Entries in security (10)

IP Packet Sniffer -- FROZEN

Years ago I put a non-trivial amount of energy into the IP Packet Sniffer tool. There was a "what is happening on my network" thing going on inside my head, driving research into what the Windows OS APIs could give me, and I derived a great deal of fun from the work.

Times change, and although the tool was a great learning experience -- what better way to learn the guts of network protocols than dissecting the bits pulled from the wire -- this tool is way behind serious tools, like Wireshark.

Wireshark is what you should use if you are serious about investigating your network traffic (unless you need something harder core). Wireshark leverages WinPCAP and is therefore far less limited than a raw sockets based method (thanks, Microsoft).

The upshot is that I am freezing work on this tool. I've end-of-lifed a few other tools recently, and removed the download links to those. However, this one still has some life left, if only because it is significantly simpler to start up than Wireshark, so I'll keep making the bits available.



Tool User Interfaces - Got Facelift?

I've been comparing the old dialog-based user interfaces that I created for the tools and this site to the new capabilities of MFC in visual studio 2008 (VC9) and the newer outlook-style widgets. I think it is time to pamper their (sometimes 8+ year old) user interfaces with a facelift . :)

Stay tuned. :)


Updated Secure Parcel Delivery

Secure Parcel Delivery version 1.2 brings a number of long-awaited improvements.

  • Switching to the latest and greatest Cryptographic Service Provider (CSP)
    • Microsoft Enhanced RSA and AES Cryptographic Provider
    • Valid for Windows XP and later
  • Adding the Advanced Encryption Standard (AES) symmetric cipher to the fold
  • Restricting symmetric encryption ciphers and key strengths to those allowed by FIPS 140-2 (and FIPS 140-3)
    • See
    • Allowed ciphers include triple DES and AES with a minimum key length of 128 bits
    • Disabling selection of RC4, RC2, DES, 2-key 3DES
  • Allowing user selection of RSA key size from 1024 to 16384 bits in 256 bit steps
    • I suggest you take the default RSA key size of 3072 bits
    • FIPS 140-3 will require at least 3072 bits (to set a minimum cryptographic strength of 128 bits overall) but the program will let you choose keys down to 1024 bits at this time
  • Consolidation of User and Key interface elements to simplify configuration

This version is 32-bit only and tested on:

  • Windows 7 Professional x64
  • Windows Vista Business x86
  • Windows XP SP3 x86



Updated Software Tools

OK! :) After too much time I have completed updating several tools. The updates include fixing some bugs, modifying the code to run on 64-bit Windows systems, and general stuff like that. The tools updated in this batch include

I'm still working on the IP Packet Sniffer and IP Packet Filter Configurator tools. The Windows OS has had enough changes that their usefulness is in question -- I need to evaluate that. I have hope that I can work out just how munged raw sockets have become.

I'm still working, so come back later. ;)

Data, Data, Everywhere

Suppose your security system chooses 10,000 controls (vulnerability checks, scripts, signatures, etc -- pick your preferred terminology) that can be applied to some example asset (a server, executive laptop, or whatever). That number could be smaller or it could be larger depending on the system but let’s say that 10,000 is the count after filtering out those controls that don’t apply (e.g., there’s no Apache server on that Windows 7 laptop).

Now, suppose that each control returns 100 characters of evidence data. That means you have 1,000,000 characters of data for one full assessment of one system. You are going to store those data in Unicode format because our company is international and hence so are our evidence data. That turns our 1,000,000 characters into 2,000,000 bytes of data.

The original story was on the M2GRC blog:

The full article can also be found here. :)

Click to read more ...

CIS Consensus Information Security Metrics - Converting Uncertainty into Risk

Full Disclosure

In my day job I am Solutions Architect for the McAfee Risk and Compliance Business Unit. Our products cover compliance management, risk management, IT security risk analysis, and a range of application and change control technologies.

[3/2/2010 note: when I wrote this article I worked for McAfee. I do, however, no longer. :)]

In a former life I evaluated complex, multidimensional data sets using models and metrics - I was a scientist performing quantitative analysis of noisy data. The result is that I've spent many years and a lot of energy thinking about and using models, metrics, and measurement. That background gives me certain views, opinions, and expectations.

Now that you know where I'm coming from let's talk about risk, measurements, metrics, and uncertainty. ;)

Click to read more ...

Redux: FIPS 140 dash What?

There must be something in the water. A few weeks ago we heard about a lack of encryption on the US Predator drone video downlinks. This week we hear about an attack vector on encrypted USB hard drives. Cryptography is getting attention. :) In this case the big deal is about a FIPS 140-2 certification of these USB drives and the fact that they are vulnerable to an attack.

"How did this happen?", one might ask? The answer can be found by in the FIPS 140-2 Level 2 certification requirements. The certification process does not require inclusion of the system into which the USB drive is plugged, meaning your computer. The result is that vetting the security of passphrase communication path between your computer and the USB drive was probably not part of FIPS 140-2 certification.

Click to read more ...

For Your Consideration – Cryptographic Resolutions

In the spirit of the new year, I posted some candidate resolutions for the use of cryptography over on the McAfee Risk and Compliance blog. :)


  • The full article can also be found here. :)

    Happy New Year! -Eric

    Click to read more ...

    Security Content Automation Protocol – Coming To A Theater Near You?

    I don’t want to bore you with yet another summary of what Security Content Automation Protocol (SCAP) is, how SCAP works, or how the mix of six XML based standards work together. You can find that information all over the place.

    I do want to talk about "the what" and "the why" of SCAP because those technologies could be affecting you sooner than you think.

    The original post was on the McAfee Governance, Risk, and Compliance blog.

    The full story can also be found here. :)

    Click to read more ...

    Risk? What Do You Mean?

    The products that my employer develops are all about buzzwords like Vulnerability, Compliance, and Risk. You will find these words and phrases all over the computer security field along with others, like Buffer Overflow, Malware, PUPS (potentially unwanted programs, meaning, stuff you probably don't want but if someone called it Malware someone could get sued), Data Loss Prevention, Host Intrusion Prevention System, SPAM, and Antivirus. Most folks are only really aware of one, Antivirus, and may think it means all of the above. :)

    Click to read more ...