ABE with WS2003 SP1 or R2

With Windows Server 2003 SP1 or the R2 release you can install a utility called ABE or Access Based Enumeration.

ABE makes visible only those files or folders that the user has rights to access. Once you have enabled ABE, the server will not display files or folders that the user does not have the rights to access i.e. if the NTFS File/Folder permissions have been set for specific user/group access. This is very useful for most companies due to the sensitive nature of some folders.

In many cases creating the folder structure to provide a level of access for certain users/groups will lead to a highly complex and unmanageable system. So I think ABE is going to really assist both IT Admins and Management!

Finally never rely on ABE alone, always start with a strong foundation of Groups and NTFS Folder permissions and audit these settings – you might be surprised at what you find.

Details of ABE and the download can be found at Microsoft

The BBC Honeypot with WinXp

The BBC thought it would create a Windows XP Honeypot to see what would happen.
And….
SEVEN HOURS OF ATTACKS
36 warnings that pop-up via Windows Messenger
11 separate visits by Blaster worm
3 separate attacks by Slammer worm
1 attack aimed at Microsoft IIS Server
2-3 “port scans” seeking weak spots in Windows software

Not surprising really, I’ve heard of other stories whereby someone has installed a plain vanilla box without a firewall onto the internet and was it was owned within 20 minutes. Even if that story was not true it would most likely be owned within a few hours or at least on the same day.

Full details of story here at the BBC website.

Web 2.0 is great right?

Web 2.0 best described by the guys that coined it, O’Reilly and “What Is Web 2.0
Design Patterns and Business Models for the Next Generation of Software”
website should provide you with some insight into what exactly it is.

However as with everything these days, the more cooler stuff you add, the more vulnerable it is. Which is highlighted in this article over at Help Net-Security “Top 10 Web 2.0 Attack Vectors“.

So when the powers to be come running into your office with we need to have this Web 2.0 stuff because everyone else has it! Remember the attack vectors associated with it and ensure you provide a risk assessment and if possible business case to either justify it’s usefulness vs security risk… in plain English do we really need this stuff?

No doubt in just about all cases there are going to be some components of Web 2.0 that will benefit the organisation. You probably really do need some of them and/or have no choice in the matter and you may already be using some of them.

Just don’t forget to apply the security principles to Web 2.0 that you are using on your network.

Yes I’m using Web 2.0 here by blogging 🙂

code.google.com for searching code

Google now has a new search tool http://code.google.com

I’m sure this may be of use to some coders and I’m also sure it’s of even greater use for the bad guys!! Many Security experts are warning about the ease of obtaining code and other information.

A great book by Johnny Long “Google Hacking for Penetration Testers” highlights the current dangers of Google. I think he might be adding a new chapter for the next edition!