var _gaq = _gaq || []; _gaq.push(['_setAccount', 'UA-35754314-2']); _gaq.push(['_setDomainName', 'securityeverafter.com']); _gaq.push(['_trackPageview']); (function() { var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true; ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s); })();

Wednesday, December 1, 2010

iptables -L

Recently I decided to teach myself how to use iptables. The concept always made a lot of sense, however until I forced myself to actually use it, my understanding was incomplete. Iptables is a host based firewall implemented in Linux. INPUT defines what traffic can reach the host and OUTPUT defines what traffic can leave the host.

The iptables are typically found at /etc/sysconfig/iptables. You can open this file, as root with your favorite text editor, but it is much easier to interpret using the iptables -L command to list the rules. Saving your changes is accomplished with the command iptables-save.

To help you be more specific in your rule declarations, switches available that include --sport for source port, --dport for destination port -s for source, -d for destination and -p for protocol.

The -A switch appends the rule at the end of the list. The -I switch enters the rule as a rule number, the default being the first. The -D switch is used to remove a specific rule. Review the rules again with iptables -L to make sure the flow of the rules is what you expect. The alternative is to create a condition where a new rule may never execute. 

Examples:

#Create new rule to allow inbound traffic from time.nist.gov on port 123 to 192.168.1.200 on port 123
INPUT: iptables -I INPUT -s 192.43.244.18 --sport 123 -d 192.168.1.200 --dport 123 -j ACCEPT

#Create new rule to drop outbound traffic to www.cnn.com
OUTPUT: iptables -I OUTPUT -d 157.166.255.19  -j DROP

Useful links:
https://help.ubuntu.com/community/IptablesHowTo
http://wiki.centos.org/HowTos/Network/IPTables

Wednesday, October 27, 2010

SANS Mentor in Chattanooga

It is very hard to believe, but the SANS Security 401 Mentor Session I held in Chattanooga is now over. I discovered a lot about myself and the course content while leading the class through the material. I am certain that I learned more than the students. It was incredibly rewarding to share my passion, stories and techniques with the students. I am very proud of each of the students for making it through the course with a sound understanding of all things security.

Monday, September 13, 2010

Atlanta has an Electronic Crimes Task Force

I just discovered that Atlanta has an Electronic Crimes Task Force (ECTF). How cool is that. This program is sponsored by the Secret Service. I know.

From the website, "The success of the Atlanta Electronic Crimes Task Force resides in its ability to bring law enforcement, academia and private industry together to combat computer crime in the information age. The task force's goal is to facilitate the flow of information between the Secret Service's partners by sharing information and developing methods and means to better investigate, identify and combat electronic crimes."

The Atlanta ECTF meets each quarter at Georgia Tech. I look forward to participating and will let you know my impressions after the first meeting.

Tuesday, August 24, 2010

Creating ISO Images with dd

Last night while troubleshooting an issue with VMWare Fusion, I discovered how to create an ISO image using the dd command. The process is incredibly simple, making me wonder how I had missed it for so long. To start the process, you must sudo to root. Next, insert the media into the drive. Finally, enter the command:

dd if=/dev/cdrom of=.iso.

"if" declares the input file, while "of" declares the output file.

When this process is comple, there will be a newly created ISO image file that can be easily mounted in VMWare. This command can be useful in reducing the amount of media that has to be carried around in your backpack.

Tuesday, August 17, 2010

SANS Security 401 in Chattanooga

Tonight starts my SANS Mentor class in Chattanooga, TN. I am very excited about bringing SANS training to Chattanooga. It was a lot more preparation than I expected, but I am so glad I finally decided to do it. Security 401 - SANS Security Essentials Bootcamp Style was the first SANS class I took way back in 2004, back when I thought I knew it all. I took Security 401 after being in security for several years. I still was able to learn a lot of new material and be exposed to concepts I had never considered before. I am striving to let the same be said for the students in my class.

Wednesday, August 11, 2010

InfraGard Chapter Meeting in Chattanooga

Today I attended the InfraGard meeting in Chattanooga, TN. Normally this would be a five minute drive to attend, but today took much longer as I drove up from Atlanta. The meeting was excellent, as always and had good attendance. We heard a special briefing from the FBI about recent cyber security issues. The featured speaker was from BlueCross BlueShield of Tennessee who spoke about the lessons learned from the Eastgate incident. This was a great opportunity for everyone to get wisdom as cheaply as you can.

The difficult part of this meeting was announcing that I was stepping down as the President of the InfraGard chapter. Serving in this role allowed me to meet so many people and help share how successful InfraGard has become throughout Tennessee. I am particularly proud of the Keeping Kids Safe Online Program I mentioned before. This has great potential to grow and impact even more students.

I am excited to report there are now 167 members in the chapter and am amazed at how it has grown over the last three years. Having both the FBI and the Tennessee Office of Homeland Security always engaged at the meetings helped foster this growth. I am certain that the chapter will remain strong and continue to prosper.

Saturday, August 7, 2010

Status.Update

I have been in Atlanta and at the new job for a week and am still getting settled in. Today looks to be a good day as Comcast is supposed to be here this afternoon (finally).

I miss my friends in Tennessee a lot and am looking forward to seeing them at the Chattanooga InfraGard meeting next week. I also plan to attend the Atlanta ISSA meeting later this month.

Friday, July 23, 2010

End of an Era

Today ends my 12 year journey at BlueCross BlueShield of Tennessee and Shared Health. I started out as a Visual Basic programmer and leave today as the System Security Officer. What an incredible opportunity. Several times along the way I was challenged to apply what I learned in new and exciting ways. From learning how to program, administer networks and then securing them, it was an amazing ride.

The unique opportunity to build the Security Program at Shared Health was an experience I will never forget and always treasure. I had the opportunity to do so many new things and do them well.

The highlight was always the people. I met some of the best and brightest and had the privilege to work along side them. Many I consider friends and extended family.

Monday, July 19, 2010

InfraGard Chattanooga August Meeting

The next meeting of the InfraGard Chattanooga Members Alliance will be on August 11 at 11:30. The location will be the Chattanooga Red Cross building on McCallie Avenue.

The featured speaker will be Jennifer Adams from BlueCross BlueShield of Tennessee. Jennifer will be speaking on the lessons learned from the recent EastGate incident.

Sunday, July 18, 2010

A Long TIme

Yes, it has been a very long time since I have made a post. I regret that I have not been as regular as I had origionally planned. As some of you may already know, I am in the middle of some very big changes. I will provide full disclosure at the end of the week.

Sunday, June 20, 2010

SANS Security 542

I recently attended the SANS Security 542 Web App Penetration Testing and Ethical Hacking
class at SANS Fire. I have to say that this was one of the most energetic SANS classes I have ever taken. Kevin Johnson (hacker princess) did an amazing job of keeping the class engaged and on track. There were a bunch of hands on labs every day, which helped reinforce the material we covered. It also prepared the student for the day 6 Capture the Flag exercises.

In the class I extensively used the Samurai Web Testing Framework (WTF). The great part of this platform is that I became very familiar with its use during the class. The wise student will take Samurai WTF  back to work to help identify the holes that may exist in their own environment before someone else does.

Saturday, June 19, 2010

Goodbye CSA

Cisco recently announced the End of Life for Cisco Security Agent (CSA). CSA was the first security product that I had the primary responsibility of evaluating. This was just after Cisco acquired the product from Okena in 2003.

I really believed in the idea that you could let the agent learn what is "normal" and systematically block everything else. Although I was never able to get it to work as I thought it should, I heard many times that it did meet the needs of others.

This marks both the end of CSA and the end of my first security product evaluation.

SANS 560 Network Penetration Testing and Ethical Hacking -- Free Preview!

My new found friend Doug Burks is offering a free preview of the outstanding SANS course, Security 560, Network Penetration Testing and Ethical Hacking. I have personally taken this course and highly recommend it to everyone who wants to learn how to perform network penetration tests. If you are in the area, I strongly encourage you to attend.

The Greater Augusta ISSA will present a 2-hour preview of the upcoming SANS 560 Mentor class on Thursday, July 15th. Please join us for a FREE preview of this exciting class!
What: The Greater Augusta ISSA presents a SANS 560 Preview
How: This is a FREE public meeting. Please confirm your reservation by sending an email to reservations@augusta.issa.org

When: Thursday, July 15 9:00 AM - 11:00 AM
Where: Augusta State University
2500 Walton Way
Augusta, GA 30904
Allgood Hall E-258

Friday, June 18, 2010

No More Mondays Review

I just finished reading No More Mondays by Dan Miller. What a great book! It gradually moves you to where you will be equipped to identify your Skills and Abilities, Personality Tendencies and most importantly, your Values, Dreams and Passions. It gives real examples of how to get yourself on track to a more meaningful career. Highly recommended!

Thursday, June 17, 2010

SANS Mentor Comes to Chattanooga

Starting August 3rd, I am conducting a SANS Mentor session in Chattanooga, TN. This will be the very popular SANS Security Essentials course. This was the first SANS course I took and still find it to be very relevant to my work. Send me email for a 10% discount.

Cyber-Security for Kids Impact Statement

The following are the results from the first 4-H Cyber Security Poster initiative. This was made possible through a partnership with the Hamilton County UT Extension Office and the SouthEast Tennessee InfraGard Members Alliance.

I guarantee you will be impressed at the direct impact of this program on the attendees. This is an excellent program that really allows our chapter to be involved with increasing the security posture of the community.

• 909 youth in grades 4th – 8th participated in a Cyber-Security educational program.

• 909 youth watched movie clips on the dangers of chat rooms and cyber-bullying.

• 909 youth watched movie clips on the potential outcomes of cyber-stalking and talking to/meeting people they do not know.

• 909 youth were educated on potential hazards of file-sharing, opening attachments, posting pictures, and Malware.

• 546 youth or 60% of youth participated in the “How to Stay Safe Online” poster contest. (The contest was completely voluntary.)

• Two youth reported an incident of cyber-bullying to their guidance counselor through this program.

• Over 50% of youth in attendance had been bullied online.

• Nearly 90% of youth in attendance have established social network identities on sites like, MySpace and Facebook.

• 95% of youth in attendance were unaware that once a file is uploaded to the internet, it cannot be deleted.

• 620 youth in attendance were under the age of 12 and therefore could not legally establish social network identities.

• 100% of youth in attendance learned something about cyber-security that they did not know.