learn how to use DTrace for gathering and using system and application information from a Solaris 10 system
• http://developers.sun.com/solaris/articles/dtrace_quickref/dtrace_quickref.html
• This guide to Dynamic Tracing in the Solaris OS offers tables listing providers, functions, aggregating functions, variables, and built-in variables.

Windows Computer Investigation Guide

Here is the link:
http://www.microsoft.com/technet/security/guidance/disasterrecovery/computer_investigation/default.mspx

This guide is intended for IT professionals in the United States who need a general understanding of computer investigations, including many of the procedures that can be used in such investigations and protocols for reporting incidents

A secondary bookmark that you will need to use this guide is Sysinternals:
http://www.microsoft.com/technet/sysinternals/default.mspx

Some of the tools I use most often in my investigations are:

• PSExec:
• Remotly execute processes with limited-user rights
• PSLoggedOn:
• Show users logged on to a system
• PSLogList:
• Dump event log records
• PSTools:
• The PsTools suite includes command-line utilities for listing the processes running on local or remote computers, running processes remotely, rebooting computers, dumping event logs, and more.

You create a nice little batch script and you can automate information collection with these tools,

Checkpoint CLI guide

Here is the link:
http://www.secwiz.com/Default.aspx?tabid=52

Here is the CLI guide to checkpoint FW-1

cphaprob state
Status of high availability modules, shows which gateway is active, standby and down

Fw tab –t
Displays firewall state tables

fw log –f
Displays the log continuously.

In general, each NG log file is composed of four files:

• xx.log — stores the log records
• Troubleshooting
• xx.logptr — pointers to beginning of each log record
• xx.loginitial_ptr — pointers to beginning of each log chain (logs with the same connection id)
• xx.logaccount_ptr — pointers to beginning of each accounting record.
• In the case of the audit log file the files are
  
• xx.adtlog
  
• xx.adtlogptr
• xx.adtloginitial_ptr
• xx.adtlogaccount_ptr

More info is found in the guide.

Netfilter or IPTables

Here is the link:
http://www.redhat.com/docs/manuals/linux/RHL-9-Manual/security-guide/ch-fw.html

This from RedHat, but it pertains to any system you install iptables on...it also has some basic firewall info like:

There is a distinction between the REJECT and DROP target actions. The REJECT target denies access and returns a connection refused error to users who attempt to connect to the service. The DROP, as the name implies, drops the packet without any warning to telnet users. Administrators can use their own discretion when using these targets; however, to avoid user confusion and attempts to continue connecting, the REJECT target is recommended.

Good guide to using IPTables.

Checkpoint: Performance Tuning

Here is the link:
http://www.checkpoint.com/techsupport/documentation/FW-1_VPN-1_performance.html

This guide combines the Solaris performance and security tuning guides, but focuses specifically on the settings that effect your firewall performance.

Settings like:

• Tuning the STREAMS queues for high-throughput VPN-1 gateways
• set sq_max_size = 100 (for a Solaris gateway with 256MB RAM)
• Tuning the TCP hiwater parameters for maximal throughput
• ndd -set /dev/tcp tcp_xmit_hiwat 65535 (default 8192)
• ndd -set /dev/tcp tcp_recv_hiwat 65535 (default 8192)
• Tuning the TCP Slow Start and TCP queue sizes
• set tcp:tcp_conn_hash_size = 16384
• ndd -set /dev/tcp tcp_slow_start_initial 2 (default 1)
• ndd -set /dev/tcp tcp_conn_req_max_q 1024 (default 128)
• ndd -set /dev/tcp tcp_conn_req_max_q0 4096 (dafault 1024)
• ndd -set /dev/tcp tcp_time_wait_interval 60000 (default 240000)

Netscreen Basics

Here is the link:
http://www.juniper.net/techpubs/software/erx/junose61/swconfig-system-basics/frameset.htm

This is everything you wanted to know about managing netscreen firewalls. Sadly it's in PDFs which make it a hassle, but this/these are the guides you want:

• CLI guide
• Writing CLI Macros
  
• HA guide
• Packet Mirroring
• Logging System Events (Includes event descriptions)

You can either open/download the individual PDFs or download the entire guide as one large PDF:
http://www.juniper.net/techpubs/software/erx/junose61/bookpdfs/swconfig-system-basics.pdf

Solaris System Tuning

Here is Sun's guide to tuning Solaris:
http://docs.sun.com/app/docs/doc/806-7009/6jftnqsiu?a=view

The most important thing to remember here is:

Make a copy of /etc/system before modifying it so you can easily recover from incorrect value
# cp /etc/system /etc/system.good

If a value entered in /etc/system causes the system to become unbootable, you can recover with the following command:
# boot -a

his command causes the system to ask for the name of various files used in the boot process. Press the carriage return to accept the default values until the name of the /etc/system file is requested. When the Name of system file [/etc/system]: prompt is displayed, enter the name of the good /etc/system file or /dev/null.

If /dev/null is entered, this path causes the system to attempt to read from /dev/null for its configuration information and because it is empty, the system uses the default values. After the system is booted, the /etc/system file can be corrected.

The guide will explain the different tunables, how to check performance, and when to change the settings.

Solaris: Kernel Tuning for Security

The guide is here:
http://www.securityfocus.com/infocus/1385

This is specifically about tuning your network setting to prevent network based attacks. For example:

Worried about ARP attacks:

# ndd -set /dev/arp arp_cleanup_interval
# ndd -set /dev/ip ip_ire_flush_interval

How about IP forwarding or SRC routing:

# ndd -set /dev/ip ip_forwarding 0
# ndd -set /dev/ip ip_strict_dst_multihoming 0
# ndd -set /dev/ip ip_forward_directed_broadcasts 0
# ndd -set /dev/ip ip_forward_src_routed 0

How about SYN Floods? First you need to get a baseline of SYNs . Either of these commands will do:

# netstat -an -f inet | grep SYN_RCVD | wc -l
# netstat -s -P tcp

Then you need to read the guide

NMAP: More port scanning techniques

This is the guide to nmap: http://searchsecurity.techtarget.com/tip/0,289483,sid14_gci1195745,00.html

Explains how to use Nmap's:

TCP Null (option –sN), FIN (option –sF) and Xmas (option –sX) scans to get through non-statful firewalls and packet filtering routers.

IPID Idle scan (option -sI) to to map out IP-based trust relationships between machines, and get through firewalls.

TCP ACK scan (option -sA), to help map out firewall rule sets.

As well as many other ways to test firewall configurations.