• Home
• Blog Archive
  • December 2005
  • November 2005
  • October 2005
  • September 2005
  • August 2005
  • July 2005
  • June 2005
  • May 2005
  • April 2005
  • March 2005
  • February 2005
  • January 2005
  • December 2004
• Newsletter Archive
• Categories
  • Book Reviews
  • Commentary
  • General
  • How-To
  • Networking Tips
  • New Technology
  • Podcasts
  • Pretty Good Practices
  • Product Recommendations
  • Security Alerts

December 15, 2005

Skype Considered Harmful

A previous Dr. I. Doctor blog item (VOMIT: Diagnostic Tool Lets Hackers Target VoIP) discussed Voice-over-IP, noting that Skype was one of the few public VoIP services that encrypts its traffic. This was a good feature, providing a necessary layer of protection for Skype users. Unfortunately, since then several discoveries about Skype have led many network administrators to bar it from their networks.

Continue reading "Skype Considered Harmful"

Posted by Mel Beckman at 9:09 AM

December 6, 2005

New CERT Guide: Botnets as a Vehicle for Online Crime

If you've spent much time at all analyzing network traffic, you've run into an infamous plague swarming the Internet known as botnets -- the interconnected web of compromised PCs that virus writers use for intelligence gathering and distributed denial of service attacks. But unless you've actually disassembled botnet code, you likely don't have much information about how botnets work. The Computer Emergency Response Team (CERT) whitepaper Botnets as a Vehicle for Online Crime is a first-rate tutorial on the motivations and mechanics of botnets. It should be required reading for all network professionals.

Continue reading "New CERT Guide: Botnets as a Vehicle for Online Crime"

Posted by Mel Beckman at 7:55 AM

Another Reason to Disable the Cisco IOS HTTP Interface

Microsoft usually wins all awards for quantity and quality of network vulnerabilities, but don't be distracted. There are enough security holes for everyone, and it's easy to become complacent about seemingly innocuous devices like routers and switches. A case in point is a just-announced bug in Cisco IOS that affects all devices -- both routers and switches -- from version 11.0 through 12.4. The problem is with IOS' HTTP interface, a not very useful option that nevertheless is turned on by default in most Cisco products. This interface is a security time bomb, and should be disabled in virtually every Cisco deployment.

Continue reading "Another Reason to Disable the Cisco IOS HTTP Interface"

Posted by Mel Beckman at 7:07 AM

November 14, 2005

New CERT Guide: First Responders Guide - Advanced Topics

Network intrusion detection is usually under the purview of network administrators. But once an intrusion has been discovered, who is responsible for assessing the damage? In many organizations, that task also falls to the network admin staff. Most network technologists have a good working knowledge of computer systems, so this is not unreasonable. However, few of us write code for a living, so constructing a toolkit for intrusion assessment is not something at which we're likely to excel.

With the Computer Emergency Response Team (CERT) First Responders Guide to Computer Forensics: Advanced Topics, you don't have to be a code wizard. This 169-page tutorial gives you hands-on instruction for analyzing compromised systems using existing tools, and shows you how to safely install additional utilities for deeper analysis.

Continue reading "New CERT Guide: First Responders Guide - Advanced Topics"

Posted by Mel Beckman at 8:26 AM

October 28, 2005

Hot Off The Press: Perfect Passwords

There are two sets of passwords I must deal with in my life: my own and everyone else's. Users constantly forget their passwords, or mistype them because they're so CoNv0Lut3d, and only a technologist can resolve the problem for them. My own problem isn't not remembering my passwords, but being confident in them. I just don't think there is as much variation in the passwords I use to prevent massive data exposure should one of my passwords be compromised. I need something to educate my users -- and myself -- about the best means of password construction. Mark Burnett's book Perfect Passwords: Selection, Protection, and Authentication (2005 Syngress), aims to do just that.

Continue reading "Hot Off The Press: Perfect Passwords"

Posted by Mel Beckman at 8:39 AM | Comments (3)

October 17, 2005

Out of IPv4 Addresses in Five Years?

A recent report by Cisco networking guru Tony Hain predicts the end of IPv4 address space in about 2010, just five years from now. This is in contrast to the prior prediction of 2022 made by the Asian Pacific Network Information Center (APNIC). Why the suddenly sooner deadline? According to A Pragmatic Report on IPv4 Address Space Consumption, the APNIC report does not take into account the temporary growth slowdown of IP address allocations from 2000 to 2003 due to the dot-com crash. Since 2003, IP address allocations have accelerated dramatically.

Continue reading "Out of IPv4 Addresses in Five Years?"

Posted by Mel Beckman at 11:40 PM

October 13, 2005

Hot Off the O'Reilly Press: Switching to VoIP

Voice over IP has been around for years, and many were wondering when it would grow up. It just did. VoIP slammed through adolescence over the last year or so and is now a "newly mature" technology with many benefits and rapidly dropping deployment costs. But if you're new to the technology, it can be hard to get your arms around. That's where O'Reilly's new book "Switching to VoIP" fills a void. This gem of a techno primer by Theodore Wallingford explains VoIP better than any other book I've seen to date.

Continue reading "Hot Off the O'Reilly Press: Switching to VoIP"

Posted by Mel Beckman at 8:47 AM

September 29, 2005

Learn IPv6 Today; Hackers Are

One of the most interesting data points I took away from the recent 2005 North American IPv6 Technology Conference in San Jose is that IPv6 acceptance is growing rapidly in one unexpected "market segment:" the hacker community. Hackers are exploiting freely available IPv6 technology on Macintosh, Unix, and Windows systems to skirt around firewalls and other network security measures. There could be a hacker right now tunneled into your network over IPv6, and chances are your intrusion detection software isn't looking for them and thus can't see them.

Continue reading "Learn IPv6 Today; Hackers Are"

Posted by Mel Beckman at 9:57 AM

September 18, 2005

Dr. I Doctor's First Podcast: An ARPAnet Pioneer Reminisces

In Dr. I Doctor's first in a series of Podcast interviews with computing pioneers, I speak with Larry Green, one of the original ARPAnet researchers and an engineer responsible for the design of the Internet Message Processor interface to IBM System/360 mainframes. Listen in as Larry describes the earliest moments of Internet history, and thinks back over a career spanning 40 years -- and still going strong!

Continue reading "Dr. I Doctor's First Podcast: An ARPAnet Pioneer Reminisces"

Posted by Mel Beckman at 5:15 PM

September 15, 2005

Mac mini How-To: Build a TruffleBox

Here's the first how-to article promised by the preceding item about the Mac mini. It explains how to set up a Mac mini as a world-class intrusion detection system (IDS) probe running Snort. The complete step-by-step instructions are included (in a link at the end of this item). But here are the highlights.

Continue reading "Mac mini How-To: Build a TruffleBox"

Posted by Mel Beckman at 1:03 AM