This video, while “amusing”, is quite interesting :

Though not many details are given, I am quite skeptical about the possibility of such a massive attack.

However, it shows well that security is not just a technical matter. It has many implications in law, politics, economics, and a whole information system must be prepared to that, starting with our leaders.

That would be a HUGE effort for our politicians here in France – if they ever care…

JC :: Feb.18.2010 :: Defense, Hacking, Security :: No Comments »

Netios 0.73 fixes some bugs and

Complete changelog :

2010-02-10  (0.73) Jean-Christophe Baptiste <jc@phocean.net>

* remove useless options
* fix various bugs

Check there (tools page) for more details and a download link.

JC :: Feb.10.2010 :: Cisco, Defense, Network, Python, Scripts, Programs, Security :: No Comments »

Netios 0.72 fixes some bugs with the show_run mode and large config files. I also found some issues concerning the prompt detection, so it should be fixed now.

Complete changelog :

2010-01-14  (0.72) Jean-Christophe Baptiste <jc@phocean.net>

* ciscoclass.py : forgot to remove a debug print
* ciscoclass.py : finish and fix a bunch of bugs in the show run function, format the config file properly
* ciscoclass.py : fix the prompt regex

Check there (tools page) for more details and a download link.

JC :: Jan.15.2010 :: Cisco, Defense, Network, Python, Scripts, Programs, Security :: No Comments »

I release a new version of Netios : 0.71.

There are a lot of changes, starting with cosmetics, but the biggest one is the support of multiprocessing.

It is now able to process several routers at the same time, so using it on a large list of machines results in a big speed up.

A downside is that it now requires at least Python 2.6, as multiprocessing started to be supported with this version only. Most Linux distributions now include Python 2.6, but still not all. Anyway it will be more and more the case. If you can’t uprade your distribution, you can stick with 0.60 which still do most of the work fine.

It is also now able to fetch a configuration file remotly, but it requires more testing before I feel confident in the way it works.

The complete changelog :

2009-12-20  (0.71) Jean-Christophe Baptiste ;

* ciscoclass.py : handle correctly the cisco pager — More — so that “show run” mode should work even with large config files
* sshclass.py : allow to override terminal size system settings (make use of the cisco pager to avoid filling the buffer)

2009-11-16  (0.70) Jean-Christophe Baptiste (private release)

* implement multiprocessing
* improve code documentation
* clean up UI
* reduce useless logging
* netios.py : bug : missing startTime parameter in f_skip_error and f_command functions

I cross my fingers so that there are not too many bugs, but if so, please don’t forget to report it to me.

Check there (tools page) for more details and a download link.

JC :: Dec.20.2009 :: Admin, Cisco, Defense, Linux, Network, Python, Scripts, Programs, Security, System :: No Comments »

I finished reading the ModSecurity 2.5 book, written by Magnus Mischell and published by Packt Publishing.

I found a lot of interest reading it as I was already using ModSecurity – and I think anyone exposing an Apache web server should.
I was actually using it partially. It is not trivial to secure a web application, and the rule engine of ModSecurity is very powerful but it is also quite complex.

So this book was a good opportunity for me to dig into it further.

The book covers all topics : from the set-up to a real use-case.
The author explains how to write rules, how to deal with the performance impact, logging and gives us a range of various core rules to implement to get a good security basis.

The difficulty goes up progressively and the author doesn’t forget the beginners.
The set-up of the module is precisely described. All requirements are also explained and there are some good recalls about regular expressions, common attacks on systems, server and client sides, and other stuff like that.

After reading the book, I could harden my rules, reorganize and optimize them for better performance – something I hadn’t cared about before.

So I have nothing else to say but to recommend this book.
It is definitely a great handbook about ModSecurity that’s worth having next to you. The variety of configuration patterns makes it a reference.

Check it there. I also appreciated the availability of PDF version, so that I can carry it everywhere with my laptop and index it with Beagle.

JC :: Dec.10.2009 :: Defense, Firewalling, Hacking, IDS / IPS, Linux, Security, System, Web, openSUSE :: No Comments »

There will be a new book about mod-security coming out :  ModSecurity 2.5.

ModSecurity is essential when it comes to secure any web site.

It will make the work of the attacker much harder and  it may save you even if your favorite dynamic pages have a security hole.
However, it must be configured wisely to be efficient. It is just a firewall that works at the application layer : you need to know the attacker point of view and the basics before writing any mod-security rules, otherwise at best it will useless (and at worst, it will kick legitimate traffic off).

So, stay tuned :  I will talk more about the ModSecurity stuff and publish a review about this book soon.

JC :: Nov.15.2009 :: Defense, Firewalling, Security, Web :: No Comments »

I just released an alpha release of a little tool that may help network administrators with a large park of Cisco routers or switches :

Netios is a little tool aimed to help network administrators to administrate a large number of Cisco network devices.
Providing it with a list of equipments, it connects within SSH to remotly apply IOS commands.

It can automatically :

• retrieve and export in a CSV file the list of local users
• update the local user, the enable password
• change NTP settings
• execute a file of customed IOS commands
• retrieve configuration files

It can read the targets from the command line or from a text file.

Its primary goal is to improve the security by making it easier to renew regularly the local password of these equipments, but it can do more convenient things (and I will continue to work to add more of them).

Check there (tools page) for more details and a download link.

JC :: Nov.07.2009 :: Cisco, Defense, Network, Python, Scripts, Programs, Security :: No Comments »

Interesting article to read about IPv6 tunneling and security aspects. The commends are worth reading too.

Follow this link.

JC :: Nov.04.2009 :: Defense, Network, Protocols, Security :: No Comments »