Building a Secure Server from Default Ubuntu

October 28th, 2011 by peter.bassill

I have been asked on a few occasions if I would put together an outline on how to build a secure server from scratch. Having thought the topic through on a number of occasions and having tried to write this blog article on what is probably nearer 20 times I finally bit the bullet and got on with it.

In this post, I will explore how to take a default Ubuntu install, in this case it is 11.04 server, and build it as a secure web server.

 

Read the rest of this entry »

Mobile Phone Woes

September 12th, 2011 by peter.bassill

It is a crap way to start the week, finding your car has been broken into on a Monday morning. But its not all bad, im still here….

So the freaks, who if I got my own way would now be part of the garages ring main, gained access to my car and releaved me of iPhone (it was an original dammit! and loaded with tracking software, I know where you are right now scum bags!), iPod (hope you enjoy the ISD Podcast) and my Google Nexus II (killed thanks to Kaspersky).

Props to the local police though, forensics on scene is less time than it took for me to look up the new non-emergency phone number and our local neighborhood policeman less that an hour later to follow up and take a statement. Excellent service by the police.

PenTesting Cheat Sheets

September 7th, 2011 by peter.bassill

Here is a list of cheat sheets to help you get things in line. The original list can be found at Life of a Penetration Tester.

Read the rest of this entry »

Digital Forensics – Project Ebay

September 2nd, 2011 by peter.bassill

Update 2

I now have processed 20 drives from a reasonable spread of reclamation businesses and private individuals and thus far only three drives have failed to give up the previous owners information. That is a good return for me, and a very poor display for information security practises. The home users I am not too surprised with, but still the corporates are getting this wrong. I am certain that the business entities engaging these reclamation organizations who are reselling this equipment on ebay would be shocked that in many cases the drives were just formatted.

Of course, all of these drives have now undergone a DoD 7 pass wipe to make sure they are completely erased, but the top 5 data sets recovered are:

  1. Email
  2. Corporate documents
  3. iTunes collections
  4. Personal photo’s
  5. Personal Identifiable Information

 

 

Compliance != Security

August 7th, 2011 by peter.bassill

Compliance does not equal security.

« Previous Entries