The Importance of System Hardening

locksystemhardening

Most operating systems are not very secure out of the box and favor convenience and ease of use over security. IT Security professionals may not agree with a vendor’s user friendly approach to their OS, but that does not mean they have to accept it. There are steps that can be taken to harden a system and eliminate as many security risks as possible

System Hardening Examples

The most basic hardening procedure is to change the vendor default user name and password. You would be surprised how many vendor default access codes can found with a simple Google search!

System hardening can include configuration settings to remove unnecessary services, applying firewall rules, enforcing password complexity, setting failed login thresholds, and system idle time outs.

System hardening can also include installing an anti-virus program, forwarding logs to a centralized log management solution, and applying vendor released system patches.

Basically system hardening is a way to lock down the Operating System before the system goes into production. The hardening guides can not only detail the steps to follow to secure a system, but can complement any system deployment guides. Along with the list of procedures to follow to improve system security the hardening guides can reference vendor best practices, and industry standard security requirements such as NIST or the PCI requirements, and how those standards can be meet as part of the overall system hardening process.

Keys to System Hardening and Hardening Guides

  • Review your inventory of the network connected systems and understand what you have and how it’s at risk before you can completely implement any hardening procedures. This includes reviewing current deployment and operational processes and understanding the threats and vulnerabilities to the various deployed systems and addressing any discovered security gaps.
  • The hardening guides shouldn’t be interpreted as one-size-fits-all solution. There may need to be separate guides for the servers versus workstations, or for different OS’s being run in the environment. Specific hardening guides may need to be developed depending on the systems function and criticality along with its placement in the environment.
  • If your company places an importance on security and there is C level buy in for security it can still be balancing act to secure your systems and to do what is right for the business.
  • The hardening guides are a baseline to secure your systems and no matter how tight the systems are locked down they’re still going to be exploitable in some way. It is important to never let your guard down and not get into the mindset of everything is secure because of the procedures you have followed in the hardening guides.
  • Hardening guides should be a “living document” and should be reviewed and updated whenever there are changes to your internal policies or procedures, or when there are changes to any followed external policies or standards.
  • The guides should not only document how to deploy a secure system, but how to maintain a secure system with continued vulnerability management and system patching.

Conclusion

To review, system hardening is the process of enhancing security through an assortment of methods which results in a more secure operating system environment, and system hardening is another defense layer to protect resources and data.

Installation Guide for Kali Linux

MakeThingsEasy

Introducing Kali Linux

The creators of BackTrack have released a new, advanced penetration testing Linux distribution named Kali Linux. BackTrack 5 was the last major version of the BackTrack distribution. The creators of BackTrack decided that to move forward with the challenges of cyber security and modern testing a new foundation was needed. Kali Linux was born and released March 13th 2013. Kali Linux is based on Debian and an FHS-Compliant file system.

Kali has many advantages over the BackTrack. It comes with many more updated tools. The tools and streamlined with Debian repositories and synchronized four times a day. That means users have the latest package updates and security fixes. The new compliant file systems translate into running most tools from anywhere on the system. Kali has also made customization, unattended installation, and flexible desktop environments and strong feature in Kali Linux.

View original post 858 more words

IT Security Skills Anyone Can and Should Learn

I’ve been teaching IT security awareness for several years and I try to get those in attendance of the classes to learn some basic IT security skills. These basic skills build on each other and there is some cross over, but ultimately this blended set of security skills can help anyone stay safe online. As with any sport you always start by learning the fundamentals, and while no one skill can get you into the game or keep you safe online, they can definitely make you ready for either.

Physical Security

failed-physical_security

With free Wi-Fi available in coffee shops and many fast food restaurants I constantly see people leaving their devices unattended and this lapse can allow someone to walk off with the device unnoticed. Think about your device and the amount of data it may contain.  The device may have your whole world stored on it! If someone takes your laptop, tablet, or phone it is so much more than having the device stolen, but the data it contains. Besides this Wi-Fi example other scenarios to pay attention to your device is when going through airport security or leaving the device in plain site while stored in the car. These situations can also expose the device to being stolen, so physical security is a great starting point and a must have skill for overall IT Security.

Don’t Accept the Defaults

One of the most basic rules of security, but at the same time one of the most abused is not changing settings from the vendor defaults. The excitement of getting a new device and wanting to use it as soon as possible can cause people to rush through the setup and accept defaults with the promise to return later to change the settings. Unfortunately the promise to return and change the settings never happens and wanting to use the device before setting it up properly has created a security risk. For example just plugging in a wireless router with its default settings is like forgetting to lock the door when you leave the house. Many wireless routers administrative guides can be downloaded from the manufactures web site and these guides include default settings for the admin password or encryption key settings. Another action related to accepting the default settings is not checking for or applying updates. Either during the initialization phase or during the life of the device not applying these updates can render the device vulnerable to the security holes the updates were meant to patch. Many devices are insecure out of the box so take the time to secure them.

Sense of Urgency

When I teach email security awareness a common theme with scams is the sense of urgency being portrayed in the emails. Many of these don’t think just click type scams also show up in social media sites and text based scams. The sense of urgency scams will try to get people to click or react without thinking about what they are doing. Some scams will have an emotional pull of someone you care about being in trouble, or you could lose access to your bank account, or even to let you know you won a prize. Before you know it your judgment is clouded and you clicked and responded. There was a great awareness campaign started a few years ago called STOP THINK CLICK and those three words can make a big difference when responding or better yet not responding to these types of scams.

It won’t happen to me

I hear “it won’t happen to me” or “I would not fall for that trick” all the time, and I have even said those same statements myself! Online scams are always evolving and new scams show up all the time, so always be alert and never let your guard down. If something seems out of place start asking yourself some questions; does this person typically send this to me, why does my bank need me to verify my password, should I be logging into my email on unsecure Wi-Fi, why does this app need access to text messages and phone calls, etc… After asking some questions you can make an informed decision, and if something just doesn’t feel right trust your gut that it isn’t right!

Social Networks

share-button-social-network

There is no such thing as private on social networks and anything you post your friends can share with the world!

 

Conclusion

Everyone doesn’t have to be an IT security expert to be safe online, but knowing some basic skills and practicing the skills can help anyone protect themselves. So after learning and practicing your IT security skills go outside and practice throwing, fielding, and hitting because the Yankees are looking for a new stop short!

Note: I was a guest blogger for the Tripwire The State of Security blog where this article first appeared.

Complete Detailed Guide on Installing Kali linux in Vmware

Great set of instructions for installing Kali Linux in VMware Player.

Cyber Warrior+

This tutorial will walk you through the difficult process of installing Kali Linux in VMware Player, a free virtual machine manager that can be downloaded from http://www.vmware.com. This tutorial assumes that you have some basic knowledge of your computer (amount of RAM number of processors, etc.) This tutorial is also intended for beginners who haven’t worked with VMware or Kali Linux before.

Step One:

First we need to download Kali from http://kali.org/downloads/. If you have a 64-bit capable computer (like me), then you probably will want the 64-bit version of Kali for performance reasons. Expand the drop down menu’s to find the version you need. Select the 64-bit version ONLY if you have a 64-bit computer.

step 1
Step Two:
If you don’t have a torrent program, then click the link highlighted above and select “Save” when the download notification appears. Make sure you know where you saved it.
step 2
If you have…

View original post 968 more words

What’s in a Name?

hello-my-name-is-wifiMost home users select their wireless network name without much thought to the actual name except to make it easy for them to see and connect to. So many people never think that the networks name also known as the Service Set Identifier or SSID could be a security risk. Okay, a security risk may be a reach, but let’s just say some SSIDs are more secure than others, and I will list some dos and don’ts when selecting an SSID.

Before the list lets discuss what makes the SSID important. Hackers need to gather several pieces of information including the SSID to crack a networks WPA/WPA2 password. Hackers have pre-configured tables with this information including common or default SSID names and if you’re using one of these common names you have made their job easier and your network more of a target.

  • Do change the SSID from the factory set default wireless network name.
  • Don’t select a name in top 1000 most common SSIDs. Now this list is very long and at first glance you will notice a lot of factory given default names (dlink, Linksys, 2wire, Netgear, etc…), so as mentioned above change the default name.
  • Don’t use your first or last name, address, phone number, or anything else personal. Broadcasting personal information identifies who owns the network, and may aid the hacker in cracking the wireless password.
  • Do be unique when selecting an SSID, but too much creativity may draw attention to the networks name along with attempts to hack the network. With a maximum of 32 characters you have some creative capabilities, but also think camouflage, so the network name blends in with the other networks in range and does not stand out.
  • Do follow these rules even if your SSID is hidden or not being broadcast. Hidden network SSIDs can very easily be discovered and they are not immune.

The most important thing to learn is to always change the SSID from the default. Having a unique SSID can not only make the hackers job more difficult, but it may signal to the hacker that if the name was changed other settings were changed as well persuading the hacker to look for an easier target.

How to Use Wireshark to Capture, Filter and Inspect Packets

Wireshark 101… a great overview of the product with screenshots and explanations.

Kayle's Blog

Wireshark, a network analysis tool formerly known as Ethereal, captures packets in real time and display them in human-readable format. Wireshark includes filters, color-coding and other features that let you dig deep into network traffic and inspect individual packets.

This tutorial will get you up to speed with the basics of capturing packets, filtering them and inspecting them. You can use Wireshark to inspect a suspicious program’s network traffic, analyze the traffic flow on your network or troubleshoot network problems.

Getting Wireshark

You can download Wireshark for Windows or Mac OS X from its official website. If you’re using Linux or another UNIX-like system, you’ll probably find Wireshark in its package repositories. For example, if you’re using Ubuntu, you’ll find Wireshark in the Ubuntu Software Center.

Just a quick warning: Many organizations don’t allow Wireshark and similar tools on their networks. Don’t use this tool at work unless you…

View original post 506 more words

Cracking WPA using Fern WiFi Cracker

Note: For this demo I’m using a lab environment network that is not routed to the internet. I will be using the Fern WiFi Cracker open source wireless security tool included in the Kali Linux and Backtrack 5 r3 security distros. Before attempting to use Fern or any other utility in Kali or Backtrack please make sure to read the help and MAN pages for a complete description of the program options and switches. This demo is for wireless pentesting educational purposes and to emphasize the insecurities of using a weak or common dictionary word for wireless network authentication and encryption security key or passphrase.

Fern Wi-fi Cracker can crack WEP, WPA, and WPA2 secured wireless networks. Fern basically takes the command line utilities to crack these networks and puts them in a GUI. Very simple to use… scary easy! Fern also provides some extra functionality for hijacking sessions and locating a computers geolocation via its Mac address, but I have not tested with these features.

For this demo I will be using Backtrack 5 r3 running in VMware Workstation on a Win 7 host.

Originally I was using Fern in Kali and ran into some issues with my wireless adapter and with the program freezing or not opening after updating it. I have the fixes I discovered in another blog post for anyone else that may have these same problems.

Router Setup

I’m using an old Cisco/Linksys 802.11g wireless router for this demo and all the settings are defaulted except the security settings, which I set to WPA Personal with a Shared Key passphrase of “password”. The word password should never be used for a real password or passphrase and I’m using it here since I know the Fern program will quickly crack it. In real world situations a WPA/WPA2 passphrase should be completely random and not a common dictionary word. For help on creating a secure WPA/WPA2 passphrase please read my earlier blog post.

wpakey

Setup the Wireless Adapter

Plug in the USB wireless adapter (I’m using the Alfa AWUS036H 802.11b/g USB wireless adapter) and open the Terminal and run iwconfig to verify the USB adapter interface.

iwconfig

On occasions I have had to bring the wireless adapter interface up using the following command.

#ifconfig wlan0 up

Starting the Fern Program

To start Fern from the Terminal type in the following commands

#cd /pentest/wireless/fern-wifi-cracker
#python execute.py

or start Fern via the GUI using the Backtrack menu

Applications/Backtrack/Exploitation Tools/Wireless Exploitation Tools/WLAN Exploitation/fern-wifi-cracker

Using the Fern Program

Select the Interface and Fern enables monitor mode. If your wireless interface does not show in the list hit the Refresh button and try again.

interface

Before starting the scan double-click on any blank area of the Fern home screen to bring up the Access Point Scan Preferences screen. You can set the channel option to scan a single channel or leave it at the default All Channels. One nice feature is to check the Enable XTerms option which will have Fern open up the Terminal windows during its usage to see what the program is doing in the background. Click OK when done.

xterms

Back on the Fern home screen click the Scan for Access points button.

scanaps

Two Terminal windows will open; one showing the WEP enabled networks (no screen shot), and another showing the WPA enabled networks. The top part of the WPA Scan Terminal window shows the networks being found, and the lower part shows any connected client devices. For a WPA attack to work it requires a connected client. The most important part of the attack will kick the client off the wireless network and capture the 4-way handshake when the client device re-authenticates to the network. If the network you want to pentest has no connected client your out of luck!

wpanetworks

On Ferns home screen the networks being detected will start populating next to the WiFi WEP or WiFi WPA buttons. (I have been seeing less and less WEP enabled networks, so that is a good thing!)

networks

Clicking on the WiFi WEP or WiFi WPA button will bring up the Attack screen and the top pane will list the networks found. Select the AP to crack, but before clicking the Attack button to the right let’s go over a couple of settings.

networkwpa

I will use the Regular Attack option, but there is a WPS Attack option and I believe Fern uses the Reaver utility to launch the WPS attack. You can read more about Reaver by clicking here.

Common.txt is the wordlist that comes with the Fern program, but any wordlist you download or have created on your own can be used by hitting the Browse button and pointing Fern to the alternative wordlist file.

wordlist

With the Regular Attack and the wordlist selected hit the Attack button.

attackbutton

Fern will start the attack and on the left side of the screen the attack steps will turn yellow as Fern works through the various steps. The most important step is capturing the 4-way handshake and Fern will open an aireplay-ng Terminal window showing the progress of deauthentication (if XTerms is checked in the preferences) of the connected client.

settings

It may take several attempts to deauth a client and capture the 4-way handshake.

deauth

Once Fern has captured the handshake it will start the bruteforce attack. Viola! If the WPA key is in the wordlist being used it will display the found key in Red.

wpakeyfound

As I mentioned I setup a passphrase I knew would be found quickly, and from start to finish this attack took under 4 minutes!

Back on the Fern main screen is a Key Database button and it now shows one entry.

database

Clicking the Key Database button will display the found keys.

database2

Conclusion

Using a common dictionary word for a WPA or WPA2 passphrase makes it easier to hack with utilities like Fern. The Fern utility is free to download and simple to use, and not everyone is going to use it for legit wireless pentesting purposes.

With possession of the WPA key a person can associate to network and have a gateway to the internet, or they could launch other attacks. For example, with possession of the WPA key the attack could be expanded to include decryption of the data traffic of the legitimate clients on the wireless network.

Thanks for reading and stay wireless secure!

Android Security Tips

Use the Lock Screen

Locking your Android device from unauthorized access is an essential security option to set up. A four digit pin is the most common device lock option, but Android has several other locking options. The link below to the Droid Life site explains the different device security lock options.

An Overview of Android Lock Screen Security Options

Get Apps from Google Play

Always download apps from the Google Play store. Google Play has a service called Bouncer that scans all the apps in the store to verify the app is clean and free of malicious content. Side loaded apps from other sources could be wrapped with malicious content or contain viruses.

Before installing an app check out the apps rating and read the user reviews. You may want to stay away from apps with a low rating along with sub par user reviews.

ratingreview

After checking out the ratings and reviews verify the permissions to make sure the app isn’t requiring access to parts of the system that it doesn’t need. You may want to avoid installing apps asking for too much permission.

apppremissions

Keep Apps Updated

Apply updates as soon as they become available. Android devices will display notifications when updates are available, and checking the Google play store for updates can be done anytime. Updates can not only improve functionality of an app, but updates can also plug security holes or fix known vulnerabilities.

Many apps have a check-box setting for automatic updating.

autoupdate

Remove Unwanted or Unused Apps

Just like your home computer comes pre-installed with software your Android device will have pre-installed apps, and any unwanted apps should be removed. Any app you install then decide you don’t like or don’t use should also be removed.

The result from removing unwanted apps is the device will be faster, more secure, and improve battery life.

When it comes to software security Krebs on Security has three great rules to follow.

  1. If you didn’t go looking for it, don’t install it.
  2. If you installed it, update it.
  3. If you no longer need it, get rid of it.

Install Security Software

Your Android device should have security software to protect the device exactly like how your home computer has antivirus to protect it. Security software can prevent malicious apps from being installed, protect the device when visiting an infected website, encrypt files stored on the device, and wipe the device if it is lost or stolen. Many of the major security vendors offer security software for Android, and a quick search of the Google Play store will display dozens of options.

security

Be Careful Connecting to Wi-Fi Networks

Connecting to a free wi-fi hotspot may save your data plan, but wi-fi hot spots don’t offer much in the way of security. Only connect to wi-fi networks you know and trust, and if your logging into a sensitive site such as online banking wait until your on your home network that you know is secure or jump back on the cell network.

You can read an earlier post from my blog for more information to protect yourself on free wi-fi.

Thanks for visiting and reading my blog and please leave any comments or questions below.

Kali Linux Overview

CYBER ARMS - Computer Security

Kali Linux

The moment we have been waiting for has finally arrived, Kali Linux has been released!

This is huge news for Backtrack Linux fans. Kali is, in essence, Backtrack 6. All you have come to expect from Backtrack is present, and more, but the tool has been reworked from the ground up. Hence the name change to Kali.

One of the biggest things you will notice when installing is that Kali is based off of Debian Linux, instead of Ubuntu. The install routine is slightly more involved than Backtrack 5.

The desktop still uses Gnome, but it does seem to have a different look/ feel to it:

Kali Linux Menu

A quick peek at the menu shows a very good addition. A “Top Ten Security Tools” menu has been added so you can get into your favorite tools faster.

Metasploit, Aircrack, Burpsuite, Nmap, Wireshark and several other top programs are now right at your…

View original post 134 more words