cipherdyne.org

Michael Rash, Security Researcher



Publications - Books, Papers, and Articles    [Summary View]

« Previous

Intrusion Prevention Book Chapter Posted

Intrusion Prevention Book Chapter Posted Syngress Publishing has allowed me to post one of the chapters I wrote for the book "Intrusion Prevention and Active Response: Deploying Network and Host IPS". This chapter is entitled "Network Inline Data Modification" and explores the concept and implications of configuring an Intrusion Prevention System (IPS) to dynamically rewrite application layer data en route over a network. A PDF version of this chapter can be downloaded here. The book has received positive reviews (including one by Richard Bejtlich of taosecurity.com) on amazon.com. The actual data replacement is accomplished with Snort_inline or with a patch I wrote for the Netfilter string match extension and bundled with fwsnort.

Snort-2.1 Book Chapter Posted

Snort-2.1 Book Chapter Posted Syngress Publishing has allowed me to post the chapter I wrote for the Snort 2.1 Intrusion Detection, Second Edition book entitled "Chapter 12; Active Response". This chapter explores the concept and implications of configuring IDS software to automatically respond to attacks in real time. A PDF version of this chapter can be downloaded here. The book has received positive reviews (including one by Richard Bejtlich of taosecurity.com) on amazon.com. Both psad and fwsnort are discussed within this chapter.

USENIX ;login: Article on Single Packet Authorization

Digg Hardening OpenSSH with Single Packet Authorization USENIX ;login: Article on Single Packet Authorization In the February, 2006 issue of USENIX ;login: Magazine, I had an article published entitled Single Packet Authorization with Fwknop. This article is available locally here, and provides a summary of the reasons why SPA is a more effective and mature technology than port knocking.

Technical Editor for Nessus Book Chapter

Nessus Technical Editor Syngress Publishing has published a book entitled "Nessus, Snort, & Ethereal Power Tools : Customizing Open Source Security Applications", and I was the Technical Editor for Chapter 10 "Modifying Snort". This chapter explores the steps necessary to modify Snort to support a custom requirement. Examples are given for two custom projects "Snort-AV" and "Snort-Wireless".

Intrusion Prevention Book Published

Intrusion Prevention Book I was the lead author of the book Intrusion Prevention and Active Response: Deploying Network and Host IPS. This book was published by published by Syngress Publishing, and is the first to concentrate exclusively on the concept of Intrusion Prevention. There are many books out there that concentrate on the concept of intrusion detection, but few that emphasize intrusion prevention. Although the detection mechanisms used by intrusion prevention systems are derived from the detection world, there are many interesting consequences when devices start interferring with network traffic.

USENIX ;login: Article on fwknop

USENIX fwknop Article I have written an article for USENIX ;login: Magazine entitled "Combining Port Knocking and Passive OS Fingerprinting with fwknop. Fwknop is the first port knocking implementation to combine port knocking and passive OS fingerprinting into a single piece of software. This allows you to do things like only allow Linux systems to connect to your SSH daemon.

Snort-2.1 Book Published

Snort-2.1 Book Published Syngress Publishing has published the book Snort 2.1 Intrusion Detection, Second Edition, and I contributed "Chapter 12; Active Response". This chapter explores the concept and implications of configuring IDS software to automatically respond to attacks in real time. A PDF version of this chapter can be downloaded here. The book has received positive reviews (including one by Richard Bejtlich of taosecurity.com) on amazon.com. Both psad and fwsnort are discussed within this chapter.

Sys Admin Magazine - Article on psad and fwsnort

I have written an article for Sys Admin Magazine that discusses both psad and fwsnort. The article is entitled "Content Filtering and Inspection with fwsnort and psad", and shows how effective the combination of fwsnort and psad together can instruct iptables to detect and thwart application layer attacks.

Article on Comparing Netfilter to Check Point FW-1

I have written an article for Information Security Magazine that compares Netfilter to Check Point FW-1. While this comparison may seem somewhat odd because FW-1 is oriented towards commercial customers and emphasizes a nice GUI, Netfilter (like other open source projects) has it where it counts even though it is completely free. The article is entitled "Firewalls: Doing it Yourself".

Linux Journal Article Posted - Netfilter on Nokia IP330

Netfilter on IP330 I have written an article for the Linux Journal on a series of steps you can perform to get Linux and Netfilter running on a Nokia IP330 appliance. This hardware is normally used to run Check Point FW-1 firewalls, but it runs Linux just fine. The article is entitled "Running Linux and Netfilter on Nokia IP Series Hardware".
« Previous