Daily Security Tips from Ed Skoudis - Week of August 26, 2002
Security Tip for Friday, August 30th, 2002
Security Tip for Thursday, August 29th, 2002
Design web applications so that critical data is not stored on the web server machine itself. The web server should gather sensitive data from the user and quickly move it to a back-end transaction server or database. The longer that the data, such as credit card numbers, financial transactions, or medical information, sits on the web server, the more likely an attacker will be able to compromise it. Keep sensitive data on a web server for no more than thirty minutes, and even less if possible.
Security Tip for Wednesday, August 28th , 2002
One of the major problems plaguing the security of wireless LANs involves the Wired Equivalent Privacy (WEP) protocol. WEP has been broken using a variety of mechanisms that allow an attacker to retrieve the encryption/authentication key. If you are deploying wireless LANs in a network infrastructure that carries sensitive data, consider using a Virtual Private Network (VPN) to strongly authenticate and encrypt traffic sent across the wireless hop. Think about it when you send arbitrary data to your protected intranet across the big, scary Internet, you use a VPN. The radio spectrum around your facilities is also a big, scary network, so you should use a VPN to protect your data there as well.
Security Tip for Tuesday, August 27th, 2002
When handling computer incidents, use pre-printed forms for recording the details of the incident in writing. Such forms help to ensure that you do not miss any details during the excitement of an incident. Not only do such forms help you follow a clearly defined incident handling process, they can also be very useful if your case ever goes to court. You can find incident handling forms available for free at http://www.incidents.org/Incident_forms/
Security Tip for Monday, August 26th, 2002
For computer incident handling and forensics activities, prepare a jump-bag that includes software and hardware you may need in a crisis situation. Keep this jump bag with you, so that you are ready to go whenever an incident occurs. Store the following in your jump bag: spare IDE and SCSI drives, CDs and floppies with critical system binaries (Tripwire, AIDE, ls, ps, netstat, cp, etc.), extra notebooks for taking detailed notes, and other critical items. When not handling an incident, never "borrow" from your own jump bag, despite how tempting it may be!