Holistic InfoSec.org's Russ McRee writes regularly on information security topics in the hope of sharing knowledge and resources with a wide audience.
Septembers's toolsmith column in the ISSA Journal covers tools from Sensepost, including Wikto and Scully. Next month we'll cover the Security Officers Management and Analysis Project, including SOBF. toolsmith offers insights on tools useful to the infosec practitioner, typically open source or inexpensive. The ISSA Journal is available to members in print and online at issa.org. Article copies are available on my toolsmith page.
OWASP offers Secure Web App Server, in its Papers collection. The paper covers the use of SELinux, iptables, mod_jk, mod_security, and mod_evasive to build a secure web app server. This paper is a living document, updated as needed to stay current. Current version is 1.3 with change notes included.
OWASP's Secure Web App Server
SMaK - Smoothwall, MySQL and Kiwi Syslog Daemon: Cost Effective Firewall and Logging with Database and Analysis
Systems Security Assessment: A Simple Baseline
Russ will offer a presentation on Malcode Analysis Techniques for Incident Handlers at SecureWorld Expo Seattle, October 31st, at 8:30am: The threat landscape changes constantly, driven in part by the "bot economy" and changing malcode techniques. In response, incident handler techniques must keep pace. This presentation will cover tools and methodology useful to handlers, analysts, and administrators. From detection and discovery, capture and containment, count on a useful discussion meant to further your understanding of the information security practitioner's greatest bane.
Russ taught SANS Stay Sharp Google Hacking and Defense on July 19th, 2007 in Bellevue, WA. SSP-GHD offers a "fundamental understanding of technical defense measures to uncover unintended information disclosures, close common holes in web servers and Internet connected devices as well as clean up the exposures discovered."
3rd Annual ISSA Northwest Regional Security Conference May 11th, 2007. Covered toolsmith highlights.
WSA Security Sig, April 2nd, 2007. Covered toolsmith highlights.
Extrusion Detection with Aanval and Bleeding-Edge Snort at SecureWorld Expo Seattle, October 10, 2006. Details here.
Covered Aanval and Bleeding Snort for the Seattle Snort Users Group on June 6, 2006, at the South Seattle Community College. In an age of compliance, it is hugely beneficial to have the capacity to draw the majority of network security information from one platform. Use of Aanval can offer much information about outbound traffic, in particular, via the use of Bleeding Edge Snort rules to capture both IM and spyware traffic, as well as policy violations and information leakage. Russ presented the use of Aanval as an IDS and Network Monitor, covering the use of Aanval and Bleeding Edge Snort rules for malware detection and policy enforcement at Linuxfest Northwest 2006 in Bellingham, WA, April 29th, 2006
Russ' article, SELinux, Apache, and Tomcat, A Securely Implemented Web Application Server, was published in Sys Admin, the journal for UNIX and Linux systems adminstrators, in the January 2006 issue. The article covers the use of SELinux, iptables, mod_jk, and mod_security to build a secure web app server.
Russ participated in the Seattle SecureWorld Expo as a panelist on the IT & Physical Security Convergence panel. Seattle SecureWorld Expo took place October 19-20, 2005 at Meydenbauer Center.
Russ was privileged to address an audience of extraordinary scientists and researchers in the field of intrusion detection at RAID 2005 - The 8th International Symposium on Recent Advances in Intrusion Detection held in Seattle September 7-9. The presentation was a short, simple one, designed to motivate further discussion at poster sessions held after the presentations to the audience as a whole.
A Storm Malware Snapshot - a compiled review of the Storm-related P2P bot threat
Extrusion Detection with Aanval & Bleeding Edge Threats
RAID 2005 Presentation
RAID 2005 Poster Slides