Sunday, September 06, 2009
Cloud Computing (It's new era or just another buzz word)
Before writing this small para I was just thinking what's a subject line. Was thinking what should I document for my future reference. But amazing as I started to jot down Ideas and concept started popping up in my mind.
Before discussing it further about my Idea let's understand what is cloud computing in very simple language.
For Technocrats : Cloud computing is a style of computing in which dynamically scalable and often virtualized resources are provided as a service over the Internet.
For Financial Geeks: Style of computing where organizations CAP-Expenses are very less and Organization get the optimum OP-Expenses.
For Indians: The first academic use of this term appears to be by Indian Prof. Ramnath K. Chellappa who originally defined it as a computing paradigm where the boundaries of computing will be determined by economic rationale rather than technical limits.
Simple funda usually every one don't prefer to own a cow for milk.
Who are service providers and who are clients ?
The "big four" of cloud computing services are said to be Amazon, Google, Microsoft and Salesforce.com
Cloud computing is also being adopted by individual users through large enterprise customers including General Electric, Procter & Gamble and Valeo.
Benefits
Believe me my first reaction was oh yes I am Security SPOC and I am not thinking abt security. But after a small research concluded that it's not actually a security issue. But perception issue. Cloud computing is not favorite of CTO's because they are not interested to let it go.
Let's take a challenges why organization/enterprises are hesitating to adopt it.
Once we will identify the challenges we will itself get an answers to those question. I am able to arrive some solutions as a concept for resolution security issues. I know after a two years theses concept will be practical and currently not able to get any published white papers in those lines. But yester years dreams are reality now . So hope some day some one consider that I also think Innovative get the answers of some of the toughest questions.
Geopolitical Issue
The Cloud spans many borders and "may be the ultimate form of globalization." As such, it becomes subject to complex geopolitical issues, and providers are pressed to satisfy myriad regulatory environments in order to deliver service to a global market.
Legal Issues
Concern persist about security and privacy from individual through governmental levels (e.g., the USA PATRIOT Act, the use of national security letters, and the Electronic Communications Privacy Act's Stored Communications Act, HIPPA and EU-PII etc).
Answers to concern is ?
Hybrid solution : Self Managed + cloud or Service provider 1 + Service Provider2 and ease of portability of applications and data.
Let's take an example of patient private data which contain his/her demographic, images, history and many such info. Now organization who are owners by law has to ensure that patient data is stored and transmitted securely. Solution is design a encrypted database table where each patient data stored and retrieved from cloud should require a access decryption key which is hosted in hospitals owned infrastructure. In relation to data stored on cloud just a key information is very little fraction. Once data access key is released by hospital server, Nurse/Doctor/Patient can view/modify their own records present on cloud.
It's just an example which I am able to think. If you have any other challenging question or problem I would love to discuss its solution.
Different Type of Service Offered on Cloud by Service Providers
At the end of this note like to add a very good presentation on Cloud Computing @
http://www.spinnakerlabs.com/CloudComputing.pdf
http://media.govtech.net/GOVTECH_WEBSITE/EVENTS/PRESENTATION_DOCS/2008/Illinois_DGS/230CloudComputingTEOH.pdf
http://blog.processmaker.com/files/2009/02/cloud-computing-presentation-feb-09-brian-reale.pdf
http://www.ists.dartmouth.edu/docs/HannaCloudComputingv2.pdf
Before discussing it further about my Idea let's understand what is cloud computing in very simple language.
For Technocrats : Cloud computing is a style of computing in which dynamically scalable and often virtualized resources are provided as a service over the Internet.
For Financial Geeks: Style of computing where organizations CAP-Expenses are very less and Organization get the optimum OP-Expenses.
For Indians: The first academic use of this term appears to be by Indian Prof. Ramnath K. Chellappa who originally defined it as a computing paradigm where the boundaries of computing will be determined by economic rationale rather than technical limits.
Simple funda usually every one don't prefer to own a cow for milk.
Who are service providers and who are clients ?
The "big four" of cloud computing services are said to be Amazon, Google, Microsoft and Salesforce.com
Cloud computing is also being adopted by individual users through large enterprise customers including General Electric, Procter & Gamble and Valeo.
Benefits
- Agility improves with users able to rapidly and inexpensively re-provision technological infrastructure resources.
- Cost is claimed to be greatly reduced and capital expenditure is converted to operational expenditure.
- Device and location independence enable users to access systems using a web browser regardless of their location or what device they are using (e.g., PC, mobile).
- Reliability improves through the use of multiple redundant sites, which makes cloud computing suitable for business continuity and disaster recovery.
- Scalability via dynamic ("on-demand") provisioning of resources on a fine-grained, self-service basis near real-time, without users having to engineer for peak loads.
- Sustainability comes about through improved resource utilization, more efficient systems, and carbon neutrality.
- Security typically improves due to centralization of data, increased security-focused resources, etc.
Believe me my first reaction was oh yes I am Security SPOC and I am not thinking abt security. But after a small research concluded that it's not actually a security issue. But perception issue. Cloud computing is not favorite of CTO's because they are not interested to let it go.
Let's take a challenges why organization/enterprises are hesitating to adopt it.
Once we will identify the challenges we will itself get an answers to those question. I am able to arrive some solutions as a concept for resolution security issues. I know after a two years theses concept will be practical and currently not able to get any published white papers in those lines. But yester years dreams are reality now . So hope some day some one consider that I also think Innovative get the answers of some of the toughest questions.
Geopolitical Issue
The Cloud spans many borders and "may be the ultimate form of globalization." As such, it becomes subject to complex geopolitical issues, and providers are pressed to satisfy myriad regulatory environments in order to deliver service to a global market.
Legal Issues
Concern persist about security and privacy from individual through governmental levels (e.g., the USA PATRIOT Act, the use of national security letters, and the Electronic Communications Privacy Act's Stored Communications Act, HIPPA and EU-PII etc).
Answers to concern is ?
Hybrid solution : Self Managed + cloud or Service provider 1 + Service Provider2 and ease of portability of applications and data.
Let's take an example of patient private data which contain his/her demographic, images, history and many such info. Now organization who are owners by law has to ensure that patient data is stored and transmitted securely. Solution is design a encrypted database table where each patient data stored and retrieved from cloud should require a access decryption key which is hosted in hospitals owned infrastructure. In relation to data stored on cloud just a key information is very little fraction. Once data access key is released by hospital server, Nurse/Doctor/Patient can view/modify their own records present on cloud.
It's just an example which I am able to think. If you have any other challenging question or problem I would love to discuss its solution.
Different Type of Service Offered on Cloud by Service Providers
- IaaS : Infrastructure as a Service Include STaaS: Storage as a Service, HaaS : Hardware as a Service
- SaaS : Software as a Service
- PaaS: Platform as a Service
- New Concept is Developing called DRaaS: Disaster Recovery as a Service
At the end of this note like to add a very good presentation on Cloud Computing @
http://www.spinnakerlabs.com/CloudComputing.pdf
http://media.govtech.net/GOVTECH_WEBSITE/EVENTS/PRESENTATION_DOCS/2008/Illinois_DGS/230CloudComputingTEOH.pdf
http://blog.processmaker.com/files/2009/02/cloud-computing-presentation-feb-09-brian-reale.pdf
http://www.ists.dartmouth.edu/docs/HannaCloudComputingv2.pdf
Thursday, April 09, 2009
Funniest error handling and messages I ever encountered
Sunday, March 29, 2009
In Search of Perfect Datacenter Operating System
Actually There's no such thing as a perfect OS
Not too long ago, an online technology columnist wrote an incredible song about the drawbacks of every single OS available on the market today. The practical upshot is that there's no perfect OS, either for day-to-day operations or DR purposes. Let's take a look at the primary OSs in modern data centers, with a focus on the pros and cons that relate to the DR process.
UNIX (excluding Solaris and Linux)
UNIX is the original data center OS. In fact, this tried and true standby has been in use since large-scale operations were first conceived. The various types, or flavors, of UNIX offer exceptional reliability and scalability. They allow for higher-capacity server systems and tend to remain operational without crashing for longer periods of time.
The drawback, from a DR perspective, is that there are fewer DR software tools designed specifically for the UNIX environment. This is due to the reliability of these systems and the wide variety of available UNIX flavors, which makes standardization difficult at best.
Many hardware systems can easily protect UNIX systems across multiple sites, and numerous systems exist for clustering UNIX machines. They provide both High Availability (HA) and DR when necessary, but flexibility is limited.
Solaris
Technically, a flavor of UNIX, Solaris is manufactured and maintained by Sun Microsystems. It offers the same type of robustness as other versions, with the standardization you can typically only find in products that are controlled by a single entity, such as Sun. As such, there are many hardware and software solutions available with HA and DR protection for Solaris-based data systems.
The major drawback is the large price tag that's associated with a Solaris installation. Since this OS runs only on Sun Microsystems hardware, the costs incurred in a properly configured DR plan can be astronomical. This is cost-justified in some situations, but many companies are now finding less expensive alternatives.
Linux
Debate rages as to whether or not Linux is a variant of UNIX, but we'll let you draw your own conclusions on that issue. This OS is a relative newcomer to the data center and is quickly becoming a major player. Its low cost and high reliability make it very attractive for all levels of data operations.
The main drawback is the lack of software solutions that are designed to offer DR for Linux-based data systems. It's currently limited to mostly hardware-based DR solutions, but as the field continues to mature, more solutions will become available.
Windows
With the advent of Windows Server 2003 Datacenter Edition and Windows Powered NAS appliances, this formerly small system OS is becoming more prevalent in the data center. The relatively low cost of Windows, coupled with the large number of hardware vendors who support it, makes it a very flexible and cost-effective choice for many systems.
There's a large number of vendors that create both hardware and software DR systems for the Windows platform. This data center OS can be protected both in the same site and at multiple physical locations.
Windows has its share of drawbacks, as well. It's plagued with security holes and has an uncanny ability to crash with little or no warning. However, new innovations by Microsoft are making this OS a data center contender.
Whichever OS--or combination of OS platforms--you run on your systems, there are DR pros and cons that you need to consider. Only careful DR planning and implementation can ensure that the right systems, at the right price, and on the right platforms, will be present for your organization.
Not too long ago, an online technology columnist wrote an incredible song about the drawbacks of every single OS available on the market today. The practical upshot is that there's no perfect OS, either for day-to-day operations or DR purposes. Let's take a look at the primary OSs in modern data centers, with a focus on the pros and cons that relate to the DR process.
UNIX (excluding Solaris and Linux)
UNIX is the original data center OS. In fact, this tried and true standby has been in use since large-scale operations were first conceived. The various types, or flavors, of UNIX offer exceptional reliability and scalability. They allow for higher-capacity server systems and tend to remain operational without crashing for longer periods of time.
The drawback, from a DR perspective, is that there are fewer DR software tools designed specifically for the UNIX environment. This is due to the reliability of these systems and the wide variety of available UNIX flavors, which makes standardization difficult at best.
Many hardware systems can easily protect UNIX systems across multiple sites, and numerous systems exist for clustering UNIX machines. They provide both High Availability (HA) and DR when necessary, but flexibility is limited.
Solaris
Technically, a flavor of UNIX, Solaris is manufactured and maintained by Sun Microsystems. It offers the same type of robustness as other versions, with the standardization you can typically only find in products that are controlled by a single entity, such as Sun. As such, there are many hardware and software solutions available with HA and DR protection for Solaris-based data systems.
The major drawback is the large price tag that's associated with a Solaris installation. Since this OS runs only on Sun Microsystems hardware, the costs incurred in a properly configured DR plan can be astronomical. This is cost-justified in some situations, but many companies are now finding less expensive alternatives.
Linux
Debate rages as to whether or not Linux is a variant of UNIX, but we'll let you draw your own conclusions on that issue. This OS is a relative newcomer to the data center and is quickly becoming a major player. Its low cost and high reliability make it very attractive for all levels of data operations.
The main drawback is the lack of software solutions that are designed to offer DR for Linux-based data systems. It's currently limited to mostly hardware-based DR solutions, but as the field continues to mature, more solutions will become available.
Windows
With the advent of Windows Server 2003 Datacenter Edition and Windows Powered NAS appliances, this formerly small system OS is becoming more prevalent in the data center. The relatively low cost of Windows, coupled with the large number of hardware vendors who support it, makes it a very flexible and cost-effective choice for many systems.
There's a large number of vendors that create both hardware and software DR systems for the Windows platform. This data center OS can be protected both in the same site and at multiple physical locations.
Windows has its share of drawbacks, as well. It's plagued with security holes and has an uncanny ability to crash with little or no warning. However, new innovations by Microsoft are making this OS a data center contender.
Whichever OS--or combination of OS platforms--you run on your systems, there are DR pros and cons that you need to consider. Only careful DR planning and implementation can ensure that the right systems, at the right price, and on the right platforms, will be present for your organization.
Monday, February 23, 2009
Forward TCP ports to Other Machines
Although such requirement come rare with established data centers and infrastructure but still there are times when it's useful to forward TCP ports to machines that aren't on your local subnet or network. You can easily forward ports on a local network using iptables, but it's more challenging to forward incoming ports on one machine to another in a remote location.
For example, if you're moving and have new IP addresses, your sites might be down for a few days until the DNS changes take effect. By forwarding ports to a remote location, you can leave a machine behind with the sole purpose of listening for those requests on your old IP addresses and forwarding them to your new IP addresses.
To accomplish this task, use the rinetd program. The configuration file for rinetd, typically /etc/rinetd.conf, contains rules about what to forward and where to forward them. Here's the basic syntax:
[source_address] [source_port] [destination_address] [destination_port]
If you have a single server, the command will look something like this:
0.0.0.0 80 192.168.12.100 80
The above command will forward requests on port 80 of the local machine (any IP address) to port 80 on the remote machine 192.168.12.100 (substitute that address for your new IP address).
You can have multiple rules in the file to forward all services to the new system. However, rinetd can't forward FTP ports, since FTP uses more than one port, and it can't forward UDP ports. Despite these limitations, it works quite well.
Monday, January 19, 2009
Enable alerting for configuration change in the critical CISCO Network Devices.
Recently one of the requirement came in picture when people are discussing about the investment to monitor the Configuration Changes in the CISCO network devices. Discussion was so hot and expensive to get an only alert.
I worked out the cheaper solution which is quite useful. I am describing the method by which we can get an alert and also implement the authorization process to have a robust control for any network changes.
This solution is simple and can be used for change Management.
Some of the component involved:
1.) Any CRM having mail based ticket raising capability. (Unicenter or HPPC most of the organization are already having it).
2.) Kiwi Syslog Daemon (It's freeware and is available at nominal charges with extended capability)
So solution goes like thisConfigure the CISCO Devices to log the events in syslog (Where kiwi syslog daemon is working)
# To send syslogs to the server
logging syslog.keekar.com
# To Log failed login attempts
login on-failure log
# To Log successful login attempts
login on-success log
# To Log Config changes
archive
log config
logging enable
logging size 200
hidekeys
notify syslog
Configure the mail alert in Kiwi for corresponding event's (It's quite easy and gui based easily configurable).
Send mail alert to your CRM mail ID.
Create a CRM rulebase to send the authorization request to concern parties.
That's it Congratulation your alerting and authorization control is in place.
Isn't quite simple and cost effective solution ?
I worked out the cheaper solution which is quite useful. I am describing the method by which we can get an alert and also implement the authorization process to have a robust control for any network changes.
This solution is simple and can be used for change Management.
Some of the component involved:
1.) Any CRM having mail based ticket raising capability. (Unicenter or HPPC most of the organization are already having it).
2.) Kiwi Syslog Daemon (It's freeware and is available at nominal charges with extended capability)
So solution goes like thisConfigure the CISCO Devices to log the events in syslog (Where kiwi syslog daemon is working)
# To send syslogs to the server
logging syslog.keekar.com
# To Log failed login attempts
login on-failure log
# To Log successful login attempts
login on-success log
# To Log Config changes
archive
log config
logging enable
logging size 200
hidekeys
notify syslog
Configure the mail alert in Kiwi for corresponding event's (It's quite easy and gui based easily configurable).
Send mail alert to your CRM mail ID.
Create a CRM rulebase to send the authorization request to concern parties.
That's it Congratulation your alerting and authorization control is in place.
Isn't quite simple and cost effective solution ?
Labels: Network Security
Wednesday, December 17, 2008
Sniff the Sniffer in your Network !!!
Have you ever puzzled with question that how you are going to detect the network sniffer in your Network ?
Yes I did..
Till yesterday it was my assumption that to detect a sniffing device that only collects data and does not respond to any of the information, requires physically checking all your Ethernet connections by walking around and checking the ethernet connections individually. It is also impossible to remotely check by sending a packet or ping if a machine is sniffing.
Question is quite obvious but never strike in my mind. Because I always see sniffing tool as a helping hand for me to troubleshoot and detect the problem. But what about the bad guys mind. Tool is so powerful think what all different kind of damage it can make to business?
So as soon as someone strikes my mind how you can detect the network sniffer logical answer came on my mind is tune Honey pot or Tools of KNOPPIX to detect the sniffer in network.
I know you might be thinking How and why ?
Even though I was also not clear how I am going to do this but quite confident that ICMP packets analysis will do something for me ..
Yes I was correct and when I did the research on topic got following information. The first example is the method which strikes my mind immediately. Other method I learned while doing a research on subject. I got reference of some of the readymade tools too. Hope you are going use this information.
Determining Sniffer with the Help of ICMP
Their are various test can be performed on ICMP Packet to Identify the sniffing capability.
**ICMP Time Delta test
This test uses baseline results to determine network and machine latency. AntiSniff probes the host by sending ICMP echo request messages with microsecond timers to determine the average response time. After the baseline has been created, it floods the local network with non-legitimate traffic.During the flood of traffic, it sends another round of ICMP echo request probes to determine the average response time. Hosts in promiscuous mode have a much higher latency time.
**Echo test
This test is actually an option for the ICMP Time Delta test. The user has the option to use the ECHO service for time deltas, if it’s available on the remote host.
**Ping Drop test
This test is also run during the flood of traffic. It involves sending a large amount of ICMP echo request messages to the host. It keeps track of the number of dropped ping responses. When a host is in promiscuous mode it will have a much higher level of network traffic to process leading to network latency which causes the host to drop packets because it can’t keep up.
I found that apart from ICMP there are some other factors of machine which can help to detect the Sniffers.
##Network and machine latency tests
These last sets of tests are here because hosts in promiscuous mode don’t have low level hardware filtering. This dramatically increases network traffic not meant for the host leading to the OS kernel
to do the filtering. The increased filtering done by the kernel causes more latency. The following tests will be explained: ICMP Time Delta test, Echo test, and the Ping Drop test.
##Ether Ping test
In older Linux kernels there is a specific condition that allows users to determine whether a host is in promiscuous mode or not. When a network card is placed in promiscuous mode every packet is passed on to the OS. Some Linux kernels looked only at the IP address in the packets to determine whether they should be processed or not. To test for this flaw, AntiSniff machine sends a packet with a bogus
MAC address and a valid IP address. Vulnerable Linux kernels with their network cards in promiscuous mode only look at the valid IP address. To get a response, an ICMP echo request message is sent within the bogus packet leading to vulnerable hosts in promiscuous mode to respond.
##ARP test
This test is to exploit the flaw found in they way Microsoft operating systems analyze broadcast ARP packets. This is found in Microsoft Windows 95, 98, and NT. When in promiscuous mode the driver for the network card checks for the MAC address being that of the network card for unicast packets, but only checks the first octet of the MAC address against the value 0xff to determine if the packet is broadcast or not. Note that the address for a broadcast packet is ff:ff:ff:ff:ff:ff. To test for this flaw,AntiSniff sends a packet with a MAC address of ff:00:00:00:00:00 and the correct destination IP address of the host. After receiving a packet, the Microsoft OS using the flawed driver will respond while in promiscuous mode. It should be noted that this flaw is based on the default Microsoft driver shipped with the OS.
##DNS test
This test is here because many packet sniffing tools perform IP address to name lookups to provide DNS names in place of IP addresses. This information is useful to attackers because most of the time hosts are named for what they provide. An example would be a mail server being named mail.keekar.com. Hosts not watching traffic destined to them will not attempt to resolve the IP addresses in the packets. To test this, AntiSniff places the network card into promiscuous mode and sends packets out onto the network aimed to bogus hosts. If any name lookups from the bogus hosts are seen, a sniffer might be in action on the host performing the lookups.
I know above detailing is kind of boring for lots of people because they believe in practical and some time does not have time to look on to the concepts. Because they are not interested to build such tool. So good news for all those people. There are ready made tools available and one of them is from Microsoft employee. Don't be septic with Microsoft Name.
It's a project by Tim Rains and he named it Promqry. According to Tim Rains many network sniffer detection tools rely on bugs in the operating system and sniffer behavior for their discovery work. Promqry is different in that it can query systems to learn if any have a network interface operating in promiscuous mode, which as you know is a mode commonly use by network sniffing software. A command line version and a version with a GUI of Promqry 1.0 is available at Microsoft’s site.
A command line version:
http://www.microsoft.com/downloads/details.aspx?FamilyID=4df8eb90-83be-45aa-bb7d-1327d06fe6f5&DisplayLang=en
A version with a GUI:
http://www.microsoft.com/downloads/details.aspx?FamilyID=1a10d27a-4aa5-4e96-9645-aa121053e083&DisplayLang=en
Yes I did..
Till yesterday it was my assumption that to detect a sniffing device that only collects data and does not respond to any of the information, requires physically checking all your Ethernet connections by walking around and checking the ethernet connections individually. It is also impossible to remotely check by sending a packet or ping if a machine is sniffing.
Question is quite obvious but never strike in my mind. Because I always see sniffing tool as a helping hand for me to troubleshoot and detect the problem. But what about the bad guys mind. Tool is so powerful think what all different kind of damage it can make to business?
So as soon as someone strikes my mind how you can detect the network sniffer logical answer came on my mind is tune Honey pot or Tools of KNOPPIX to detect the sniffer in network.
I know you might be thinking How and why ?
Even though I was also not clear how I am going to do this but quite confident that ICMP packets analysis will do something for me ..
Yes I was correct and when I did the research on topic got following information. The first example is the method which strikes my mind immediately. Other method I learned while doing a research on subject. I got reference of some of the readymade tools too. Hope you are going use this information.
Determining Sniffer with the Help of ICMP
Their are various test can be performed on ICMP Packet to Identify the sniffing capability.
**ICMP Time Delta test
This test uses baseline results to determine network and machine latency. AntiSniff probes the host by sending ICMP echo request messages with microsecond timers to determine the average response time. After the baseline has been created, it floods the local network with non-legitimate traffic.During the flood of traffic, it sends another round of ICMP echo request probes to determine the average response time. Hosts in promiscuous mode have a much higher latency time.
**Echo test
This test is actually an option for the ICMP Time Delta test. The user has the option to use the ECHO service for time deltas, if it’s available on the remote host.
**Ping Drop test
This test is also run during the flood of traffic. It involves sending a large amount of ICMP echo request messages to the host. It keeps track of the number of dropped ping responses. When a host is in promiscuous mode it will have a much higher level of network traffic to process leading to network latency which causes the host to drop packets because it can’t keep up.
I found that apart from ICMP there are some other factors of machine which can help to detect the Sniffers.
##Network and machine latency tests
These last sets of tests are here because hosts in promiscuous mode don’t have low level hardware filtering. This dramatically increases network traffic not meant for the host leading to the OS kernel
to do the filtering. The increased filtering done by the kernel causes more latency. The following tests will be explained: ICMP Time Delta test, Echo test, and the Ping Drop test.
##Ether Ping test
In older Linux kernels there is a specific condition that allows users to determine whether a host is in promiscuous mode or not. When a network card is placed in promiscuous mode every packet is passed on to the OS. Some Linux kernels looked only at the IP address in the packets to determine whether they should be processed or not. To test for this flaw, AntiSniff machine sends a packet with a bogus
MAC address and a valid IP address. Vulnerable Linux kernels with their network cards in promiscuous mode only look at the valid IP address. To get a response, an ICMP echo request message is sent within the bogus packet leading to vulnerable hosts in promiscuous mode to respond.
##ARP test
This test is to exploit the flaw found in they way Microsoft operating systems analyze broadcast ARP packets. This is found in Microsoft Windows 95, 98, and NT. When in promiscuous mode the driver for the network card checks for the MAC address being that of the network card for unicast packets, but only checks the first octet of the MAC address against the value 0xff to determine if the packet is broadcast or not. Note that the address for a broadcast packet is ff:ff:ff:ff:ff:ff. To test for this flaw,AntiSniff sends a packet with a MAC address of ff:00:00:00:00:00 and the correct destination IP address of the host. After receiving a packet, the Microsoft OS using the flawed driver will respond while in promiscuous mode. It should be noted that this flaw is based on the default Microsoft driver shipped with the OS.
##DNS test
This test is here because many packet sniffing tools perform IP address to name lookups to provide DNS names in place of IP addresses. This information is useful to attackers because most of the time hosts are named for what they provide. An example would be a mail server being named mail.keekar.com. Hosts not watching traffic destined to them will not attempt to resolve the IP addresses in the packets. To test this, AntiSniff places the network card into promiscuous mode and sends packets out onto the network aimed to bogus hosts. If any name lookups from the bogus hosts are seen, a sniffer might be in action on the host performing the lookups.
I know above detailing is kind of boring for lots of people because they believe in practical and some time does not have time to look on to the concepts. Because they are not interested to build such tool. So good news for all those people. There are ready made tools available and one of them is from Microsoft employee. Don't be septic with Microsoft Name.
It's a project by Tim Rains and he named it Promqry. According to Tim Rains many network sniffer detection tools rely on bugs in the operating system and sniffer behavior for their discovery work. Promqry is different in that it can query systems to learn if any have a network interface operating in promiscuous mode, which as you know is a mode commonly use by network sniffing software. A command line version and a version with a GUI of Promqry 1.0 is available at Microsoft’s site.
A command line version:
http://www.microsoft.com/downloads/details.aspx?FamilyID=4df8eb90-83be-45aa-bb7d-1327d06fe6f5&DisplayLang=en
A version with a GUI:
http://www.microsoft.com/downloads/details.aspx?FamilyID=1a10d27a-4aa5-4e96-9645-aa121053e083&DisplayLang=en
Tuesday, December 16, 2008
Open Source Software ! Uhh !!!!! Blessing for devloper's Curse for Security and Business Executive..
GPL, Open Source, Source Forged , Shareware, freeware, code applets, open source api's etc. Etc .. So many scary jargon for security experts.. No its not like that but the mismanagement of development activity and time pressure makes it scary.
Definitely every one is quite happy with SOA , Web 2.0 and many more such kind of technological development. Think what could be a reason for such a fast development of applications, quick delivery, immediate ROI ?
Yes its a miracle in development project provided by Open Source Foundation. Their are millions of readily available codes available on WWW which developers quickly fine tune and use to deliver desired output in any application. Collection of such codes is very well known as framework.
Now above statements is from business executive point of view. If you ask me as security expert yes its boon but take a example of RIM Law Suit case these are the cases which is kind of shame for such a big organizations. Reason in development phase some of the developers used a readily available code on Google search and after 5 year real owner of code filed a law suite that his Idea was stolen without paying a royalty ..
Till yesterday it was my assumption that its very difficult to find weather developers used a open source foundation codes in their application or its written from scratch. If some thing is already available it does not make a sense to rewrite but yes its organization duty to pay a developer payment if its commercially viable solution. So now be happy their is one software in market which will scan your source code and will report all the open source codes and application or API's used in the application development cycle. Remember before posting some nasty comments locks are met for gentleman not for thief.
Palamida, a vendor that sells software and services around open-source software security and legal compliance. Palamida thought it wise to distribute the 25 projects over a number of categories, since open source "has permeated up and down the stack," . Today, Palamida's software scans a customer's code base, determines which open-source software is in use, and provides information about associated licenses, known vulnerablities and available patches.
Overall Palamida and its competitor Black Duck Software "have been moving into providing a tool for software development," said Redmonk analyst Michael Coté. "Instead of making sure your open-source code use is healthy from only a legal perspective ... the idea is to make sure that your overall use of OSS is healthy."
What would you say now .. Any excuse .. :)
Definitely every one is quite happy with SOA , Web 2.0 and many more such kind of technological development. Think what could be a reason for such a fast development of applications, quick delivery, immediate ROI ?
Yes its a miracle in development project provided by Open Source Foundation. Their are millions of readily available codes available on WWW which developers quickly fine tune and use to deliver desired output in any application. Collection of such codes is very well known as framework.
Now above statements is from business executive point of view. If you ask me as security expert yes its boon but take a example of RIM Law Suit case these are the cases which is kind of shame for such a big organizations. Reason in development phase some of the developers used a readily available code on Google search and after 5 year real owner of code filed a law suite that his Idea was stolen without paying a royalty ..
Till yesterday it was my assumption that its very difficult to find weather developers used a open source foundation codes in their application or its written from scratch. If some thing is already available it does not make a sense to rewrite but yes its organization duty to pay a developer payment if its commercially viable solution. So now be happy their is one software in market which will scan your source code and will report all the open source codes and application or API's used in the application development cycle. Remember before posting some nasty comments locks are met for gentleman not for thief.
Palamida, a vendor that sells software and services around open-source software security and legal compliance. Palamida thought it wise to distribute the 25 projects over a number of categories, since open source "has permeated up and down the stack," . Today, Palamida's software scans a customer's code base, determines which open-source software is in use, and provides information about associated licenses, known vulnerablities and available patches.
Overall Palamida and its competitor Black Duck Software "have been moving into providing a tool for software development," said Redmonk analyst Michael Coté. "Instead of making sure your open-source code use is healthy from only a legal perspective ... the idea is to make sure that your overall use of OSS is healthy."
What would you say now .. Any excuse .. :)
