Et Cetera

Wed
13
Apr

Automating Incident Response Using OSSEC

Contributed by Boyd Aaron Sigmon

Exposing services to the Internet inadvertently invites attackers to constantly probe systems for ways in to a network. In the world of intrusion detection, these probes can raise alarms and require valuable manpower to block offenders and verify that the attackers haven’t been successful. The purpose of this paper is to show how to automate the incident response process of blocking some of the most common attacks by using the active response feature in a free open source tool called OSSEC.

This document is in PDF format. To view it click here.

Fri
01
Apr

Ransomware Digital Extortion

Contributed by Tregenza M Henry

Just last week Methodist Hospital in Henderson Kentucky was hit with Ransomware, they are latest in a string of different organization who are being forced to seriously consider paying attackers in hope they will regain control of vital data on their own network. “The attackers are demanding a mere four bitcoins in exchange for a key to unlock the encrypted files; that’s a little more than USD $1,600 at today’s exchange rate.” (Clerix, 2016) This is the modus operando of attacker who use Ransomware, they demand payment that are well within the means of those being attacked.

This document is in PDF format. To view it click here.

Tue
01
Mar

Investigating SANS/CWE Top 25 Programming Errors

Contributed by Fred Williams

On January 12, 2009, experts from more than 30 cyber security organizations jointly released a consensus list of the top 25 most dangerous programming errors (http://www.sans.org/top25errors/). This list attempts to boil down the more than 700 possible causes of software security issues to the ones that are so prevalent and severe that no software should be released to customers without evidence that measures were taken to ensure the software does not contain any of these errors. The Top 25 errors were further broken down into 3 categories: Insecure Interaction between Components that contains 9 errors, Risky Resource Management which contains 9 errors and Porous Defenses has the final 7 errors.

This document is in PDF format. To view it click here.

Mon
22
Feb

Computer Forensics For Law Enforcement

Contributed by Hassel Stacy Jr.

The Internet, data systems and growing computer networks provide many opportunities for computer crimes. Computers are increasingly used to commit, enable or support crimes perpetrated against business, people and property. Computers can be used to commit the crime, may contain evidence from a crime and could be targets of crime. Understanding the role and nature of evidence that might be found, how to process a crime scene containing potential forensic evidence, and how an agency might respond to such experiences of the law enforcement community, the public sector, and the private sector in the recognition, collection and preservation of computer forensic evidence in a variety of crime scenes will be defined in the following paragraphs.

This document is in PDF format. To view it click here.

Wed
03
Feb

A Comparison of VNC Connection Methods

Contributed by Frank Isaacs

VNC (Virtual Network Computing) is an open-source, cross-platform protocol for viewing GUI desktops on remote machines within a LAN or over a WAN/Internet connection. This paper discusses different methods of deploying VNC with a n emphasis on the security considerations of each method, and the tradeoffs associated with the convenience of each method. The methods discussed include an open connection and a connection tunneled over ssh (Secure SHell). Includes information regarding the platform-independence of VNC and ssh implementations, so that solutions presented can be applied to Windows, Linux, Mac, and even other operating systems – securely and with open-source software.

This document is in PDF format. To view it click here.

Pages

Subscribe to RSS - Et Cetera