|
A Structured Approach to Classifying Security Vuln
|
|
Hits: 0 |
|
Date added: 11/08/2005 |
|
A Structured Approach to Classifying Security Vulnerabilities
Understanding vulnerabilities is critical to understanding the threats they represent. Vulnerabilities classification enables collection of frequency data; trend analysis of vulnerabilities; correlation with incidents, exploits, and artifacts; and evaluation of the effectiveness of countermeasures. Existing classification schemes are based on vulnerability reports and not on an engineering analysis of the problem domain. In this report a classification scheme that uses attribute-value pairs to provide a multidimensional view of vulnerabilities is proposed. Attributes and values are selected based on engineering distinctions that allow vulnerabilities to be exploited by a given technique or determine which countermeasures are effective. Successful classification of vulnerabilities should lead to greater automation in analyzing code vulnerabilities and supporting effective communication between geographically remote vulnerability handling teams and vendors. |
|
|
|
|
|
|
Know Your Enemy: Sebek2
|
|
Hits: 0 |
|
Date added: 09/08/2005 |
|
A detailed look into one of the Project's most powerful tools for capturing all of an attacker's activity on a honeypot, even encrypted activity, such as SSH, burneye, and IPSec. This paper covers what Sebek is, its value, how it works, and how to analyze data recovered by Sebek. |
|
|
|
|
|
|
Web application defense at the gates, Leveraging IHttpModule
|
|
Hits: 0 |
|
Date added: 09/08/2005 |
|
Web application defense at the gates ? Leveraging IHttpModule
Web applications are vulnerable to many attacks, mainly due to poor input validation at the source code level. Firewalls can block access to ports but once a web application goes live and TCP ports 80 and 443 are accessible, the web application can be an easy prey for attackers. HTTP traffic is legitimate traffic for web applications; all the more reason to include application-level content-filtering over unencrypted and encrypted communication channels. Application-level content filtering is possible to some extent but may not work over HTTPS (port 443). The only way to provide a strong defense is by applying powerful content-filtering at the application-level for both TCP port 80 and TCP port 443.
The .Net framework with ASP.NET provides the IHttpModule interface access to HTTP pipes - the lowest of programming layers - before an incoming HTTP request hits the web application. This can provide defense at the gates. In this paper, we look at how one can build this sort of defense in all three aspects - coding, deployment and configuration. |
|
|
|
|
|
|
Honeypots Revealed
|
|
Hits: 0 |
|
Date added: 08/23/2005 |
|
IT Security instantly becomes an issue for anyone who connects their system to the Internet, either via a corporate network, an Internet Service Provider (ISP) from home or wireless device that can be used virtually anywhere when there are wireless access points. Security threats range from hacking intrusions, denial of service attacks to computer worms, viruses and more. We must understand that intrusion to a network or system can never be eliminated but however, can be reduced. Computer crimes are always increasing. Countermeasures are developed to detect or prevent attacks - most of these measures are based on known facts, known attack patterns – as in the military, it is important to know who your enemy is, what kind of strategy he uses, what tools he utilizes and what he is aiming for – by knowing attack strategies, countermeasures can be improved and vulnerabilities can be fixed. 1 Security activities range from keeping intruders out of the network or system, preventing the interception of information sent via the Internet to limiting the spread of and damage caused by computer viruses. |
|
|
|
|
|
|
Sending IPv6 Packets to Check Firewall Rules
|
|
Hits: 0 |
|
Date added: 08/23/2005 |
|
Looks at how firewall rules can be tested by sending specifically configured (IPv6) packets via the multifunctional “Netwox” utility. |
|
|
|
