Sunday, 12 July 2015

Security: Some ideas on how to protect your network and systems

The goal post is always moving, the threats are always changing, but there are loads of things we can do to make it harder.

I am going direct to the point and make it short.

Some ideas on what to monitor

  • Active directory object creation
    • User creation, and change
    • Group creation and change
    • PC account creation and change
If you have not added, created, changed accounts chances are someone did it. If it was not created by IT, changes are, it was an attacker. If you are monitoring closely your AD, then you have a good chance of catching it before the accounts can be used to do any real damage.
  • Data deletion and data growth
I think this one is pretty obvious, if a large chunk of data has just vanished, something is seriously wrong, right? If I see a volume let's say which had 1TB and all of a sudden, it gone down to 500GB, I would jump on it right away and start asking questions to all users, have you deleted this data, if no one raises their hand up, something somewhere needs to be investigated. There is a good chance you've been attacked. So monitor data deletion.
  • Monitor Interface Band Width
Ones needs to have a base line, knowing what is normal in terms of traffic can help you in identifying if you are under attack or not. If you don't know how much traffic your routers, firewalls, and servers pass through daily, weekly, monthly how you would know if it is a normal condition or not? 
  • Monitor email Queue 
The same principal applies. Knowing how many emails, hourly, daily, weekly and monthly will help you in the fight. Know what is normal condition for your system.
  • Monitor web server hits
  • Monitor user creation, deletion and modification for Linux servers
  • Monitor file changes, especially config files servers and devices
  • Scan and monitor for new hosts and devices
If you see a host you don't know or recognize, investigate it. Check its MAC address, its IP address, check who has such device. Never leave an unknown device without tracking it down!
  • Monitor your Internet access
  • Monitor Successful and unsuccessful login attempts 

It is important to have a monitoring in place, but it is also very important to watch closely this system. And follow up in any alerts generated by the systems.

These are just some of the things you can monitor to help you in the fight against attackers, there are many more and it is one of your tasks to study your system really well and analyse the entry points, and put monitoring in place.

Hope this is useful to you and if you have some other ideas, please share with us and we would very much appreciate it.

Renato


Posted by at No comments:

Onde estao aquelas emocoes?

Onde estao aquelas emocoes
queria deixa-las a vista
onde eu pudesse ve-las
Elas que sempre se vao
quando eu mais preciso delas
quando me sinto vulneravel
quando estou mais exposto
Cade aquela alegria?
Onde esta aquela calma?
Por onde anda a tranquilidade
Que tanto precisa minha alma?
Pra onde foi a paz
que acalenta meu espirito
que me faz ter esperanca
que me faz ver tudo mais bonito
o ar ta cheio de conflitos
minha visao nublada
minha cabeca pesada
entregue a preocupacao
caminhando sozinho
emocoes turvas
sao estas mais fortes?
As que me pegam de supetao
Ou sou eu mais sensivel
a tal tipo (negativo) de emocao?
Parecem durar muito
e nunca quere ir embora
parecem querer habitar o meu mundo
sempre voltando de ultima hora
Onde estao as emocoes
Boas, que fazem sonhar
Que fazem acordar de manha
e com vontade respirar
As emocoes de quando se ve o sol
e sente aquecer a pele
quando se ve o ceu azul
um suspiro, e tudo fica leve
Onde estao essas emocoes
Que relaxam o corpo
que desnevoa a mente
Que deixa o corpo relaxado
e que apruma o passo
pra se caminhar em frente
SAo essas, emocoes?
Sera que elas existem?
Sera qua neo sao so ilusoes?
Onde estao essas emoces?

Por Renato de Oliveira
Posted by at No comments:

Sunday, 21 June 2015

How can you secure something without locking it?

First: Companies and users are complacent!
Second: They don't want to accept their responsibility!

Depending on what we want to secure and who we want to secure it from, there are ways, for example:
Let's make some simple easy to follow analogies.

We have a bunch of chickens and we want to protect them from Foxes. 
Things to consider: 
  • Do we believe in foxes?
  • Will they attack our chickens?
  • What is the likelihood of our chickens being attacked? 
  • Is the garden open, without a fence or even with a natural fence?
If we don't believe in foxes, there is no chance we will believe or think our chickens will be attacked by foxes! So nothing will be done to protect the poor chickens.

Let's say we do believe in foxes, because we know they exist, we've heard on the news, but the way we operate or think is about probabilities. What are the chances of the chickens being attacked by foxes?
Take a chance or not?

Let's say we believe in foxes and half-hearted want to do something, to convince ourselves we did something.
Let's erect a fence, this should keep foxes out, really?!

Important: 
  • Know what you need to protect
  • Protect from what
  • How important is what we are trying to protect? 

In the case scenario above, are foxes the only thing we have to worry about?
How about thieves?
How about diseases?
How about what predators?

Also Important is Acceptance!
  1. We do not know everything
  2. The scenarios change
  3. The danger changes
If we think a fence is good enough, let's explore this a bit. 
We erected a fence, chickens are happily protected in the garden, foxes out, but for how long?
All it needs is:
  • Gate left open 
  • Some panels in the fence start to rotten and break, 
  • Holes in the fence.....
Then you wake up the following day and one of your chickens gone, eaten by the beautiful fox? Maybe!

What needs to be done right away?
  1. Investigation, check the fence, check signs of feathers in the garden, 
  2. Fix the fence, and now armed with the knowledge a fence is not enough
  3. Build a small house to keep the chickens over night. IMPORTANT!!!
  4. Put a lock on the gate
  5. Instruct everyone to keep the gate locked. Procedure!
I believe this shows to you the necessity of making sure you are watching what is going on with your chickens. Monitoring!


If we cannot find any evidence the chicken has been eaten by a fox, should we assume:
1. The chicken has gone voluntarily?
2. The chicken has been abducted by aliens?

This is what I expect to be done:
1. Inspect the whole fence, fix it it if need
2. Build a little house to protect the chickens over night
3. Put a lock on the gates and don't share with everyone
4. Assign someone to check the chickens frequently and count them
5. Put a system to watch the chickens day and night
6. Don't let anyone near the chickens if they have not been well trained
7.Having Systems in place is good, but a team has to be monitoring and watching, and they also need to know what to do in case of a breach happens.

Let's say someone is coming over the fence during the day, we have all these protections, but no one is actually paying attention. If you have someone watching and they see a criminal jumping over the fence, if they are not trained in what to do or how to do, again nothing will happen.
The minimum you can train them to is: If someone is trying to jump over the fence SCREAM LOUD!!!! THIEF!!! this might scare them off.

Let's say you have a diamond and you want to protect it.
There are some options and it is up to you to evaluate the pros and cons and chose the best for your environment.
1. You can put the diamond in a safe box in a bank
2. You can buy a safe and keep it at home
3. You can dig a hole and bury it

Would you leave your diamond on your desk overnight?
These are just some thought open for discussion, if you want to comment and pick it apart and or make suggestions, let's discuss it.






Posted by at No comments:

A Musica Me Toca

a musica me toca
ondas que reverberam
Pelo meu corpo adentro
Me tocam como instrumento
mexem nas cordas das emocoes
Harmonisa e afina
Toa e desentoa
Ondas, tanta energia
Que mexe e bole
Em tudo por dentro
Tocam pensamentos
Tocam sentimentos
Cada nota uma emocao diferente
tristezas, alegrias
lembrancas e saudade
raiva e melancolia
decepcao e felicidade
A musica me toca
como um instrumento musical
bole nas minhas cordas
me faz bem, me faz mal

Me joga pra cima
numa felicidade sem fim
a gravidade e mais forte
e a lei me faz cair
de repente me faz chorar
num suspiro m faz sorrir
num momento sonhar
vem pra mim me iludir
me faz fortalecer
me faz fraquejar
me da saudades nem sei do que
de tanta coisa, de tanto lugar

A musica me toca
As vezes bem as vezes mal
As vezes desafina
nao soa legal

Por Renato de OLiveira
Posted by at No comments:

Tuesday, 25 November 2014

Username and Password - those days have long gone (Security)

Username and Password - those days have long gone (Security)

Today I am going to write about something quite important in the battle against the bad people. Do I really care how they call themselves?! Not really!!
If they hack n, or chainsaw in, or they butcher in, for me they are still the same to me.

This is my opinion: It is much easier to break something then to build or fix something which is broken.
If I want to break something, give me a hammer and I will smash to bits a phone, PC, TV, Server etc. I want to see anyone putting all the bits together and fixing what is broken....
Anyway, here is my ranting for today!

In the past we used an user name and a password, passwords with 8 characters were considered hard to break. I have seen 12 charactered passwords be broken in 25 seconds.
Even by using complexity, man still no better or safer for brute force attacks, dictionary based attacks etc.

There is something quite nice, it is known by quite few different names:

  • Second-factor authentication
  • RSA Key
  • Two-factor authentication
  • Mobile authentication
  • PIN number authentication
They all do a very similar job; they add an extra layer of security to your account. MOst of them work by requiring a RANDOM generated number, which can be sent to you via text to your mobile. It can be generated by an APP installed onto your mobile like "Google Authenticator".

A lot of Internet services started to offering similar method of authentication.
Just to name some:
  • gmail.com
  • hotmail.com
  • facebook.com
  • Paypal
  • some Banks
  • Dropbox
  • LinkedIN
  • etc
I advise you to set the two-factor authentication for all your services, to all your systems which require login. 
Some two factor providers, allow you to set it for RDP connections, VPN connections, SSH access, webmail access.

I have come across a very nice one from a company called: www.duosecurity.com. It is the nicest and most neat I came across. It is relatively cheap and so easy and quick to set up. Amazing!

If we don't take the initiative to protect ourselves, no one will and guess what, once your system, data, PC, server or device is compromised it is difficult to clean it up. Might as well start all over and might be game over.

Some links on how to set up the Second factor Authentication for various services:

PayPal

Google 

Hotmail

DropBox

FaceBook
We need to start campaigning across the  Internet for each service provider offer similar services. Security needs to come from manufacturers and Service providers.

If you want a second factor mechanism for your webmail, RDP, SSH, VPN, Firewall take a look at the duosecurity website. It is pretty nice.

I hope you make use of this info in a good way and protect yourself.

by Renato de Oliveira
Posted by at No comments:

Friday, 21 November 2014

Rename those default Windows accounts (Security)

Rename Default  Windows Account Names

By default, Windows has two built in very well known account names, they are:

  • Administrator
  • Guest
I cannot stress enough, how well known these two accounts are across the Internet . 
So it is very important to take the following steps.

a) Rename both accounts.
b) Choose a very unusual name
c) Guest account is disabled by default. DO NOT ENABLE IT!
d) Set a very strong password for both accounts
e) Disable DIAL-IN for Guest account
f) For admin accounts, choose a 12 character password or longer
g) In the password use Capitals, Numbers, Symbols and lower case

Note we will not prevent a break in by renaming these accounts, but we will make it at least a bit harder. By making it harder, you give yourself time.

Don't just rename the Administrator account to 'admin' this is even easier to guess. Use your imagination, create a theme for your admin account names. Use long numbers.

Rename these accounts before you put your server or client in production, make it part of your security base line policy.

Remember never leave default user names.

by Renato de Oliveira
Posted by at No comments:

Security (Default config left behind) a guilty industry

Security (Default config left behind) a guilty industry

Recently about a month ago, a website has gone up which explores video cameras and display images captured from these video links on this Russian website.
Some of these cameras are at homes, companies, public gyms etc see the article at BBC News: http://www.bbc.co.uk/news/technology-30121159

While I understand this is a security risk and can be used with the wrong intentions and be exploited, I also see that this is a wider problem and needs to be addressed at the top.

Once again defaults being left behind! Is that a joke or what?!
As I said in one of my previous articles, it is partially our fault, but majority of the guilty and blame should be passed to manufacturers. They should know better!

In this new world we are living in, anything can be exploited and it will not take long, if you set up a website at home in your PC, it can be accessed in Brazil almost instantly. It is quick and this sort of information spreads even more quickly.

Some of these devices being sold as consumable, they can open up a lot of security issues in your network, home, anywhere.

While we wait for some regulations to be put in place (I think it will take a long time) security is a top down issue. Any product should leave the factory with a basic level of security!

Some easily, guessable user names being used on some of these devices are:

  • Admin
  • Administrator
  • root
  • guest
Information like this can be found anywhere on the Internet. So when you buy any device which requires

  1. Connection to the Internet
  2. Connection to a Network 
Look out for the basic security:
  • Change the default password
  • Change if you can the default username (too easy to guess)
  • Set account lockout 
  • Set idle timeout
  • Set HTTPS
  • Disable HTTP
  • Disable TELNET
  • DISABLE FTP
  • If you can link the account or service to Google Authenticator do it!
  • Enable the built in firewall if available
  • Set IP restrictions to certain IP addreeses

These are just some of the basic security, if followed a lot of problems will be avoided and will keep a lot of bad people out.

by Renato de OLiveira
 


Posted by at No comments:
Subscribe to: Posts (Atom)