Hannes Kasparick

 

Master Thesis

Data Leakage
Prevention
  • Most companies are not aware of industrial espionage and loss of intellectual property until a high quality copy of one of their products is released at a low price by a competitor. Previous IT security measures are limited to protect data from attackers from outside the company. Over the past
    few years the IT security branch has developed methods to protect data from internal attackers called "Data Loss", "Data Leakage" or "Extrusion Prevention Systems", respectively.
  • Conventional firewall or access systems cannot protect against attackers who have legitimate access to sensitive data. Data Leakage Prevention systems close this gap and prohibit people who have legitimate access from distributing secret data. This thesis describes the existing technologies to reach this objective and under which circumstances the usage of a Data Leakage Prevention
    system makes sense. In addition, security models and the judicial environment are described.
  • In the beginning, the author shows how data can leave a company. The classification of data is the second step to protect data. Afterwards the technical implementation of a Data Leakage System is described. An example implementation of a Data Leakage Prevention System in a fictional company offers practical advice.
  • Download (German)

 

Speaker at sambaXP
Conference 18.04.2008

Samba as PDC / BDC with OpenLDAP
  • Samba with OpenLDAP as Domain Controller
    Userauthentication is a basic service in IT. It's very easy in a homogeneous infrastructure but becomes complicated in a mixed enviroment. This talk will give you information about how to build a reliable authentication infrastructure for Windows and Linux with Samba and OpenLDAP. Samba will be used as Primary and Backup Domain Controller for Windows Clients. OpenLDAP will be used to authenticate Linux Clients. I will also describe how to migrate from NIS to LDAP with some little scripts. An authentication system should be secure, therefore I will describe how to secure the LDAP replication with TLS. The Picture shows the setup:


  • Link: http://www.sambaxp.org/index.php?id=130
  • Download presentation

 

Article Linux Magazine Special edition 02 / 2008

Security for Apache with PHP
  • Article about Apache and PHP security. Page 105-109

 

Article Linux Magazine Special edition 03 / 2007

Samba with LDAP in Windows Enviroments
  • Workshop for Samba and OpenLDAP in the German Linux Magazine. Page 58-64

 

Rootserversystem for Internet Service Provider
  • University project 8th semester
  • In this project we developed and implemented a complete rootserver-system for an ISP. We support Linux and Windows 2003. As rescue system which boots via network (pxe) we use GRML and BartPE.

 

Article Linux Magazine 06/2006

modSecurity - Airbag for Webservers
  • Sysadmin article about the modSecurity module for Apache webserver in German and English Linux Magazine.

 

Article Linux Magazine 05/2006

Workshop: Sendmail++
  • Workshop about Sendmail with antivirus and antispam protection for the German "Linux Magazine" Pages 76-83
  • Download PDF

 

 

Diploma Thesis
XAMPP - Security
  • Apache is the most common web server and often appears in combination with additional components such as MySQL, PHP and Perl on different Unix-like operating systems. The protection of such a XAMPP-system is a big challenge for an administrator. This thesis aims to address all critical aspects of a configuration and relevant vulnerabilities.
  • Today security is also a major expense factor. However, the budget for security in many companies is usually fairly limited. For this reason, different technical approaches are compared which represent a different level of security and costs. In the course of this paper, a number of open source solutions are suggested that have very low license fees. This makes it possible to build and run fairly secure and inexpensive web servers.
  • Download (german)

 

Dynamite'05
Lanparty @ Hagenberg
  • Organisation of a lanparty for 100 participants in cooperation with the student organisation IF Hagenberg
  • Responsible for local network, servers, internet connection and active in the main organisation team
  • Link: http://lan.fh-hagenberg.at

 

PHP open_basedir Bug
  • During my research for my baccalaureate paper I discovered a vulnerability in PHP which effects many versions. An advisory is published on Securityfocus and FrSirt

 

Project Woodpecker
  • University project 4th semester
    The aim of this project is to learn how buffer overflows work and how exploits are produced. Therefore we work on litte chanllange programs and after that we exploit read programs. Our first hack was a local exploit für Exim 4.41 based on the Idefense advisory from 01.14.2005. Under certain circumstances we could become root as normal user.
  • A remote root exploit for ethereal produced by our team "W00dp3ck3r" was released on famous security sites securityfocus and FrSirt

 

Secure Windows
  • University project 3th semester
    In this project we built a Windows2003 domain with WindowsXP clients and tried to make it as secure as possible. To reach this we encrypted all network traffic with IPSec and set up a smartcard authentication for a secure login. At least we installed a certificate server and managed Encryption File System (EFS) rights with certificates.

 

Hannes Kasparick ®