free computer security

Tips on how to stay safe online

Tips on how to stay safe online South Florida Sun-Sentinel General security | Shopping online | Phishing and identity theft | Keeping kids safe online

Local free computer security Listings
Your Source for free computer security. Find free computer security Listings Here!
www.FindLinks.com

free computer security Listings
Find and Compare Top Local free computer security Listings Here.
www.WYP.net

redOrbit.com -- Science, Health, Technology Videos
redOrbit.com is a science, health, and technology news and information portal. Learn something new today!
redorbit.com



From: Nick Vaernhoej
Date: Fri, 20 Jun 2008 19:15:13 +0100

Philippe,

Any chance this is a bit up to interpretation?
If you build a box with no access the inside is for the sake of argument "sa=
fe".
If you add a door it is available, but only as far as the architect is conce=
rned.
If you add a lock to the door and lock it, the inside is once again "safe".

Here is my interpretation of the availability topic, when you give the key t=
o the users of the box you have ensured availability as it applies to securi=
ty.

Let me know if I am way off :-D

Nick Vaernhoej
"Quidquid latine dictum sit, altum sonatur."


>-  -----Original Message-----
>-  From: listbounce@securityfocus.com
>-  [mailto:listbounce@securityfocus.com] On Behalf Of Rivest, Philippe
>-  Sent: Friday, June 20, 2008 12:24 PM
>-  To: Adriel Desautels; Murda Mcloud
>-  Cc: security-basics@securityfocus.com
>-  Subject: RE: RAID 5 drive replacement schedule
>-  
>-  Adriel & Murda
>-  
>-  It is a security issue the way you store your data. In regards to the
>-  raid
>-  technologies, raid 5 improves the availability of the data by making
>-  sure
>-  that a single drive failed will not impact the availability of the
>-  data.
>-  
>-  Remember that security is
>-  1- Confidentiality
>-  2- Availability
>-  3- Integrity
>-  
>-  The main goal of a Raid 5 is to help #2. You are referring to the
>-  disposal of
>-  the HD which is the issue of confidentiality and that is not what
>-  Murda was
>-  aiming at. If it is, go for encryption, degaussing, destruction and
>-  just
>-  plain format (if the data is not confidential).
>-  
>-  As I explained to him offline, the MTTF and MTBF is about the same
>-  for 2 HD
>-  bought/constructed at about the same time. How ever, those are not
>-  absolute
>-  numbers that state that, if one drive fails the other one is about to
>-  go too.
>-  It's more an estimated value against which you should have some
>-  confidence/hope, your drive should not fail before X hours (it could
>-  go
>-  before but the average is X).
>-  
>-  In a raid 5, Drive A, B and C are online and working (they are the
>-  same drive
>-  bought at the same time). Drive A fails, you should NOT change drive
>-  B & C
>-  unless they are failing also. If you do, the cost of your raid 5 will
>-  be
>-  greater then what it should be (the replacing of the parts are going
>-  to cost
>-  a lot). Change drive A and hope drives B & C will last longer.
>-  
>-  
>-  The only issue is that 2 drives fail at the same time, which is very
>-  improbable. And if it does, you should be going for your back ups.
>-  
>-  
>-  I do hope this clarified the questions and that I wasn't to unclear
>-  with my
>-  details!
>-  
>-  Merci / Thanks
>-  Philippe Rivest, CEH
>-  V=E9rificateur interne en s=E9curit=E9 de l'information
>-  Courriel: Privest@transforce.ca
>-  T=E9l=E9phone: (514) 331-4417
>-  www.transforce.ca

This electronic transmission is intended for the addressee (s) named above.=
 It contains information that is privileged, confidential, or otherwise prot=
ected from use and disclosure. If you are not the intended recipient you are=
 hereby notified that any review, disclosure, copy, or dissemination of this=
 transmission or the taking of any action in reliance on its contents, or ot=
her use is strictly prohibited. If you have received this transmission in er=
ror, please notify the sender that this message was received in error and th=
en delete this message.=0A=
Thank you.
From: Jorge L. Vazquez
Date: Fri, 20 Jun 2008 19:44:29 +0100
check out ipcop....been using it for a while and it's great, was 
developed from smoothwall, here are a couple of tutorial that should 
help you get started

http://www.pctechtips.org/ipcop1.htm
http://www.pctechtips.org/ipcop_snort_addons.htm

thanks
Jorge


Charles Hardin wrote:
> The main reasons I switched to endian from smoothwall was at the time
> I did not have the 2003 box so I didnt have a good client vpn solution
> and endian provided one. Also endian has more options and features
> that appealed to me. I will look into ipcop and untangle as I havent
> studied those.
>
> On Fri, Jun 20, 2008 at 12:30 PM, Nick Vaernhoej
> <nick.vaernhoej@capitalcardservices.com> wrote:
>   
>> Good morning,
>>
>> What are your reasons for not using SmoothWall again?
>> I run Untangle at home on some modest hardware and like it.
>>
>> For a client VPN solution I am a fan of Hamachi.
>>
>> Have a great weekend.
>>
>> Nick Vaernhoej
>> "Quidquid latine dictum sit, altum sonatur."
>>
>>     
>>> -->-----Original Message-----
>>> -->From: listbounce@securityfocus.com
>>> -->[mailto:listbounce@securityfocus.com] On Behalf Of Charles Hardin
>>> -->Sent: Friday, June 20, 2008 7:11 AM
>>> -->To: security-basics
>>> -->Subject: Fwd: Software Recommendations
>>> -->
>>> -->Resend since this seems to have disappeared into the abyss during
>>>       
>> the
>>     
>>> -->wireless thread on wifisec.
>>> -->
>>> -->
>>> -->---------- Forwarded message ----------
>>> -->From: Charles Hardin <fonestorm@gmail.com>
>>> -->Date: Tue, Jun 17, 2008 at 10:55 AM
>>> -->Subject: Software Recommendations
>>> -->To: security-basics <security-basics@securityfocus.com>
>>> -->
>>> -->
>>> -->All,
>>> -->
>>> -->    I am currently looking into a new setup for my home. I run a
>>> -->small buisness out of it and I share it with 4 others, ranging from
>>> -->technically competent to technically inept people. Im currently
>>> -->looking into a new firewall solution. I have run smoothwall in the
>>> -->past and currently use endian, but I am curious what other options
>>> -->are
>>> -->available. I would prefer an opensource free system that will run on
>>> -->older hardware (P3 era).The requirements are below.
>>> -->
>>> -->1. Inbound and outbound firewalling
>>> -->2. site to site vpn connections - I have 2 other people whom work in
>>> -->the buisness with me that will be setting up a box at their home as
>>> -->well.
>>> -->3. road warrior vpn - not a huge requirement as I do have a windows
>>> -->2003 domain controller that can fill this role.
>>> -->4. content / spyware / virus filtering - a like but not a must
>>> -->5. Built in intrusion detection would be nice but again not a must.
>>> -->
>>> -->Charles Hardin
>>>       
>> This electronic transmission is intended for the addressee (s) named above. It contains information that is privileged, confidential, or otherwise protected from use and disclosure. If you are not the intended recipient you are hereby notified that any review, disclosure, copy, or dissemination of this transmission or the taking of any action in reliance on its contents, or other use is strictly prohibited. If you have received this transmission in error, please notify the sender that this message was received in error and then delete this message.
>> Thank you.
>>
>>     
>
>
From: Rivest, Philippe
Date: Fri, 20 Jun 2008 19:10:42 +0100
I do think we are saying just about the same thing. But I may of not be =
clear
so let me restate.

Raid 5 is an IT field & technologie, and adds to the security by making =
1
failed drive NOT impact availability. That's all I meant. No decision or
security implication should be done before or after that (unless theres =
an
incident). No security team should be implicated in the drive =
replacement as
this is normal IT operation.=20

Raid 5 helps security in keeping the data accessible in the event of a =
failed
drive.

Side note:
For my CAI is always security related and justified. Make it high or low
availability it is security and has to be justified.=20


Merci / Thanks
Philippe Rivest, CEH
V=E9rificateur interne en s=E9curit=E9 de l'information
Courriel: Privest@transforce.ca
T=E9l=E9phone: (514) 331-4417
www.transforce.ca


-----Message d'origine-----
De=A0: Adriel Desautels [mailto:adriel@netragard.com]=20
Envoy=E9=A0: 20 juin 2008 14:00
=C0=A0: Rivest, Philippe
Cc=A0: Murda Mcloud; security-basics@securityfocus.com
Objet=A0: Re: RAID 5 drive replacement schedule

Philippe,
	I disagree with you and I think that the definition of security that=20
you provided is partial, but thats just my opinion. Availability is a=20
vague term that can, but does not always have a role in security.=20
Determining what the proper schedule is for a drive replacement policy=20
is something that can be done by IT without the security team. Deciding=20
how to dispose of the drives on the other hand is security.


Regards,
	Adriel T. Desautels
	Chief Technology Officer
	Netragard, LLC.
	Office : 617-934-0269
	Mobile : 617-633-3821
	http://www.linkedin.com/pub/1/118/a45

	Join the Netragard, LLC. Linked In Group:
	http://www.linkedin.com/e/gis/48683/0B98E1705142

---------------------------------------------------------------
Netragard, LLC - http://www.netragard.com  -  "We make IT Safe"
Penetration Testing, Vulnerability Assessments, Website Security

Netragard Whitepaper Downloads:
-------------------------------
Choosing the right provider : http://tinyurl.com/2ahk3j
Three Things you must know  : http://tinyurl.com/26pjsn


Rivest, Philippe wrote:
> Adriel & Murda
>=20
> It is a security issue the way you store your data. In regards to the =
raid
> technologies, raid 5 improves the availability of the data by making =
sure
> that a single drive failed will not impact the availability of the =
data.=20
>=20
> Remember that security is=20
> 1- Confidentiality
> 2- Availability
> 3- Integrity
>=20
> The main goal of a Raid 5 is to help #2. You are referring to the =
disposal
of
> the HD which is the issue of confidentiality and that is not what =
Murda was
> aiming at. If it is, go for encryption, degaussing, destruction and =
just
> plain format (if the data is not confidential).
>=20
> As I explained to him offline, the MTTF and MTBF is about the same for =
2 HD
> bought/constructed at about the same time. How ever, those are not =
absolute
> numbers that state that, if one drive fails the other one is about to =
go
too.
> It's more an estimated value against which you should have some
> confidence/hope, your drive should not fail before X hours (it could =
go
> before but the average is X).
>=20
> In a raid 5, Drive A, B and C are online and working (they are the =
same
drive
> bought at the same time). Drive A fails, you should NOT change drive B =
& C
> unless they are failing also. If you do, the cost of your raid 5 will =
be
> greater then what it should be (the replacing of the parts are going =
to
cost
> a lot). Change drive A and hope drives B & C will last longer.
>=20
>=20
> The only issue is that 2 drives fail at the same time, which is very
> improbable. And if it does, you should be going for your back ups.
>=20
>=20
> I do hope this clarified the questions and that I wasn't to unclear =
with my
> details!
>=20
> Merci / Thanks
> Philippe Rivest, CEH
> V=E9rificateur interne en s=E9curit=E9 de l'information
> Courriel: Privest@transforce.ca
> T=E9l=E9phone: (514) 331-4417
> www.transforce.ca
>=20
>=20
> -----Message d'origine-----
> De : listbounce@securityfocus.com =
[mailto:listbounce@securityfocus.com] De
la
> part de Adriel Desautels
> Envoy=E9 : 20 juin 2008 11:27
> =C0 : Murda Mcloud
> Cc : security-basics@securityfocus.com
> Objet : Re: RAID 5 drive replacement schedule
>=20
> Murda,
> 	The real answer to your question is that it is very, very improbable=20
> that all of the drives in the array will fail at the same time. Most=20
> drives are good for a certain period of years, after which point you =
are=20
> getting "extra time".
>=20
> 	That is not a security issue though. That is an IT related issue. The
>=20
> security issue comes into play when you dispose of your drives. Do you =

> shred them, just throw them in the dumpster, how do you dispose of =
them?
>=20
> =09
> Regards,
> 	Adriel T. Desautels
> 	Chief Technology Officer
> 	Netragard, LLC.
> 	Office : 617-934-0269
> 	Mobile : 617-633-3821
> 	http://www.linkedin.com/pub/1/118/a45
>=20
> 	Join the Netragard, LLC. Linked In Group:
> 	http://www.linkedin.com/e/gis/48683/0B98E1705142
>=20
> ---------------------------------------------------------------
> Netragard, LLC - http://www.netragard.com  -  "We make IT Safe"
> Penetration Testing, Vulnerability Assessments, Website Security
>=20
> Netragard Whitepaper Downloads:
> -------------------------------
> Choosing the right provider : http://tinyurl.com/2ahk3j
> Three Things you must know  : http://tinyurl.com/26pjsn
>=20
>=20
> Murda Mcloud wrote:
>> In my mind, this a security related question as it has to do with =
ensuring
>> availability.
>>
>> Does anyone have links towards any whitepapers etc that suggest
replacement
>> of disks in a RAID 5 array as part of a maintenance cycle?
>>
>> If all the drives in an array are the same age and one fails; does =
this
> mean
>> the others are more likely to fail. I'd imagine so as they have had =
the
> same
>> amount of usage.
>>
>>
>>
>>
>>
>> =20
>>
From: Jorge L. Vazquez
Date: Fri, 20 Jun 2008 21:01:59 +0100
check out ipcop....been using it for a while and it's great, was 
developed from smoothwall, here are a couple of tutorial that should 
help you get started

http://www.pctechtips.org/ipcop1.htm
http://www.pctechtips.org/ipcop_snort_addons.htm

thanks
Jorge


Charles Hardin wrote:
> The main reasons I switched to endian from smoothwall was at the time
> I did not have the 2003 box so I didnt have a good client vpn solution
> and endian provided one. Also endian has more options and features
> that appealed to me. I will look into ipcop and untangle as I havent
> studied those.
>
> On Fri, Jun 20, 2008 at 12:30 PM, Nick Vaernhoej
> <nick.vaernhoej@capitalcardservices.com> wrote:
>   
>> Good morning,
>>
>> What are your reasons for not using SmoothWall again?
>> I run Untangle at home on some modest hardware and like it.
>>
>> For a client VPN solution I am a fan of Hamachi.
>>
>> Have a great weekend.
>>
>> Nick Vaernhoej
>> "Quidquid latine dictum sit, altum sonatur."
>>
>>     
>>> -->-----Original Message-----
>>> -->From: listbounce@securityfocus.com
>>> -->[mailto:listbounce@securityfocus.com] On Behalf Of Charles Hardin
>>> -->Sent: Friday, June 20, 2008 7:11 AM
>>> -->To: security-basics
>>> -->Subject: Fwd: Software Recommendations
>>> -->
>>> -->Resend since this seems to have disappeared into the abyss during
>>>       
>> the
>>     
>>> -->wireless thread on wifisec.
>>> -->
>>> -->
>>> -->---------- Forwarded message ----------
>>> -->From: Charles Hardin <fonestorm@gmail.com>
>>> -->Date: Tue, Jun 17, 2008 at 10:55 AM
>>> -->Subject: Software Recommendations
>>> -->To: security-basics <security-basics@securityfocus.com>
>>> -->
>>> -->
>>> -->All,
>>> -->
>>> -->    I am currently looking into a new setup for my home. I run a
>>> -->small buisness out of it and I share it with 4 others, ranging from
>>> -->technically competent to technically inept people. Im currently
>>> -->looking into a new firewall solution. I have run smoothwall in the
>>> -->past and currently use endian, but I am curious what other options
>>> -->are
>>> -->available. I would prefer an opensource free system that will run on
>>> -->older hardware (P3 era).The requirements are below.
>>> -->
>>> -->1. Inbound and outbound firewalling
>>> -->2. site to site vpn connections - I have 2 other people whom work in
>>> -->the buisness with me that will be setting up a box at their home as
>>> -->well.
>>> -->3. road warrior vpn - not a huge requirement as I do have a windows
>>> -->2003 domain controller that can fill this role.
>>> -->4. content / spyware / virus filtering - a like but not a must
>>> -->5. Built in intrusion detection would be nice but again not a must.
>>> -->
>>> -->Charles Hardin
>>>       
>> This electronic transmission is intended for the addressee (s) named above. It contains information that is privileged, confidential, or otherwise protected from use and disclosure. If you are not the intended recipient you are hereby notified that any review, disclosure, copy, or dissemination of this transmission or the taking of any action in reliance on its contents, or other use is strictly prohibited. If you have received this transmission in error, please notify the sender that this message was received in error and then delete this message.
>> Thank you.
>>
>>     
>
>
From: Petter Bruland
Date: Fri, 20 Jun 2008 20:29:20 +0100
Security or not...

Does your array support a hot-spare or stand-by disk? Then that would be =
the best way to go. Once a drive fails, it will alert based on =
syslog/eventlog/3rd party app etc that a drive is bad, and rebuild the =
bad drive's data on the hot-spare/stand-by disk.

If that isn't an option, and you are expecting a failure any day, I'd =
just keep an eye on the array health and make sure you have one or two =
spare drives on hand.

** I've never done this, but I believe you can slowly replace all =
drives, and then have a working full RAID-5 disk set as a backup?  I =
have had bad luck with older drives that used to be 24/7, then taken =
offline and back online.

Those are my 2 cents.... And in today's exchange rate, that's not much.

-Petter



-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com] =
On Behalf Of Adriel Desautels
Sent: Friday, June 20, 2008 11:00 AM
To: Rivest, Philippe
Cc: Murda Mcloud; security-basics@securityfocus.com
Subject: Re: RAID 5 drive replacement schedule

Philippe,
	I disagree with you and I think that the definition of security that =
you provided is partial, but thats just my opinion. Availability is a =
vague term that can, but does not always have a role in security.=20
Determining what the proper schedule is for a drive replacement policy =
is something that can be done by IT without the security team. Deciding =
how to dispose of the drives on the other hand is security.


Regards,
	Adriel T. Desautels
	Chief Technology Officer
	Netragard, LLC.
	Office : 617-934-0269
	Mobile : 617-633-3821
	http://www.linkedin.com/pub/1/118/a45

	Join the Netragard, LLC. Linked In Group:
	http://www.linkedin.com/e/gis/48683/0B98E1705142

---------------------------------------------------------------
Netragard, LLC - http://www.netragard.com  -  "We make IT Safe"
Penetration Testing, Vulnerability Assessments, Website Security

Netragard Whitepaper Downloads:
-------------------------------
Choosing the right provider : http://tinyurl.com/2ahk3j Three Things you =
must know  : http://tinyurl.com/26pjsn


Rivest, Philippe wrote:
> Adriel & Murda
>=20
> It is a security issue the way you store your data. In regards to the=20
> raid technologies, raid 5 improves the availability of the data by=20
> making sure that a single drive failed will not impact the =
availability of the data.
>=20
> Remember that security is
> 1- Confidentiality
> 2- Availability
> 3- Integrity
>=20
> The main goal of a Raid 5 is to help #2. You are referring to the=20
> disposal of the HD which is the issue of confidentiality and that is=20
> not what Murda was aiming at. If it is, go for encryption, degaussing, =

> destruction and just plain format (if the data is not confidential).
>=20
> As I explained to him offline, the MTTF and MTBF is about the same for =

> 2 HD bought/constructed at about the same time. How ever, those are=20
> not absolute numbers that state that, if one drive fails the other one =
is about to go too.
> It's more an estimated value against which you should have some=20
> confidence/hope, your drive should not fail before X hours (it could=20
> go before but the average is X).
>=20
> In a raid 5, Drive A, B and C are online and working (they are the=20
> same drive bought at the same time). Drive A fails, you should NOT=20
> change drive B & C unless they are failing also. If you do, the cost=20
> of your raid 5 will be greater then what it should be (the replacing=20
> of the parts are going to cost a lot). Change drive A and hope drives =
B & C will last longer.
>=20
>=20
> The only issue is that 2 drives fail at the same time, which is very=20
> improbable. And if it does, you should be going for your back ups.
>=20
>=20
> I do hope this clarified the questions and that I wasn't to unclear=20
> with my details!
>=20
> Merci / Thanks
> Philippe Rivest, CEH
> V=E9rificateur interne en s=E9curit=E9 de l'information
> Courriel: Privest@transforce.ca
> T=E9l=E9phone: (514) 331-4417
> www.transforce.ca
>=20
>=20
> -----Message d'origine-----
> De : listbounce@securityfocus.com=20
> [mailto:listbounce@securityfocus.com] De la part de Adriel Desautels=20
> Envoy=E9 : 20 juin 2008 11:27 =C0 : Murda Mcloud Cc :=20
> security-basics@securityfocus.com Objet : Re: RAID 5 drive replacement =

> schedule
>=20
> Murda,
> 	The real answer to your question is that it is very, very improbable=20
> that all of the drives in the array will fail at the same time. Most=20
> drives are good for a certain period of years, after which point you=20
> are getting "extra time".
>=20
> 	That is not a security issue though. That is an IT related issue. The
>=20
> security issue comes into play when you dispose of your drives. Do you =

> shred them, just throw them in the dumpster, how do you dispose of =
them?
>=20
> =09
> Regards,
> 	Adriel T. Desautels
> 	Chief Technology Officer
> 	Netragard, LLC.
> 	Office : 617-934-0269
> 	Mobile : 617-633-3821
> 	http://www.linkedin.com/pub/1/118/a45
>=20
> 	Join the Netragard, LLC. Linked In Group:
> 	http://www.linkedin.com/e/gis/48683/0B98E1705142
>=20
> ---------------------------------------------------------------
> Netragard, LLC - http://www.netragard.com  -  "We make IT Safe"
> Penetration Testing, Vulnerability Assessments, Website Security
>=20
> Netragard Whitepaper Downloads:
> -------------------------------
> Choosing the right provider : http://tinyurl.com/2ahk3j Three Things=20
> you must know  : http://tinyurl.com/26pjsn
>=20
>=20
> Murda Mcloud wrote:
>> In my mind, this a security related question as it has to do with=20
>> ensuring availability.
>>
>> Does anyone have links towards any whitepapers etc that suggest=20
>> replacement of disks in a RAID 5 array as part of a maintenance =
cycle?
>>
>> If all the drives in an array are the same age and one fails; does=20
>> this
> mean
>> the others are more likely to fail. I'd imagine so as they have had=20
>> the
> same
>> amount of usage.
>>
>>
>>
>>
>>
>> =20
>>


The U.S. Small Business Administration , the National Institute of Standards and Technology, and the Federal Bureau of Investigation, assisted by the National Cyber Security Alliance and Multi-State Network Tools/Software (Free Download) including Nmap Open Source Network Scanner; Redhat Linux,Microsoft Windows,FreeBSD,UNIX Hacking.Offers Users Free Scan to Ensure Safe Computing Environment An experienced consultant, with forensic expertise, will work on-site, interacting closely with your information staff to review and augment your team's forensics skills. Productive Technology, LLC - Carolina's most productive custom software solutions, computer forensics, project management, computer security consulting, systems integration, database design, and Computer 1.52 keeps your computer's content protected! Hide or shred files, lock applications.Free Computer software downloads Free security software downloads security software Watches Store Find top brands such as Accurist, Casio, Timex and Storm.email program software fuel tax software free computer software address email software forex software trading bulk cheap email software formatting paper reference software free tax Hide Folder is a computer software to hide your private folders.TechCounter is having a good security solutions deal.

The list includes Norton Systemworks/Personal Firewall Bundle, McAfee Internet Suite 2006, McAfee VirusScan 2006, ZoneAlarm NEW YORK — AOL is releasing free software to automatically check whether you have the latest protection on your Windows computer.AOL offers security check The entry titled "10 free computer programs," and any of the comments about it.Minimize your worry and take advantage of the FREE Information Practice consultation service offered by the UTSA Office of Information Technology (OIT).AOL is offering a downloadable tool that continuously checks the security status of a user's home computer.Help Net is a daily updated related site. We offer information on the latest advisories, viruses, press releases, papers, etc. The site also has a large download section that helps Check out A Selection of Free Computer Solutions - Submitted by Abasster at Associated Content Check out A Selection of Security Solutions - Submitted by Abasster at Associated Content .

Links

Free Computer Security
Retina Network Security Scanner
Access Control Security
Computer Security Programs
Home Computer Security
Home Network Security
Federal Information Security Management Act
Network Security Tools