Nirlog.com

For last few months I’d been craving for a DSLR. I thought it was about time to take a step forward from my old point n shoot Canon Powershot S50 and upgrade it to a decent DSLR. BTW, my wife and I are expecting our second child in mid July and thought it’s the right time to have a quality camera to take nice pictures. Spent quite some time researching which camera to buy that fitted my requirements and budget. I narrowed it down to Nikon D90, Nikon D5000 and Canon Rebel T1i / EOS 500D, and finally decided to go for Nikon D90.

I was keeping my eye on the price of D90 in UK at Camera Price Buster (very useful site indeed!). When I was ready to buy it from Currys (it was £709.00 at that time), just decided to do a last minute check on Amazon (I prefer buying from Amazon because never had any problems in the past) and to my surprise Nikon D90 Digital SLR Camera, 18-105 VR Kit was there for just £649.99 by a seller called “rodneyjwillis”. Almost £60 cheaper, Excellent - I thought. Checked the sellers profile/review - it had 100% positive feedback from the buyers, nice comments and seller was with Amazon for almost a year. So, ordered it from Amazon marketplace. I didn’t see anything phisy at that time and anyway I was aware that paying via Amazon will guarantee my purchase with their A-to-z guarantee scheme.

When all other stuff I ordered together with D90 arrived (camera bag, sd card and d90 book), but there was no sign of my D90 being dispatched, let alone delivered. I sensed something was wrong. Went back and checked the seller’s profile - there was one new feedback saying

“BEWARE! This account is being used in a scam - items don’t arrive!”

Read the rest of this entry »

Hurray…! My intense work for last couple of weeks has finally paid off. Yeah, I’ve just passed my SFCP (Source Fire Certified Professional) Certification Exam.

First briefly about the company - Sourcerfire was founded by the author of Snort (an open source network intrusion prevention and detection system). Snort is the most popular and widely deployed IDS/IPS and has become the de facto standard for the industry.

So, why do we need Sourcefire (very expensive) if Snort is the best and free?

Right, Snort is the best and free out there but it’s implementation, management and maintenance is not a piece of cake for everyone; that’s where sourcefire comes into play. Sourcefire uses snort at it’s heart to utilize it’s powerful IDS/IPS techonology, with added benefit of plug-n-protect simplicity (the purpose-built appliance is easy to install, maintain and manage), and it comes with tons of extra features that make it very powerful. Sourcefire adds an Adaptive IPS and Enterprise Threat Management (ETM) on top of the Snort IPS. It is managed via user-friendly and intuitive web interface, of course you can always do your advanced config from the shell because it’s a snort installed in a linux box anyway.

Components of Sourcefire 3D System

Sourcefire 3D System is comprised of two appliances (Sourcefire Defense Center and Sourcefire 3D Sensor).

Sourcefire Defense Center (DC) is a centralized management console to manage the sensors, centralized event aggregation and sensor policy administration.

Sourcefire 3D Sensors are purpose-built network security appliances that passively aggregate network and user intelligence while defending the network against internal and external threats.

3D Sensor Modules

Each Sourcefire 3D Sensor is capable of running any combination of the following four software components (you need to buy them separately):

Sourcefire IPS (Intrusion Prevention System) it’s the mighty snort running in background, where you can use rules-based detection engine and utilize the acclaimed Vulnerability Research Team (VRT) to protect your network. The IPS component is included in the base system.

Sourcefire RNA (Real-time Network Awareness) passively monitors real-time network traffic and gathers network intelligence, it can detect operating systems, services, applications, protocols, and potential vulnerabilities that exist on your network. This is a very useful component of Sourcefire but you’ll need to buy the RNA license separately.

Sourcefire RUA (Real-time User Awareness) helps to identify the user identity and contact information, it pairs Active Directory and LDAP usernames with host IP addresses involved in security and compliance events. You’ll need to buy the RUA license separately.

Sourcefire NetFlow Analysis is an optional component of Sourcefire’s Network Behavior Analysis (NBA) solution. It gives additional insight to network threats by aggregating and analyzing NetFlow from routers and switches.

Sourcefire 3D System deployment with Master Defense Center

OK that was about sourcefire. Here’s how you go about getting certified.

Read the rest of this entry »

Thanks to facebook I’ve come in contact with many of my childhood buddies, neighbors, old school mates to university friends. It’s a place to be. Even when you’re busy, you just login once a day to check what your friends and families are up to. It provides sleek, friendly and relatively non-intrusive environment to interact.

I’ve to say that I’ve been quite reluctant to install third-party apps and post family photos due to privacy concerns, but this new terms of service makes it worse. Now anything you post or upload can be used by facebook even after you close your account. In previous terms of service, facebook’s rights on your content would expire after you closed your account, but not any more.

via: Consumerist

Update (17Feb09): facebook ceo, Zuckerberg has written a blog post about the issue, trying to explain why they need this TOS.

Our philosophy that people own their information and control who they share it with has remained constant. A lot of the language in our terms is overly formal and protective of the rights we need to provide this service to you. Over time we will continue to clarify our positions and make the terms simpler.

Update (18Feb09): After a global complain facebook has returned to previous terms of service (until they find a new language to clarify their position). Zuckerberg explains it in his Update on Terms

We concluded that returning to our previous terms was the right thing for now. As I said yesterday, we think that a lot of the language in our terms is overly formal and protective so we don’t plan to leave it there for long.

Update (27Feb09): Finally, democracy has come to facebook, it’s allowing users to review comment and vote over it’s future policies. That the way to go, well done facebook!

After a vigorous job hunt of little more than a week, I’m glad to let you all know that I’ve joined Vanco (Reliance Globalcom, Anil Dhirubhai Ambani Group) as a Security Engineer, which provides global managed network solutions with assets and expertise of FLAG, Vanco and Yipes:

Delivering customer-focused managed network and application delivery solutions that leverage a global network with unrivalled reach, depth and breadth to multinational, service provider and global carrier clients. Over 1400 enterprise customers and 200 carriers depend upon Reliance Globalcom to manage business-critical network solutions and address complex requirements for their businesses and partners throughout the world

Vanco is now Reliance Globalcom, Anil Dihrubhai Ambani group, which is also well known because of it’s chairman Anil Ambani, currently 6th on The World’s Billionaires List.

I feel myself privileged and honored to have this opportunity. At Vanco my role will be exclusively focusing on security, I’m really excited about it. This is a perfect opportunity for me to bring forward my previous network/security expertise as well as learn and grow at this truly global organization.

GFI LANguard Network Security Scanner is a very easy to use yet powerful commercial Network vulnerability scanning, patch management and auditing tool. If you have a small network with few computers then it’s easy to keep track of the softwares installed and do the patching manually, but for larger networks it would be a nightmare to do everything manually. This is where tools like GFI LANguard NSS come in to help network/system admins. GFI LANguard NSS makes use of the vulnerability check databases based on OVAL and SANS Top 20, providing over 15,000 vulnerability assessments when your network is scanned. It is one of the best commercial network security scanner and patch management tool available.

I’ve installed and tested it in my WinXP SP2 running on my MacBook Pro Vmware Fusion, and this is what I found.

Read the rest of this entry »

If you’re running a web site and have come to a point where a single web server cannot handle the traffic, then it’s time to get multiple web servers and share the loading. To do that you’ll need a load balancer which distributes the web traffic among multiple web servers.

Basically you’ve two choice — go for the hardware solutions (expensive with many nice features) or software solutions (possibly free but with limited features). If you want a free and open source solution then Pound is the choice.

Pound is a Free Open Source reverse-proxy, load balancer, SSL wrapper, http/https sanitizer, fail over server and a request redirector:

1. a reverse-proxy: it passes requests from client browsers to one or more back-end servers.
2. a load balancer: it will distribute the requests from the client browsers among several back-end servers, while keeping session information.
3. an SSL wrapper: Pound will decrypt HTTPS requests from client browsers and pass them as plain HTTP to the back-end servers.
4. an HTTP/HTTPS sanitizer: Pound will verify requests for correctness and accept only well-formed ones.
5. a fail over-server: should a back-end server fail, Pound will take note of the fact and stop passing requests to it until it recovers.
6. a request redirector: requests may be distributed among servers according to the requested URL.

Pound is built with security in mind, it can run as setuid/setgid and/or in a chroot jail. It’s a very small, robust and efficient program.

It’s very easy to install and configure.

Read the rest of this entry »

After switching to a mac, I tried many desktop password managers, and had written about Password Managers for OS X, which got a lot of attention. It’s needless to mention the importance of using a password manager since we use passwords to protect almost everything digital, and we’ve so many of them today. Currently we trust most of our private data like, emails, bookmarks, documents, spreadsheets and calendar events to some online providers like Google, Yahoo or Microsoft. So, how about your secrets and passwords stored online, somewhere in the cloud? I know what your immediate response is, passwords? No way I’m going to store my passwords online! But you might want to give a second thought because now the technology is secure enough. Thanks to Host-Proof Hosting. If the owners of the servers wanted to mess around with your information, or even if the server gets hacked, they won’t be able to recover your data. In Host-Proof Hosting the sensitive data is always transmitted to the server in encrypted from using a pass-phrase. The good thing is that, this pass-phrase is never transmitted to or stored in the server. The server can never access the stored data in it’s plain form. All the encryption and decryption takes place in the client side, inside the browser. This is basically a “Zero-Knowledge” web application, where the provider knows nothing about your actual data.

* User enters pass-phrase to begin using the system. Browser retains the pass-phrase as a global variable.
* User requests a list of all data belonging to him.
* For each record, the system stores the associated user ID in plain-text, the record ID in plain form, and the record content only in encrypted form. (The message content is one or more database columns, each encrypted.) Thus, system is able to return a list of record IDs for this user.
* User selects one of the record IDs.
* System checks that this user ID is associated with the record ID, and returns the corresponding message content.
* Browser uses stored pass-phrase to decrypt the contents.

Ok, with that background if you’re ready to store your sensitive information online, here are few choices for you.

Read the rest of this entry »

There are many things you can and should do to keep your system and network secure. As the saying goes — “Security is not a single event or a product, it’s a process”. So, you’ve to keep up with all the changes, installing firewalls, IDS/IPS, network security monitoring, auditing, making security policies, password policies, email policies and so on… Yes, all of them are very important and you’ll be dealing with most them depending on your security requirements. But there’re some basic things every network and system admin should follow. Personally, I’ve found 4 things that are very simple yet effective in securing your systems.

Read the rest of this entry »

Snort has always been, and still is my favorite IDS (Intrusion Detection System) although I manage many UTM (Unified Threat Management) Firewalls with built in IPS/IDS (Intrusion Detection/Prevention) now. The commercial UTM Firewalls with IPS/IDS are easy to use and configure but they come with a high price tag and aren’t easy to customize. Even though snort is not that easy to install, configure and manage it still is the most popular IDS/IPS today because of the fact that it is open source, free, easily customizable, easy to create rules, signatures are always kept up-to-date by its community and plenty of excellent documentation, guides and books.

Snort captures enormous amount of data from the network and generates alert based on the rules and signatures. There’re currently 3 excellent and relatively user friendly ways to manage and analyze the snort data:
Read the rest of this entry »

I locked myself in for 2 months to prepare for the CISSP (Certified Information System Security Professional) exam, and now I’m back triumphant to tell the story. Yes, I just received the Congratulations email from ISC2. I’m sharing my experience here with a hope that it might be helpful to anyone who’s preparing to take the exam. There’s no doubt that it was THE MOST difficult exam I’ve ever taken.

Let me give you a general idea about this certification. CISSP is a security certification carried out by (ISC)², which is a globally recognized, vendor neutral organization for certifying information security professionals. To pass the CISSP exam you’ll have to be competent in 10 Domains of the Common Body of Knowledge (CBK):

• Access Control
• Application Security
• Business Continuity and Disaster Recovery Planning
• Cryptography
• Information Security and Risk Management
• Legal, Regulations, Compliance and Investigations
• Operations Security
• Physical (Environmental) Security
• Security Architecture and Design
• Telecommunications and Network Security

To qualify to sit for the exams you need to:

Subscribe to the (ISC)² Code of Ethics.
Have a minimum of four years of direct full-time security professional work experience in one or more of the ten domains of the (ISC)² CISSP® CBK® or three years of direct full-time security professional work experience in one or more of the ten domains of the CISSP® CBK® with a college degree. Additionally, a Master’s Degree in Information Security from a National Center of Excellence can substitute for one year toward the four-year requirement.

Update: Effective 1 October 2007, professional work experience requirements for the CISSP will increase from four to five years, and direct full-time security professional work experience will be required in two or more of the ten CISSP CBK domains. A new endorsement policy will also be in effect, requiring anyone who passes a CISSP, CAP, or SSCP exam to have their qualifications endorsed by another (ISC)² credential holder. These changes will not affect those who sit for an examination on or before 30 September 2007. For more information, please refer to the Experience Requirement Change FAQs.

The exam itself is 6 hours long, with 250 questions based on the 10 domains. 25 out of 250 questions are for research, but you’ll have to answer all of them, and there’s no way of knowing which one is which. So, 225 questions will be scored, and you’ll have to get 700 out of a possible 1000 points on the grading scale to pass. Different questions carry different weight (marks) and there’s no way to know which question carries how much marks. As of writing this, the exam costs US$ 499 if you register 16 days ahead of exam date or US$ 599 if you register later.

Read the rest of this entry »