A little experimenting within Backtrack is also a big part of what I'm having fun with, regardless of it's might being going for the root, or just for curiosity of auditing the network. There are many opportunities an malicious attacker can take advantage of such situations, and I'm thinking out side the box, to do something that might are able to preventing such kind of things - by defending my self and surounders!
If you want to make some messurements and get a hang on how far your frequences are reaching, then it's also essential to remember where your pointing is at
I'm familiar with RFID, and has been using it to develop my own methods to increase such Things as WiFi length, WiFi Jammer, or even something Ad-hoc.
Being active within IT-security is essential for anyone in the field you and I got might in common. I stay updated with reading books regardless of my interest and curiosity of staying updated all the time. This book is an essential for any person within InfoSec.
I found that Secrets & Lies, provide great prespective on the modern world within Cyber Warfare and so on.
Cryptography Course Completed! - Certification by Dan Boneh, Professor at Standford.
Ethical hacking, has become more
popular over the world, and as well
I'm living my dreams out upon security
threats!. To prevent against the
recently updated security vulnerabillities
exposed by OWASP, exploit-db,
packetstormsecurity, 1337day etc.
Currently I'm avaliable to new job opportunities within InfoSec.
If you find my profile relevant, you can contact me by mail, and he will gladly respond to every mail ASAP:
As shown below, some methods to implement in a company to secure against security threats, or even on personal usage.
OpenTC strategies
Cryptographics
Shell & Physical security
Social Engineering tecniques
RFID insecurites
IPS/IDS, Firewall restrictions
IT-security politics
As shown, a different methods of preventing against exploits build upon vulnerabilities, are to be broken down in concepts.
OpenTC, stands for Open Trusted Computering, which is a great way for securing against attacks, but is not the only solution to be done.
ModSecurity is also some set of security which can be implemented, but should be restricted.
Iptables is commonly used as a Linux firewall, and can allow a lot of security impelementations, to make sure you will keep malicious users out.
You do not want to make the job easier for the attacker than given.
User accounts should be restriced, and should think out-of-the-box, to ensure quality, permissions has to be set as with precaution!.
Cryptographics, should be used when deliver an internal/external message to a client, within gpg, comming by default in Linux, this should be used to send messages, and also replace the files, to confuse the attacker, if the OS were to be compromised.
As Max commonly saying, to people who are not aware of security, and how it should be handeled -
You should treat shell access, as it were physical access.
Social Engineering tecniques, should also be taken seriously!.
This is a great threat to a company, if were (e.g. Attacker got into the IT comapny building, droping off a infected USB, carrying a rootkit on it, that has a payload to execute when opened upon a computer).
You got to make the personnel aware of several SE attacks.
RFID Insecurities, is something, which not many companies has taken seriously. But hey comon, if an attacker were desperate, he could deploy an attenna from Yagi-Uda 2,412GhZ, and start deauthenticating victims, becomming the man in the middle! - while you might not knowing, the next step were to sniff your password!, or to do some other privilige escalations.
IPS/IDS, Firewall restrictions, as mentioned firewall for Linux, such as Iptables, you could do a lot of things with this!. But it's a great start. IPS/IDS, are usually good, but in some advantages, it's giving false alarms. This might be usfull for some sys admins though, to check the log. But at the end of the day, if that's get's the job done, then everyone is happy right?. Snort, Kismet is to be mentioned, when doing some security researcing on the network.
IT-security politics, is bascially the main reason on securing a company / private use. Let's face it. there is nothing such as 100% security nowadays. Security is divided up in layers. The main factor here is, there will always be vulnerabilities, since there will always be humans involved. Companies need to focus on what is satisfying them, upon security messurements.
Copyright - Max Jensen © All Rights Reserved