Saturday, 12 September 2009

Off to SANS and GSE #3

Well I leave on the plane to SANS NS2009 in a few hours in San Diego, USA.

I have the final GSE exam (having the GSE-Malware and GSE-Compliance) before havign them all.

Following this, I will actually be taking a course. This is Jon Ham teaching the SANS Network Forensics Bootcamp (I still do a few courses a year even though I have many to maintain).

For anybody planning to go, drop me a line.

Thursday, 10 September 2009

Mounting NTFS Formated drives in RHEL5

One of the flaws in Red Hat EL is the lack of support for NTFS formatted drives. I use RHEL 5.x extensively (even to having to having Internet Explorer run via Wine for when I need to test it). So I will detail how to configure support for rwading NTFS partitions in Red Hat Enterprise Linux Server release 5 (RHEL 5) x86_64 edition.

Mounting NTFS in read only mode is simple (and essential for forensic uses), but it is also of use to be able to mount a drive in read/write mode. After all, you may want to copy something to your drive.

Start by downloading and installing both the fuse & ntfs-3g packages.

Install Fuse
Start by installing the base fuse module. I will not cover the RPM based install, I prefer to download and build source (make your own RPM's if this is a requirement). Besides installing an RPM is simple (rpm -ihv file.rpm) so need not be rehashed here.

The install will require several libraries. These do change over time, so the best thing is to ensure that you have all required packages first (yum ...)

Install fuse-ntfs-3g
The same goes for fuse. Build the source. This is a typical ./configure, make, makeinstall etc process if all of the dependency packages are installed on your build system.

Next Mount a partition
As you can see from the image below, the command to mount the partition is nothing too complex. There is also the ntfs-3g command. So you have options.
There are other options for adding the mount as a particular user, I will leave you to play with these.

ntfs-3g volume mount_point [-o option[,...]]
mount -t ntfs-3g volume mount_point [-o option[,...]]


Well, I am again doing more courses, this time I have been re-learning JSP and servlets in Apache Tomcat.

To this end I have written and updated my assignment for the subject which is online at the following link:

I have added a number of additional controls to those required by the assignment (being the development of a simple forms based confirmation page - again overkill). The issue I see is again a lack of note for security.

We are using an early version of Tomcat for the assignment and we have set the Servlets to run without all of the new checks that are completed in Tomcat. As the course is more focused on Java, we totally seem to bypass the configuration of WebXML files that define how an application should run.

Am I the only one who thinks this is a little problematic?

If we teach insecure coding practice, we will not have the budding professionals of the future know what they should be doing.