ISC Feature of the Week: Security Dashboard
Overview
The ISC Security Dashboard can be found at https://isc.sans.edu/dashboard.html or https://www.dshield.org/dashboard.html and is an ideal tool for viewing summary DShield report data, ISC site content and related security information all in one place. Some places to use the page could be simply an open browser tab, an embedded web page, a control center monitor and more! Let us know where you use the dashboard in the comments section below.
Features
The first section on the page contains the current UTC date/time and Refresh options. You can click to Refresh immediately or select to let the page auto-refresh every 5, 10, 20, 30 or 60 minutes. Additionally, when you select an interval, the reload will display a link you can bookmark to easily return to that timed refresh rate.
Row 1:
Column 1: World Map Country Report from https://isc.sans.edu/countryreport.html
Column 2: Latest Diaries from https://isc.sans.edu/diary.html and the ISC Search box that goes to https://isc.sans.edu/search.html
Column 3: Top 10 Source IPs from https://isc.sans.edu/reports.html#top10source
Row 2:
DShield live banner, showing Top attacked and port attacked, that links to https://www.dshield.org
Row 3:
Column 1: Top 10 Ports from https://isc.sans.edu/reports.html#top10ports
Column 2: Latest StormCast from https://isc.sans.edu/podcast.html#stormcast and ISC/DShield Google Groups link/box for subscribing to http://groups.google.com/group/iscdshield
Column 3: Top 10 Rising Ports Trends graph from https://isc.sans.edu/trends.html (NOTE: This graphic has location-sensitive click-able hot spots. Try it out!)
Row 4: Select Security News feeds
Row 5:
Column 1: Latest sans_isc tweets from https://twitter.com/sans_isc
Column 2: Select SANS Reading Room Papers from http://www.sans.org/reading_room
Column 3: Twitter list of tweets from ISC Handlers
Planned future improvements include html5 update which will allow blocks to be re-ordered and block location preferences saved to your ISC profile.
Let us know in the section below where you use, or are planning to use, the dashboard or if there's content you think would be a valuable addition to this page or send us any questions or comments in the contact form https://isc.sans.edu/contact.html
--
Adam Swanger, Web Developer (GWEB)
Internet Storm Center (http://isc.sans.edu)
Secure E-Mail Access
Recently attacks by the "not so sophisticated persistent threat" focused on e-mail security. In many cases, e-mail credentials were either brute forced, or retrieved from compromised databases (in some of these cases, password re-use was a contributing factor).
During Wednesday's threat update webcast, I would like to do a segment focusing on e-mail security, and was wondering what our readers do to secure e-mail. Some of the challenges I see:
- the use of "cloud based" e-mail services like gmail.
- mobile access to e-mail
- access to e-mail from multiple devices
- e-mail encryption and authentication (PGP/S-Mime)
- e-mail forwarding security (if someone has e-mail forwarded to a personal e-mail address)
Please let me know if you have any novel ideas to address these problems that I should cover, or if you would like me to cover any additional questions.
------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter
Book Review: Practical Packet Analysis, 2nd ed
A few months ago, the good folks at No Starch Press sent me a review copy of Chris Sanders' book Practical Packet Analysis, Using Wireshark to Solve Real-world Problems, 2nd Edition. While this isn't something we normally do here, since it has been a rather slow day at the Internet Storm Center, I thought this would be a great opportunity to share a short review of the book. As many of our regular readers are probably aware, I tend to use command-line tools such as tcpdump, snort, tshark, scapy, or even Perl to perform packet analysis. I prefer the command-line tools because when possible I like to script my analysis and GUI tools don't lend themselves to that.
This book (actually, starting with the 1st edition) was one that had been on my list of books I wanted to read for quite some time, but I had never gotten around to buying it, so I jumped at this opportunity when it presented itself. I really wanted to love the book, but wasn't quite able to get there. A couple of small technical errors bothered me (probably more than they should have) and I was a little confused at who the target audience was (for example, if the book is targeted at newbies, it doesn't make sense to me to introduce filters before explaining the structure of IP packets including the IP, TCP, and UDP headers; if aimed at experienced networking folks, why bother with explaining the OSI model again). Even so, I did like the book. Starting with chapter 8 is where I think the book really becomes worthwhile. I especially like the idea of using "real-world scenarios" (even if sometimes a bit contrived) to teach the features of a tool. This is often one of the best ways to teach new techniques or concepts. I learned some new tricks for both wireshark and tshark which itself would have made it worth the price to me. I'm not going to give it stars or anything, but I do recommend this book to folks that aren't wireshark experts (and even those who have plenty of wireshark experience may pick up a new trick or two).
---------------
Jim Clausing, GIAC GSE #26
jclausing --at-- isc [dot] sans (dot) edu
Comments
Anonymous
Dec 3rd 2022
9 months ago
Anonymous
Dec 3rd 2022
9 months ago
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.
<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
Anonymous
Dec 26th 2022
9 months ago
Anonymous
Dec 26th 2022
9 months ago
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
Anonymous
Dec 26th 2022
9 months ago
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
Anonymous
Dec 26th 2022
9 months ago
Anonymous
Dec 26th 2022
9 months ago
https://defineprogramming.com/
Dec 26th 2022
9 months ago
distribute malware. Even if the URL listed on the ad shows a legitimate website, subsequent ad traffic can easily lead to a fake page. Different types of malware are distributed in this manner. I've seen IcedID (Bokbot), Gozi/ISFB, and various information stealers distributed through fake software websites that were provided through Google ad traffic. I submitted malicious files from this example to VirusTotal and found a low rate of detection, with some files not showing as malware at all. Additionally, domains associated with this infection frequently change. That might make it hard to detect.
https://clickercounter.org/
https://defineprogramming.com/
Dec 26th 2022
9 months ago
rthrth
Jan 2nd 2023
8 months ago