Tuesday, October 11, 2011

Physical Security - Datacenter BluePrint

Physical Security ( Information Security  ) 

                            A significant amount of security incidents are found to be performed utilizing some vulnerability of the physical security.

So, here is a set of rules to create a blueprint of physical security of a IT department and data center for a company.
  1. The system room must not have windows. Ideally, it should be in the center of the building.

  2. All equipment that is not used must be stored in dedicated storage space, away from production environment

  3. All high security spaces should be monitored by CCTV cameras.
  4. Access control zones must be implemented, to create a security barrier as well as provide a log of access activities. These are created by doors opened by electronic key cards or multiple-factor authentication.
  5. All windows should be fully tempered, and equipped with a glass break sensor connected to a central alarm system
  6. All spaces that don't have 24/7 access should have motion sensors connected to the central alarm system.
  7. The design of the environment should enable technical service personnel to operate with minimal risk of unauthenticated access to data
  8. All alarm events and CCTV control should be under maximum security but should NOT be accessible by IT personnel
  9. Paper, optical and magnetic data carriers should be handled in a controlled environment, and properly destroyed prior to discarding
  10. High security environment should always implement multi-factor authentication.
The following image presents a concept for an IT department and System room environment that follows the presented set of rules:

The set-up of the environment is the following:
The reception area is the only way to access the entire floor, and everyone accessing this space is recorded on the CCTV camera. The access to the rest of the floor is restricted by an key card controlled door.
The Communication Room is also in the reception area, and it is accessible by a key card and PIN controlled door. It houses access panels where the communication providers (Telecoms, Internet, VPN etc.) terminate the purchased links. This is the last point where a representative of the telco providers can access to configure connectivity. The comm room has to be opened by an authorized System Administrator, so the telco provider's person is always escorted by an authorized person.
All the corridors in the space around the data-room are under CCTV surveillance
All offices have windows made of tempered glass that cannot be opened and are equipped with motion sensors which activate after 7 PM.
Support center which is manned 24/7, the toilet and the equipment storage room are the only rooms without motion sensor. These spaces can be used 24/7 so there is no point in placing motion sensors.
All documentation photocopying and destruction is performed in a dedicated room equipped with proper devices (shredder, degausser).
Dedicated storage space is used to store all unused equipment, which is accessed by a key card controlled door and is also monitored by CCTV.
The data-room is central to the floor, and has strengthened walls (Blue walls). The data-room is divided into two segments:
  • Pre-system space - this space is accessible via a dual key card door, which opens only when two persons use their key cards simultaneously. The Pre-system space contains the supporting infrastructure, which is placed outside of the system space to minimize risks of battery or coolant leaks, and to allow service personnel to access and service this infrastructure without having access to the actual servers.

  • System space - this space is accessible via the dead-man door, which is actually a very small corridor (only fits one person at a time) with two doors at the end. If one of the doors is open the other is automatically locked. In order to pass through the dead-man door, one must pass a multi-factor authentication: He/She needs to present his key card (something he/she has), type in the corresponding PIN (something he/she knows), and after entering the dead-man space, he is measured to verify the stored weight of the person, and a biometric verification is performed - retina or fingerprint (something he/she is).
The system space is under constant CCTV surveillance, and it also contains a separate small electronically locked space where the security controllers reside, to isolate these controllers from the SysAdmins.

Posted by at
Labels: , , ,

open source Web Application Vulnerability Scanner

Web Application Security Assessment Tools:

Netsparker:

         Netsparker can crawl, attack and identify vulnerabilities in all custom web applications regardless of the platform and the technology it's built on, just like an actual attacker.
        
         Netsparker can find and report security issues such as SQL Injection and Cross-site Scripting (XSS) in all web applications regardless of the platform and the technology they are built on.






Download Link :  Click here



N-stalker :

        
N-Stalker Web Application Security Scanner - security assessment tool that 
incorporates N-Stealth HTTP Security Scanner. Allows to scan web applications
 against SQL XSS injection, buffer overflow, parameter tampering, cross-site script
 CWE Top 25, PCI, OWASP Top 10.
 

 


 
Download Link : Click Here 
 
Acunetix:
         Web Application Vulnerability Scanner automatically checks your web 
applications for SQL Injection, XSS & other web vulnerabilities.   
 
 


 
Download Link : Click Here


Posted by at
Labels: , , , , ,

Wednesday, September 14, 2011

Web Application Security/Vulnerability Scanner

                      We have been using lot of tools for Finding Vulnerability in Web Application . while Pentesting today we will see how to use Open source Security Scanner , which works without much of the false positives,we will test this tool


List Of Commercial Tools : Web Application Security Scanner

 

List of Open Source Tools : Web Application Vulnerability Scanner

Posted by at

Tuesday, September 6, 2011

virtualization product - Open Source

 VirtualBox:
                  is a family of powerful x86 virtualization products for enterprise as well as home use. Not only is VirtualBox an extremely feature rich, high performance product for enterprise customers, it is also the only professional solution that is freely available as Open Source Software under the terms of the GNU General Public License (GPL).

                Presently, VirtualBox runs on Windows, Linux and Macintosh hosts and supports a large number of guest operating systems including but not limited to Windows (NT 4.0, 2000, XP, Server 2003, Vista), DOS/Windows 3.x, Linux (2.4 and 2.6), and OpenBSD.

                           
                              VirtualBox for Linux/UNIX. Within VirtualBox Windows XP is running.
                           

VirtualBox for Mac OS X. Within VirtualBox Windows 7 is running.


                          VirtualBox for Windows. Within VirtualBox Ubuntu 10.10 is running.

Oracle VirtualBox :

  • LsiLogic SAS controller emulation
  • RDP video acceleration
  • NAT engine configuration via API and VBoxManage
  • Enhanced OVF support with custom namespace to preserve settings that are not part of the base OVF standard


Download Link : Click Here

Posted by at
Labels: , , , , , , ,

Monday, September 5, 2011

OVALdi - an open-source local vulnerability assessment scanner

OVAL Interpreter is a freely available reference implementation that demonstrates the evaluation of OVAL Definitions. Based on a set of Definitions the interpreter collects system information, evaluates it, and generates detailed OVAL Results.



OVALdi is open-source and still under heavy development, so the results may not always be accurate:

  • The repository of OVAL definitions is not complete yet: Not all vulnerabilities will be detected.
  • Non-English versions of Windows do not seem to be supported as well as English versions: In practice you may encounter more false positives (reported vulnerabilities even when the patch is already installed).
  • Potential bugs

Download Link : Click Here
Posted by at
Labels: , , ,

Best Open Source Information Security Tools

Open Source Security Assessment Tools


Best - Open Source Security Assessment , Vulnerability Auditing, & Penetration Testing Tools:

1
 Stockade Virtual Appliance with Snort, BASE, Inprotect, CACTI, NTOP & Others
2

Nessus

 Open source vulnerability assessment tool
3
 Snort Intrusion Detection (IDS) tool
4
 Wireshark TCP/IP Sniffer- AKA Ethereal
5

WebScarab

Analyze applications that communicate using the HTTP and HTTPS protocols
6
 Wikto Web server assessment tool
7
 BackTrack Penetration Testing live Linux distribution
8
 Netcat The network Swiss army knife
9
 Metasploit Framework Comprehensive hacking framework
10
 Sysinternals Collection of windows utilities
11
 Paros proxy Web application proxy
12
 Enum Enumerate Windows information
13
 P0F v2 Passive OS identification tool
14
 IPPersonality Masquerade IP Stack
15
 SLAN Freeware VPN utility
16
 IKE Crack IKE/IPSEC cracking utility
17
 ASLEAP LEAP cracking tool
18
 Karma Wireless client assessment tool- dangerous
19
 WEPCrack WEP cracking tool
20
 Wellenreiter Wireless scanning application
21

SiteDigger

 Great Google hacking tool
22
 Several DDOS Tools Distributed Denial of Service(DDOS) tools
23
 Achilles Web Proxy Tool
24
 Firefox Web Developer Tool Manual web assessment
25
 Scoopy Virtual Machine Identification tool
26
 WebGoat Learning tool for web application pentests
27
 FlawFinder Source code security analyzer
28
 ITS4 Source code security analyzer
29
 Slint

Source code security analyzer
30
 PwDump3 Dumps Windows 2000 & NT passwords
31
 Loki ICMP covert channel tool
32
 Zodiac DNS testing tool
33
 Hunt TCP hijacking tool
34
 SniffIT Curses-Based sniffing tool
35
 CactiEZ Network traffic analysis ISO
36
 Inprotect Web-based Nessus administration tool
37
 OSSIM Security Information Management (SIM)
38
 Nemesis Command-Line network packet manipulation tool
39
 NetDude TCPDump manipulation tool
40
 TTY Watcher Terminal session hijacking
41
 Stegdetect Detects stego-hidden data
42
 Hydan Embeds data within x86 applications
43
 S-Tools Embeds data within a BMP, GIF, & WAV Files
44
 Nushu Passive covert channel tool
45
 Ptunnel Transmit data across ICMP
46
 Covert_TCP Transmit data over IP Header fields
47
 THC-PBX Hacker PBX Hacking/Auditing Utility
48
 THC-Scan Wardialer
49
 Syslog-NG MySQL Syslog Service
50

WinZapper

 Edit WinNT 4 & Win2000 log files
51
 Rootkit Detective Rootkit identification tool
52
 Rootkit Releaver Rootkit identification tool
53
 RootKit Hunter Rootkit identification tool
54

Chkrootkit

 Rootkit identification tool
55
 LKM Linux Kernal Rootkit
56
 TCPView Network traffic monitoring tool
57
 NMAP Network mapping tool
58
 Ollydbg Windows unpacker
59
 UPX Windows packing application
60
 Burneye Linux ELF encryption tool
61

SilkRpoe 2000

 GUI-Based packer/wrapper
62
 EliteWrap Backdoor wrapper tool
63
 SubSeven

Remote-Control backdoor tool
64
 MegaSecurity Site stores thousands of trojan horse backdoors
65
 Netbus

Backdoor for Windows
66
 Back Orfice 2000 Windows network administration tool
67
 Tini Backdoor listener similar to Netcat
68

MBSA

 Microsoft Baseline Security Analyzer
69
 OpenVPN SSL VPN solution
70
 Sguil An Analyst Console for network security/log Monitoring
71
 Honeyd Create your own honeypot
72
 Brutus Brute-force authentication cracker
73
 cheops / cheops-ng Maps local or remote networks and identifies OS of machines
74
 ClamAV A GPL anti-virus toolkit for UNIX
75
 Fragroute/Fragrouter Intrusion detection evasion toolkit
76
 Arpwatch Monitor ethernet/IP address pairings and can detect ARP Spoofing
77
 Angry IP Scanner Windows port scanner
78
 Firewalk Advanced traceroute
79
 RainbowCrack Password Hash Cracker
80
 EtherApe EtherApe is a graphical network monitor for Unix
81
 WebInspect Web application scanner
82
 Tripwire File integrity checker
83
 Ntop Network traffic usage monitor
84
 Sam Spade Windows network query tool
85
 Scapy Interactive packet manipulation tool
86
 Superscan A Windows-only port scanner
87
 Airsnort 802.11 WEP Encryption Cracking Tool
88
 Aircrack WEP/WPA cracking tool
89
 NetStumbler Windows 802.11 Sniffer
90
 Dsniff A suite of powerful network auditing and penetration-testing tools
91
 John the Ripper Multi-platform password hash cracker
92
 BASE The Basic Analysis and Security Engine- used to manage IDS data
93
 Kismet Wireless sniffing tool
94

THC Hydra

 Network authentication cracker
95
 Nikto Web scanner
96
 Tcpdump TCP/IP analysis tool
97

L0phtcrack

 Windows password auditing and recovery application
98

Reverse WWW Shell

 Shell access across port 80
99
 THC-SecureDelete Ensure deleted files are unrecoverable
100
 THC-AMAP Application mapping tool
Posted by at
Labels: , , , , ,

Top 5 VPN Software

ProXPN:

ProXPN is a free VPN software that creates a secure VPN connection between the internet and your PC under a highly secured environment. With secure browsing software ProXPN you can easily hide your online activity and identity. It also helps you to surf blocked websites by hiding the real IP address.

Create a ProXPN account, download, install and run the software, then you can connect the VPN service with your username and password.

Free accounts are rate-limited to 1000 kbps, and do not include PPTP VPN access.

Download Link : Click Here

---------------------------------------------------------------------------------------------------

MicroVPN:

This program is developed by a company that has various servers in the United States, and basically offers the connection to a VPN (Virtual Private Net) by means of which all the users connected will exit the VPN through their servers. This means that even if you are connected in your own country, your connection will indicate that your are in USA.

MicroVPN offers you various American IPs, protection by means of 168-bit L2TP/IPsec encryption, and various other protection elements that joined to the ease with which the software connects and how easy it is to configure, make MicroVPN one of the programs that changes our IP in the easiest way.

Download Link : Click here

**************************************************************************************

Loki VPN Client:

Free VPN software of Loki Network Project, it is workable for Windows computer only, but offers unlimited data traffic with a 30-minute connection limit per time.

You just need to download and install the software, then run and connect it, no registration needed, but sometimes it maybe fail to connect the VPN server, and the speed is a little slow.

Download Link : Click Here

====================================================================

ExpatShield:

It is true that we have several free vpn services to bypass such restrictions, but Expat Shield is a new vpn service from AnchorFree, maker of the popular HotSpot Shield, that enables users to create VPN connection to servers located in the United Kingdom, and thereby access all services which are region locked to the UK, such as BBC iPlayer, ITV player, Channel 4, Spotify and others.
Expat Shield also enables user to remain anonymous, and offers protection from packet sniffers, such as Firesheep, by way of encrypted (HTTPS) connection.

Download Link : Click Here

<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

Hotspot Shield:


Hotspot Shield offers a free VPN solution with unlimited bandwidth for Windows and Mac.

Just download and install the software, then you can run and connect the VPN service. There will be ads on the top of the webpages you visit.


Besides English, French and Chinese, Hotspot Shield also supports Arabic, Persian, Russian and Vietnamese.


shield logo

Hotspot Shield

Ensure you are private, secure, and anonymous online!

  • Secure your web session, data, online shopping, and personal information online with HTTPS encryption.
  • Protect yourself from identity theft online.

Download Link : Click Here

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Posted by at
Labels: , , , , , ,
Subscribe to: Posts (Atom)