In the last post of the series we took a look at the organization we are helping out with our assessment. We also were given their Loss Magnitude Table. That table gives us a good idea of their risk tolerance.

Today we are going to look at the architecture of the system that hosts Oblivia's tax code and tax rate tables.

As indicated before, Oblivia is does not have a very mature technology infrastructure. However, they have been given some good advice about the need for firewalls and to only allow needed ports and such. Below is a diagram of their public facing web infrastructure.

Oblivia Internet Facing Network Architecture

The system configurations are as follows:

Web Server:

  • Operating System: A Very Fine OS (fully patched)
  • HTTPD Software: A Very Fine Web Server (fully patched)
  • CMS: An internally developed application. A penetration test was recently performed and several XSS issues were uncovered along with one SQL injection problem  (import bits of information for later.)

Database Server:

  • Operating System: A Very Fine OS (fully patched)
  • Database Server: A Very Fine DB Server (fully patched)

As you can see, keeping systems appropriately patched has been another good bit of advice given and taken to heart. We will definitely be visiting some of the traffic allowed as we progress. 🙂

On final note, there is no remote access solution in place, but those responsible for the systems sometimes need to be able to work on them from remote locations, i.e. home. You can probable tell how they are doing from the ports allowed through the firewalls.

In our next post, we will again look at assets again. As always, fell free to chime in on the comments if you have something to say or I goofed again 🙂


PS - For those interested, the diagram above was created with Gliffy. It is a really nifty free on-line diagramming tool.


Windows 7 Beta: Uninstalling Adobe Air

by kriggins on February 7, 2009

in Uncategorized

Recently, I was trying to upgrade Twhirl, my favorite Twitter client, to the latest beta version. I was doing this on my laptop which is running Windows 7 Beta. First the upgrade failed, then an install failed after removing Twhirl, I couldn't re-install Air because it said it was already installed, and finally I couldn't uninstall Adobe AIR.

Needless to say, I was a bit frustrated. I posted a query to Twitter to see if anybody else was having this problem. One person responded that they were and knew some other that also had the issue. I poked at it a bit, but didn't make any progress and left it alone for a bit.

Last night I decided to figure this thing out and was successful in being able to manually remove Air. After a re-install of Air and Thwirl, all was right with the world. Below are the steps I took to remove Air.

1. Delete the Adobe Air files from your system.

Delete "C:Program FilesCommon FilesAdobe Air".  Of course, change the drive letter if necessary. You will need to have administrative access to do this.

2. Remove the uninstall registry key for Adobe Air.

On my system the key was here:

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallAdobe AIR

Use regedit  to do this. Remember to be very careful when mucking about with regedit. You can seriously mess things up. Again, you will need administrative access for this.

3. Re-install Adobe Air

Install Adobe Air again just like you did the first time.

Hope this helps and let me know if you find a simpler way.


Reblog this post [with Zemanta]

{ 1 comment }

Damn Vulnerable Linux 1.5 is Out!

by kriggins on January 26, 2009

in Uncategorized

I first talked about Damn Vulnerable Linux here. Well, @mubix announced that version 1.5 has been released.

You can grab the torrent here.

The discussion groups are here.

The website is here.

I can't wait to see what changes have been made.


Reblog this post [with Zemanta]


Wireshark and Windows 7

by kriggins on January 12, 2009

in Uncategorized

UPDATE - November 13th, 2009: I have just successfully installed Wireshark 1.2.3 on 64-bit Windows 7 Ultimate. Version 1.2.3 includes WinPCAP 4.1.1 which supports Windows 7. I did not have to do anything special. I simply installed the Wireshark package.

UPDATE October 22nd, 2009: Johan indicates in the comments that version 4.1.1 of WinPcap has been released. He says that it works fine with Windows 7. I would install version 4.1.1 of WinPcap first and then install Wireshark and say no when it asks if you want to install WinPcap. I need to confirm, but the rest of this post should still hold true.


I needed to do a packet capture on my Windows 7 box. With a certain amount of trepidation, I downloaded Wireshark (1.0.5) and ran the install.

Unfortunately, it did not work. However, I did not install the NPF driver as a service. I uninstalled and reinstalled, setting the NPF driver to start as a service.

Success. So, if you are installing Wireshark on Windows 7, make sure to check the option to start as a service. This allows non-administrative users to use Wireshark. I suspect UAC is getting in the way, but have not dug into it yet.


Reblog this post [with Zemanta]