SGUIL - The Analyst Console for Network Security Monitoring.

SGUIL - The Analyst Console for Network Security Monitoring.
By Analysts -- For Analysts -- Current Version 0.6.1

Sguil (pronounced sgweel) is built by network security analysts for network security analysts. Sguil's main component is an intuitive GUI that provides realtime events from snort/barnyard. It also includes other components which facilitate the practice of Network Security Monitoring and event driven analysis of IDS alerts. The sguil client is written in tcl/tk and can be run on any operating system that supports tcl/tk (including Linux, *BSD, Solaris, MacOS, and Win32).


Want to learn more about Network Security Monitoring (NSM)? Then check out Richard Bejtlich's recently released book, The Tao of Network Security Monitoring: Beyond Intrusion Detection. An excerpt reads:

Network security monitoring (NSM) equips security staff to deal with the inevitable consequences of too few resources and too many responsibilities. NSM collects the data needed to generate better assessment, detection, and response processes--resulting in decreased impact from unauthorized activities.

For those interested in seeing how sguil looks and feels, download the client and connect to the sguil daemon (sguild) at demo.sguil.net on port 7734. Enter any username and password when prompted and select the sensor named "reset". In the console, you will see a User Messages tab. Within this tab you can communicate with other connected analysts as well as the irc channel #snort-gui on irc.freenode.net.

Download it here http://sguil.sourceforge.net/index.php?page=download

p/s: this is a really cool stuff :D excited

The book: Hacker's Challenge 3

The book

Hacker's Challenge 3 (Paperback)
by David Pollino, Bill Pennington, Tony Bradley, Himanshu Dwivedi



Hacker's Challenge 3

The ultimate test of hacking skills for IT security professionals

This unique volume helps you determine if you have what it takes to keep hackers out of your network. Twenty brand-new, real-life security incidents test computer forensics and response skills--all in an entertaining and informative style. The latest security topics are covered, including phishing and pharming scams, internal corporate hacking, Cisco IOS hacks, wireless hacks,VoIP hacks,Windows, Mac OS X, UNIX/Linux, and much more!

Each challenge unfolds like a chapter from a novel and includes details of the incident—how the break-in was detected, evidence, and background such as log files and network diagrams--and is followed by a series of questions for you to solve. Detailed solutions for all the challenges are included in the second part of the book.

p/s:most fun security book

Azam Baru

Walaupun hari ni belum tahun baru tapi aku dah ada azam baru yang akan aku start esok. Now aku akan continue cita-cita asal aku kepada security consultant sekarang dunia unix/linux aku macam tak bawak aku ke mana .................. mulakan activity penggodaman ... aku bosan dah duk ofis ni...

p/s: esok aku nak declare hari perang cyber kat department aku - start dengan solaris - kenapa aku rasa nak menendang je ni geram pun ada damn!

4 Golden Lessons From The Apprentice by A.Williams

4 Golden Lessons From The Apprentice by A.Williams

Remember Melissa from The Apprentice? Yeah, neither do I. She did something unthinkable during some random task on the first episode of last season and got the axe. The same happened to Chris, Jennifer W., poor ol' Toral, and every other Tom, Dick and Harry who did something completely half-witted on national television.

Everyone watches the show and rolls their eyes in disbelief, completely convinced that they can outperform any one of these mindless candidates. But is this true? When the pressure's on, would you be able to impress dear ol' Donald and avoid the wrath of his spine-tingling, hair-raising catchphrase, "You're fired?"

Whether you find yourself in the audition room for the next Apprentice or in the conference room down the hall from your cubicle, here are some of the golden rules to succeed in business, Trump-style.

1- Keep it simple
It's Monday morning, 9 a.m. Your boss suddenly announces you' re going to be presenting your proposal to the company shareholders tomorrow. The sound of his, "You better make it good, Johnson," keeps resonating in your ears. In the midst of heart-pounding panic and a clammy, cold sweat, you think, "This has to be big -- I want music, I want effects, I want costumes!" But let's put a hold on this Broadway production before you make a fool of yourself.

The first golden rule of becoming successful in business is keeping it simple. Bigger is not necessarily better. For illustrative purposes, let's take a look at a past episode of The Apprentice. The teams were told they had to create a campaign to generate the most customer phone calls to a Shania Twain perfume hotline. One team hired people to wear sandwich boards and advertise the campaign by word-of-mouth, while the other team thought outside the box, plastering Shania Twain posters all over horse and buggy carriages, ultimately experiencing a shameful defeat.

The lesson of this story: people can sell, horses can't. While the music, effects and costumes might seem like an impressive, "outside-the-box" kind of move, you're better off going back to basics (i.e. a well-rehearsed speech, some handouts organized in drab, gray folders and maybe a short PowerPoint presentation). This foolproof method will have you lunching with the execs in no time.

There are reasons why a good suit is associated with success and not stupidity...

2- Research, research, research
Going into a presentation or writing a report without doing the proper research is on par with crossing the street blindfolded -- you're simply screwed.

Apprentice teams who missed out on executive interviews for marketing tasks usually ended up suffering humiliating losses ( la Capital Edge's loss after skipping an interview with executives for a Star Wars campaign).

You may have a brilliant idea for that BMW campaign, but all those bells and whistles might prove pointless if you haven't performed the necessary research. Put aside your great models in lingerie and dancing bears idea for a while, and have a chat with the BMW executives -- what's their target audience? What do they envision? What would they hate? If you get the scoop straight from the source, you'll be sure to impress.

3- No more Mr. Nice Guy
Have you seen Office Space? Not only does it portray the truth about life in the workplace, but it also shows a man living out every disgruntled worker's fantasy -- telling his boss exactly what he thinks. You'd think this would get him fired, but, instead, he gets promoted.

If Office Space taught me anything, it's that most jobs will leave you miserable and that nice guys definitely finish last.

Let's apply this idea to the ever-so-compelling Apprentice. Remember that episode when Excel stole the megapho nes from Capital Edge, destroying their competitor's campaign? While many of us with a conscience wouldn't even fathom the idea of stealing to win, these contestants didn't think twice. The outcome of this devilishly sly act? A congratulatory pat on the head by none other than Donald Trump himself, along with a landslide victory.

What's the moral of this story? Well, there isn't one -- morals have no place in business. It's a dog-eat-dog world, so if you think you have the perfect plan to sabotage Billy's promotion and nab it for yourself, don't bat an eye -- Trump says it's okay.

4- Dress for success
This might be a shallow lesson, but it's a golden one nonetheless. If you dress the part, you'll feel the part; and if you feel the part, you'll eventually become the part. So, go downtown and hit some swanky shops. You're going to need the basics -- a black suit and a blue suit (single-breasted jacket with three buttons, flat-fr ont pants), black leather shoes (no laces), and a varied color palette of dress shirts and ties (with no distracting patterns). It doesn't end with clothing, though. You must always be well groomed (neat hair, clean shaven) and do not overload on the after-shave.

You don't need to be tall, dark and handsome to succeed in business, but you need to appear in such a way that people will take you seriously.

I don't know about you, but I can't recall an unattractive, badly dressed contestant winning the big Apprentice-ship. After all, that guy with the bowties was fired well into the beginning of the season.

putting it all together

Each lesson might be difficult to integrate into your daily work routine at first, but if you ease your way into each lesson, one at a time, you'll notice an immediate improvement in your work performance. So go ahead, give 'em a try and make "The Donald" proud.


p/s:
No more Mr. Nice Guy , be meant

Solaris: Recovering From Soft Partition Problems

Recovering From Soft Partition Problems

The following sections show how to recover configuration information for soft partitions. You should only use these techniques if all of your state database replicas have been lost and you do not have a current or accurate copy of metastat -p output, the md.cf file, or an up-to-date md.tab file.

How to Recover Configuration Data for a Soft Partition

At the beginning of each soft partition extent, a sector is used to mark the beginning of the soft partition extent. These hidden sectors are called extent headers and do not appear to the user of the soft partition. If all Solaris Volume Manager configuration is lost, the disk can be scanned in an attempt to generate the configuration data.

This procedure is a last option to recover lost soft partition configuration information. The metarecover command should only be used when you have lost both your metadb and your md.cf files, and your md.tab is lost or out of date.


Note - This procedure only works to recover soft partition information, and does not assist in recovering from other lost configurations or for recovering configuration information for other Solaris Volume Manager volumes.



Note - If your configuration included other Solaris Volume Manager volumes that were built on top of soft partitions, you should recover the soft partitions before attempting to recover the other volumes.


Configuration information about your soft partitions is stored on your devices and in your state database. Since either of these sources could be corrupt, you must tell the metarecover command which source is reliable.

First, use the metarecover command to determine whether the two sources agree. If they do agree, the metarecover command cannot be used to make any changes. If the metarecover command reports an inconsistency, however, you must examine its output carefully to determine whether the disk or the state database is corrupt, then you should use the metarecover command to rebuild the configuration based on the appropriate source.

  1. Read the Background Information About Soft Partitions.

  2. Review the soft partition recovery information by using the metarecover command.

    metarecover component-p {-d }

    In this case, component is the c*t*d*s* name of the raw component. The -d option indicates to scan the physical slice for extent headers of soft partitions.

    For more information, see the metarecover(1M) man page.


p/s: soft partitions is the best way to extend the 7 slices in solaris volume manager, it has capability to slice it to how many space that we want but it will slow down the performance a little bit

SSH: TIME_WAIT problem

The TIME_WAIT problem


Sometimes a forwarded port mysteriously hangs around after the forwarding SSH session has gone away. You try a command you've used successfully several times in a row and suddenly get an error message:
$ ssh1 -L2001:localhost:21 server.example.com
Local: bind: Address already in use
(This happens commonly if you're experimenting with port forwarding, trying to get something to work.) You know that you have no active SSH command listening on port 2001, so what's going on? If you use the netstat command to look for other listeners on that port, you may see a connection hanging around in the TIME_WAIT state:
$ netstat -an | grep 2001
tcp 0 0 127.0.0.1:2001 127.0.0.1:1472 TIME_WAIT
The TIME_WAIT state is an artifact of the TCP protocol. In certain situations, the teardown of a TCP connection can leave one of its socket endpoints unusable for a short period of time, usually only a few minutes. As a result, you cannot reuse the port for TCP forwarding (or anything else) until the teardown completes. If you're impatient, choose another port for the time being (say, 2002 instead of 2001) and get on with your work, or wait a short time for the port to become usable again.


source: http://www.unix.org.ua/orelly/networking_2ndEd/ssh/ch09_02.htm

p/s: This is why sometimes we faced this issue "
Local: bind: Address already in use"

SKIP - Simple Key management for Internet Protocols

SKIP - Simple Key management for Internet Protocols

SKIP, which provides IP-Level cryptography, much like SSH, is available for Linux. A quick overview from http://www.skip.org states:

SKIP secures the network at the IP packet level. Any networked application gains the benefits of encryption, without requiring modification. SKIP is unique in that an Internet host can send an encrypted packet to another host without requiring a prior message exchange to set up a secure channel. SKIP is particularly well-suited to IP networks, as both are stateless protocols. Some of the advantages of SKIP include:
  • No connection setup overhead

  • High availability - encryption gateways that fail can reboot and resume decrypting packets instantly, without having to renegotiate (potentially thousands) of existing connections

  • Allows uni-directional IP (for example, IP broadcast via satellite or cable)

  • Scalable multicast key distribution

  • SKIP gateways can be configured in parallel to perform instant-failover

There is a wealth of information available at http://www.skip.org as well as the actual Linux implementation available at http://www.tik.ee.ethz.ch/~skip/



INFO: Kaitan Tidur Dan Keletihan



INFO: Kaitan Tidur Dan Keletihan
source: mailing list

Badan letih dan lesu walaupun kita merasakan telah berehat dan tidur secukupnya. Mengapakah hal ini berlaku?. Lazimnya kita bangun awal pada hari bekerja dan bangun lewat pada hari tidak bekerja atau cuti umum. Kita seolah-olah "balas dendam" kerana merasakan tidak cukup tidur pada hari bekerja. Namun yang berlaku adalah sebaliknya, badan kita semakin letih dan lesu.

Sebenarnya, pola tidur sedemikian telah mengganggu putaran biologi dalam badan anda atau "biological clock". Gangguan inilah yang menyumbang kepada keletihan tubuh badan anda. Menurut Timothy Rogers, Pengarah Pusat Kajian Masalah Tidur dari Hospital Henry Ford di Detroit, AS, badan kita mengeluarkan sejenis hormon kecergasan yang dipanggil cortisol. Sekiranya anda bangun tidur jam 7 pagi, cortisol akan dirembeskan 3 jam awal iaitu jam 4 pagi sebagai persediaan untuk anda bangun dan aktif.

Oleh itu, sekiranya anda mengamalkan corak tidur seperti di atas, jadual cortisol terganggu. Cortisol telah dikeluarkan pada jam 4 pagi tetapi pada hari itu anda bangun jam 11 pagi. Akibatnya, ketika anda bangun hormon kecergasan telah tiada. Anda akan merasa letih dan lesu walaupun tidur melebihi 8 jam sehari.

Jadi, jika anda mahukan kecergasan berpanjangan, jagalah amalan tidur anda agar tidak mengganggu putaran biologi di dalam tubuh anda. Tiada gangguan ini bermakna anda akan cergas, bertenaga dan aktif.



p/s: Patut la aku tdo lama letih :D
Selamat Berpuasa