Re: Security Basics

Hello Mikhail,

I'm just three months into my PhD program, I do have a background knowledge on IDS/IPS such as Snort and BRO, I know how they operate and some general information. However, i need to focus on some major attacks or problem or break something major before I start thinking of how fix it. Nevertheless, if you have any material related to defending NAT systems, I would REALLY appreciate because there's been little research literally in the area, so any resources or links you may have would be really appreciated.

Ahmed Nahuche ABUBAKAR
Department of Computer Science
Loughborough University
Leicestershire, LE11 3TU.

On 20 Oct 2011, at 13:55, "Mikhail A. Utin" <mutin@xxxxxxxxxxxxxxxxxxxx> wrote:

Almost every "student" wants to attack ... What about defense in depth ideas, studies and papers?

Mikhail A. Utin, CISSP
Information Security Analyst

-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx] On Behalf Of nahuche@xxxxxxxxx
Sent: Wednesday, October 19, 2011 1:49 PM
To: security-basics@xxxxxxxxxxxxxxxxx
Subject: Security Basics

Hello all, im a PhD student and want to focus on network security, to be precise, i want to focus on Security in Transition Mechanisms, i have a good networking foundation from protocols to Network Address Translation which is important for most Transition Mechanisms there are in use. I know all about using Nmap for fingerprinting, Wireshark for capturing network traffic and Nessus for vulnerability detection and using Metaspoilt for actual exploitation and post exploitation attacks but i need some ideas on how to go about attacking NAT routers and other security issues associated with Network Address Translation, books, papers, articles would be great especially those that have the step-by-step guide of how to go about the attack.
Thank you in advance for all the help.
Ahmed Nahuche

CONFIDENTIALITY NOTICE: This email communication and any attachments may contain confidential
and privileged information for the use of the designated recipients named above. If you are
not the intended recipient, you are hereby notified that you have received this communication
in error and that any review, disclosure, dissemination, distribution or copying of it or its
contents is prohibited. If you have received this communication in error, please reply to the
sender immediately or by telephone at (617) 426-0600 and destroy all copies of this communication
and any attachments. For further information regarding Commonwealth Care Alliance's privacy policy,
please visit our Internet web site at

Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.;4175;25;1371;0;5;946;e13b6be442f727d1

Relevant Pages

  • Re: AWS and security
    ... Subject: AWS and security ... CIO, Jamestown Distributors ... CONFIDENTIALITY NOTICE: This email communication and any attachments may contain confidential ...
  • Re: [Full-disclosure] virus in email RTF message MS OE almost disabled
    ... Information Security Analyst ... virus in email RTF message MS OE almost ... knows that you are vulnerable and that you open email attachments, ... This email communication and any attachments may ...
  • Re: Security updates are too slow or none existant
    ... Any discussion of the handling security issues is always going to be ... regard to how the security update process is being handled with Fedora. ... The key question of course with regard to the httpd update is what was ... the issues of guidelines and communication on how to ...
  • RE: [Packet-ninjas-syn-k1ck] Anyone know CENZIC?
    ... I don't know anyone that has used them for a pentest, ... mailing lists. ... and web application security testing company. ... This e-mail communication and any ...
  • Role based authorisation with .Net remoting
    ... Once the business logic components are distributed, I want to place security ... This implies I need to flow the users credentials to the server ... communication, and all DB connections are created using integrated security. ... The alternative would be to use LogonUser to impersonate a newly defined ...