Security Stories and Help with Network Documentation

Suppose there was an unknown USB stick, waiting to be found in your parking lot. Perhaps this would scare you enough to disable autorun throughout your domain (you’ve done that right)? Now imagine if someone gave one of your users a USB device which was connected to a workstation on your network and in turn your network was compromised. How would you explain that? [click to continue...]

During your childhood I’m sure you experienced a lot of magic, some things were just so fantastic and mind boggling you just couldn’t figure it out. For me, one of these extraordinary events was the work of train conductors. Before you laugh hear me out!
[click to continue...]

German has joined the ranks of languages you can use with SYDI-Server. The file will be included in the next version of SYDI-Server. Until then it is available for download through the download page. Thanks to Jan Picard who has made the translation file. [click to continue...]

Thanks to Morten Vitved we now have a Danish language file for SYDI. This means we can now translate the XML files generated by SYDI-Server in seven different languages.
The file with be included in the next version of SYDI-Server, until that time you can download it as a patch from the SYDI download page.
[click to continue...]

Around 1,5 years has passed since I released SYDI-Server 2.0 and now I’ve finally gotten my act together and released SYDI-Server 2.1!
[click to continue...]

As many of you have pointed out it’s been a while since the last version of SYDI was released. Darrin left a comment saying that the world will need an updated SYDI for new products like Windows Server 2008, SQL 2008 and Exchange 2007.

I have some good news, some bad and some thoughts of the future. [click to continue...]

Don’t get me wrong, I love my little ASA 5505 especially with the Security plus license enabling me to have 20 VLANs. As they say a house with less than ten VLANs is like a body without a soul. However I’ve had some issues with the little fellow. As I’ve mentioned earlier there was an issue where my ISP wasn’t following the RFC for DHCP to the result that my ASA 5505 couldn’t get a DHCP lease, after talking with Cisco they quickly sent me a patch with a workaround and later published a new version of the ASA software.

Since then I’ve noticed that every once in a while my Internet connection would die. The first times it happened I thought it was just my ADSL connection acting up. However I noticed when running a “show route” from the ASA that I didn’t have a default gateway, making IP communication somewhat hard.

The strange part was that I was able to ping my default gateway, so the link was up.

I noticed that this would happen just after the Cisco ASA was trying to renew it’s dhcp lease. (”show ip address OUTSIDE dhcp lease”)

The strange part was it was so inconsistent it sometimes it could take days before it happened and some days it would happen several times during the day. I was planning on addressing the problem for quite some time but whenever it happened I was always occupied with something more important so I just did a “shutdown” and “no shutdown” on the outside interface and I would have my connection again. Another workaround is to set a static default gateway address, though this wouldn’t remove the problem the down time was much less.

With a static route the Internet connection would die for about 100 seconds instead of having to wait for the next DHCP renewal which in my case is 30 minutes.

In the end I got around to contacting Cisco to report this strange behavior.

Lessons learned; I love Cisco, since the command line is so powerful using a Cisco device lets me figure out what the problem actually is which is great compared to other firewalls you would see in a home network environment.

Another thing I love about Cisco is that they will setup and test this in their lab until they find the problem. Soon after contacting them they confirmed there was a problem. I want all vendors to do that!

The fix is now published on their site so if you’re experiencing this problem you should upgrade to 8.0(3).

I would like to congratulate my friends at Novatrox for releasing Slide Executive 2.0. Slide Executive is a set of applications which enables you to build a library or database of your PowerPoint presentations. You can then use the library to quickly find a presentation or create a virtual presentation on the fly.

The Slide Executive suite consists of two applications. Slide Executive Desktop, which is a desktop application intended for single users and Slide Executive Professional which is a web based application.

The Desktop application is free to try and if you want to test the web application you can just contact Novatrox in order to get a demo, if you do please send them my regards!

The current versions of the products are all written in C#, but I actually worked on a product which was a predecessor to Slide Executive. At the time I was coding in Visual Basic and ASP, and in fact that’s where I picked up most of the coding skills I used when I created SYDI.

midfr0st was smoking a cigarette just below a DiMavia logo, yesterday he had scouted the area and reluctantly decided to set his plan to action.

Here they come, he thought as some employees were returning from lunch. His back was aching, the better part of yesterday he had spent to create the outfit he was now wearing. He had gone to a hardware store and bought some paint cans and working clothes. midfr0st had “aged” the clothes to his best effort by trashing them and splashing paint on them. He had been crouched on the floor for hours and was paying the price today. midfr0st threw his cigarette to the pavement and stepped on it just as the employees walked past him. He pulled down his baseball cap and followed them into the building, in his hands he had two buckets of paint and something that from the outside looked like a toolbox.

The receptionist looked up at the approaching crowd and smiled, her gaze swept by midfr0st. For a moment his heart skipped a beat, but she didn’t take any notice of him. A man held an rfid key above a sensor and a small gate swung open, the group walked through the gate. midfr0st was close to panic as he saw the gate beginning to close. He was about to turn around and leave when a woman looked over her shoulder straight at him. When she saw that he had both hands occupied, she held the gate for him to pass through.

“Thank you” he whispered as he walked by trying to avoid eye contact. midfr0st slowed down and allowed the group to walk away from him.

He wasn’t sure of where he was going, he just knew which side of the building he wanted to aim for. While walking around he mostly just tried to avoid people. It was hard to avoid everyone and soon he started to relax. I’m invicible, midfr0st realized as people was walking passed him seemingly without taking any notice at all.

Soon he saw an office door with a yellow post-it note, “On Conference Until Next Monday”. midfr0st walked into the office and shut the door behind him. He opened his toolbox and produced a wireless router, crawled under the desk and unplugged the Ethernet cable from the computer and connected it to a switch port on the router. He took another cable from his toolbox and connected it to the switch port and the computer, after connecting some power to the wireless device he placed it on the computer hoping no one would see the intruding object.

midfr0st left the room and headed for the exit. If they’re using some layer 2 NAC, the timeframe will be too short for this to work anyway and all I’ll have lost is a wireless router.