May 20, 2012

You are here: Home / Archives for 2008

Check Point to Aquire Nokia’s Security Appliance Business..

December 25, 2008 By Comments

This was a surprise but not completely.  In the past Nokia was the dominant hardware source for Check Point security software.  With the move by Check Point into its own hardware line, it was a question of how long Nokia would stay in the field.  What will be the outcome of other hardware makers such as Crossbeam etc..  Only time will tell.

I guess the question will be if CP will migrate this into their Secure Platform (SPLAT) or run both lines in parallel.  Its going to be interesting to see how this is going to shake out.  Especially from a CP partner point of view.

TheLV

Filed Under: Security News

Howto check RAM on Linux

December 6, 2008 By Comments

Sometimes  you want to know how much memory you have on a Linux box.  There are several ways to do this but I have found the best and easiest way is to us the top process.

At the command line enter type top or vmstat.

Example:

[root@ftp ~]#top

top – 15:49:46 up 53 days, 11:54,  1 user,  load average: 0.00, 0.00, 0.00
Tasks:  71 total,   1 running,  70 sleeping,   0 stopped,   0 zombie
Cpu(s):  0.3%us,  0.0%sy,  0.0%ni, 99.7%id,  0.0%wa,  0.0%hi,  0.0%si,  0.0%st
Mem:   1034796k total,   985256k used,    49540k free,   144156k buffers
Swap:  2031608k total,        0k used,  2031608k free,   778420k cached

PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND
1 root      15   0  2060  620  532 S  0.0  0.1   0:00.61 init
2 root      RT  -5     0    0    0 S  0.0  0.0   0:00.00 migration/0
3 root      34  19     0    0    0 S  0.0  0.0   0:00.00 ksoftirqd/0
4 root      RT  -5     0    0    0 S  0.0  0.0   0:00.00 watchdog/0
5 root      10  -5     0    0    0 S  0.0  0.0   0:00.00 events/0
6 root      10  -5     0    0    0 S  0.0  0.0   0:00.00 khelper
7 root      10  -5     0    0    0 S  0.0  0.0   0:00.00 kthread
10 root      20  -5     0    0    0 S  0.0  0.0   0:00.22 kblockd/0
11 root      20  -5     0    0    0 S  0.0  0.0   0:00.00 kacpid
73 root      20  -5     0    0    0 S  0.0  0.0   0:00.00 cqueue/0
76 root      10  -5     0    0    0 S  0.0  0.0   0:00.00 khubd
78 root      10  -5     0    0    0 S  0.0  0.0   0:00.00 kseriod
138 root      25   0     0    0    0 S  0.0  0.0   0:00.00 pdflush
139 root      15   0     0    0    0 S  0.0  0.0   0:01.69 pdflush
140 root      10  -5     0    0    0 S  0.0  0.0   0:00.05 kswapd0
141 root      20  -5     0    0    0 S  0.0  0.0   0:00.00 aio/0
299 root      11  -5     0    0    0 S  0.0  0.0   0:00.00 kpsmoused

Filed Under: Linux Tagged With: ,

Experts urge Feds to deploy DNS Security Measures

November 27, 2008 By Comments

Internet security gurus and leading vendors are urging the U.S. federal government to rapidly deploy security and authentication mechanisms at the top level of the DNS hierarchy, which is known as the root zone.

Read Full Article on Network World here

Filed Under: Security News Tagged With:

Dangerous Trojan Program Found

November 8, 2008 By Comments

Over the last few years a large criminal organization has been using a very powerful Trojan program.  At this time, it has been able to gather over half a million bank accounts and credit card numbers. The last report stated that it has been active since 2006.

This program runs by monitoring traffic and keying in on banking or financial urls to be entered by the infected computer.  Once it triggers, it gets the users information and then sends it back to a central server.  Further study revealed that it was not even detected by most antivirus programs.

Security experts believe, as usual, that this system is being run out of Russia. Mainly because Russia was the only country without any infections from this Trojan.  Remember to be careful when your going to important websites dealing with money.  Alway check the certificates of the site before you log in.  Never click a link to your financial institution from an email.  It is always better to use your own favorites for your important websites.

Filed Under: Anti-Malware Tagged With:

Nokia Exiting the Security Appliance Business

October 31, 2008 By Comments

One of the largest firewall security appliance vendor’s (Nokia appliances with Check Point software) recently announced that they would be selling off their security appliance business to an unnamed financial investment firm. This will mean significant confusion for Check Point customers running on the Nokia platforms in terms of what level of support, warranty service, product enhancements, etc. that they can expect to receive in the months ahead.

A source close to Nokia Security stated: For customers, it should be business as usual. Operationally speaking, most of what makes up the Security Appliance business in Nokia is already fairly independent of the rest of Nokia. The relationships with Check Point, Sourcefire, and others will continue and likely strengthen. The only real change will be the name on the front door, though you will likely to continue to see the Nokia brand in use for a period of time while the marketing folks roll out the new branding.

If you find your company in this situation please contact Positive Control Networks at lvance@positivecontrolnetworks.com for more information…

Filed Under: Nokia, Security News Tagged With:

Hman Post

October 25, 2008 By Comments

My name is hman and I am the lead producer of this site.

Thank you for looking at this site.

Thanks, hman

Filed Under: Security Articles

Al-Qaeda Sites Disabled

October 25, 2008 By Comments

Last month four of the Al-Qaeda websites were found and taken down.  These were forums
that they used to communicate.  In the past they were able to come back pretty quickly
but this time they are having trouble getting back online.

It is not known who took these sites down.  The feds have not taken credit and it was actually
leaked that it could be independent hackers to decided to turn the fight against Al-Qaeda.  Either
way its a good thing.

On the other hand some say it might be better to leave them online so that they can be monitored
to find out what the group might be trying to do next.  Others believe they should be knocked offline
as quickly as possible.  I tend to agree with the latter but I am no expert.

It should be known that this war is not just physical but also virtual.  There are a lot of fights
going on that we never hear about.

Filed Under: Security News Tagged With:

Cisco Security Advisory for ASA and PIX

October 23, 2008 By Comments

Another advisory for the Cisco PIX and ASA line of security firewalls. This was issued yesterday and should be reviewed if you are running any of these firewalls.  Below is the actual announcement on Cisco’s website:

Multiple vulnerabilities exist in the Cisco ASA 5500 Series Adaptive Security Appliances and Cisco PIX Security Appliances. This security advisory outlines details of these vulnerabilities:

  • Windows NT Domain Authentication Bypass Vulnerability
  • IPv6 Denial of Service Vulnerability
  • Crypto Accelerator Memory Leak Vulnerability

Note: These vulnerabilities are independent of each other. A device may be affected by one vulnerability and not affected by another.

Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate some of these vulnerabilities are available.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20081022-asa.shtml

Filed Under: Security News Tagged With:

Sniffing with TCPDump

October 22, 2008 By Comments

How to sniff a network with TCPDump. TCPDump comes installed on Linux by default. You will have to install the package on Solaris. This is just a simple sniff.

To sniff all traffic accross an interface (port-mon is your friend)

tcpdump -w testsniff -c 6000
-this sniffs everything and stops when it reaches a 6000 packet count. Good idea if you have a lot of traffic. It puts this sniff into a file named testniff. Most Packet analyzers can read a tcpdump file format.

tcpdump host x.x.x.x -c 1000
-this sniff’s a specific host with a count of 1000 packets.

tcpdump -i eth0 host x.x.x.x -c 1000
-this sniff’s on eth0 for those multiple interface boxes. This is nice for sniffing firewall interfaces with DMZ’s etc.

This is just a small simple description. Read man tcpdump and you will see how powerful TCPDump can be.

Filed Under: HowTo's Tagged With:

Check Point – for small business

October 21, 2008 By Comments

Check Point has been the leader in network security for many years.  They invented stateful firewall protection and they provide network security for 99.9% of all fortune 500 companies.  In the past Check Point only provided security for the largest most complex networks.  This meant that their security products were very expensive and complex to configure.  This has drastically changed.

Check Point now offers their same level of security it offered the large corporations to the small to medium business owners.  Their small office line starts with the Safe@office appliance that can be purchased for the number of users being protected.  These are offered in 1-5 users, 1-25 users, and then unlimitted. These appliances are also offered with a wireless option.  These small office firewalls are nothing to sneeze at.  They offer gateway virus protection, web filtering, Intrusion Prevention, Internet failover, and many more options.

Check Point also offers a home version of this firewall called the Zone Alarm Security Firewall.  It is offered through the Zone Alarm company that is owned by Check Point.  Another variant of the this firewall is the Check Point Edge device that is a more robust firewall that is used for regional offices and medium sized businesses.  Look for another seperate article on the Edge box coming soon.

The small business can now get the same protection that the large corporations receive at a reasonable price. These firewall can also me professionally managed and configured for your company.  For more information see http://www.positivecontrolnetworks.com

Filed Under: Check Point, Hardware Tagged With:
« Older Posts