Security | Antivirus

Archive for the ‘Security’ Category

Fun Project Honeynet Log Challenge: Log Mysteries

Friday, September 3rd, 2010 |

Project Honeynet just released its latest Forensic Challenge 5 - Log Mysteries. It is based on logs from a compromised virtual server and requires quite a bit of digging through messy log data.

The Challenge:
Analyze the attached sanitized_log.zip [A.C. – get the logs here] and answer the following questions:

Was the system compromised and when? How do you know that for sure? (5pts)

If the was compromised, what was the method used? (5pts)

Can you locate how many attackers failed? If some succeeded, how many were they? How many stopped attacking after the first success? (5pts)

What happened after the brute force attack? (5pts)

Locate the authentication logs, was a bruteforce attack performed? if yes how many? (5pts)

What is the timeline of significant events? How certain are you of the timing? (5pts)

Anything else that looks suspicious in the logs? Any misconfigurations? Other issues? (5pts)

Was an automatic tool used to perform the attack? if yes which one? (5pts)

What can you say about the attacker’s goals and methods? (5pts)

Bonus. What would you have done to avoid this attack? (5pts)

Go get the challenge here and get to solving it – you have about a month. And, yes, there will be prizes too!

Finally, if you really want to make me happy (hehe…who’d want that? :-)), please invent a new approach while solving the challenge.

Possibly related posts:

Everything tagged Project Honeynet

Source:Fun Project Honeynet Log Challenge: Log Mysteries

More : AntiVirus Premium

Posted in Security | No Comments »

Links for 2010-08-30 [del.icio.us]

Friday, September 3rd, 2010 |

10 Tips to Thwart Skimming

Source:Links for 2010-08-30 [del.icio.us]

More : AntiVirus Premium

Posted in Security | No Comments »

Another Fun SIEM Whitepaper

Friday, September 3rd, 2010 |

As promised, here is another detailed SIEM whitepaper called “A Pragmatic Approach to SIEM: Buy for Compliance, Use for Security” that I wrote for a great team at Tripwire earlier this year.

“While recent economic troubles might have something to do with it, many organizations today seek to only do a bare minimum of security. To be more precise, they try to do what they think is the bare necessary minimum. Their perception that security “due diligence” can be reduced all the way down to the level prescribed by regulations, such as PCI DSS, is more common than ever today. All too common result of this thinking is security breaches and other damaging events.

This trend has affected many security safeguards, and SIEM and log management are hard hit by this as well. It is very common to deploy these technologies in order to satisfy the compliance check box. In this paper we will analyze this trend and provide useful guidance for getting value out of SIEM and log management tools while focusing on protecting systems and data – and not simply on checking the box.”

Get the paper here.

Possible related posts:

Source:Another Fun SIEM Whitepaper

More : AntiVirus Premium

Posted in Security | No Comments »

LogChat Podcast 1: Anton Chuvakin and Andrew Hay Talk Logs

Friday, September 3rd, 2010 |

“LogChat” Podcast is born! Everybody knows that all this world needs is a podcast devoted to logs, logging and log management (as well as SIEM, incident response and other closely related subjects).

And now you have it - through the sheer combined genius of Andrew Hay and myself, Anton Chuvakin.

Administrative items first:

We need a new name! We are not entirely happy with “LogChat” and, sadly, “LogTalk” is taken. Please suggest a name - if we pick yours, you get a free signed copy of my “PCI Compliance” book.
We will post the transcript, not just the MP3 file - in a few days. If you have ideas for a good/inexpensive transcribing service, we are all ears. I will try Amazon Mechanical Turk first, but it might not be good enough for a technical podcast.
Please also suggest topics to cover as well - even though we are not likely to run out of ideas for a few years. Our first topic today is new log source integration - if it sounds boring…well…listen first/judge second
We plan for this to be a monthly podcast. So, the next one will happen sometime early October.
Any other feedback is HUGELY useful. Is it too long? Too loud? Not enough jokes? Too few mentions of the “cloud”? Feedback please! Who knows…maybe there are more PCI books left in my secret stash and you too will earn that glorious prize for the most useful piece of feedback :-)