16 Dirty Security Secrets -- Microsoft Certified Professional Magazine Online

16 Dirty Security Secrets

Also: breaking into a VPN; rootkit protection, more

By Russ Cooper
02/21/2007

Courtesy of the Ambersail Infosec Roundup blog, here are 16 oft-used explanations as to why a company has a security issue: http://blog.ambersail.co.uk/wordpress/?p=128

No doubt you’ll have heard every one of these at least once, and many far more times than you’d like to admit. The real test is whether you still get such answers from the people you work with/for!

Breaking into a VPN
Here's an interesting article that discusses the common problems VPN gateway configurations suffer, and how that information can be exploited by criminals to gain entry: http://www.heise-security.co.uk/articles/75265

We’ve already seen a surge in VPN breaches and have kept it on our watch-list for several weeks now. While this article doesn’t teach any new techniques, it may be a reminder to criminals that VPN gateways are viable entry points.

Six Rootkit Detectors Protect Your System
InformationWeek has done a reasonable review of six popular rootkit detection programs: F-Secure BlackLight, IceSword, RKDetector, Trend Micro’s RootkitBuster, RootkitRevealer and -- the winner -- Rootkit Unhooker, a freeware tool from Russia.

As InformationWeek points out, the origins of Rootkit Unhooker certainly warrant a pause. In our own experience, the best thing to do when looking for a rootkit is to use several tools -- the more you use the more likely you are to find everything. There’s no guarantee that everything will be identified as malicious, but several of the tools are good at explaining common false positives.

Want More Security?

This column was originally published in our weekly Security Watch newsletter. To subscribe, click here.

AOL Phisher Faces 101 Years in Jail
Jeffrey Goodin, 45, awaits sentencing on June 11, 2007 after becoming the first person to be convicted by a jury of operating a sophisticated phishing scheme under the 2003 U.S. Can-Spam Act. The sentence can be as stiff as 101 years in federal prison.

The Californian has also been convicted of wire fraud, unauthorized use of credit cards, misuse of the AOL trademark and attempted witness harassment. By the looks of things, Goodin stands a good chance of getting an appropriate sentence for his crimes.

Role of DBA to Insider Threats and Regulatory Compliance
Here's an excellent article on the problems database administrators face with respect to complying with various regulations. The article goes into reasonable detail with suggestions and ideas that can help you understand both the problems you face as a result of insufficient tools, as well as effective approaches. Well worth the read, for both DBAs and IT security personnel.

About the Author

Russ Cooper is a senior information security analyst with Verizon Business, Inc. He's also founder and editor of NTBugtraq, www.ntbugtraq.com, one of the industry's most influential mailing lists dedicated to Microsoft security. One of the world's most-recognized security experts, he's often quoted by major media outlets on security issues.