SecuritySkeptic.COM: Dave Piscitello's Security Journal December 2006

This page uses style sheets created by Ruthsarian Labs

Sat, 23 Dec 2006 00:00:00 00, 576

Tops on the Security Blessings List

Listening to NPR today I *think* I heard someone include the November 2006 midterm elections as tops on this season's blessings list. It's certainly on my list, but perhaps not at the *very* top.

I began thinking about this season's security blessings but not overly long because this should be a time of good tidings and joy:-)

Sooooo... putting on my "positive attitude" Santa hat, here's a list of what I consider security blessings for 2006:

Firefox. OK, this is a carry-over blessing from 2005. I removed the IE icon from my PC desktop and run iexplore.exe only under duress.
AVG version 7.5 antivirus. This was the year I finally ditched Norton AV and I haven't regretted it. AVG is gentler on my RAM and has been as effective an antivirus solution as NAV had been.
APC UPS Backups 725. I have three now and they are as reliable as advertised.
TRENDNet TE100-S24WS Access Point. Much less expensive than Linksys and just as security feature-full. Only a year ago I couldn't stumble any RF within 300 yards of my home; now I see 7 APs. WPA for the win.
WatchGuard Fireware 8.x HTTP Proxy (and generally, all the proxies). I've chronicled the many features I routinely use to strip cookies and executables, scrub HTTP messages, block ads and unwanted connections. I don't know how people live without proxies. Stateful inspection may rock, but IMO you can't have rock solid perimeter security without proxies.
IISLockdown/URLcheck. I host a very conservative web site(s) and these simple utilities plus network and http logging increase my faith in layered defense.
MacOS X. You can't appreciate the malware "taxation without relaxation" until you use a Mac for a while. Add the cost of purchasing, installing, configuring, maintaining both XP security policy and 3^rd party security software to the extent I've become accustomed over the past 4 years on each Windows PC in your office and it's way less expensive to run a Mac shop. Call it security by obscurity if you want, but I'm not unhappy to have left the ranks of the low hanging (client) fruit.

That's a pretty short list. Hey, I promised to share only good tidings of comfort and joy.

Archived at http://www.securityskeptic.com/arc20061201.htm#BlogID576 by Dave Piscitello

Tue, 19 Dec 2006 00:00:00 00, 575

Map of IPv4 address space and current allocation

ICANN colleague Kim Davies shared a hyperlink to xkcd.com , where Randall Munroe hosts a webcomic of romance, sarcasm, math, and language. Randall uses fractal mapping to render an interesting graphical interpretation of the partitioning and assignment of the IP version 4 address space. The unallocated blocks are cleverly depicted as green fields:-)

Click on the thumbnail to see the larger image at XKCD.

Perhaps the most amusing aspect of the image is the ALT tag, which reads "For the IPv6 map just imagine the XP default desktop picture."

Archived at http://www.securityskeptic.com/arc20061201.htm#BlogID575 by Dave Piscitello

Mon, 11 Dec 2006 00:00:00 00, 573

SNOCER - Secure and Highly Available VoIP Communications Services

A colleague at BCR forwarded a hyperlink to the SNOCER project. The project abstract describes SNOCER as "a general secure and high available software architecture for VoIP infrastructures. Security is achieved through the utilization of Intrusion detection sys-tems enhanced for VoIP traffic plus extended VoIP servers that perform advanced traffic monitoring. Additionally, we propose to increase server throughput through the use of an advanced DNS caching solution."

SNOCER is a defensive approach to VoIP security. It doesn't propose security extensions that might mitigate the growing spectrum of attacks against VoIP endpoints and infrastructures but it does offer a helpful taxonomy of attacks and, more importantly, measures an organization can take to detect and block attacks, and identifies an intriguing toolkit for deploying these measures.

Find a draft of SNOCER here.

Archived at http://www.securityskeptic.com/arc20061201.htm#BlogID573 by Dave Piscitello

Fri, 08 Dec 2006 00:00:00 00, 574

Transcript available

A copy of the real time captioning of the ICANN SSAC Sao Paolo Open Meeting is now available here. You can grab a copy of my study, SAC014, Information Gathering Using Domain Name Resource Records, read the captioning, and get a deeper appreciation of the study I conducted by reading the transcript while viewing the presentation.

One of the idiosyncrasies of real-time captioning is that every word and verbal pause (um, ah, hmmm) are recorded, which has several unintended and humorous consequences. During the SSAC meeting, we experienced some technical difficulties with projection, and the conversation associated with resolving was duly recorded. While the exchange among the panelists is amusing, it does serve one useful purpose: open the link to the captioning and search for the phrase, "For those of you who will get seasick,"...

Archived at http://www.securityskeptic.com/arc20061201.htm#BlogID574 by Dave Piscitello

Dave Piscitello founded Core Competence, Inc. in 1993 and is now an occasional consultant for the company. He is currently ICANN's Senior Security Technologist and serves on the ICANN Security and Stability Advisory Committee (SSAC). A 30-year network, Internet and security veteran, Dave provides advisory and consulting services to security and broadband access companies, *SPs, and Fortune 100 companies. An enthusiastic writer, Dave has published hundreds of articles, product reviews, and editorials for print and online publications, including BCR, Network World, Infoworld, WatchGuard Technologies' Live Security, SecurityPipeline, LOOP, ISSA Journal, and Information Security Magazine. Dave maintains a security infoblog at http://www.securityskeptic.com/weblogindex.htm

The Security Skeptic