Alan White, Dell SecureWorks/US Army – Paul’s Security Weekly #503

Alan White is the Global Regions Consulting and Services Director for Dell SecureWorks, and is part of the US Army’s Computer Emergency Research Team. Previously, Alan was the Director of Security and Risk Consulting for the Asia-Pacific-Japan region, responsible for managing incident response, forensics, technical testing and compliance services teams. Full Show Notes Subscribe to

Link: http://feedproxy.google.com/~r/securityweekly/Lviv/~3/b9wejAT3mwg/

Security News – Paul’s Security Weekly #503

The risks of using an Android password manager, another WordPress plugin is flawed, hidden backdoors, Cloudbleed gets triggered, and more in this week’s security news! Full Show Notes Subscribe to YouTube Channel Security Weekly Website Follow us on Twitter: @securityweekly http://traffic.libsyn.com/pauldotcom/Pauls_Security_Weekly__503_-_Security_News_converted.mp3

Link: http://feedproxy.google.com/~r/securityweekly/Lviv/~3/HQHsuvEv-mo/

Technical Segment: Incident Response & Forensic Reporting, Doug White – Paul’s Security Weekly #503

Our very own Doug White delivers a demonstration/rant about incident response and forensic reporting in this week’s technical segment! Full Show Notes Subscribe to YouTube Channel Security Weekly Website Follow us on Twitter: @securityweekly http://traffic.libsyn.com/pauldotcom/Pauls_Security_Weekly__503_-_Technical_Segment_Incident_Response__Forensic_Reporting_Doug_White_converted.mp3

Link: http://feedproxy.google.com/~r/securityweekly/Lviv/~3/XYQmWdXphvs/

IntelMQ – A solution for IT security teams for collecting and processing security feeds using a message queuing protocol

IntelMQ is a solution for IT security teams (CERTs, CSIRTs, abuse departments,…) for collecting and processing security feeds (such as log files) using a message queuing protocol. It’s a community driven initiative called IHAP (Incident Handling Automation Project) which was conceptually designed by European CERTs/CSIRTs during several InfoSec events. Its main goal is to give to incident responders an easy way to collect & process threat intelligence thus improving the incident handling processes of CERTs.IntelMQ’s design was influenced by AbuseHelper , however it was re-written from scratch and aims at: Reduce the complexity of system administration Reduce the complexity of writing new bots for new data feeds Reduce the probability of events lost in all process with persistence functionality (even system crash) Use and improve the existing Data Harmonization Ontology Use JSON format for all messages Integration of the existing tools (AbuseHelper, CIF) Provide easy way to store data into Log Collectors like ElasticSearch, Splunk, databases (such as PostgreSQL) Provide easy way to create your own black-lists Provide easy communication with other systems via HTTP RESTFUL API It follows the following basic meta-guidelines: Don’t break simplicity – KISS Keep it open source – forever Strive for perfection while keeping a deadline Reduce complexity/avoid feature bloat Embrace unit testing Code readability: test with unexperienced programmers Communicate clearly Table of Contents How to Install Developers Guide IntelMQ Manager Incident Handling Automation Project Data Harmonization How to Participate Licence How to Install See UserGuide . Developers Guide See Developers Guide . IntelMQ Manager Check out this graphical tool and easily manage an IntelMQ system. Incident Handling Automation Project URL: http://www.enisa.europa.eu/activities/cert/support/incident-handling-automation Mailing-list: ihap@lists.trusted-introducer.org Data Harmonization IntelMQ use the Data Harmonization. Check the following document . How to participate Subscribe to the Intelmq-dev Mailing list: https://lists.cert.at/cgi-bin/mailman/listinfo/intelmq-dev (for developers) Watch out for our regular developers conf call IRC: server: irc.freenode.net, channel: #intelmq Via github issues Via Pull requests (please do read help.github.com first) Download IntelMQ

Link: http://feedproxy.google.com/~r/PentestTools/~3/jXfcUk3Zvqk/intelmq-solution-for-it-security-teams.html

Mike Kail, Cybric – Startup Security Weekly #28

Mike Kail is the Co-Founder and CIO of Cybric. Prior to founding Cybric, Mike was Yahoo’s CIO and SVP of Infrastructure and VP of IT Operations at Netflix. He has more than 24 years of IT operations experience with a focus on highly-scalable architectures. Full Show Notes Visit http://securityweekly.com/category/ssw/ for all the latest episodes! http://traffic.libsyn.com/sswaudio/Startup_Security_Weekly__28_-_Mike_Kail_Cybric_converted.mp3

Link: http://feedproxy.google.com/~r/securityweekly/Lviv/~3/OJkrT01Ahfg/

Lynis 2.4.4 – Security Auditing Tool for Unix/Linux Systems

We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration.Lynis is an open source security auditing tool. Used by system administrators, security professionals, and auditors, to evaluate the security defenses of their Linux and UNIX-based systems. It runs on the host itself, so it performs more extensive security scans than vulnerability scanners.Supported operating systemsThe tool has almost no dependencies, therefore it runs on almost all Unix based systems and versions, including:AIXFreeBSDHP-UXLinuxMac OSNetBSDOpenBSDSolarisand othersIt even runs on systems like the Raspberry Pi and several storage devices!Installation optionalLynis is light-weight and easy to use. Installation is optional: just copy it to a system, and use “./lynis audit system" to start the security scan. It is written in shell script and released as open source software (GPL). How it worksLynis performs hundreds of individual tests, to determine the security state of the system. The security scan itself consists of performing a set of steps, from initialization the program, up to the report.StepsDetermine operating systemSearch for available tools and utilitiesCheck for Lynis updateRun tests from enabled pluginsRun security tests per categoryReport status of security scanBesides the data displayed on screen, all technical details about the scan are stored in a log file. Any findings (warnings, suggestions, data collection) are stored in a report file.Opportunistic scanningLynis scanning is opportunistic: it uses what it can find.For example if it sees you are running Apache, it will perform an initial round of Apache related tests. When during the Apache scan it also discovers a SSL/TLS configuration, it will perform additional auditing steps on that. While doing that, it then will collect discovered certificates, so they can be scanned later as well.In-depth security scansBy performing opportunistic scanning, the tool can run with almost no dependencies. The more it finds, the deeper the audit will be. In other words, Lynis will always perform scans which are customized to your system. No audit will be the same!Use casesSince Lynis is flexible, it is used for several different purposes. Typical use cases for Lynis include:Security auditingCompliance testing (e.g. PCI, HIPAA, SOx)Vulnerability detection and scanningSystem hardeningResources used for testingMany other tools use the same data files for performing tests. Since Lynis is not limited to a few common Linux distributions, it uses tests from standards and many custom ones not found in any other tool.Best practicesCISNISTNSAOpenSCAP dataVendor guides and recommendations (e.g. Debian Gentoo, Red Hat)Lynis Pluginslugins enable the tool to perform additional tests. They can be seen as an extension (or add-on) to Lynis, enhancing its functionality. One example is the compliance checking plugin, which performs specific tests only applicable to some standard.ChangelogUpgrade noteLynis 2.4.4 (2017-03-01)Changes:——–* Fix for upload function to be used from profile* Reduce screen output for mail section, unless –verbose is used* Code cleanups and removed ‘update release’ commandTests:——* AUTH-9308 – Improved test for sulogin string (Debian systems)* FILE-6372 – Properly deal with comment on lines in /etc/fstab* MAIL-8817 – New test to check Postfix configuration for errors* SSH-7408 – Corrected SSH checkDownload Lynis 2.4.4

Link: http://feedproxy.google.com/~r/PentestTools/~3/oZhJFTn9c-o/lynis-244-security-auditing-tool-for.html

Don Pezet, ItPro.TV – Paul’s Security Weekly #502

Don Pezet is no stranger to the Security Weekly network! In this episode, Don chats with Paul, Doug, Jeff, Joff, and Carlos about tactics, laws, and problems related to incident response. Full Show Notes Subscribe to YouTube Channel Security Weekly Website Follow us on Twitter: @securityweekly http://traffic.libsyn.com/pauldotcom/Pauls_Security_Weekly__502_-_Don_Pezet_ItPro.TV_converted.mp3

Link: http://feedproxy.google.com/~r/securityweekly/Lviv/~3/iSwGEQBz2PE/