Archive for category Best Practices
Keep Your Unix-Based System Safe This Summer (Part2)
Posted by Mourad Ben Lakhoua in Best Practices, Open-Source, Operating System, Safety rules, Software Security on July 5, 2010
System monitoring is the most important method for detecting all kinds of Trojans, viruses and any malicious activities on the system.
Maintaining control over file integrity can be acheived by installing a tripewire which has the ability to detect changes on each system on which it is installed, checks the integrity of normal binaries and reports any changes to syslog or by email, and alerting users to intrusions and unexpected changes with the available source code.
After installing the tripwire (using command: $ Sudo apt-get install tripwire) you will need to answer some questions regarding the configuration, and by the end you need to enter a password of at least 8 characters (twice).
The script generates keys for your site (host) and then asks you to enter a password (twice) for local use. You should then back up and delete the original plain-text files installed on the system.
Developers have made the appropriate policy for all files and configurations, but if you need to update or change something you can make the change at the file in /etc /tripwire/tw.pol.
Actually, the tripwire creates a database with snapshot of your file system, it uses this baseline along with the encrypted configuration and policy settings under the /etc/tripwire directory to monitor the status of your system.
Now you can perform a test scan:
$ Tripwire – check
The check will be on a daily bases and will report all changes, including the normal tasks allowed once like editing system configuration files, installing packages, etc … and all reports on the changed files will be sent to the root by email.
Final three points are:
* Keeping track of all access accounts, all important system configuration files should be readable and writable only by root. Home directory can be accessed only by you (600).
* Do not place users in many groups because group membership gives users special access to files and directories which are permitted to that group. Such as operator, audio, etc, this can creates a hole and gives user a special privilege not needed.
* Root privileges are needed only when they are really required. No need to run commands as root and if you really need to install or manipulate something, use sudo.
So make sure to apply all these security rules for a safe 2010 Summer.
make sure you subscribe to my RSS feed!
(Picture from Scott Ableman)
Keep Your Unix-Based System Safe This Summer (Part1)
Posted by Mourad Ben Lakhoua in Best Practices, Open-Source, Safety rules on June 27, 2010
Protecting your systems against all manner of intrusions will provide more safety for your virtual life, by using complex passwords and a regular file check against changes, plus restricting anything and everything will keep these threats away.
Computersremain the easiest point to compromise if there is a physical access. At schools, universities, cafes or the airport many people use their computers without locking the session.
Lock screen comes as the first and most important reflex to protect your machines physically. Locking the screen is possible over a keyboard combination:
Ctrl+Alt+L (KDE and Gnome) and Ctrl+Alt+Del (Xfce). The same can be done from the command line: KDE $ qdbus org.freedesktop.
ScreenSaver / ScreenSaver Lock
Gnome $ gnome-screensaver-command-l
Xfce $ xflock
For other cases, you can use the command:
$ Xscreensaver-command-lock
Or you can install program from xlock, xscreensaver if not activated. The console is an analog vlock. This will help in Locking Popular text window managers, such as GNU Screen and Tmux that we mentioned on a previous post.
Locking the screen will not bring much benefit if we are keeping the Boot from CD/USB on Bios level enabled, because there are many Linux Live CD that can help in removing different session passwords.
Booting from any media except from the hard disc should be disabled, and set a password on the CMOS setup. For better reliability, reset the file/etc/security where entry is possible under the account root.
If a person managed to steal your password, you can use command last to display a list of all users logged in (and out) since that file was created or check file (~ /. history, ~ /. bash_history) for logs.
Then there are some important things to do while Installing or using the system:
1 – Do not click on icons that you do not know, as various malicious commands UNIX-shell that can be masked.
2 – Do not use the configuration files without reading them.
3 – Do not install software patches without reading their contents, or at least make sure that they were obtained from reliable sources. There is no guarantee that the patch does not contain backdoors, malicious code.
4 – Do not install packages manually from other websites. All normal distribution has a remote repository, in which all packages have a verification hash code. In an extreme case, download the package from sites that identify themselves using certificates.
5 – Always download into a temporary subdirectory of your home directory and check their content before unpacking.
6 – Create a file «-i» in the root directory (touch /-i). This will make as user permission before deleting each file in the root directory.
In next part we will be looking further for different configuration to make your Unix-Based system safe this summer.
make sure you subscribe to my RSS feed!
Quick Tips on Secure Shell
Posted by Mourad Ben Lakhoua in Best Practices, Cloud Computing Security on January 17, 2010
SSH is a perfect security alternative to Telnet and has been used by system administrators and IT managers to configure and implement servers and network devices, here I wanted to list manual on Secure Shell usage.
First let’s start by choosing SSH client here we will find no problem because generally there are two accepted solutions PuTTY and SecureCRT, both are really good. But while SecureCRT is not a free solution we find that many IT Technician prefer to use PuTTY.
With using PuTTY you can connect to your server via: Raw,Telnet,Rlogin,FTP(SFTP),SSH1,SSH2. In addition to supporting all these protocols you can find more TOOLS:
- Puttygen – generator Rsa / Dsa keys used for authentication.
- Pagent – authentication agent helps to store the keys in memory.
- Plink – command line interface.
- Pscp – utility that provides safe files copying.
- Psftp – secure ftp-client for copying, viewing, renaming files…
Despite all these functionality, working with SecureCRT is more comfortable for one useful option which is using the tabs for different sessions. If you are working on five servers or even more for example with putty you will find some difficulties in switching between them, but to handle this French group released PuTTY Connection Manager. PuTTY Connection Manager is free PuTTY Client Add-on for Windows platforms which goal is to provide a solution for managing multiple PuTTY instances. So PuTTY Connection Manager will only combine the open windows in a user-friendly interface, and also provides an advanced interface for the connection settings.
Well to implement the server side SSH you can use the standard OpenSSH it is by default installed on any UNIX distribution for other system you can setup DropBear. It is an opensource software useful for “embedded”-type Linux (or other Unix) systems, such as wireless routers. For Windows 2000, XP, 2003, Vista, 2008, and 7 you can use WinSSHD or MobaSSH and all that you need is to press install button and the system will immediately adds the new service.
MobaSSH is basically an OpenSSH that is compiled with Cygwin. And you will have a number of useful commands:
- MobaHwInfo: provides information about the OS and Hardware.
- MobaSwInfo: list the software installed on the system
- MobaTaskList, MobaKillTask: a list the processes running on the system and kill the desired processes.
- TCPCapture: Monitor the Network
- Scp, sftp: transmit data in an Encrypted form over ssh-connection
- Rsync, wget: synchronizing local folders to network resources.
If we are talking about SSH we cannot miss the secure file transfer, when you connect to server via SSH client can perform all basic operations: upload file to the server, rename files and folders, change files properties, and create links and shortcuts. One of the most famous utility here on windows is WinSCP.
Now it is very important to keep your system up to date and mitigate the risk but there is a very important thing to do is to protect your system against brute force attack. Authorization using login and password considered not secure so in most cases it is recommended to disable it on server. But if we really need it you should implement intrusion prevention system. For example Sshguard.Sshguard will help to monitor logs, detect attacks and block the attacker with a firewall rule. the logs are collected from (syslog, syslog-ng, metalog, multilog, raw) and it calculate the suspicious activity such as passwords guessing attempts and block IP addresses by using the local packet filtering (pf, ipfw, netfilter / iptables, or hosts.allow file). There is also some similar projects such as Fail2ban and Sshdfilter 1.5.5.
Finally for mobile devices SSH client you can use the following:
- Symbian: PuTTY for Symbian OS
- Windows Mobile: PocketPuTTY
- Java: MidpSSH
- iPhone: iSSH
And for SSH Brute force you can use the following:
- SSH Brute Forcer
- SSHatter
- SSH BruteForcer
- THC Hydra
As you can see it is possible to do your tasks in a fast and secure way regardless the environment implemented using Secure Shell.
make sure you subscribe to my RSS feed!
Hackers are more Attracted by ATM
Posted by Mourad Ben Lakhoua in Best Practices, News on September 8, 2009
Yesterday ENISA the European Network and Information Security Agency have released a report called ATM crime.This report aims to provide an overview of the European situation and ways to avoid ATM crime.
According to the report last year there were an increase in the number of ATM attacks by 149% while there were 10 302 skimming case, this is when the card stripe details and PIN are captured at the ATM. But the biggest threat is the rise of network attacks which used by banks to communicate between terminals and offices.
Well I think that the most interesting in this report is the Golden rules to reduce ATM crime, this part provides tips about how to choose a safe ATM machine, how to observe your physical surrounding, how to observe the machine itself and of course reporting any suspicious activity to prevent more victims on these types of attack.
This report can raise the understanding level of crimes related to banking sector and demonstrate how the ATM system is easily vulnerable to hackers especially that this can have a major impact on the customer confidence in the financial institution.
So take a look at the report and do not miss to apply the golden rules provided by ENISA.
make sure you subscribe to my RSS feed!
ENISA: Awareness Raising Video Clips
Posted by Mourad Ben Lakhoua in Best Practices, Webcasts on June 30, 2009
ENISA has produced video clips which will sensitize your employees to information security risks and remind them of the basic golden rules. The ENISA video clips are available for download and use in any information security training programme, awareness activity and company website.
It is becoming very important for any successful global business to ensure that the corporate policy is prioritized and communicated in an efficient way. Human element plays a huge role in the security and safety of the Information system. So an excellent security policy can just enhance the capability to deal with information security threats and not to eliminate it totally.
My suggestion is to distribute these videos in your corporate and always to remember that prevention is the best medicine.
make sure you subscribe to my RSS feed!
L0phtcrack 6: the old guard is back!
Posted by Mourad Ben Lakhoua in Best Practices, Password Security, Pentesting on June 1, 2009
After more than three years since Symantec stopped the support and development of L0phtcrack the tool that provided a titanic opportunity for passwords auditing and recovery.
Here comes yesterday the same team with the new version L0phtcrack 6.
As the project rights being reacquired by the original authors from Symantec it was possible for them to continue developing this utility. In the last five years many things have been changed in the operating system security so they improved some features like the Support for x64 processors and the latest releases from Microsoft (Vista, XP and windows 7),Ubuntu and others.
I used the LC4 and LC5 and they worked perfectly to recover lost password that are less than 14 characters so update your corporate password policy and make sure that you meet password security best practices.
subscribe to my RSS feed!
Anti-Malware Testing Standard In‐The‐Cloud Security Products
Posted by Mourad Ben Lakhoua in Best Practices on May 24, 2009
The AMTSO has released a new best practices related to testing the cloud products. This pdf document covers several topics such as virtualization, connection filtering and the repeatability of the tests and an example Methodology for testing in‐the‐Cloud Solutions.Among the participants of this release some anti-virus companies like Symantec, McAfee and Trend Micro.
By lunching cloud technology and the growing number of cloud security products it is always necessary to evaluate and test each product available on the market today so consumers will be aware with the security level and can avoid any risk or damage acquire.
I think that this step is in the good way to define a procedure or standard on how to test cloud-based products.
You can find all published documents related to AMTSO here and I hope that you will find them useful.
make sure you subscribe to my RSS feed!
Jericho Forum Issues Best Practices For Secure Cloud Computing
Posted by Mourad Ben Lakhoua in Best Practices on April 19, 2009
An industry group has come up with a model for evaluating and determining if and where cloud-based computing makes sense for an organization.
The Jericho Forum today released its so-called Cloud Cube Model white paper (PDF), which provides best practices and criteria for going to the cloud, as well as choosing the appropriate service providers.
“The Jericho Forum cloud cube computing model is designed to be an essential first tool to help business evaluate the risk and opportunity associated with moving into the cloud,” says Adrian Seccombe, CISO and senior enterprise information architect for Eli Lilly and a member of the Jericho Forum board.
The forum says not every IT function should be relegated to the cloud, and defines the different types of these online services. Security “is often significantly better than that of the customer’s own IT systems” with some cloud providers, according to the white paper, but with a caveat: “While this may well be true, it is critical that cloud customers select the right cloud formations for their needs to ensure they remain secure, [are] able to collaborate safely with their selected parties as their evolving business needs require, and [are] compliant to applicable regulatory requirements — including on the use and location of their data.”
[Source: Dark Reading]
-
You are currently browsing the archives for the Best Practices category.
SUBSCRIBE
Latest Comments