Archive for September, 2010

h1

OpenVPN – Best VPN Tools…..

September 27, 2010

OpenVPN is considered as the best tools for VPN. It needs  a client side and a server side. The installation requires to install both the server software and the client software. There is a installation for windows , linux , and mac . Linux includes ubuntu , redhat , fedora and centos. There is also installation for VMWARE for windows/linux/mac appliance. You all can try the free version , that includes 2 client side and server side installation. There is a community sofware , access server software and client software downloads. You can try the buy version , that includes many functionalities…

Best of all , there a plenty of documentation that we can refer to. There are also books regarding about OpenVPN. For your user information , here i include the new features of OpenVPN , if you all wish to install and use it:-

Multi-Platform ClientOpenVPN Client availability in multi-OS environment ranging from Windows XP, VISTA, Windows 7, MAC, Linux, and Mobile devices.

Server Portability

OpenVPN Access Server runs on many Linux OS platforms and virtual environments.

Multi-Mode Client

OpenVPN Client can run in various modes ranging from a simple remote user accessing the private network resources to remote gateway interconnecting multiple private networks.

Multi-Mode Access

OpenVPN supports Layer 2 and Layer 3 network access capabilities.

Access Control

Allow/ Deny Users or Groups granular access to Network resources/ services, groups, and users.

Dynamic Application Deployment

Dynamically deploy and execute any application, client scripts, and python scripts on a client machine based on specified events

Host Checking

Verifying that the Client Machine contains up-to-date and proper applications

Multi-Authentication Methods

Supports PAM, LDAP, RADIUS, and Local DB methods.

Scalability

Scales from 10 to 100,000s concurrent VPN sessions/ connections.

High Availability

Supports Active/ Standby failover mechanism.

Statistics and Reporting

Detailed statistics and log reporting of users activities.

Multi-Level Security

Various security levels controlled by network administrator. This is ranging from simple to complex and strict authentication policies.

Flexible DMZ Configuration

Any network resource within the private network can be exposed and be accessible through DMZ

Datagram Transport Service

Supports both Datagram Transport Layer Service (DTLS) based on UDP and Transport Layer Service (TLS) based on TCP.

Application Programming Interface (API)

Supports API, enabling third-party applications access to Server and Client services.

You can check out the OpenVPN website here:  http://openvpn.net/
Till then , have fun using OpenVPN…..
Advertisements
h1

De-Ice Penetration Testing Live CD…..

September 22, 2010
The PenTest LiveCDs are the creation of Thomas Wilhelm, who was transferred to a penetration test team at the company he worked for. Needing to learn as much about penetration testing as quickly as possible, Thomas began looking for both tools and targets. He found a number of tools, but no usable targets to practice against. Eventually, in an attempt to narrow the learning gap, Thomas created PenTest scenarios using LiveCDs.
The Live CD is based on FreeBSD Operating system. The FreeBSD is based on KDE Desktop environtment.

De-ICE PenTest LiveCDs Project

Heorot.net provides funding and support for the Open Source De-ICE Pentest LiveCDs project. We present some of the various resources and links available that support or discuss this project. Intended to provide legal targets in which to practice and learn PenTest skills, these LiveCDs are real servers that contain real-world challenges. Designed by professional penetration testers, each disk provides a learning opportunity to explore the world of penetration testing. Intended for beginners and professionals alike.

This project has been presented at security conferences across the US, and the LiveCDs are used extensively in the new book: “Professional Penetration Testing: Creating and Operating a Formal Hacking Lab” (2009). In addition, it can be found referenced in “Penetration Tester’s Open Source Toolkit, Vol. 2,” (Chapter 9), “Metasploit Toolkit for Penetration Testing, Exploit Development, and Vulnerability Research” (Appendix B) published by Syngress in September, 2007.

h1

The new Linux kernel 2.6.35.4 had been released….

September 14, 2010

The new linux kernel 2.6.35.4 has been released. It is available for download at http://kernel.org. These are the reviews of the kernel 2.6 development:-

Stable kernels

As already reported a few days ago, the generation 2.6 kernels contained a security hole that allowed local attackers to execute code at root privilege level; this hole has been fixed in the main development branch and in versions 2.6.32.19, 2.6.34.4 and 2.6.35.2, which were released early last week. While the changes weren’t integrated into version 2.6.27.51, which was released at the same time, they did make their way into version 2.6.27.52 released on Friday night. This version also fixes several other flaws introduced indirectly by the patches for the security hole; these bug fixes were also included in versions 2.6.32.20, 2.6.34.5 and 2.6.35.3, which were released at the same time. On some systems, at least the latter exhibited a previously non-existent problem which is to be fixed in the next version. The next set of stable kernel releases for 2.6.27.53, 2.6.32.21, 2.6.34.6 and 2.6.35.4 are already in review.

After minor variations in the release emails for the previous stable kernels, as reported in the previous Kernel Log, Greg Kroah-Hartman has mentioned that all users need to update to the new kernel in several emails. In the release email for 2.6.35.2, the developer also wrote that he is tired of people trying to parse his words for hidden messages about whether security changes have been made and repeated his request that users update, pointing out that people who use kernel.org kernels but who don’t update regularly shouldn’t be using kernel.org kernels. (“I’m tired of people trying to parse my words like I’m the Federal Reserve Chairman, just go update already. If you use a kernel.org-based kernel, and you aren’t updating to the latest -stable updates, well, why are you using a kernel.org kernel in the first place?”)

Main development branch

At the beginning of the week, Linus Torvalds provided the second release candidate of Linux 2.6.36. Having made an exception and sent out the first release candidate, which marked the end of the 2.6.36 merge window, without a companion email early last week, Torvalds highlighted some of changes he considers important in his release email for 2.6.36-rc2: Fanotify, concurrency-managed work queues and various optimisations to the Virtual Memory infrastructure.

Torvalds also mentioned that, in RC2, he merged various large patches for the Intel graphics drivers as well as some of the patches that were mainly developed by Nick Piggin to optimise the Virtual File System (VFS) code and make it run more smoothly, especially on multi-core systems. However, the merged code apparently adds just a small portion of the VFS optimisation patches, and Torvalds said it’s not even the most interesting part; the remaining patches are now likely to be integrated into the main development branch with 2.6.37 at the earliest.

Torvalds said that he will not integrate any further big features into 2.6.36, and that various Git-Pull requests have already been rejected (“The main commentary about it is that I’ll be back in “fairly strict” mode as of – RC2. IOW, send me regression fixes only. Really. I already dropped some git pull requests that were a bit too obviously new feature stuff after the merge window closed, […]”). He already pursued a similar approach during the development of 2.6.35, having been considerably more lenient in earlier versions.

h1

Mercurial..A distributed Version Control System (DVCS).

September 2, 2010

Mercurial is a free, distributed source control management tool. It offers you the power to efficiently handle projects of any size while using an intuitive interface. It is easy to use and hard to break, making it ideal for anyone working with versioned files.

Decentralization , high performance , scalability , robust handling of text and binary files while remaining conceptually simple – these are few design goals with which hg or Mercurial has been designed. It is a platform independent , distributed revision control tool for software developers , written in the Python programming language. Mercurial was initially written to run on Linux ; now it has been ported to Windows , MacOS X  , and most UNIX-like systems. It is a primarily a command line program , but graphical user interface extensions are also available. Of course , it’s an open source project .

A few well-known source code hosting facilities that use Mercurial are BitBucket , Google Code , SourceForge and Codeplex ; there are even more out there. Mozilla ,Vim and Wget are few popular open source projects that use Mercurial ; the developers of the Python programming language have announced that they will make the transition from Subversion to Mercurial soon. Disutils2 , which is currently being developed outside the Python stdlib , also uses Mercurial for version control.

Mercurial is a great tool to use for version control , if you have to choose from the various VCSs available out there today. The learning curve for Mercurial is no that steep either , compared to some other DVCSs. Thus , hg makes a lot of sense if you’re getting started with DVCS , or looking to migrate away from your old client/server VCS.

Till then , have fun…!

h1

NodeZero Linux..Another Operating system for pen testing…..

September 2, 2010

NodeZero is an Ubuntu based linux distribution that can be used for penetration testing.  The system setup is basic and it’s primarly designed for disk installation and customization as you want. NodeZero uses Ubuntu repositories so your system will be always up to date.

With NodeZero comes around 300 tools for penetration testing and set of basic services which are needed in penetration testing.