HackingPro - Network Security Blog

Physical Safeguards

vinod — Sat, 29 Aug 2009 16:25:33 +0000

Network-based threats are not the only ones you need to worry about. I'm here to help you protect your information, and that naturally should include protecting the computer itself, don'tcha think?

Lock Your Notebook or Desktop

Over 100,000 computers are stolen every year in the U.S. alone. You probably know someone whose laptop was stolen. Notebook computers today come with a little slot designed for use with a cable lock that you use to secure the computer to a piece of heavy furniture. Most newer desktop computers have the same kind of locking slot, or some other means of attaching a cable.

Other guidelines for preventing laptop theft include:

* If you must leave your laptop computer in your vehicle, lock it in the trunk. Do not let others see you put your laptop in your trunk, or else a mischievous onlooker might just steal it.

* When traveling, always keep your laptop with you and bring it in your carry-on luggage. Never check a laptop in with checked baggage.

* Avoid checking your laptop in with a hotel's bell desk; instead keep it with you.

* Affix your business card to the top or bottom of your laptop computer; this can avoid mix-ups, confusion, and attempted theft.

Network Access Protection ( NAP )

vinod — Sat, 29 Aug 2009 16:19:27 +0000

Network Access Protection (NAP) is a tool that network administrators use to help protect the security of an organization's network. When you connect your computer to an NAP-enabled network, the network checks your computer's security settings and environment before permitting it to connect to the network. If anything is missing or outdated, the network will automatically make the necessary changes, and then connect your computer to the network. Some of the things that can be checked include:

* Anti-Virus. NAP can check your computer to make sure your anti-virus software is installed, running, and using up-to-date signature files.

* Firewall. NAP can verify that your firewall is enabled and properly configured.

* Defender. NAP can also verify that Windows Defender is running properly and is up-to-date.

* Patches. NAP can examine the Windows patches, as well as patches for other programs.

* Installed programs. NAP can check to see if your computer has programs that are required in your organization's environment. Examples include system management agents and business tools.

NAP is entirely set up on the corporate network—you do not need to do anything on your Windows computer to enable it.

Network Admission Control ( NAC )

vinod — Sat, 29 Aug 2009 15:39:12 +0000

Day-zero attacks , virus , and worms have become an increasing problem and continue to disrupt business operations . As discussed earlier , the most common issue on modern and open-standard network is the security posture of internal endpoint devices that connect the network . Endpoints that do not comply with established security policies pose a threat and can introduce a security risk into the network . A NAC solution is needed to ensure that an endpoint is complying to predetermined security policies , such as the latest antivirus and operating system patches , thus preventing vulnerable and noncompliant hosts from obtaining network access .

Security Controls

vinod — Mon, 24 Aug 2009 19:03:50 +0000

Security controls are the building blocks of a security program. They are the tools that you implement to protect the confidentiality, integrity, and availability of important assets and data. Much of the assessment work that an auditor conducts is around the many controls that a company has (or doesn't have) to reduce risk. Auditors are concerned with how well the controls accomplish the goals set forth by the security policy.

Controls are typically thought of in terms of technology. Firewalls or IPS systems come to mind, but there are many types of controls that can be used to protect your systems. The primary classification of controls can be accomplished by grouping them under three main categories: administrative, technical, and physical.

Administrative Controls
Administrative controls can consist of policies, like Acceptable use or security awareness training. Additionally, administrative controls can also consist of processes like balancing the corporate books, and security auditing. This type of control is typically focused on managing people, like separation of duties, requiring vacation or any other rules that provide a deterrent to fraud or improper behavior.

Technical Controls
Technical controls consist of the technology that you implement to prevent or enforce behavior on the network or computing resources. They can include Firewalls, IPS, HIPS, Role Based Access control, or any other mechanism of enforcing policy.

Physical Controls
If you want to deter people from walking through your yard, put a fence up. While this won't keep everyone out it is an example of a useful physical control. In an office setting, physical controls include locked doors, key card access systems, video surveillance, guards, gates, and so on. This type of control is designed to restrict access to sensitive devices and areas.

Each of the primary control groups can be further broken out into specific types of actions the control can take. While there are others, the standard set includes preventive, detective, corrective, and recovery.

Preventative
A Preventative controls purpose is to enforce the confidentiality, integrity, and availability of data and assets. If the primary control is Technical, then preventive controls will be firewall rules, ACLs, or other technology used to block unauthorized access. Administrative preventative controls can include things like policies and warning banners. The primary category of controls (administrative, technical, and physical) gives context to how to implement the secondary controls.

Detective
Detective controls are the alarm systems built into various parts of the business to detect if bad things are happening. These could be video surveillance, firewall logs, an intrusion prevention system, or Cisco MARS. This type of control also includes financial and security audits.

Corrective
Corrective controls are reactionary in nature. If you detect a malicious packet on the network, and your IPS is configured to drop the packet and also block the source, then this is an example of a corrective control. Patch management is another example of correcting a vulnerability and would fall under this control type.

Recovery
Recovery controls are like parachutes on a plane. Hopefully you won't need then, but they are there if you do. Backup systems, redundant power supplies, and spare parts are all examples of recovery controls. Restoring services is the goal of these controls.

What is Web 2.0 ?

vinod — Sun, 23 Aug 2009 10:06:25 +0000

what defines a web site as being " web2.0" ? there are many opinions on this , making it difficult to pinpoint an exact definition ; however , some of the features typically associated with web 2.0 sites as follows :

* Using standards-compliant HTML and CSS . This allows sites to work across many plat-form and helps with accessibility .
* Using Ajax to provide a rich user interface . By performing trivial operations in the background using XMLHttpRequest , web Pages can be nore functional and intuitive .
*Sharing Data using feeds and web services . users like to aggregate many feeds to easily receive content update from their favorite sites using web feeds . Additionally , web services can enable one site to use data from other sites .
*Incorporating social networking tools . Blogs and forum can enable users to communicate with each other.

While none of these features or aspects of development are new , we use the Web 2.0 term to describe the current generation of web sites that make good use HTML and CSS while perhaps improving their interface with Ajax and social-networking tools .

Social engineering - The Clever manipulation of the Natural Human tendency to trust

vinod — Sun, 14 Jun 2009 05:03:26 +0000

Social engineering takes advantage of the weakest link in any organization’s information security defenses : the employees . Social engineering is “ people Hacking : and involve maliciously exploiting the trusting nature of human beings to obtain information that can be used for the personal gain .

Typically, malicious attackers pose as someone else information they otherwise can’t access. They then take the information obtained from their victims and wreak havoc on network resources , steal or delete files and even commit industrial espionage or some other form of fraud against the the organization they are attacking . social engineering is different from physical security issues , such as surfing and dumpster diving , but they are related .

Some examples of social engineering :

False support personnel :- claim that they need to install a patch or new version of version of software on a user’s computer , talk the user into downloading the software , and obtain remote control of the system .

False vendors :- claim to need to make updates to the organization’s accounting package or phone system . ask for the administrator password , and obtain full access .

Phishing e-mail :- sent by hackers gather user IDs and passwords of unsuspecting recipients . the hackers then use those passwords to obtain access to bank accounts and more .

False employees :- notify the security desk that they have lost their keys to the computer room , are given a set of keys , and obtain unauthorized access to physical and electronic information .

How Rootkits Work

vinod — Wed, 10 Jun 2009 20:23:29 +0000

A Rootkit allows an intruder to gain access to someone’s PC whenever he wants , without detected . it is made up of a series of files and tools . it can be installed on a system in a number of ways .

A rootkit can replace important components of an operating system with new software . the new software disguise itself as the original files , including the same file size , creation date , and so on , making it extremely difficult to detect .
A rootkit install a backdoor daemon , or automatic program . this backdoor opens a hole in the system , allowing the rootkit creator to crawl in and take control of the PC whenever he wants .

Many rootkit also install keyloggers or sniffers that record all the keystrokes you make and send that to a hacker .

A rootkit can modify a computer’s systems log that tracks all the activity on a PC . The systems log normally includes all activity , including malicious activity . so the rootkit modifies the log to hide all traces of itself .

How Bluetooth can be hacked

vinod — Wed, 10 Jun 2009 18:01:15 +0000

For Bluetooth device to pair with each other , they must first establish a 128-bit key that is used to encrypt all communication . in this way , no one can snoop on the devices and steal data , and no outside device can pose as one of the devices because outside devices don’t have the 128-bit encryption . both users of the devices that are to pair have to type in the same secret PIN , which is then used to create the 128-bit encryption key .

If a Bluetooth hacker is nearby during the Pairing process , he can use a device called a Bluetooth sniffer that records the messages the pairing devices use to create the encryption key .
Those stolen communication are fed to a special piece of software that has information about Bluetooth algorithms . The software is able to go through all 10,000 PIN combinations and compare that PIN against the communication until it finds the right Pin .

After the hacker finds the right PIN , he can create the 128-bit encryption key using that encryption key , he is able to take control and hijack the Bluetooth device and can control it just as if it were in his hands . For example , he could steal files or make phone calls over someone else’s Bluetooth telephone .

This methods of hacking Bluetooth has one serious drawback : hackers can only do it at the exact time the Bluetooth device pair .

Turning Off What You Do Not Need on system

vinod — Tue, 09 Jun 2009 21:48:03 +0000

Take a look at your system. Is it running 50 different processes you know nothing about? If we take some random Windows XP install and run netstat -aon inside a CMD window, what might we see?

Active Connections
Proto Local Address Foreign Address State PID
TCP 192.168.1.81:1292 64.191.197.245:706 ESTABLISHED 2160
TCP 192.168.1.81:1863 192.168.1.1:5819 ESTABLISHED 3828
TCP 192.168.1.81:1894 70.109.139.219:52525 ESTABLISHED 3828
TCP 192.168.1.81:1919 192.168.1.1:5819 ESTABLISHED 3828
TCP 192.168.1.81:1967 24.8.195.195:30809 ESTABLISHED 3828
TCP 192.168.1.81:1971 81.93.108.73:46123 ESTABLISHED 3828
TCP 192.168.1.81:1972 75.134.131.167:16470 ESTABLISHED 3828
TCP 192.168.1.81:2031 84.190.103.54:6881 ESTABLISHED 3828

What is all this stuff? Why is it running and listening on all of these ports? If you want to get a quick view of what processes are using the network, pop open a CMD window and run netstat –aonbv. The –n disables DNS lookups (for speed), the –o shows the Parent Process ID, and the –b and the –v work in conjunction to show the name of the executable currently using the connection. GNU/Linux administrators should get in the habit of popping off netstat –aopl —numeric–hosts, which does the same thing, just with different letters. If the machine has been heavily compromised and is running a rootkit, don't expect netstat to show truthful data. Windows administrators can download a copy of TCPView from internet .which is from the Sysinternals tool suite .I really like this tool. It's like a combination of netstat and the Windows Task Manager, and it allows you to right-click on a process to either examine the properties or kill the process.

Port Restrictions

vinod — Tue, 09 Jun 2009 01:31:38 +0000

In our Earlier Blogs, we discussed the possible threats that open ports pose to the security of the system. When an attacker has the ability to contact an open port, he can launch an attack against the system if a known vulnerability exists. Because your home system is not behind a corporate firewall, you need some protection against attackers looking for open ports.

You can find a list of open ports on your local system at %systemroot%\drivers\etc\services. Port restrictions can be implemented using the TCP/IP Security console located in the TCP/IP properties. Select Start, Settings, Control Panel, Network and Dial Up Connections, Local Area Connection, Internet Protocol (TCP/IP). Click the Properties button, and then click the Advanced button. On the Options tab, choose TCP/IP filtering. To allow only TCP and ICMP connections, configure the UDP Ports and IP Protocols to Permit Only and leave the IP Protocols box blank.

Port filtering can be difficult with the Advanced TCP/IP settings. You have to set these filters on each network adapter you have, which can vary from 1 to 3 in many computers—even home systems. This type of filtering is basic and is not meant to replace firewall filtering. A better filter built into Windows 2000 is IP Security Policy (IPSec) .