Sponsored By:

www.coresecurity.com


www.tenablesecurity.com


www.sans.org




PaulDotCom Enterprises

Paul Asadoorian | Larry Pesce

Paul Asadoorian

  • "Building a secure wireless network for under $300" InSecure Magazine, July 2008
    • Abstract: "Many organizations are faced with the challenge of providing a "guest" wireless network. This network is intended to provide your guests, such as contractors, visiting faculty, patients, or training rooms, consultants, with wireless access to the network."

  • "Where's My iPhone? A Lesson in Incident Response" Help Net Security, January 2008
    • Abstract: "Security incidents come in many forms, from attackers breaking into computers, unauthorized attempts to sniff wireless networks and collect information, and stolen laptops or phones. This example is the latter, a stolen smartphone."

  • "The Benefits Of Hacking Embedded Devices" InformIT Online, December 2007
    • Abstract: "Embedded devices can often perform the same tasks as workstations and servers while consuming less space and power, generating less heat, and being more cost-effective. Paul Asadoorian describes why you'd want to "hack" (install new firmware on) embedded devices, and which hardware and firmware choices are the best, so you can make your $40 router do things typically found in a $600 device!"

  • "Attacking Consumer Embedded Devices" InSecure Magazine, November 2007
    • Abstract: "...this article will focus on ex-ploring vulnerabilities, and associated risk, with wireless access points, routers, printers, and some other common devices on the network. The methods of vulnerability discovery and defense against attacks can be applied to many different types of embedded devices in different environments.

  • "Linksys Ultimate WRT54G Hacking", Syngress Publishing, ISBN: 1597491667 May 2007
    • Abstract: "This book will teach the reader how to make the most of their WRT54G series hardware. These handy little inexpensive devices can be configured for a near endless amount of networking tasks. The reader will learn about the WRT54Gs hardware components, the different third-party firmware available and the differences between them, choosing the firmware that is right for you, and how to install different third-party firmware distributions. Never before has this hardware been documented in this amount of detail, which includes a wide-array of photographs and complete listing of all WRT54G models currently available, including the WRTSL54GS."

  • "Mac OS X Security Tips", Brown University CIS, SecureIT!, September 2005
    • Abstract: "Mac OS X has one of the more secure default installations. However, as OS X gains popularity, attackers tend to take notice. We see more hacking tools, articles, and security incidents related to OS X as time goes on. Thankfully OS X's BSD-based subsystems make it very configurable, especially when it comes to security settings, which helps to set it apart from the rest. Below are some tips to get you started securing OS X."

  • "Web Browser Insecurity", SANS Reading Room, May 2005
    • Abstract: "There has been much debate lately between two different browsers, namely Microsoft¿s Internet Explorer and the Mozilla Project¿s Firefox web browser. Security is in the center of this debate, accompanied by features and usability. This article will focus on the security aspects, particularly the risks involved with running any web browser and how to overcome some of these security shortcomings."

  • "Introduction To IPAudit", Securityfocus Online, July 2005
    • Abstract: "IPAudit is a handy tool that will allow you to analyze all packets entering and leaving your network. It listens to a network device in promiscuous mode, just as an IDS sensor would, and provides details on hosts, ports, and protocols. It can be used to monitor bandwidth, connection pairs, detect compromises, discover botnets, and see whos scanning your network."

  • "Advanced Wireless Security For the Masses", Brown University CIS, SecureIT!, June 2005
    • Abstract: "I am often asked what it is the average user can do on their home networks to secure their own wireless implementation. Quite frankly, I never have any really good answers, at least ones I am truly comfortable with. I tell them to use encryption (WEP, or Wireless Equivalent Privacy), MAC address filtering, and don¿t broadcast the SSID."

  • "Secure Access to Cisco Devices Using TACACS+ and SSH", SANS Reading Room, May 2003
    • Abstract: "Many environments that I encounter are using a Defense-In-Depth network security strategy. They have implemented firewalls, Intrusion Detection, VPN, and have a good security policy. When asked, however, how they manage their large installation of Cisco network devices, the reply many times is clear-text telnet, no username/password authentication combination, and very little in the way of auditing logs. The goal of this paper is to provide an easy guide for network administrators to implement secure remote access for all Cisco networking equipment."

  • "NetBIOS Null Sessions", Brown University CIS, August 2005
    • Abstract: "NULL sessions take advantage of ¿features¿ in the SMB (Server Message Block) protocol that exist primarily for trust relationships. You can establish a NULL session with a Windows host by logging on with a NULL user name and password. Using these NULL connections allows you to gather the following information from the host..."

  • GIAC Certified Incident Handler Practical

  • Network Intrusion Detection, Third Edition. Nothcutt, Novak. pg. 267-268.

  • GIAC Certified Intrusion Analyst Practical

  • "What is the TSIG Vulnerability?", SANS FAQ, April 4, 2001

    • Larry Pesce

    Coming Soon...