Saturday, October 17, 2009
Friday, October 16, 2009
Unauthorized Web Servers
I found this article rather shocking. Our nation's financial institution had potentially 87% of their servers on their network that were not listed in their update and patch database. Apparently, 1,150 of the servers being used were potentially being used for unauthorized activities. With an institution as large and as well funded as the IRS, one would tend to think their security standards and practices would be at the minimum, up to par with security standards. This article illustrates exactly the opposite. This article further proves the need for organizations to have procedures in place with respect to allowing access to their networks. Whether is device specific or IP specific, there needs to be standards policy and procedures in place so that when an employee needs to add a device, it goes through the proper channel to not only get cleared for security standards, but to also be added into either the inventory or the employees profile as an asset. Here again lies the struggle between our thirst for convenient technology and the need to keep our information secure
Reference: http://www.nextgov.com/nextgov/ng_20080904_3324.php
Reference: http://www.nextgov.com/nextgov/ng_20080904_3324.php
Data Remanence
This below linked article is concerning a newer form of data remanence. DRAM remanence, or data random access memory remanence, is an up and coming way to access data, specifically encryption keys that may be sitting in DRAM even after a reboot. According to Michael Cobb, this problem has been around for some time, but due to lack of hacker cooperation to publicly blog about their encounters, there is little know about the level of sophistication of this type of attack. What we do know is how to try to prevent this sort of attack. Cobb recommends to first and for most to maintain physical security, as slacked physical security posture, as of now, is how the attack is carried out. This attack can be accomplished by the attacker selecting a target host that has either left their workstation unlocked, or in a hibernating or standby mode, thus allowing the attacker to boot up with a USB stick or live CD, thus potentially compromising encryption keys or other valuable data stored in DRAM. I found this article interesting because of the lack “the knowns” about this sort of attack. Also, I chose this article because of the method of attack not being carried out like typical attacks we have studied this semester, via the web.
Reference: http://searchsecurity.techtarget.com.au/articles/25842-What-is-DRAM-remanence-and-can-it-undermine-your-encryption-key-management-strategies-?topic_id=178
Increased Security through Open Source
This is an argument between open source and closed source proprietary code, and the impact of security among each. Why would open source operating systems be any safer than store bought systems if the code if publicly available? This article refers to Linus's Law and how it relates to open source. I find the concept fascinating, yet comically obvious and common sense. The Internet is a great example of Linus's Law in that because of the amount of people that use it, make it more valuable. If there were only 100 people on the internet, would it be such a useful tool? I think the same respect should be shown towards open source. Consider one of the development teams at a major software company. How much possible scrutiny can a finite team produce with respect to security and vulnerabilities? Where as if you have the whole world scrutinizing a code base for weaknesses, the output should be substantially different. The concept of open source lends to the phrase “safer than store bought.” Because there is vast amounts of talented individuals around the world that are willing to make contributions towards development, you will have a much more stable and overall more secure system. Linus's Law, proves this theory. Meticulous developers around the world are today finding, fixing, and improving open source systems. This will not change anytime soon, and proprietary operating systems will be right there.
Reference: Hoepman, J. and Jacobs, B. Increased Security through Open Source, Communications of the ACM, v.50, n.1, Jan 2007
Slax
Slax, based on Slackware, is a live CD operating system that is not only small in size, but it is also modularized to allow the user with near limitless customization capabilities. I chose Slax because of the ease of use, design, and most of all the customization capabilities. Slax is so versatile in that it can be run from a USB stick or CD/DVD media. The user friendliness is so highly rated that this particular distribution is recommended to UNIX/LINUX beginners. Its sleek, modern, and catch interface allows people of all ages to enjoy using it. With close to 1000 different applications available to add to your custom ISO image, nearly anyone can go to their website, click and choose what applications they want, and viola, the user has a custom live CD with the applications that they have specifically chosen. With the appropriate applications installed, Slax can provide as a very useful tool. With Wireshark, Nmap, ClamAV, and Firestarter installed, one can not only monitor network activity, run a system/installed software inventory, but also better protect from viruses and intrusions. Slax displays Preventative Technical Controls such as authorization (with the use of Nmap). Slax also meets the Detection and Recovery Technical Controls criteria due to Audit and Virus Detection and Eradication controls. In addition, Slax can help an organization meet Supporting Technical Controls with reference to identification and security administration.
With the ease of use, portability, variety of customization features, and security controls and practices that Slax allows, its popularity continues to soar. Organizations need to explore these befits first hand of open source system such as Slax. Slax is continuously being reviewed and improved upon with its most current update as of a couple of months ago August 04, 2009 with version v 6.1.2.
References: http://www.slax.org/
http://distrowatch.com/table.php?distribution=slax
http://www.geocities.com/slaxfansite/
Wireless Infidelity
What is War Driving?
War Driving is a technique used to sniff out 802.11 data transmissions with the use of a wireless card. This technique is a spin off of War Dialing, which is a similar technique to obtain access to a network by calling phone lines and recording lines that are modem lines. Some of the software used in War Driving is sophisticated enough to produce outputs such as SSID's, MAC address of the device, channel, and signal strength.
What is Wired Equivalent Privacy (WEP)? When did WEP become part of the 802.3 Standard? When was it deprecated?
Wired Equivalent Privacy (WEP), is one type of an encryption method that is used among wireless networks. Due to weaknesses and flaws associated with WEP, there have been newer 802.11 encryption methods such as WPA and WPA2 that have since addressed some of the security weaknesses of WEP. Some legacy devices are not capable of utilizing newer forms of encryption such as WPA , however according to Berghel, “The only thing worse than enabling WEP is not enabling WEP!”1 Even though WEP is not, what the Information Security community would consider an adequate method of securing a wireless networks, having some sort of encryption is better than none at all. The 802.3 standard refers to a wired network. WEP is an encryption method used in 802.11 wireless networks. In 2004, the 802.11i standard was ratified which offered WPA2 and WEP encryption was deprecated by the computing community.
What is the lesson to be learned from War Driving?
The lesson to be learned from War Driving is if we are using a wireless network with no encryption or WEP encryption, the network and devices on it are likely to become compromised. The technology exists so that with some easy to find open source software, one can obtain access to just about any low or non encrypted network with little effort. We need to be aware that the wireless technology we are utilizing uses radio frequencies to transmit the packets, and like a scanner listens to wireless home phone house calls, people with the right type of scanners (software) can also intercept your data transmissions.
Reference:
Hal Berghel, “Wireless Infidelity I: War Driving”, Communications of the ACM Vol. 47, No. 9, (September 2004): p.24
War Driving is a technique used to sniff out 802.11 data transmissions with the use of a wireless card. This technique is a spin off of War Dialing, which is a similar technique to obtain access to a network by calling phone lines and recording lines that are modem lines. Some of the software used in War Driving is sophisticated enough to produce outputs such as SSID's, MAC address of the device, channel, and signal strength.
What is Wired Equivalent Privacy (WEP)? When did WEP become part of the 802.3 Standard? When was it deprecated?
Wired Equivalent Privacy (WEP), is one type of an encryption method that is used among wireless networks. Due to weaknesses and flaws associated with WEP, there have been newer 802.11 encryption methods such as WPA and WPA2 that have since addressed some of the security weaknesses of WEP. Some legacy devices are not capable of utilizing newer forms of encryption such as WPA , however according to Berghel, “The only thing worse than enabling WEP is not enabling WEP!”1 Even though WEP is not, what the Information Security community would consider an adequate method of securing a wireless networks, having some sort of encryption is better than none at all. The 802.3 standard refers to a wired network. WEP is an encryption method used in 802.11 wireless networks. In 2004, the 802.11i standard was ratified which offered WPA2 and WEP encryption was deprecated by the computing community.
The lesson to be learned from War Driving is if we are using a wireless network with no encryption or WEP encryption, the network and devices on it are likely to become compromised. The technology exists so that with some easy to find open source software, one can obtain access to just about any low or non encrypted network with little effort. We need to be aware that the wireless technology we are utilizing uses radio frequencies to transmit the packets, and like a scanner listens to wireless home phone house calls, people with the right type of scanners (software) can also intercept your data transmissions.
Hal Berghel, “Wireless Infidelity I: War Driving”, Communications of the ACM Vol. 47, No. 9, (September 2004): p.24
Exploit of Wireless Communications
In the eyes of a criminal, no person, country, school, or organization is safe from the misuse of wireless networks. I chose this article because it clearly illustrates the struggle between available technology and the misuse or null use thereof. The persons credited for the bombings in Mumbai were complacent enough to even send emails to local media sources in order to claim responsibility for the terrorists acts. They accomplished this by gaining access to insecure or minimally secured Wi-Fi networks. This article proves further that because of the readily available open source applications online, criminals are becoming more sophisticated with their attacks. This article clearly shows even more reasons for wireless network users to be up to par with minimum standards in security. Leaving your wireless network unsecured, or minimally secured (WEP), can be detrimental to ones safety as well as security of their personal information and the use thereof, e.g. using your access point to distribute malicious emails or malware.
References: http://www.navhindtimes.com/story.php?story=2008110934
References: http://www.navhindtimes.com/story.php?story=2008110934
Live CD Distributions Survey
The below table is a comparison of three different Live CD distributions, Slax 6.1.2, BackTrack 4, and NST (Network Security Toolkit) 2.11.0 minimal version. Each of these distributions have their own pros and cons, but they can all be useful to a security professional in a variety of different scenarios.
Slax is a modularized distribution that cuts right under 200 MB for the basic release giving the user flexibility and superb performance, along with a online ISO customization portal with tons of different applications in a variety of different use categories. Slax also has built in network connection configuration (when hard wired) and auto internal disk mounting.
BackTrack, on the other hand, needs a bit of network configuration to get up and running on the web, along with the need to manually mount your hard disk. BackTrack is considerably bigger in size, but with good reason. BackTrack has over 300 security geared tools that allow as user to do everything from packet sniffing, protocol analyzation, penetration, digital forensics, VoIP analyzation, spoofing, fingerprinting, port scanning, just to name a few.
NST is smaller than BackTrack in size, but contains a lot of the same applications. While NST doesn't have a nifty GUI, as well as not being customizable like Slax and BackTrack, security professionals should find NST to be useful in it's own right. If I absolutely had to chose one distribution out of the above three, I would have to lean towards BackTrack. It is one of the most comprehensive security geared distributions on the open source market today. For myself, the graphical user interface in BackTrack provides as a better navigation and overall use when compared to that of NST.
http://www.linux.com/archive/articles/127892
http://www.slax.org/
http://distrowatch.com/index.php?distribution=slax
http://www.slax.org/forum.php?action=view&parentID=25042
http://www.networksecuritytoolkit.org/nst/
http://wiki.networksecuritytoolkit.org/nstwiki/index.php/Main_Page
http://searchsecurity.techtarget.com/tip/0,289483,sid14_gci1301195,00.html?track=NL-422&ad=621619&asrc=EM_NLT_3145395
http://www.remote-exploit.org/backtrack.html
http://www.slax.org/
http://distrowatch.com/index.php?distribution=slax
http://www.slax.org/forum.php?action=view&parentID=25042
http://www.networksecuritytoolkit.org/nst/
http://wiki.networksecuritytoolkit.org/nstwiki/index.php/Main_Page
http://searchsecurity.techtarget.com/tip/0,289483,sid14_gci1301195,00.html?track=NL-422&ad=621619&asrc=EM_NLT_3145395
http://www.remote-exploit.org/backtrack.html
Subscribe to:
Posts (Atom)