Active fingerprinting of remote systems using standard enterprise tools

NMAP has some useful active fingerprinting capabilities, sending a variety of packets and carrying out evaluation of virtually every packet bit. It is a great help if you have nothing more than an IP address to go on, and need to quickly narrow down the platform type (e.g. using nmap -O -sV ).

Continue reading “Active fingerprinting of remote systems using standard enterprise tools”

Detecting and/or mitigating rapid exfiltration of RDBMS data

In this post I wanted to explore some of the lesser used features of iptables, and showing how iptables can be combined with a dual-homed Linux server to act as a data rate control. This is a cheap alternative to using a dedicated firewall.

Continue reading “Detecting and/or mitigating rapid exfiltration of RDBMS data”

Logging outbound TCP connections on Linux servers

In my experience, you can never have enough logging information. If you’re trying to piece together the causes of system failure, or attempting to trace the origins of a cyber-attack, you’re logs are often crucial in either case. In this post I’ll show how you can enhance a Linux installation to log all outbound TCP connections for future reference.

Continue reading “Logging outbound TCP connections on Linux servers”

Writing good ad-hoc security assessments – Part 1

I’ve seen a lot of attempts over the years at technical security assessments (TSAs, as good as any other term to describe them), both more GRC-oriented and technically-focused.

I’ve not yet seen a TSA that fits the bill fully, so in this post I’m setting out some ideas on what makes a good assessment and when it should be used.

Continue reading “Writing good ad-hoc security assessments – Part 1”

WordFence Review – The leading WordPress CMS IPS?

For several weeks I’ve been trialling WordFence on my blog, not that you’d have noticed it.

WordFence is a plugin that can be added to any existing WordPress installation, adding Intrusion Detection and Prevention capabilities usually encountered on application layer gateways.

Continue reading “WordFence Review – The leading WordPress CMS IPS?”