cipherdyne.org

12 April, 2005

At the Linux World Summit conference (May 25-26 in New York City) I will be giving a talk entitled Securing the Enterprise with Netfilter. This talk will will make the case that Netfilter is ready for serious deployment within the Enterprise. Stop by to say "hello" if you are going to attend the conference!

Slides can be found here.

20 March, 2005

The 0.5.0 release of fwknop is ready for download. Here is an excerpt from the ChangeLog:

• Added ALERTING_METHOD to allow syslog and/or email reporting to be disabled (there is a dedicated file /etc/fwknop/alert.conf that governs this behavior, and both fwknop and knopwatchd reference this file).
• Bugfix for distinguishing OPT field associated with --log-tcp-options vs. --log-ip-options.
• Added install_perl_module() install.pl from psad to provide a consistent installation interface.
• Applied patch to only install perl modules that are not already installed (Blair Zajac).
• Added --last-cmd option to allow fwknop to be executed with command line arguments from the previous execution (they are saved in ~/.fwknop.run).
• Added --Home-dir option to allow the home directory to be manually specified.
• Re-worked get_homedir() to be more friendly to systems that do not necessarily have /etc/passwd (e.g. OS X).
• Added configuration preservation and querying for which syslog daemon is running to install.pl. These features were adapted from the psad installer (http://www.cipherdyne.org/psad).

20 March, 2005

The 0.6.5 release of fwsnort is ready for download. Here is an excerpt from the ChangeLog:

• Updated to not attempt to download Snort rules from snort.org because the rules are no longer available for automatic downloads
• Changed the install.pl script and the --update-rules mode for fwsnort to download the latest signature set from http://www.bleedingsnort.com/.
• Added signature test for the "flowbits" keyword.

13 March, 2005

The 1.4.1 release of psad is ready for download. Here is an excerpt from the ChangeLog:

• Updated to Snort-2.3 rules in the snort_rules directory.
• Re-worked syslog installation portion of install.pl. The user will always be prompted to enter the syslog daemon now, and also added the --syslog-conf arg to allow the config file path to be specified on the install.pl command line.
• Bugfix in install.pl for using IP address instead of network address of directly connected subnets.
• Updated to version 4.6.23 of the whois client.
• Bugfix for distinguishing OPT field associated with --log-tcp-options vs. --log-ip-options.
• Bugfix for syslog format that may not include the "kernel:" tag.
• Applied patch to only install perl modules that are not already installed (Blair Zajac).
• Bugfix for the psad version number that is sent in DShield alerts.
• Updated Psad module directory structure to be consistent with current versions of perl (5.8.x).

20 February, 2005

The 0.9.3 release of gpgdir is ready for download. Here is an excerpt from the ChangeLog:

• Added --Include and --Include-from options to allow inclusion regular expressions to be specified.
• Bugfix for not decrypting filesnames that contain spaces.

15 February, 2005

I was the lead author of the book Intrusion Prevention and Active Response: Deploying Network and Host IPS. This book was published by published by Syngress Publishing, and is the first to concentrate exclusively on the concept of Intrusion Prevention. There are many books out there that concentrate on the concept of intrusion detection, but few that emphasize intrusion prevention. Although the detection mechanisms used by intrusion prevention systems are derived from the detection world, there are many interesting consequences when devices start interferring with network traffic.

06 January, 2005

The 0.9.2 release of gpgdir is ready for download. Here is an excerpt from the ChangeLog:

• Added preservation of file mtime and atime values (may be disabled with the --no-preserve-times option).
• Added testing encryption and decryption of dummy file (may be disabled with --skip-test) by default for both encrypt and decrypt modes.
• Added --test-mode to run encrypt -> decrypt test and exit.
• Removed unnecessary compression options.
• Updated get_homedir() to reference HOME environmental variable if the /etc/passwd file does not exist (OS X being a good example).
• Added --verbose mode.
• Updated output to generate errors on a per-file basis instead of dumping them at the end of an encrypt/decrypt operation.