Tuesday, May 19, 2009

Its the little things

After I finally figured out what was breaking the client/server communication in GuardianEdge, I ran accross another issue: "Not enough server storage is available to process this command." This error message popped up everytime I attempted to access a share on the encrypted drive. After some quick research, I determined this to be caused by the IRPStackSize registry setting. After some trial and error with the size and machine, I determined that setting this DWORD to (dec)20 on the domain controller was the correct fix. Apparently, this setting is either changed or removed by some versions of Norton AV.
Although annoying, it was a fairly easy fix. Now it is time to turn my attention to McAfee's Policy Auditor and to getting back into the *nix world.
At home I am currently playing around with the SecurityOnion LiveCD from Doug Burks, Fedora 10 as a client, Fedora 10 as a Server, and CentOS 5. These should keep me busy for awhile.
If you haven't checked it out yet, you should look at Doug's blog: http://securityonion.blogspot.com/
Doug is a packet guru and the SecurityOnion LiveCD is an excellent tool for intrusion analysis/detection.

Playing Catch up in Vegas

There is nothing like a week-long conference in Vegas in slow you down...at least from a work standpoint.
I lived 4 hours from Vegas for 5 years, and never went! I was looking forward to this trip as both a chance to network, and as a chance to finally see Vegas. We stayed at Las Vegas Lakes and had a good time at the conference. The only site-seeing we did was to visit the Hoover Dam and to go down to the Strip one night that week. We were going to go back on the last night, but just weren't in the mood after spending quite a few hours at the Dam, taking the Dam tour, buying the Dam souviners, acting like Dam tourists...you get the point. :)
Walking the strip was a little over-rated, but the Crazy Horse show at the MGM was great! Other than that, it was almost entirely conference sessions and homework for me. Maybe next year I will take the wife.

As a short recap to SSLF testing:
I finally finished testing the SSLF baseline against one product, GuardianEdge Hard Drive. After using different methods to test the baseline (all at once, individually, and in groups) I determined that it was the "Log on as Service" right. The irony is that I spent this time testing because a System Admin was 110% certain that this setting was correct in their production environment, but would not allow me to double check. In any event, it is fixed! Finally!