Archive for category Best Practices
Quick Tips on Secure Shell
Posted by Mourad Ben Lakhoua in Best Practices, Cloud Computing Security on January 17, 2010
SSH is a perfect security alternative to Telnet and has been used by system administrators and IT managers to configure and implement servers and network devices, here I wanted to list manual on Secure Shell usage.
First let’s start by choosing SSH client here we will find no problem because generally there are two accepted solutions PuTTY and SecureCRT, both are really good. But while SecureCRT is not a free solution we find that many IT Technician prefer to use PuTTY.
With using PuTTY you can connect to your server via: Raw,Telnet,Rlogin,FTP(SFTP),SSH1,SSH2. In addition to supporting all these protocols you can find more TOOLS:
- Puttygen – generator Rsa / Dsa keys used for authentication.
- Pagent – authentication agent helps to store the keys in memory.
- Plink – command line interface.
- Pscp – utility that provides safe files copying.
- Psftp – secure ftp-client for copying, viewing, renaming files…
Despite all these functionality, working with SecureCRT is more comfortable for one useful option which is using the tabs for different sessions. If you are working on five servers or even more for example with putty you will find some difficulties in switching between them, but to handle this French group released PuTTY Connection Manager. PuTTY Connection Manager is free PuTTY Client Add-on for Windows platforms which goal is to provide a solution for managing multiple PuTTY instances. So PuTTY Connection Manager will only combine the open windows in a user-friendly interface, and also provides an advanced interface for the connection settings.
Well to implement the server side SSH you can use the standard OpenSSH it is by default installed on any UNIX distribution for other system you can setup DropBear. It is an opensource software useful for “embedded”-type Linux (or other Unix) systems, such as wireless routers. For Windows 2000, XP, 2003, Vista, 2008, and 7 you can use WinSSHD or MobaSSH and all that you need is to press install button and the system will immediately adds the new service.
MobaSSH is basically an OpenSSH that is compiled with Cygwin. And you will have a number of useful commands:
- MobaHwInfo: provides information about the OS and Hardware.
- MobaSwInfo: list the software installed on the system
- MobaTaskList, MobaKillTask: a list the processes running on the system and kill the desired processes.
- TCPCapture: Monitor the Network
- Scp, sftp: transmit data in an Encrypted form over ssh-connection
- Rsync, wget: synchronizing local folders to network resources.
If we are talking about SSH we cannot miss the secure file transfer, when you connect to server via SSH client can perform all basic operations: upload file to the server, rename files and folders, change files properties, and create links and shortcuts. One of the most famous utility here on windows is WinSCP.
Now it is very important to keep your system up to date and mitigate the risk but there is a very important thing to do is to protect your system against brute force attack. Authorization using login and password considered not secure so in most cases it is recommended to disable it on server. But if we really need it you should implement intrusion prevention system. For example Sshguard.Sshguard will help to monitor logs, detect attacks and block the attacker with a firewall rule. the logs are collected from (syslog, syslog-ng, metalog, multilog, raw) and it calculate the suspicious activity such as passwords guessing attempts and block IP addresses by using the local packet filtering (pf, ipfw, netfilter / iptables, or hosts.allow file). There is also some similar projects such as Fail2ban and Sshdfilter 1.5.5.
Finally for mobile devices SSH client you can use the following:
- Symbian: PuTTY for Symbian OS
- Windows Mobile: PocketPuTTY
- Java: MidpSSH
- iPhone: iSSH
And for SSH Brute force you can use the following:
- SSH Brute Forcer
- SSHatter
- SSH BruteForcer
- THC Hydra
As you can see it is possible to do your tasks in a fast and secure way regardless the environment implemented using Secure Shell.
make sure you subscribe to my RSS feed!
Hackers are more Attracted by ATM
Posted by Mourad Ben Lakhoua in Best Practices, News on September 8, 2009
Yesterday ENISA the European Network and Information Security Agency have released a report called ATM crime.This report aims to provide an overview of the European situation and ways to avoid ATM crime.
According to the report last year there were an increase in the number of ATM attacks by 149% while there were 10 302 skimming case, this is when the card stripe details and PIN are captured at the ATM. But the biggest threat is the rise of network attacks which used by banks to communicate between terminals and offices.
Well I think that the most interesting in this report is the Golden rules to reduce ATM crime, this part provides tips about how to choose a safe ATM machine, how to observe your physical surrounding, how to observe the machine itself and of course reporting any suspicious activity to prevent more victims on these types of attack.
This report can raise the understanding level of crimes related to banking sector and demonstrate how the ATM system is easily vulnerable to hackers especially that this can have a major impact on the customer confidence in the financial institution.
So take a look at the report and do not miss to apply the golden rules provided by ENISA.
make sure you subscribe to my RSS feed!
ENISA: Awareness Raising Video Clips
Posted by Mourad Ben Lakhoua in Best Practices, Webcasts on June 30, 2009
ENISA has produced video clips which will sensitize your employees to information security risks and remind them of the basic golden rules. The ENISA video clips are available for download and use in any information security training programme, awareness activity and company website.
It is becoming very important for any successful global business to ensure that the corporate policy is prioritized and communicated in an efficient way. Human element plays a huge role in the security and safety of the Information system. So an excellent security policy can just enhance the capability to deal with information security threats and not to eliminate it totally.
My suggestion is to distribute these videos in your corporate and always to remember that prevention is the best medicine.
make sure you subscribe to my RSS feed!
L0phtcrack 6: the old guard is back!
Posted by Mourad Ben Lakhoua in Best Practices, Password Security, Pentesting on June 1, 2009
After more than three years since Symantec stopped the support and development of L0phtcrack the tool that provided a titanic opportunity for passwords auditing and recovery.
Here comes yesterday the same team with the new version L0phtcrack 6.
As the project rights being reacquired by the original authors from Symantec it was possible for them to continue developing this utility. In the last five years many things have been changed in the operating system security so they improved some features like the Support for x64 processors and the latest releases from Microsoft (Vista, XP and windows 7),Ubuntu and others.
I used the LC4 and LC5 and they worked perfectly to recover lost password that are less than 14 characters so update your corporate password policy and make sure that you meet password security best practices.
subscribe to my RSS feed!
Anti-Malware Testing Standard In‐The‐Cloud Security Products
Posted by Mourad Ben Lakhoua in Best Practices on May 24, 2009
The AMTSO has released a new best practices related to testing the cloud products. This pdf document covers several topics such as virtualization, connection filtering and the repeatability of the tests and an example Methodology for testing in‐the‐Cloud Solutions.Among the participants of this release some anti-virus companies like Symantec, McAfee and Trend Micro.
By lunching cloud technology and the growing number of cloud security products it is always necessary to evaluate and test each product available on the market today so consumers will be aware with the security level and can avoid any risk or damage acquire.
I think that this step is in the good way to define a procedure or standard on how to test cloud-based products.
You can find all published documents related to AMTSO here and I hope that you will find them useful.
make sure you subscribe to my RSS feed!
Jericho Forum Issues Best Practices For Secure Cloud Computing
Posted by Mourad Ben Lakhoua in Best Practices on April 19, 2009
An industry group has come up with a model for evaluating and determining if and where cloud-based computing makes sense for an organization.
The Jericho Forum today released its so-called Cloud Cube Model white paper (PDF), which provides best practices and criteria for going to the cloud, as well as choosing the appropriate service providers.
“The Jericho Forum cloud cube computing model is designed to be an essential first tool to help business evaluate the risk and opportunity associated with moving into the cloud,” says Adrian Seccombe, CISO and senior enterprise information architect for Eli Lilly and a member of the Jericho Forum board.
The forum says not every IT function should be relegated to the cloud, and defines the different types of these online services. Security “is often significantly better than that of the customer’s own IT systems” with some cloud providers, according to the white paper, but with a caveat: “While this may well be true, it is critical that cloud customers select the right cloud formations for their needs to ensure they remain secure, [are] able to collaborate safely with their selected parties as their evolving business needs require, and [are] compliant to applicable regulatory requirements — including on the use and location of their data.”
[Source: Dark Reading]
-
You are currently browsing the archives for the Best Practices category.
SUBSCRIBE
