Monday, July 24, 2006

VoIPowering Your Office with Asterisk: Soothing the Savages with Hold Music

Carla Schroder tells you how to configure Asterisk with hold music. Via VoIPPlanet: VoIPowering Your Office with Asterisk: Soothing the Savages with Hold Music.

One of the more fun aspects of running an Asterisk server is choosing your own hold music. Hopefully your callers are not sitting on hold for long periods of time, but as long as they are it's nice to give them something pleasant to listen to. It can be music, inspirational speeches, comedy routines—even Internet radio.

Vyatta to take on Cisco and Juniper

Vyatta launched the 1.0 version of its Open Flexible Router today. Via Network World: Vyatta to take on Cisco and Juniper.

The OFR software is available for download from the Vyatta Web site at vyatta.com. Vyatta charges for support and maintenance upgrades with a subscription format. The $500 OFR Professional Subscription includes unlimited software updates and online/e-mail access to Vyatta's technical support group for one year. The $650 Enterprise Subscription includes online and phone support.

After an Exploit: mitigation and remediation

SecurityFocus talks about getting hacked: After an Exploit: mitigation and remediation. Frankly, the article seems a bit misnamed to me. Ignore the "after an exploit" part. It's really about prevention and mitigation of particular attacks.

As we all know, prevention, detection and response are our three main lines of defence against threats, with a good administrator putting most focus on prevention. As the old adage goes, "an ounce of prevention is worth a pound of cure" - a 1:16 ratio for the metrically inclined - but there's always going to be the odd occasion where prevention fails, either through a lack of time or a mistake in one's security procedure. In this article we describe a few hardening and alerting methods for Unix servers that help block vectors for various attacks, including two web-based application attacks and the brute-forcing of SSH passwords. The article then looks at what an administrator should do post-compromise. These incidents have been drawn from both honeypots and real systems.

Nagios and Oreon installation in Debian

Debianhelp has a nice little tutorial on setting up Nagio and Oreon (a Nagios front-end) in (of course) Debian: Nagios and Oreon (Nagios web frontend) installation in Debian.

Friday, July 21, 2006

Top 100 Network Security Tools

Insecure.org has once again updated its list of Top 100 Network Security Tools. Leading tools include Nessus, Wireshark, and Snort.

After the tremendously successful 2000 and 2003 security tools surveys, Insecure.Org is delighted to release this 2006 survey. I (Fyodor) asked users from the nmap-hackers mailing list to share their favorite tools, and 3,243 people responded. This allowed me to expand the list to 100 tools, and even subdivide them into categories. Anyone in the security field would be well advised to go over the list and investigate tools they are unfamiliar with. I discovered several powerful new tools this way. I also will be pointing newbies to this site whenever they write me saying “I don't know where to start”.

Sourcefire targets Indian enterprise market

Looks like Sourcefire is starting to enter some emerging markets: Sourcefire targets Indian enterprise market.

Sourcefire Inc. international sales vice-president Allen Male said, “This year, and specifically in 2007, we are going to put a lot of focus on the markets in India and China. India specifically is interesting because of the phenomenal growth and increasing maturity of the enterprise IT and network infrastructure. Most enterprises have had firewalls for a couple of years now and they are starting to realize the benefits of intranet and network monitoring and intrusion prevention - precisely the requirement that Sourcefire can best address.”

Thursday, July 20, 2006

Iptables-tutorial, version 1.2

Oskar Andreasson recently updated his Iptables Tutorial. The version number is now 1.2.

Asterisk IP PBX addresses vulnerabilities

Network World has a bit more on the recently announced Asterisk vulnerabilities: Asterisk IP PBX addresses vulnerabilities. Looks like fixes are in place for all the issues, but people should look to upgrade fairly soon.

The two vulnerabilities found by ISS could make the PBX servers based on open source Asterisk code vulnerable to denial of service attacks. Digium, whose products are based on Asterisk, says it will post a warning to its newsgroup today as well as post a warning on its asterisk.org Web site.

NSF Backs Open Source Wireless Mesh Project

Via GigaOM: NSF Backs Open Source Wireless Mesh Project. Looks like the CUWIN folks found some grant money. This is good overall for community wireless development and also for open-source networking.

Earthlink and Tropos might be looking to make millions off of muni wireless, but members of the open source community are hard at work trying to make wireless networking free. And they just got some funds to help their cause. Sascha Meinrath, of the Champaign-Urbana Community Wireless Network, CUWIN, just called me this morning to say his open source wireless mesh project received a $500,000 grant from the National Science Foundation. Sascha says he plans to use the money to add staff, scour the globe for open source partners, and boost research and testing.

Secure your network with Snort intrusion prevention techniques

TechRepublic has posted a sample chapter from Sams' Intrusion Detection with Snort.

Overview: This sample chapter, taken from Sams' Intrusion Detection with Snort, discusses some advanced concepts in using Snort as an alternative intrusion prevention device.

Learn why Snort IDS is a smart alternative to intrusion prevention. The process of deploying intrusion prevention is lengthier and requires greater attention to detail than installing an IDS. With Snort, a misconfigured option or rule can affect only the performance of the IDS itself. With an intrusion prevention application, a misconfiguration can literally take down your network.

Wednesday, July 19, 2006

Securing Your Asterisk Server, Part 1 - The Importance of Passwords

At LinuxPlanet, the ever-prolific Carla Schroeder tells us how to help lock down Asterisk: Securing Your Asterisk Server, Part 1 - The Importance of Passwords.

Asterisk@Home ships with a bunch of default passwords that many people know. Moreover, it sends server administration traffic in the clear, rather than over HTTPS. This means that anyone on your local network could easily sniff out all those passwords after you go to the trouble of changing them. OpenSSH should be configured to use RSA key pairs instead of the root system login, which is both more secure and more convenient. Today's and next week's installments will tell all about how to do these things. Disconnect your Asterisk server from the network, and away we go.

Tuesday, July 18, 2006

Hyperic tries open-source management | Tech News on ZDNet

Via ZDNet: Hyperic tries open-source management.

Start-up Hyperic launched an open-source project on Monday around its namesake software, looking to shake up enterprise management software with a low-cost product and an open-source business model.

I hadn't heard of Hyperic before this, but the software sounds interesting. The number of open-source management tools is beginning to expand greatly. It isn't quite clear whether Hyperic is complementary to the existing options or further competition/fragmentation.

SmokePing Adds Great Latency Measurement to the Open Source Monitoring Equation

Via InfoWorld: SmokePing Adds Great Latency Measurement to the Open Source Monitoring Equation.

A few months ago, I wrote about Tobias Oetiker's MRTG and RRDTool services -- which are really leading the charge in collecting / visualizing network monitoring data.

Another tool by Oetiker and his colleagues that's seeing a lot of traction these days is SmokePing, a latency measurement tool that uses RRDtool as the database and graphing back-end.

VoIPowering Your Office with Asterisk: SOHO VoIP

From VoIP Planet: VoIPowering Your Office with Asterisk: SOHO VoIP.

Today's exciting installment shows how to have both old-fashioned analog phone service and VoIP on the same local network, for small shops with fewer than ten analog phone lines. Scenario: you want to keep your existing analog lines, add VoIP, use Asterisk for your PBX, and have a reasonable upgrade path for future changes and additions.

Asterisk VoIP platform open to DDoS attacks, security firm says - Network World

From Network World: Asterisk VoIP platform open to DDoS attacks, security firm says.

...A vulnerability in the Inter-Asterisk eXchange protocol version 2 (IAX2) — used by Asterisk servers to set up and manage calls — could be used to flood an Asterisk IP PBX with bogus calls and make the phone system unavailable, according to the Internet Security Systems (ISS) X-Force Threat Analysis Service, which discovered the bug.

Tuesday, July 11, 2006

Intrusion Detection With BASE And Snort | HowtoForge - Linux Howtos and Tutorials

HowtoForge has a nice article on setting up Snort with BASE on a Debian system, Intrusion Detection With BASE And Snort.

This tutorial shows how to install and configure BASE (Basic Analysis and Security Engine) and the Snort intrusion detection system (IDS) on a Debian Sarge system. BASE provides a web front-end to query and analyze the alerts coming from a Snort IDS system. With BASE you can perform analysis of intrusions that Snort has detected on your network.

VoIPowering Your Office with Asterisk: Hardware Mysteries Explained

Carla Schroder provides a nice introduction to Asterisk hardware options in VoIPowering Your Office with Asterisk: Hardware Mysteries Explained, care of VoIPPlanet.

It's fun and useful to explore pure IP telephony, but most folks want PSTN (Public Switched Telephone Network) integration as well. (PSTN is also known as POTS: Plain Old Telephone Service.) An Asterisk server can interface with "legacy" systems, which means "not IP," or your ordinary old digital and analog telephone systems.

Open Source Takes on Telecom

BusinessWeek Online has a nice interview with Asterisk creator and Digium President Mark Spencer, Open Source Takes on Telecom.

In 1999, Mark Spencer needed a phone system for his startup, Linux Support Services. The company's aim was to provide technical support to businesses and programmers for Linux, an operating system for which the source code is free, making it an appealing alternative to Microsoft's Windows. But, Spencer was still a student at Auburn University and he had raised a mere $4,000 in startup capital. "I thought I really needed to get a phone system, but they were simply too expensive," he says.

Five freeware tools for mitigating network vulnerabilities

From Search Security, Five freeware tools for mitigating network vulnerabilities.

In a perfect world, information security practitioners would have an unlimited security budget to troubleshoot and fix security vulnerabilities. But, as you will learn, you don't need an unlimited budget to get a quality product. Here are five freeware tools recommended by SearchSecurity.com expert Michael Cobb, that can not only help you tighten up your network security but keep your budget in tact.

Interestingly, the article includes both open and closed-source tools.

Tuesday, April 25, 2006

Open source network monitoring tools you should care about: MRTG and RRDtool

From InfoWorld: Open source network monitoring tools you should care about: MRTG and RRDtool.

In today's "mash-up" application development craze, the innovation is being driven largely by the fact that APIs are now more open and accessible, and presentation layer technologies such as AJAX are creating very compelling new ways to visualize data streams from multiple services. Developers can get to services more easily, and with XML they can deliver the data in much more dynamic ways via web applications.

Similar trends are driving software development innovation today in network monitoring. Tools such as MRTG (Multi-Router Traffic Grapher) and RRD (Round Robin Database) make it possible to more easily collect data from a greater number of devices on the network, and convert the data into XML for easy consumption on the front end.

Qlusters prepares to attack the systems management establishment

From ZDNet: Qlusters prepares to attack the systems management establishment.

Earlier this year Qlusters crossed the chasm from proprietary to open source software. The small company, backed by blue-chip VCs, took nearly three years of proprietary code development for its sophisticated systems management software and open sourced it under a modified (attribution only) Mozilla Public License. Now, armed with a subscription model (like Ingres going after Oracle) and a growing community, the company is ready to take on proprietary establishment, such as BMC, CA, IBM and HP.

Vyatta Welcomes Networking and Open-Source Technology Experts to Advisory Board

Vyatta builds its advisory board: PRESS RELEASE Vyatta Welcomes Networking and Open-Source Technology Experts to Advisory Board.

Vyatta today welcomed two members to its newly created advisory board -- networking industry veteran Dave Newman, and XenSource CTO Simon Crosby. The advisory board brings together networking and open-source industry experts to provide advice and insight on product development and technology adoption issues to ensure that Vyatta's open-source networking solutions are aligned with market needs.

Force10 launches world's fastest IPS

Whether this is really the worlds fastest or not is probably debatable, but it is pretty cool. Lest anybody think that open source is code for clunky and slow, running only on standard PC processors... From Techworld.com: Force10 launches world's fastest IPS.

Intrusion detection and prevention is now practical at wire-speed on 10Gig Ethernet, claimed Force10 Networks. The company has introduced a parallel processor capable of inspecting traffic and enforcing security rules at 20Gbit/s.

The new P-Series appliance uses Linux and the popular Snort open source software, which inspects traffic and compares it to a list of attack signatures. However, instead of using a single general-purpose processor and applying hundreds of rules to a packet in succession, the P-Series has up to 1000 processors in parallel, applying one rule each.

A first look at Zfone

Now you can have a secure phone, just like the President. All made possible with Phil Zimmerman's Zfone. From NewsForge: A first look at Zfone.

Zfone is PGP creator Phil Zimmermann's latest brainchild, a small desktop application that encrypts VoIP softphone conversations using strong encryption and peer-to-peer communication. Zimmermann released the first public beta last month. While I'm intrigued by the concept, getting the application to work is another story.

Network security firm explores IPO

Looks like SourceFire is considering all sorts of options following the disaster with Check Point. From the Baltimore Sun: Network security firm explores IPO: Undaunted by U.S.' scotching its sale to an Israeli company over security worries, Sourcefire looking into ways to grow.

Quick Look: OpenQRM Systems Management

From InfoWorld: Quick Look: OpenQRM Systems Management.

The goal of OpenQRM is to provide a basis to start uniting other open source management tools in a unified matter that allows for each of use and deployment. The fundamental painpoint that led to the development of OpenQRM was the fact that IT shops were moving to commodity hardware but finding that management tools lacked-which defeated the very economics behind using cheap boxes. This sentiment is very similar to a number of other companies-mainly proprietary vendors who have built large scale apps (Cassatt), and appliances (Levanta) to manage the proliferation of Linux boxes and open source apps.

Getting started with Nagios 2.1

A nice tutorial on setting up Nagios. From Linux.com: Getting started with Nagios 2.1.

Nagios, the premier open source network monitoring program, is celebrating its 2.1 release. With four years of development under its belt, Nagios is powerful enough to replace expensive proprietary monitoring products and become a tool your organization can't live without.

Build a Secure Logging Server with syslog-ng

A nice 2-part tutorial on how to build a secure logging server with syslog-ng and various other open source packages. From Enterprise Networking Planet:

Part 1

Part 2

Managing Linux system and application logging is important and a bit tricksy. You want to capture important information, not bales of noise. You need to be able to find what you want in your logs without making it your life's work. The venerable old syslogd has served nobly for many years, but it's not quite up to meeting more complex needs. For this we have the next-generation Linux logger, syslog-ng.

Pen testing your VPN

A short introduction to penetration testing your VPN. From Search Security: Pen testing your VPN.

A Virtual Private Network (VPN) is like a large sign, saying "Sensitive Data Here." Hackers know that when they've found a VPN, they've hit the jackpot, because it means somebody is trying to secure something confidential. Therefore, like any other gateway, your VPN needs to go through a thorough penetration test to check for vulnerabilities. It's easy to overlook VPNs when pen testing your network, as it's often assumed that they're the most secure part of it. But, they're not and they're a magnet for hackers.

Packet-sniffing techie uncovers spousal infidelity | The Register

From the "don't ask questions you don't want to know the answer to" department, via The Register: Packet-sniffing techie uncovers spousal infidelity. Not that Ethereal is hazerdous to your relationships, but if your spouse is into open source networking tools, perhaps you should make sure you're clean.

Technology has been instrumental in ending yet another long-standing relationship. Hot on the heels of tales of a woman who blames a bug in Firefox for exposing the flaws in her relationship with a fiancé and a man whose relationship was hit by the spam filtering shortcomings of Thunderbird, comes the story of a software programmer who unearthed evidence of his partner's infidelity using Ethereal, the packet sniffing software.

Prelude-IDS - The Hybrid IDS framework

I just stumbled on Prelude the other day. Looks like an interesting project to help centralize and correllate the reporting from various IDS products/projects: Prelude-IDS - The Hybrid IDS framework.

Prelude is an Hybrid IDS framework, that is, it is a product that enable all available security application, be it opensource or proprietary, to report to a centralized system. In order to achieve this task, Prelude relies on the IDMEF (Intrusion Detection Message Exchange Format) IETF standard, that enables different kinds of sensors to generate events using an unified language.

Prelude benefits from its ability to find traces of malicious activity from different sensors (Snort, honeyd, Nessus Vulnerability Scanner, Samhain, over 30 types of systems logs, and many others) in order to better verify an attack and in the end to perform automatic correlation between the various events.

Ethereal 0.99.0 released

Ethereal 0.99.0 Released.

Ethereal 0.99.0 has been released. Several security-related vulnerabilities have been fixed. Everyone is encouraged to upgrade.

GoogleTalk Gets a Facelift for Business

Sweet! It looks like there will be a connection between GoogleTalk and Asterisk. This really shows some of the value of open source and open interfaces. Note how Google published its Jingle specification and Mark Spencer at Asterisk was able to leverage it. From Networking Pipeline: GoogleTalk Gets a Facelift for Business.

Talk about mind-boggling changes. A new project will allow businesses to connect GoogleTalk users to their Asterisk, telephony servers, Mark Spencer told me yesterday.

Open source routers shine at Vyatta secret society

I always have fun at the Vyatta Secret Society parties. It's nice to know that others find them enjoyable, too. From ZDNet: Open source routers shine at Vyatta secret society.

Yesterday at the Vyatta secret society meeting in San Mateo California, a group of people committed to the idea of an open source router implementation gathered at the offices of Vyatta. Other than the Vyatta employees, the group was comprised of executives, engineers and programmers in the Silicon Valley area from companies like eTrade to Trapeze to XenSource.

Open Source For Perimeter Security

ITObserver has an article describing the use of various open sourc projects to build a security architecture: Open Source For Perimeter Security.

There is a widespread and wholly inaccurate impression that open source development is somehow haphazard and undisciplined, a free-for-all among brilliant but uncoordinated individuals. In fact, most major open source projects are very tightly managed highly disciplined teams. This article gives examples of very successful Open Source security projects "netfilter and Snort" and also describes some weaknesses that need to be addressed by IT organizations or vendors.