A good explanation of the differences between the two, many managers think Penetration Testing sounds more exciting, but actually in the majority of cases it’s a Vulnerability Assessment that’s carried out.
—————————–
Not a bad little article. One thing that he fails to mention (or I just missed it) was that penetration testing is usually a primary technical assessment. A vulnerability assessment also tends to have quite a bit more involved including risk levels and documentation review.
Nmap is a security tool written by Fyodor. It is an opensource security tool which is licensed under the GNU GPL. Nmap is what is called a network scanner. It is not a vulnerablility scanner like nessus.
A decent analogy would be if you had an address to a particular house and wanted to figure out what type of house it was and what windows and doors were open. However, Nmap could also be used to tell you the addresses of all houses in a particular neighborhood in addition to the other information. It is essentially an easy way to look at a machine (or group of machines) and determine if it is up and what services are running. Usually, nmap can also tell you what type of operating system is running on the box as well.
Nmap is portable, meaning it runs on multiple operation systems. It typically comes in two flavors, a command line executable and a gui executable. I will be focusing on the command line version for several reasons. The first, is that it is more common. If you have nmap installed you are going to have the command line, you may not have the gui. Second, it is more powerful (in my opinion). If you can do it via command line, you should be able to figure out the gui. Third, and this is the selfish reason, it is easier to write this article telling you what command to type vs. having to tell you to click in several places and take screen shots.
NIST created guidelines for selecting and specifying security controls for information systems that support the executive agencies of the U.S. government.
I plan on writing my own article about NIST documentation. However, this is a decent little introduction to NIST 800-53 and the direction of NIST security controls.
This is a Discussion of Casablanca over at movietap. Here are my initial comments:
This is a great movie. I finally got my wife to watch this several months ago. I had to convince her it was a love story instead of a “war movieâ€Â. Apparently, she has something against war movies. She almost left the room at the beginning of white christmas.
Anyways, I have had a couple of questions. Why would anyone travel from Europe, go to Northern Africa, go back to Europe to get to the US? That part of the plot, I never understood.
Also, how common was it for an American white man and a black man to be travelling around Europe and Africa opening random clubs?
I agree with one of the above posters regarding the Paris flashbacks. I realize it is to set up the contrast between happy Rick and bitter Rick. However, Bogart just looks kinda of goofy trying to appear carefree.
One of the things that I tend to do (especially with older movies), is recognize actors and try to figure out what else I have seen them in. This usually gets me running to imdb.
Claude Rains also plays Prince John in “The Adventures of Robin Hoodâ€Â.
And I also recognized Peter Lorre from “Arsenic and Old Laceâ€Â. He seems to have been type cast as that type of character – sniviling and weak.
Also, I was kind of confused about how cordial the germans were the whole movie. If it was me, I would have arressted Laszlo from the beginning. Obviously, it would have ruined the movie.. 
So, now we are hopefully capturing traffic and saving IVs to crackme.ivs for channel 10. Now we must generate traffic by doing an active attack (or we could be sniffing traffic for weeks on a low use WAP). To do this we are going to use aireplay.
So, the first thing we need to do is open another terminal (keep airodump running). You can try attacking with a made up mac address by using:
aireplay -1 0 -e -a -h wlan0
so for example:
aireplay -1 0 -e attackme -a 00:12:34:56:78:90 -h 0:1:2:3:4:5 wlan0
(Continued)
