The Council brings back the Assessor Session to this year’s Community Meeting and it takes only one question to get passions flowing. The question was to get a clarification of a comment made by Ralph Poore, Director, Emerging Standards at the Council, about multi-factor authentication (MFA). First a little background to get everyone up to […]
Most operating systems are not very secure out of the box and favor convenience and ease of use over security. IT Security professionals may not agree with a vendor’s user friendly approach to their OS, but that does not mean they have to accept it. There are steps that can be taken to harden a system and eliminate as many security risks as possible
System Hardening Examples
The most basic hardening procedure is to change the vendor default user name and password. You would be surprised how many vendor default access codes can found with a simple Google search!
System hardening can include configuration settings to remove unnecessary services, applying firewall rules, enforcing password complexity, setting failed login thresholds, and system idle time outs.
System hardening can also include installing an anti-virus program, forwarding logs to a centralized log management solution, and applying vendor released system patches.
Basically system hardening is a way to lock down the Operating System before the system goes into production. The hardening guides can not only detail the steps to follow to secure a system, but can complement any system deployment guides. Along with the list of procedures to follow to improve system security the hardening guides can reference vendor best practices, and industry standard security requirements such as NIST or the PCI requirements, and how those standards can be meet as part of the overall system hardening process.
Keys to System Hardening and Hardening Guides
- Review your inventory of the network connected systems and understand what you have and how it’s at risk before you can completely implement any hardening procedures. This includes reviewing current deployment and operational processes and understanding the threats and vulnerabilities to the various deployed systems and addressing any discovered security gaps.
- The hardening guides shouldn’t be interpreted as one-size-fits-all solution. There may need to be separate guides for the servers versus workstations, or for different OS’s being run in the environment. Specific hardening guides may need to be developed depending on the systems function and criticality along with its placement in the environment.
- If your company places an importance on security and there is C level buy in for security it can still be balancing act to secure your systems and to do what is right for the business.
- The hardening guides are a baseline to secure your systems and no matter how tight the systems are locked down they’re still going to be exploitable in some way. It is important to never let your guard down and not get into the mindset of everything is secure because of the procedures you have followed in the hardening guides.
- Hardening guides should be a “living document” and should be reviewed and updated whenever there are changes to your internal policies or procedures, or when there are changes to any followed external policies or standards.
- The guides should not only document how to deploy a secure system, but how to maintain a secure system with continued vulnerability management and system patching.
To review, system hardening is the process of enhancing security through an assortment of methods which results in a more secure operating system environment, and system hardening is another defense layer to protect resources and data.
Introducing Kali Linux
The creators of BackTrack have released a new, advanced penetration testing Linux distribution named Kali Linux. BackTrack 5 was the last major version of the BackTrack distribution. The creators of BackTrack decided that to move forward with the challenges of cyber security and modern testing a new foundation was needed. Kali Linux was born and released March 13th 2013. Kali Linux is based on Debian and an FHS-Compliant file system.
Kali has many advantages over the BackTrack. It comes with many more updated tools. The tools and streamlined with Debian repositories and synchronized four times a day. That means users have the latest package updates and security fixes. The new compliant file systems translate into running most tools from anywhere on the system. Kali has also made customization, unattended installation, and flexible desktop environments and strong feature in Kali Linux.
View original post 858 more words
I’ve been teaching IT security awareness for several years and I try to get those in attendance of the classes to learn some basic IT security skills. These basic skills build on each other and there is some cross over, but ultimately this blended set of security skills can help anyone stay safe online. As with any sport you always start by learning the fundamentals, and while no one skill can get you into the game or keep you safe online, they can definitely make you ready for either.
With free Wi-Fi available in coffee shops and many fast food restaurants I constantly see people leaving their devices unattended and this lapse can allow someone to walk off with the device unnoticed. Think about your device and the amount of data it may contain. The device may have your whole world stored on it! If someone takes your laptop, tablet, or phone it is so much more than having the device stolen, but the data it contains. Besides this Wi-Fi example other scenarios to pay attention to your device is when going through airport security or leaving the device in plain site while stored in the car. These situations can also expose the device to being stolen, so physical security is a great starting point and a must have skill for overall IT Security.
Don’t Accept the Defaults
One of the most basic rules of security, but at the same time one of the most abused is not changing settings from the vendor defaults. The excitement of getting a new device and wanting to use it as soon as possible can cause people to rush through the setup and accept defaults with the promise to return later to change the settings. Unfortunately the promise to return and change the settings never happens and wanting to use the device before setting it up properly has created a security risk. For example just plugging in a wireless router with its default settings is like forgetting to lock the door when you leave the house. Many wireless routers administrative guides can be downloaded from the manufactures web site and these guides include default settings for the admin password or encryption key settings. Another action related to accepting the default settings is not checking for or applying updates. Either during the initialization phase or during the life of the device not applying these updates can render the device vulnerable to the security holes the updates were meant to patch. Many devices are insecure out of the box so take the time to secure them.
Sense of Urgency
When I teach email security awareness a common theme with scams is the sense of urgency being portrayed in the emails. Many of these don’t think just click type scams also show up in social media sites and text based scams. The sense of urgency scams will try to get people to click or react without thinking about what they are doing. Some scams will have an emotional pull of someone you care about being in trouble, or you could lose access to your bank account, or even to let you know you won a prize. Before you know it your judgment is clouded and you clicked and responded. There was a great awareness campaign started a few years ago called STOP THINK CLICK and those three words can make a big difference when responding or better yet not responding to these types of scams.
It won’t happen to me
I hear “it won’t happen to me” or “I would not fall for that trick” all the time, and I have even said those same statements myself! Online scams are always evolving and new scams show up all the time, so always be alert and never let your guard down. If something seems out of place start asking yourself some questions; does this person typically send this to me, why does my bank need me to verify my password, should I be logging into my email on unsecure Wi-Fi, why does this app need access to text messages and phone calls, etc… After asking some questions you can make an informed decision, and if something just doesn’t feel right trust your gut that it isn’t right!
There is no such thing as private on social networks and anything you post your friends can share with the world!
Everyone doesn’t have to be an IT security expert to be safe online, but knowing some basic skills and practicing the skills can help anyone protect themselves. So after learning and practicing your IT security skills go outside and practice throwing, fielding, and hitting because the Yankees are looking for a new stop short!
Note: I was a guest blogger for the Tripwire The State of Security blog where this article first appeared.
Great set of instructions for installing Kali Linux in VMware Player.
First we need to download Kali from http://kali.org/downloads/. If you have a 64-bit capable computer (like me), then you probably will want the 64-bit version of Kali for performance reasons. Expand the drop down menu’s to find the version you need. Select the 64-bit version ONLY if you have a 64-bit computer.
View original post 968 more words
Most home users select their wireless network name without much thought to the actual name except to make it easy for them to see and connect to. So many people never think that the networks name also known as the Service Set Identifier or SSID could be a security risk. Okay, a security risk may be a reach, but let’s just say some SSIDs are more secure than others, and I will list some dos and don’ts when selecting an SSID.
Before the list lets discuss what makes the SSID important. Hackers need to gather several pieces of information including the SSID to crack a networks WPA/WPA2 password. Hackers have pre-configured tables with this information including common or default SSID names and if you’re using one of these common names you have made their job easier and your network more of a target.
- Do change the SSID from the factory set default wireless network name.
- Don’t select a name in top 1000 most common SSIDs. Now this list is very long and at first glance you will notice a lot of factory given default names (dlink, Linksys, 2wire, Netgear, etc…), so as mentioned above change the default name.
- Don’t use your first or last name, address, phone number, or anything else personal. Broadcasting personal information identifies who owns the network, and may aid the hacker in cracking the wireless password.
- Do be unique when selecting an SSID, but too much creativity may draw attention to the networks name along with attempts to hack the network. With a maximum of 32 characters you have some creative capabilities, but also think camouflage, so the network name blends in with the other networks in range and does not stand out.
- Do follow these rules even if your SSID is hidden or not being broadcast. Hidden network SSIDs can very easily be discovered and they are not immune.
The most important thing to learn is to always change the SSID from the default. Having a unique SSID can not only make the hackers job more difficult, but it may signal to the hacker that if the name was changed other settings were changed as well persuading the hacker to look for an easier target.
Currently I’m studying for the Certified Wireless Analysis Professional (CWAP) exam and I’m rereading the study guide and I found the chapters that examined the different fields and elements present in the MAC header most interesting. I had a rough idea, but during my studies learned a great deal more about the unique fields and elements dedicated to wireless that keep the network functioning and help packets get delivered. Two fields of particular interest are the To Distribution System (To DS) and From Distribution System (From DS) and how these fields determine if the frame is leaving or entering the wireless environment.
Just a quick definition of the distribution system and basically the DS is the infrastructure that connects multiple access points together to form an Extended Service Set (ESS). The DS is typically an 802.3 Ethernet wired network, but it doesn’t have to be, and the DS can even be a wireless back haul.
MAC Header & Frame Control Field
Lets now look at the MAC header which can contain four address fields. The number of address fields is a major difference between Ethernet frames, which only use two address fields, and wireless frames that could use as many as four address fields. Each address field is 6 bytes in length to hold a standard 48 bit MAC address, and most wireless frames will only use three of the address fields, and wireless frames being transmitted in a wireless distribution system would be the only frames using all four address fields.
The MAC header contains the Frame Control Field consisting of 11 sub fields (see pic below) including the To DS and From DS fields. The To DS and From DS fields are each 1 bit and can be occupied with a 1 or a 0 and there are four possible combinations using these two fields.
The To DS and From DS fields are important for assessing the packet since the bit combination of these fields identifies if the frame is entering or leaving the wireless environment. The fields can also show if the packet is part of an ad hoc network, or part of a wireless distribution system, and if the frame is a Management or Control frame not intended to leave the wireless environment.
To DS and From DS fields are both 0
The frame is either part of an ad-hoc network or the frame is not intended to leave the wireless environment. The screen shot below shows a Beacon Management frame with a status of not leaving the DS or network (see the highlighted line). Management and Control frames will always have the To DS and From DS fields set to 0 and are never sent to the distribution system network.
An Ad-hoc network connects multiple wireless devices together, and typically does not connect to a wired network, so there is no DS involved or requirement to have the fields set to 1.
To DS field is 1 and From DS field is 0
The frame is leaving the wireless environment and is intended for a computer on the distribution system network. For example after a wireless station authenticates it will need to obtain an IP address and that request will be forwarded by the AP to the DHCP server that resides on the distribution system network.
To DS field is 0 and From DS field is 1
The packet is entering the wireless environment coming from the DS. The screen shot below shows a Data (Type/Subtype field) frame capture in Wireshark, and the highlighted line shows the To DS and From DS fields along with a status of the frame coming from the DS to the station via the access point.
To DS and From DS fields are both 1
When both the To DS and From DS are set to 1 the packet is involved with a wireless distribution system (WDS) network. WDS networks are used to connect multiple networks together, typically for building-to-building connectivity, or a WDS can connect access points together to from a wireless mesh network.
As mentioned the MAC header can contain four addresses and these addresses can change depending on how the To DS and From DS fields are set. Here is quick reference for how the address fields are set for each To DS and From DS combination.
To DS and From DS are both 0
Address 1 = Destination
Address 2 = Source
Address 3 = BSSID
To DS field is 1 and From DS field is 0
Address 1 = BSSID
Address 2 = Source
Address 3 = Destination
To DS field is 0 and From DS field is 1
Address 1 = Destination
Address 2 = BSSID
Address 3 = Source
To DS and From DS are both 1
Address 1 = Receiver
Address 2 = Transmitter
Address 3 = Destination
Address 4 = Source
When observing packets in a sniffer or pen testing a wireless network It is important to look at the To DS and From DS fields to verify the direction of flow for the packet and how these fields then relate to the MAC addresses in the header.