November 23rd, 2009
A new book on ModSecurity is on it's way, expected this Nov. The nice folks at Pakt Publishing contacted me and I'll receive a copy as soon as it's launched. Of course I will review it on this blog but until then, a short look under the bonnet :
Title : ModSecurity 2.5
Author: Magnus Mischel
Publisher : Packt Publishing
Having worked mostly with commercial Web Application Firewalls such as Imperva and F5, I'm eager to see how ModSecurity lives up it's reputation and how one can save lots of time and money by implementing a robust open source WAF adapted to today's threats.
From publisher's presentation:
A complete guide to using ModSecurity, this book will show you how to secure your web application and server, and does so by using real-world examples of attacks currently in use
.
Sounds like fun !
November 6th, 2009

It's been a long time since my last post and If I look back at it, I was writing about NetWitness.
Today, I was notified that NetWitness released NextGen version 9. Since I liked version 8 so much, let me write here the new features offered in version 9.0 :
- NetWitness Identity – provides the ability to easily correlate IP addresses in network sessions to end-user directory credentials – fusing an organization’s Active Directory to offer a real-time 4-1-1 lookup capability. As a result, security staff can link compromised machines and inappropriate network behavior to a user’s actual identity.
- Support for 802.11 Wireless Capture – initially supported under the portable NextGen Eagle platform, this capability will be available on all NextGen 9.0 capture platforms. This new capability supports WEP in-line decryption and will support WPA decryption under an upcoming service pack.
- 10Gbps Network Support – building off of real-world experiences with massive government, commercial and service provider networks, unlike other products in this space, NextGen 9.0 includes support for both capture and real-time analysis on 10Gbps networks.
- Expanded authentication options – NextGen 9.0 supports Linux PAM, providing pluggable authentication modules that connect the NextGen infrastructure to customer authentication frameworks such as Kerberos for Windows and Unix environments, LDAP, Radius and many others.
- Expanded enterprise management – NextGen 9.0 introduces a new administrative dashboard that enables comprehensive insight into global health across all connected appliances. This includes real-time feedback and charting for all system metrics, and expanded interfaces for managing configuration parameters, rules, alerts, parsers, feeds, and software updates across all devices from a single location.
Let's hope that NetWitness Investigator (free download here) will be soon upgraded to version 9 as well just because it's such an awesome tool