Comments for Insinuator http://www.insinuator.net Some outright rants from a bunch of infosec practitioners. Fri, 23 Dec 2011 16:58:58 +0000 hourly 1 http://wordpress.org/?v=3.3.1 Comment on Liferay Portlet Shell by Nicob http://www.insinuator.net/2011/12/liferay-portlet-shell/comment-page-1/#comment-762 Nicob Fri, 23 Dec 2011 16:58:58 +0000 http://www.insinuator.net/?p=811#comment-762 I'll demo my own Liferay Java Shell next week at BerlinSides. It doesn't need an additional portlet, "XSLT Content" is enough ... I’ll demo my own Liferay Java Shell next week at BerlinSides. It doesn’t need an additional portlet, “XSLT Content” is enough …

]]> Comment on (Auditing) Remote Access Security in 2011 by erey http://www.insinuator.net/2011/08/auditing-remote-access-security-in-2011/comment-page-1/#comment-681 erey Tue, 20 Sep 2011 19:41:24 +0000 http://www.insinuator.net/?p=564#comment-681 David, thanks for the comment. Point is, you usually can't (establish the endpoint's trustworthy state) in an operationally feasible way, due to a number of reasons (heterogeneity of endpoints, speed and sprawl of their deployment, technical hurdles etc.). That's why good governance incl. reasonable AUPs (ideally with some element of liability in those) is so important. or just not allowing any local data processing on endpoints. That said, in general we like the certificate approach (being quite aware of the operational side of it), and we'll publish an ERNW newsletter on "Certificate based authentication with iPads" within the next two weeks. Have a good one & thanks again for the comment, Enno David,

thanks for the comment. Point is, you usually can’t (establish the endpoint’s trustworthy state) in an operationally feasible way, due to a number of reasons (heterogeneity of endpoints, speed and sprawl of their deployment, technical hurdles etc.). That’s why good governance incl. reasonable AUPs (ideally with some element of liability in those) is so important. or just not allowing any local data processing on endpoints.
That said, in general we like the certificate approach (being quite aware of the operational side of it), and we’ll publish an ERNW newsletter on “Certificate based authentication with iPads” within the next two weeks.

Have a good one & thanks again for the comment, Enno

]]> Comment on (Auditing) Remote Access Security in 2011 by David http://www.insinuator.net/2011/08/auditing-remote-access-security-in-2011/comment-page-1/#comment-639 David Tue, 16 Aug 2011 09:25:04 +0000 http://www.insinuator.net/?p=564#comment-639 That Matrix is really interesting, it's very good to have such a reference when dealing with mobile device management and remote access. However, it raises one question in my mind : during a connection, how do you establish that the endpoint is company-managed or trustworthy ? I have some ideas about this (certificate, serial numbers, application installed on the endpoint, mac address), but have you benchmarked some of those, or others ? That Matrix is really interesting, it’s very good to have such a reference when dealing with mobile device management and remote access. However, it raises one question in my mind : during a connection, how do you establish that the endpoint is company-managed or trustworthy ?

I have some ideas about this (certificate, serial numbers, application installed on the endpoint, mac address), but have you benchmarked some of those, or others ?

]]> Comment on Week of releases – gtp_scan-0.7 by al http://www.insinuator.net/2011/07/week-of-releases-gtp_scan-0-7/comment-page-1/#comment-634 al Tue, 02 Aug 2011 06:17:08 +0000 http://www.insinuator.net/?p=513#comment-634 Does this have documentation for proper on how to use? Does this have documentation for proper on how to use?

]]> Comment on Week of releases – gtp_scan-0.7 by dmende http://www.insinuator.net/2011/07/week-of-releases-gtp_scan-0-7/comment-page-1/#comment-619 dmende Wed, 13 Jul 2011 15:37:45 +0000 http://www.insinuator.net/?p=513#comment-619 Hi, Im not sure what you mean. Can you please elaborate? thanks Hi, Im not sure what you mean. Can you please elaborate? thanks

]]> Comment on Week of releases – gtp_scan-0.7 by joinbaijun http://www.insinuator.net/2011/07/week-of-releases-gtp_scan-0-7/comment-page-1/#comment-618 joinbaijun Wed, 13 Jul 2011 15:09:46 +0000 http://www.insinuator.net/?p=513#comment-618 i guess you know vul on GGSN during attachment too,do you? i guess you know vul on GGSN during attachment too,do you?

]]> Comment on IPv6 Security Part 2, RA Guard – Let’s get practical by erey http://www.insinuator.net/2011/03/ipv6-security-part-2-ra-guard-%e2%80%93-lets-get-practical/comment-page-1/#comment-587 erey Mon, 13 Jun 2011 18:35:23 +0000 http://www.insinuator.net/?p=325#comment-587 Bruno, thanks for your mail. Unfortunately the RA guard feature (even though described in the - "informational" - RFC 6105) is currently only available on very few platforms. As for Cisco devices the configuration can be found in our presentation from the IPv6 Kongress. We have not yet extensively researched other vendors. What kind of hardware (vendor/model[s]) are you actually willing to configure RA guard on? Feel free to contact us directly (erey@ernw.de, cwerny@ernw.de) to discuss this further/in more detail. all the best for your research project, thanks Enno Bruno,

thanks for your mail. Unfortunately the RA guard feature (even though described in the – “informational” – RFC 6105) is currently only available on very few platforms. As for Cisco devices the configuration can be found in our presentation from the IPv6 Kongress. We have not yet extensively researched other vendors. What kind of hardware (vendor/model[s]) are you actually willing to configure RA guard on?
Feel free to contact us directly (erey@ernw.de, cwerny@ernw.de) to discuss this further/in more detail.

all the best for your research project, thanks

Enno

]]> Comment on Yet another update on IPv6 security – Some notes from the IPv6-Kongress in Frankfurt by erey http://www.insinuator.net/2011/05/yet-another-update-on-ipv6-security-some-notes-from-the-ipv6-kongress-in-frankfurt/comment-page-1/#comment-586 erey Mon, 13 Jun 2011 18:25:56 +0000 http://www.insinuator.net/?p=402#comment-586 Hi, sorry for the late reply, life kept me (too) busy. As for your questions: a) I think Wireshark complains as it does not expect to see an IPv6 packet without an actual upper layer payload. As, obviously, the RA guard implementation on the Cisco device in question (a 4948-E) doesn't either (expect this). Still the packets are not malformed, it's just Wireshark not fully understanding them. b) the screenshots are from a litte session in the break right before Marc's talk. We (he & us) gathered and did some testing with his tool and our device. Did he give a live demo of this one? I'd expect this not to have happened (lacking a RA guard capable device) but I changed rooms at noon to follow Eric's talk so couldn't see Marc's talk in full. Feel free to contact us directly (erey@ernw.de, cwerny@ernw.de) to discuss this further. thanks Enno Hi,

sorry for the late reply, life kept me (too) busy. As for your questions:

a) I think Wireshark complains as it does not expect to see an IPv6 packet without an actual upper layer payload. As, obviously, the RA guard implementation on the Cisco device in question (a 4948-E) doesn’t either (expect this). Still the packets are not malformed, it’s just Wireshark not fully understanding them.
b) the screenshots are from a litte session in the break right before Marc’s talk. We (he & us) gathered and did some testing with his tool and our device. Did he give a live demo of this one? I’d expect this not to have happened (lacking a RA guard capable device) but I changed rooms at noon to follow Eric’s talk so couldn’t see Marc’s talk in full.

Feel free to contact us directly (erey@ernw.de, cwerny@ernw.de) to discuss this further.

thanks

Enno

]]> Comment on HITB Aftermath by erey http://www.insinuator.net/2011/05/hitb-aftermath/comment-page-1/#comment-585 erey Mon, 13 Jun 2011 18:16:04 +0000 http://www.insinuator.net/?p=454#comment-585 thanks man! ;-) thanks man! ;-)

]]> Comment on IPv6 Security Part 2, RA Guard – Let’s get practical by Bruno http://www.insinuator.net/2011/03/ipv6-security-part-2-ra-guard-%e2%80%93-lets-get-practical/comment-page-1/#comment-517 Bruno Thu, 09 Jun 2011 21:11:18 +0000 http://www.insinuator.net/?p=325#comment-517 Dear Enno, I found your articles very interesting regarding IPv6 security. I am currently developping an IPv6 project study for University purposes in order to deploy a secure Wireless IPv6 Network. After reading the RFC-6105 (IPv6 Router Advertisement Guard), it seems being possible to configure Stateles Router Guard. I would like to know how to configure Stateless Router Guard in order to examines incoming RAs and decides whether to forward or block them based solely on information found in the message or in the L2-device configuration ?? Which commands shoud we use in the L2 device ? Sincerely thanks in advance, Bruno Dear Enno,
I found your articles very interesting regarding IPv6 security.

I am currently developping an IPv6 project study for University purposes in order to deploy a secure Wireless IPv6 Network.

After reading the RFC-6105 (IPv6 Router Advertisement Guard), it seems being possible to configure Stateles Router Guard.

I would like to know how to configure Stateless Router Guard in order to examines incoming RAs and decides whether to forward or block them based solely on information found in the message or in the L2-device configuration ??
Which commands shoud we use in the L2 device ?

Sincerely thanks in advance,
Bruno

]]>