Peter Stephenson,CeRNS,
Recent articles by Peter Stephenson,CeRNS,
Review: NETASQ F800 UTM Appliance
The NETASQ F800 appears to have a simple setup, but configuration was another story. After going through a setup procedure that involves changing IP addresses of its interfaces and the management computer, the appliance then has to be licenced.
Aug 9 2006 12:00AM
Security
Review: CounterACT
This product has a simple, straightforward setup and initial configuration, and generally, we found it easy to work with. Understanding the console takes some reading of the documentation, though. ForeScout uses many non-traditional icons and the interface can be confusing to start with, but the console user guide is very helpful in explaining how to use the interface.
Aug 8 2006 12:00AM
Security
Review: Coroner's Toolkit
The Coroner’s Toolkit, or TCT is an open-source set of forensic tools for performing post-mortem analysis on Unix systems. Written by Dan Farmer and Wietse Venema, both very well known in security circles for such programs as SATAN, TCT is not an easy product to use. A serious knowledge of Unix is a prerequisite for success, but if you can manage it, this is an extremely powerful set of tools.
Jul 11 2006 12:00AM
Security
Review: Forensic ToolKit
The Forensic ToolKit (FTK) is very powerful and comes loaded with features, although it is naturally difficult to make such a powerful tool completely simple to use. The program interface can overwhelm at first glance, with all its different features and options, but after reading the documentation and getting to know the program, it becomes much more intuitive.
Jul 11 2006 12:00AM
Security
Review: i2 Analyst's Notebook
This is a very different type of analysis tool from those infosec professionals are used to. Link analysis, a crucial aspect of incident response, is usually done manually or by trying to use log correlators. This is a true link analyser with a long pedigree in analysing complex crimes and security incidents.
Jul 11 2006 12:00AM
Security
Review: LogLogic LX 2000
LogLogic’s LX 2000 is an excellent log analysis tool.
It is powerful, can be distributed, and is a mature and useful product. But it is not for the faint-hearted. While its user interface is excellent, it has many hidden capabilities that require some time to understand.
Jul 11 2006 12:00AM
Security
Review: Mandiant First Response
First Response is a freeware audit tool and is a little difficult to use in the beginning. The interface, deploying agents and gathering data can also be a little awkward at first, but this program can be very useful once the user has a grasp on what it does and what it is capable of.
Jul 11 2006 12:00AM
Security
Review: NetWitness
NetWitness is a network traffic security analyser that the vendor describes as a “security intelligence” tool. Setup is simplified by its new installation wizard, that worked correctly the first time, and was a breeze. We then fed it a set of snort packet logs, that it accepted without complaint, and were able to begin analysis within an hour.
Jul 11 2006 12:00AM
Security
Review: Sleuth Kit & Autopsy Browser
Sleuth Kit and Autopsy Browser are excellent examples of what happens when a talented developer builds on good prior work. These products, used together, are freeware open-source computer forensic tools built on the Coroner’s Toolkit. But the developer, Brian Carrier, has taken his considerable expertise
in file systems of all kinds and applied it here.
Jul 11 2006 12:00AM
Security
Structure found in process
As technically oriented security professionals we often don’t pursue structure in our testing. We simply use the same vulnerability scans and penetration tests we’ve been using for years — updated, of course, for the latest network nasties. Today, that simply is not enough.
Jun 5 2006 9:35PM
Security
Review: AppSense Application Manager and Environment Manager
The AppSense Application Manager (AM) can be set up as a standalone product in a test environment before actual deployment. The standalone
preconfiguration enables an administrator to get to know and tweak the program for the best configuration for each particular environment.
Jun 1 2006 12:00AM
Security
Review: LANDesk Security Suite
This product incorporates all the features of a great endpoint security product in one program. LANDesk must be installed on a central server, which must pass certain security and version tests before install will begin. After installation, policies can be set for access, applications, software versions, service packs, anti-virus, and so on. Agents planted across the network also allow the console administrator to take remote control of machines in violation of policies. Security Suite is part of a larger set of integrated products.
Jun 1 2006 12:00AM
Security
On colleagues and support
We all have colleagues with whom we keep in touch. We all have colleagues who we call on from time to time for help when we run into knotty problems. And we all have organizations we turn to when we need specific advice. The trouble is that many of us do not mix those three groups to the benefit of our systems’ security, and we should.
May 10 2006 8:05PM
Security
Boards need to pay the cost
In our organisations, we need to take a strong lead in many areas. The first is awareness. I remember a commercial where a smirking executive tells an IT engineer that he just opened an email attachment – like he was told not to. We know that sort of thing happens somewhere in our organisations.
May 9 2006 4:23PM
Security
