J Wolfgang Goerlich's thoughts on Information Security

By wolfgang. 29 June 2010 07:31

In InfoSec risk management, one area that does not get much press is risk transference. That is, using insurance (or agreements) to transfer the risk to a third party. Brian Krebs makes the case, anecdotally, on his blog.


After an incident in which the attackers raided a company’s bank for $750K, “The company managed to recover three of the fraudulent transactions, and its total loss now stands at just shy of $100,000. Golden State Bridge is confident that after paying its $10,000 deductible, the insurance company will cover the rest…” 



Risk Management | Security

Pentetration testing lab

By wolfgang. 4 June 2010 06:08

Security Information Management systems are meant to catch and report anything suspicious, right? So how do we test them? Creating a vulnerable network and exploiting it. The following tools can be used to create a testing lab to validate network security and web application security controls

Attack systems:

Back|Track -- The most widely used and well developed penetration distro. The main disadvantage is bloat and lack of Hyper-V support. (Live disc; Slax; netsec)

Matriux -- The new kid on the block, with a faster and leaner distro than Back|Track and native Hyper-V support. (Live disc, Hyper-V; Kubuntu; netsec)

Neopwn -- A penetration testing distro created for smart phones. (Debian; netsec)

Pentoo -- Gentoo meets pentesting. (Live disc; Gentoo; netsec).

Samurai Web Testing Framework -- Specifically targeted towards web application security testing. (Live disc, Ubuntu, appsec)

Target systems:

Damn Vulnerable Linux (DVL) -- The classic vulnerable Linux environment. (Live disc; netsec)

De-ICE -- A series of systems to provide real-world security challenges, used in training sessions. (Live disc; netsec)

Metasploitable -- Metasploit’s answer to the question: now that I have Metasploit installed, what can I attack? (VMware; Ubuntu; netsec)

Damn Vulnerable Web App (DVWA) -- A preconfigured web server hosting a LAMP stack (Linux, Apache, MySQL, PHP) with a series of common vulnerabilities. (Live disc; Ubuntu; appsec;)

Moth -- From the people that brought you w3af, Moth is a preconfigured web server with vulnerable PHP scripts and PHP-IDS. (VMware; Ubuntu; appsec)

Mutillidae -- An insecure PHP web app that implements the OWASP Top 10. (Installer; appsec)

WebGoat -- An insecure J2EE web app that OWASP uses for security training. (Installer; appsec)


Security | Security Information Management

    Log in