Dan Dare and the DNS Drama

July 24, 2008 in Article, DNS, News | No comments

Two weeks ago, renowned security researcher Dan Kaminsky released information to the security community that alluded to a major DNS flaw on the internet.  However, instead of spreading the exploit to all and sundry he instead decided to inform major DNS vendors that the flaw existed and required patched before it became common knowledge to all and exploited.

In doing so, Dan dared to became the subject of criticism from his peers.  Their mindset was that exploits should be released and be public knowledge so that fixes can be deployed and the theory reviewed by other security professionals.  Dan himself admits that he was wrong in not seeking peer review before going public; he instead chose to go public about the flaw that he identified before all systems were fully patched and announce that a fix was being deployed.  He admitted he was wrong but I can’t help but think he wasn’t – although I must credit him for falling on his own sword after the scorn of fellow security professionals.  He didn’t release the flaw to any of his online peers because he was concerned that it would be released early before all DNS servers could be patched – which is exactly what happened.

After receiving this criticism he instead opted to seek out the opinions of two other prominent security professionals.  One being Dino Dai Zovi and the other Thomas Ptacek, a security expert and Principal over at Matasano Security.  Both validated Dans claims – he was right, the DNS vulnerability is real.  Dan was due to speak at Black Hat in Las Vegas where he would release details of the vulnerability as sufficient time would have passed to allow the patching of vulnerable servers.  However, before he had the chance, someone beat him to the punch.

Halvar Flake, otherwise know as Thomas Dullien, CEO and Head of Research over at Zynamics, decided to post his own hypothesis on what the vulnerability was.  It turned out that he was almost bang on with his theory but this was then corroborated when a post by a researcher at Matasano Security corrected some of the details Halvar Flake had posted – swiftly hitting the nail on the head of any secrecy left out there about the vulnerability.  As soon as Matasano realised the blog post had been published early they removed it and a letter of apology was published from Thomas Ptacek.  He explained that the post was not supposed to have been published, apologised for the leak and praised Dan for his work in finding the exploit.

As it stands, the patches are being applied but Dan suggests that for now you use OpenDNS for your DNS services, they are expecting your traffic and their DNS servers are safe to use.

Who says IT is boring? :-)

Ian

I miss my security stuff!

July 23, 2008 in Certification, Routing & Switching | No comments

Learning the routing and switching stuff for CCNP has been fun ( honest :-/ ) and I’m glad I chose to do it as it’s made me more complete as far as networking goes. I’m a great believer that to be truly good at your profession you have to be proficient in any areas that it relies upon. Obviously, security products sit on top of our infrastructures so being more aware of that will help me in the future – actually, it’s helped me already as I recently had to use a 3750 as a media convertor for the IPS 4260 (fibre to copper and then from copper back to fibre) where I had to use private VLANs to get it working. I wouldn’t have been aware of that previously and therefore would have been limited in that situation if I hadn’t been aware of private VLANs and their uses.

I’m trying to not look past the ISCW exam as the CCNP isn’t over quite yet but I am looking forward to getting my head back into security full time. I’m going to do a bit of Checkpoint NGX next to bolster my checkpoint skills (I’m currently a CCSA on Checkpoint NG) and then I am going to go for the CCIE Security written exam. After QoS I am sure it will be a joy to read up on! Haha

Ian

Cisco Security Manager

July 23, 2008 in Article, Management & Reporting | No comments

I recently installed Cisco Security Manager for a client and up until then I had pretty limited experience with it as it’s still relatively fresh on the market. The install itself is very easy.  Next, next, next… almost. After a few teething problems with McAfee AV hanging the server it was all up and running and ready for devices to be added in. McAfee, by the way, was trying to scan the CSM database and couldn’t and that was what hung the machine. The only way around it was to exclude the folder where the database is and it worked fine after that.

For those of you who don’t know what Cisco Security Manager does it’s basically a replacement for the old Cisco VMS Works, in my opinion anyway – I’m not sure if Cisco market it as that. It has some pretty good features built into it that allow you to manage your security policies in a more uniform fashion across your network. The ability to copy policies from one device to another is a great way of adding extra layers of security throughout your network. I installed a Cisco 4260 IPS after the CSM server and I especially liked the benefit of copying signature polices between IPS’s as it saves a lot of time wasted on ensuring devices have the same signature set when inspecting segments that should have the same inspection policies applied.

I also added in a live Cisco ASA5540 to the device repository but it threw a lot of errors up so I have deleted it out for the time being as the customer is not looking to use CSM with his firewalls at the moment. We’ll also be installing CS-MARS in the near future and that can tie in with CSM so I’ll report back on how that goes.

Ian

CCNP… almost there!

July 23, 2008 in Certification | No comments

Almost there!!

It’s been a while since my debut post so I reckon my blog is due a wee update now. The CCNP is going well so far, I’ve passed BSCI, BCMSN and ONT. I’m working my way through the ISCW coursework at present and it’s going well. My CCSP has helped a bit so far with all the VPN stuff that’s included so I’m hoping the exam will be a bit easier for this one. Out of the three exams passed, I’d have to say BSCI was the hardest, BCMSN was the easiest but that was mainly due to the fact that I enjoyed learning what I deem to be the fundamentals of networking. ONT was pretty boring to be honest and it was a struggle reading the book as it was so dry and I wasn’t all that interested in Quality of Service to be honest. So fingers crossed for me people, three down and one to go!!

I’ve ended up mainly using Cisco Press books and Jeremy Cioara’s CBT Nuggets as the Cisco Network Academy wasn’t up to much, in my opinion. The slides they provide online didn’t go into enough detail to pass the exam but instead left links to lots of Cisco technology papers at the bottom which there was far too many to read in one lifetime.

The best and most time efficient way I’ve found for studying is to watch the CBT Nuggets ( Jeremy Cioara is a legend! ) and then read the Cisco Press book afterwards while working through the NIL labs. One without the other would be less than half effective I believe. The CBT Nuggets give an excellent visual aid and help you to understand what sentences can’t explain but you really need to read the Cisco Press books to get all the details you need for the exam.

Ian

Currently studying for the CCNP

July 23, 2008 in Certification | 1 comment

As a consultant with strong Cisco experience I need to make sure my skills and certifications are sharp.  The ultimate goal is to earn the coveted Cisco CCIE certification.  I am currently a Cisco CCSP and will, hopefully, soon be a Cisco CCNP. Once I finish the CCNP, and I will finish it despite my past procrastination, I will hopefully make a start on the CCIE track and keep record of that on here too.  My interest lies in the security field but as a freelance consultant I need to aim towards the most lucrative market so I may slip the CISSP in before the CCIE depending on my situation and work commitments.  The security market is “about to boom”… or so I’ve been told for the last five years. If only I’d chosen to follow the voice route… Ok, maybe not, voice isn’t really my bag baby.

I started my studies next in August 07 when I started to tackle the Cisco BSCI course. I’ve been using various study methods to get through the CCNP. The Cisco Network Academy was my main port of call as I signed up to the CCNP track which is being run from my local University. I’ve also be using online labs, courtesy of www.nil.si For those of you who have never used them these are excllent study aides. They provide excellent lab scenarios with pratical goals and helpful study guides. CBT Nuggets have some excellet videos that can be purchased for a reasonable amount so I’ll be using these and last but not least good old Cisco Press books, these are great for stacking up in the spare room and impressing all your friends with your knowledge of all things technical. Just hope they don’t ask you a question about what’s in them. :-P

I’ll do my best to keep the posts in my blog frequent and I’ll try not to be toooo boring when I rabbit on about how I’m getting on. Hopefully, if you’re reading this I’ll provide you with some “what not to do’s” so that you don’t make the same mistakes that I am inevitably about to make! If I can be bothered I may even try to write a few ‘white paper’ type posts that are aimed at routing and switching. Firstly, to get me up off my ass and do a bit of research in something that will no doubt help me understand my trade. Secondly, to help whoever is reading my blog understand certain areas of the CCNP track. I often find that some authors make things easier to read than others who can often over complicate things, so hopefully if a simpleton like my good self can understand something then I may be able to put this down in a format that most of you can understand and perhaps help.

Oh, and feel free to add your comments. :-)

Stay tuned..

Ian

SYN-ACK BLOG!

July 23, 2008 in Article, News | No comments

Hello there!

Welcome to my new blog, SYN-ACK.  I intend to use this as a means of sharing knowledge, building knowledge and networking with my fellow IT security peers.  Topics of discussion will be wide and varied ranging from my current projects, little white papers on security related topics and updates on my own career path.

Please feel free to comment on any posts and while I expect debate and conflicting views, please keep all discussions constructive and pleasant.

I’ve also imported the few posts from my previous blog that I started a few months ago.

Thanks for looking!

Ian

Newer entries »