Are you in a Small to Medium Business and overwhelmed with trying to manage your network and run your business?
Are your computer support personnel over-tasked with trying to support your users and keep your servers up and running too? Then GFI’s Cloud Based Network Monitoring might be for you.
With this free eBook from GFI you will learn how to:
- Remotely manage and monitor all your workstations and servers
- Identify and solve system issues before they become a problem
- Free up IT resources to focus on strategic projects instead of break-fix
- Easily scale your IT infrastructure to grow with your needs
Check it out!
Connecticut and Google agree to settle out of court over WiFi data collected during Google’s Street View data collection. According to The Register:
In December, then Connecticut Attorney General Richard Blumenthal hit Google with a Civil Investigative Demand – the equivalent of a subpoena – insisting that the company turn over the Wi-Fi payload its Street View cars collected from insecure Wi-Fi networks in the state. And Google refused to do so. Today, new Connecticut Attorney General George Jepsen and Consumer Protection Commissioner Jerry Farrell announced that the state had reached an agreement with Google to settle the matter out of court.
When Google captured photo data for their “Street View” project, the collection cars also collected unsecured Wi-Fi data, including e-mail and confidential data:
“Google stipulates, for purposes of settlement discussions, that the payload data collected contained URLs of requested Web pages, partial or complete e-mail communications or other information, including confidential and private information the network user was transmitting over the unsecured network while Google’s Street View car was within range.”
Wireless SSID (network names) and MAC addresses were also collected. It really makes you wonder why Google did this. From earlier reports, they inadvertently used a program that collected this information. But according to The Register, Google posted a blog entry stating they collected Wi-Fi data all across the globe. This really doesn’t sound like an accident.
Because it was done while they were creating “Street View” for Google Maps, you could assume they now have the physical location of numerous Wi-Fi routers. One would have to ask why Google would want Wi-Fi router physical location data…
Want an easy to use intrusion detection and monitoring solution that is easy to use and install? Look no further than Doug Burk’s (SANS GSE) Security Onion LiveCD.
This security Linux distribution marries the every popular SNORT Intrusion Detection System (IDS), and Sguil (Security analysis program created by a former member of the Air Force’s CERT team) in an easy to use package.
You can run Security Onion completely off the CD or install it and run it from a hard drive. I wanted to see how easy it was to use, so I installed it and ran it through the paces.
I chose to run it in LiveCD mode. Once it boots to desktop, you simply run the setup script, then choose advanced or quick setup:
I chose the quick setup. Next just choose a name and password for the Sguil server. Setup is now complete!
Next just double-click on Sguil, choose what interface to monitor and that is it. You now have a complete, up and running Intrusion Detection and Monitoring system. Very quick to set up and simple to use.
Testing worked great, I did some simple attacks against the system with Backtrack 4. It detected the attacks and listed the events in the Sguil interface. Right clicking on the alerts brings up a menu where you can view a transcript of the attack, or even view the packet stream in Wireshark!
Security Onion runs on Xubuntu 10.04 and includes:
Snort updated to 18.104.22.168.
Suricata updated to 1.1beta1
Barnyard2 updated to 1.9 Stable.
Vortex updated to 2.9.0.
Installed OSSEC for host-based intrusion detection.
Installed Squert web interface for Sguil.
Installed Armitage GUI interface for Metasploit.
What an awesome tool for network defense. An intrusion detection and monitoring system used by many large companies, preconfigured and ready to use even on your small business or home system. This would work great with Dualcomm’s Network port mirroring device. Check it out!
NitroSecurity is offering the following free webinar (info from site):
Detecting Advanced Threats and Malware with Content Aware SIEM
Date: Thursday, October 28, 2010
Time: 2:00 p.m. ET/11:00 a.m. PT
While many organizations have deployed security information and event management (SIEM) solution to meet regulatory compliance requirements, high performance SIEM solutions can do much more. By correlating events, logs, and network flows SIEMs can uncover a range of diverse “low and slow” attacks.
With threats moving rapidly “up the stack,” content aware SIEMs can integrate database session and application layer data to detect dangerous botnets, hidden payloads and covert communications channels.
In this presentation we’ll cover technologies, techniques and best practices for effective threat detection and timely incident response using high performance SIEM systems.