SANS Advisor Volume 2, No. 1 Is Now Available
The lastest edition of the SANS Advisor is out. This time they used two of my articles: “Taking SNMP for a Walk” and “Please Don’t Decrypt My File.” The first article talks about the importance of treating SNMP community string as if they were passwords (which, in a sense, they are). Of course, in a perfect world everybody would be using SNMPv3 which can be configured to use encryption. Check out a quick README about this at the Net-SNMP site. The second article describes a personal blunder on my part. I was attempting to transfer a file securely but working too fast bit me in the butt. This is a good argument for slowing down and double checking when security is important.
A few of the links to the tools and references I talked about include:
- Securing Cisco Routers: Step-by-Step <- EDIT: I removed the link to this because the SANS store is no longer offering this text. Dang it!
- Hardening Cisco Routers
- Cisco SNMP configuration attack with a GRE tunnel
- Net-SNMP
- ADMsnmp
- SNScan
- GnuPG
An interesting side note, Paul Asadoorian also had an article published in this volume. His article, “Secure Instant Messaging for OS X,” stays on track with the theme which is Instant Messaging. You should definitely check out his Security Weekly Podcast.
Please let me know what you think about these articles.
Thanks,
Cutaway
Help support my training and travel to security conferences. Get your SANS Training and GIAC Certifications through the Security Ripcord.
You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
Leave a Reply