Lunchbox InfoSec @lunchboxsecurity-blog - Tumblr Blog

This is a neat overview of PDFStreamDumper.

This is a basic article for looking for HTTP requests to help create network based signatures. Obviously the first thought is the ability to create a signature for Snort, but even without Snort you can actually view end user HTTP requests through different logs such as Cisco ASA firewall with the "Accessed URL" entry.

#malware #analysis #ips

Great article on XSS protection.

#webappsec #xss

While reading this article this caught my eye.

"There are more malware command and control (C&C) servers in the US than China, only scant malware in porn and few instances of multiple malware infections on single computers, according to research."

So if you think that geo-blocking foreign countries will solve your issues, best of luck to you.

If your organization is looking for real time reputation service then I suggest looking into something like TippingPoint's RepDV (http://h17007.www1.hp.com/tw/en/solutions/security/reputation-digital-vaccine/).

If your organization doesn't have the funds for this then implementing blacklist IP addresses on your border router or your firewall is always a good alternative. Just remember these recommendations.

1. Always keep up to date on the blacklist IP addresses. If at all possible, script it out. 2. Block out going connections as well. One of the biggest dangers out there these days is malware. 3. Do routine checks on the logs. I can't stress this enough, especially for outbound connections.

#ips #firewall

Good article showing the effectiveness of Web Application Firewalls in a network compared to an Intrusion Prevention System. One thing you'll learn... Regex signatures can't solve everything.

#waf #ips

Risk rating is the core of Cisco IPS alerting. This is a great overview of how risk rating is calculated. Using the Cisco IPS Manager Express with the knowledge of risk rating you'll be able to limit down attacks that need to be reviewed.

Note: This is an older tech talk but still worth a watch.

#cisco #ips #analysis

Trending Blogs

Recently Viewed Blogs

Lunchbox InfoSec