TheTAZForumBlog

The Earthquake Disaster in Haiti

2010-01-20T05:33:00.000-08:00

All our best going out to the victims of the Haitian Disaster especially to the children and those who lost children

A few facts before we get to the tragedy, that is being well covered by others already…and just so we’re all on the same page…Haiti is in the Caribbean, and comprises the western one-third of the island of Hispaniola, between the Caribbean Sea and the North Atlantic Ocean, due west of the Dominican Republic, which comprises the rest of the island.

The Earthquake Disaster in Haiti

Google revamps Summer of Code for 2007

2007-02-23T19:47:00.000-08:00

Google's Summer of Code (SOC) will be back again this year, and this time, Google plans to take advantage of lessons learned to improve the program for everyone involved.

Now in its third year, SOC is a program that pays students to code for free and open source software (FOSS) projects. Since the program started in 2005, more than 1,000 students have participated in more than 100 projects, and perhaps 10 times that many have applied to participate. About 80% of participants completed their projects in the previous two years, earning themselves $4,500 and the projects that mentor them $500.

Read more...

Hardware Versus Software Firewalls

2007-02-18T16:10:00.000-08:00

According to estimates, an unprotected Windows computer system connected to the Internet could be compromised within twelve minutes. In light of this, the need for computer security has expanded in the last few years. Today, it is just as necessary for home users to secure personal computers as it is for businesses to secure office computers. In order to gain security benefits like those many businesses possess, home network security often utilizes the same models. The difference, however, has been that most home users do not have the financial resources for top of the line security equipment. This has led many home users to begin using security tools such as freeware firewalls and over-the-counter hardware firewall solutions.
Read more...

Security pros work to undo teacher's conviction

2007-02-10T11:36:00.000-08:00

Researchers led by the head of a Florida anti-spyware firm aim to recreate what caused a Connecticut school's classroom computer to start displaying pornographic pop-ups in October 2004, an incident that recently led to four felony convictions for the substitute teacher involved.
On January 5, a six-person jury found former Kelly Middle School substitute teacher Julie Amero guilty of four counts of risk of injury to a minor. The charges stem from an October 19, 2004 incident when the computer in the classroom in which Amero was teaching started displaying pornographic pop-up advertisements. Prosecutors argued that Amero surfed porn sites while in class, causing the pop-up advertisements, while the former teacher's defense attorney argued that spyware installed from a hairstyling Web site caused the deluge of digital smut.
more....

Just the beginning

2007-02-08T17:17:00.000-08:00

Well, this is my first attempt at blogging. To post content on a regular basis will be a challenge. Not just articles by others, but my own ramblings, which I hope will be a regular part of this blog. As more content is added here, your suggestions or criticism are appreciated. I will be adding both serious and humurous content to keep this blog interesting.
Feel free to stop by the forums. We welcome all, from the beginner to the advanced.

TAZ Forum
The Security Zone

American Pie' actress of threatening sex abuse of dog

2006-12-17T06:01:00.000-08:00

Charges dropped against 'American Pie' actress of threatening sex abuse of dog

NEW YORK (AP) - "American Pie" star Natasha Lyonne, arrested after threatening to sexually abuse a neighbour's dog, left court a free woman Friday after a judge promised to dismiss the charges against her.

Manhattan Criminal Court Judge Anthony Ferrara said because Lyonne successfully completed a court-ordered drug program and paid US$2,000 restitution, he was sentencing her to a conditional discharge.

Assistant district attorney Remy Taborga confirmed Lyonne had met the conditions set by the court. The prosecutor recommended the conditional discharge, which means if Lyonne is not arrested within the next six months, the charges will be dismissed.

TAZ Forum :: A Computer, Gaming, and Social Network Community of Friends :: View topic - American Pie' actress of threatening sex abuse of dog

identifying the assets and their values

2006-12-04T15:15:00.000-08:00

Hi

Apart from identifying the assets and their values,
the starting point for such a risk assessment is
what we call the threat agent: hurricanes, floods, fire,
virus, intruder, ..., (spammer, employee, ...)

Then, vulnerabilities for each threat agent are defined,
like thatched roof, lack of antivirus software, lack of entry-control, ...

As a result, you may define threats, like uncontrollable fire,
virus infection, stolen devices or 'secrets', ...

Then you continue with probabilities, impacts, countermeasures, ...
as you know it.

One source of confusion I have seen is the "difference"
between threat agents and threats. Often, these are
used as synonyms, which leads to confusion. At least from a
computer security perspective, a threat agents exploits a
vulnerability to realise a threat.

Good luck

Cheers

by sec_ware

TAZ Forum :: A Computer, Gaming, and Social Network Community of Friends :: View topic - identifying the assets and their values

TCP, UDP, NAT, PAT and Port Redirection as the PIX sees it

2006-12-03T12:44:00.000-08:00

In part four I will cover how the PIX handles TCP and UDP protocols, how static and dynamic translations work, how TCP interception features work and how to configure Dynamic NAT’s, Static NAT’s across one interface and multiple interfaces.

Almost the entire world uses Internet Protocol (IP) to communicate between computers, networks etc. An IP connection between two devices is known as a session. A session predominately uses one of two protocols, TCP or UDP.

From a PIX point of view TCP is very easy to inspect as a TCP ‘packet’ follows a very strict and well defined set of rules and has a very obvious start point and end point, and also makes it very clear what protocol the payload consists of.

UDP on the other hand is a very difficult protocol to inspect for the PIX as it has no clear beginning, flow state, payload information or end.

*The definition of Outbound and Inbound traffic differs from the normal definition as far as the PIX is concerned. When dealing with a PIX Inbound traffic is deemed to be traffic coming from a less secure interface to a more secure one (one with a lower security level to one with a higher level) and Outbound traffic is deemed to be traffic flowing from a more trusted interface to a less trusted one. Usually this will be INSDIE to OUTSIDE but this may not always be the case*

TAZ Forum :: A Computer, Gaming, and Social Network Community of Friends :: View topic - TCP, UDP, NAT, PAT and Port Redirection as the PIX sees it

Slightly Advanced PIX Configuration

2006-12-03T12:42:00.000-08:00

"If you have read part two you will know we have configured the PIX for basic operation; we have gave it a name, assigned IP addresses, speed/duplex setting and gave security levels to the interfaces. We configured NAT from the INSIDE to the OUTSIDE interfaces.
So now anything attached to the INSIDE interface will be allowed to send traffic to the internet and will pick up and external IP address when doing so.

Due to the security levels in place any traffic that comes to the OUTSIDE interface will be denied unless it is a return packet from an already existing connection that was initiated from a host on the INSDIE network. So although we are only using about 10% of the functionality of the PIX, it is still doing its job and protecting our INSIDE network with a very minimal configuration.

Before we moved on to a few advanced configuration commands, I will first cover a few things that can make our job easier when we come to configure the PIX and how to view information about our configuration. It is easy to get confused when using the command line when it comes to things like setting up VPN’s, upgrading firmware etc, so the following our commands we can use to simplify these tasks.
"

TAZ Forum :: A Computer, Gaming, and Social Network Community of Friends :: View topic - Slightly Advanced PIX Configuration

PIX - Object Grouping for quick and easy ACL's.

2006-12-03T12:41:00.000-08:00

It is recommended to read Access Control Lists and Content Filtering before reading this: http://tazforum.thetazzone.com/viewtopic.php?t=3848

When configuring access and rules for the PIX, if you have a lot of servers, protocols, ICMP filtering and networks that you need to configure access lists for, pretty soon creating individual ACL’s will become a very complicated thing; for this reason Cisco have created the Object Group feature.

Object Grouping is supported by version 6.2 and later of the PIX Operating System.

Object grouping allows you to group together the following:

Network – to group hosts and subnets
Protocol – to group IP protocols such as TCP, UDP etc
Service – to group port numbers, hence services
ICMP-type – to group ICMP types

After creating a group, you can apply an access list to everything that is in the group.

TAZ Forum :: A Computer, Gaming, and Social Network Community of Friends :: View topic - PIX - Object Grouping for quick and easy ACL's.

Basic PIX configuration

2006-12-03T12:38:00.000-08:00

Notice ‘pixfirewall’ now becomes ‘London’. Usually the firewall may be named after its geographic location, the service/project it is protecting etc. I look at it in such a way that if you have 3 different telnet sessions open to three different PIX’s you will always know exactly what you are configuring.

The hostname can be up to 63 alphanumeric characters in either uppercase of lowercase and defaults to ‘pixfirewall’ out of the box or when the ‘wr erase’ command is used followed by a reload.

Interface:

The interface command differs per PIX operating system, in version 7 it acts much like a Cisco router and drops you in to the ‘config-if’ sub context. On version 6.3 and earlier the prompt will not change and the command should be issued all on the one line. For this paper we are using version 7

The Interface or ‘int’ for short is the configuration command we use to allow us to alter the configuration of the PIX interfaces. We can assign it an IP address, subnet mask etc from this sub context.

TAZ Forum :: A Computer, Gaming, and Social Network Community of Friends :: View topic - Basic PIX configuration

A place to discuss a book I didn't write?

2006-05-16T12:20:00.000-07:00

TAZ Forum :: A Computer, Gaming, and Social Network Community of Friends :: View topic - A place to discuss a book I didn't write?:

"Okay, so I probably missed where this is supposed to go... Embarassed Anyway, I'm putting it here!

I'm reading Holy Blood, Holy Grail right now. Just started it last night. As some of you probably know, and maybe some of you don't, the authors of this book just attempted to sue Dan Brown for 'ripping off' their idea for The DaVinci Code. It's a non-fiction book. I won't say it's neccesarily fact, but they are the ones who, I guess, originally put forth the idea that the Holy Grail was Mary Magdalene and that Jesus was married and had children.

Anyway, just wondering if anyone else has read it, or would be interested in picking it up and reading it with me. I bought my copy at Wal-Mart for less than $6.

I was fairly disappointed in The DaVinci Code personally...it was a good, light read, and I enjoyed it for what it was worth...but not really worthy of all the build-up and hype. Doubt I'll see the movie."

posted by debs

Mod Clean-up: just a reminder

2006-05-16T05:13:00.000-07:00

TAZ Forum :: A Computer, Gaming, and Social Network Community of Friends :: View topic - Mod Clean-up: just a reminder:

"The May 20th clean-up day is approaching...

as stated in other threads...a clean-up on the forums will commence on May 20th...

some forum mods will be summarily executed...others will become forum mods...and still others will get more forums...

if you have a preference for a particular forum or forums...or wish to be moved to another forum...or object to being removed...now's the time to post it...

foxy will be accepting bribes via PM between the hours of 8am and 10pm his time...he'll list his preferences in bribes later...

spank-you for reading,

Eg"

Welcome

2006-03-16T16:26:00.000-08:00

Welcome to the first post of theTAZForumBlog