Category Archives: Browser Security

HTTPS everywhere webbrowser plugin

Hey Everyone !,

I thought I would do a review on this plug in available for most web browsers the plug in is called HTTPS everywhere

This plug in was created by the creators of the Tor network and the EFF what this plug in does is when you visit a HTTP website that supports HTTPS it will redirect the browsing session to the HTTPS part of the site which make your browsing more secure due to the fact that the session is now fully secure with the HTTPS protocol

now this wont work for every website as some websites may not have HTTPS enabled at all but it ads that peace of mind that you have a automated way to be as secure as possible at all times

Where can you get the plug-in ?
See links below

Here is the link for chrome

Firefox

this plugin can be useful for businesses and home users to protect thier experince online

have any thoughts of the plugin ?
Leave a comment and tell me what you think !

until next time
Stay secure !

Importance of establishing a security baseline

Hello all,

In this post I will go over what I think should be part of every businesses security process

What is establishing a base line ?

the purpose of establishing a baseline is to know what is normal and what is not normal activity
on your network for example

if you have a website www,mysite.com you should know how much traffic you get to your site
how many logins a day how much server resources are needed to run this website

this helps with security and troubleshooting example

if your site is really slow you check your servers logs and you have 100+ logins per hour and your CPU usage is high
if you have no baseline what do you compare to ? is this simply regular traffic and your server needs to be upgraded or are you being attacked ?

without a simple baseline you would never know

Also a baseline means rolling out servers and network equipment with a security configuration that adheres to security best practices
for example Microsoft has a tool called MBSA or Microsoft security baseline analyzer this tool make sure
your server are configured to meet the security needs of you servers and your clients
making sure your systems are patched and are following best practices for password security

how else can you establish a baseline ?

1.) check your servers and network equipment regularly for trends in activity
2.) keep a minimum security baseline by following security best practices i.e password with at least 8 characters
3.) run automated tools like Microsoft baseline security analyzer for your windows server

These are just some examples

you can also reference this document by the NIST http://csrc.nist.gov/publications/nistpubs/800-27A/SP800-27-RevA.pdf
which recommends other ways to establish a baseline security policy

So all in all remember maintaining a baseline is just as important as the firewall you rely on to
secure your network

That’s all for this article
If you have any comments or suggestions please let me know !
as always stay secure !!!

Protecting Web-browsers against drive by downloads

In this post I will talk about drive by downloads what they and the risks they pose and how to stop them

First off what are drive by downloads?

Drive by downloads are downloads that occur when a web browser surf to a page that hosts a script to download unwanted software on a user’s computer without the user knowing this usually is a popup or an ad that when clicked sends the user to the site that hosts the malware

The way it works in the background is the script on the webserver is looking for the type of request that the webserver receives for instance if the request comes from a Firefox browser the request would look like this
Request Header set User-Agent “Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)

with the above header we can tell that the browser is Mozilla version 4.0 on a windows system the webserver uses this information to run a exploit that it has in its database to exploit the web browser this is extremely effective since it is running a targeted attack against the browser instead of attacking a Firefox browser with a exploit that is used for internet explorer

This type of attack also analyzes what plugins are available and enabled on the browser for example java and flash to also run attacks on outdated plugins

This type of threat comes with risk of having unwanted software that can spy on your activities (spyware) and install malware on your computer (viruses) that can take control of your system and exploit other systems on your network businesses need to be especially careful from this type of attack

How do you stop it?

In order to stop this type of attack you can use the following layers of security

1.) Run up to date plugins make sure all you plugins on your browser are up to date
2.) Have firewall and antivirus software installed
3.) Enable web filtering when you enable web filtering some software actually has a database that is
Updated via online sources that identify know rouge hosts and block your browser from surfing to that
Site
4.) Keep your browser up to date
5.) Do use the administrator account if you are logged in as administrator you leave yourself open to even more attacks as rouge software can exploit the privileges you are logged in with instead login as a user that has no rights to install software which adds another layer of security
6.) Beware of the sites you surf to make sure to surf to trusted websites
7.) use a webrep plugin for instance avast has a webrep software that when you do a google search can cross reference each link to a database to see of the link is on a black list similar to a web filtering software but its runs a recheck before you even click on the link rather than after
8.) Run anti-spyware software
9). disable scripting in your web browser for example no script for Firefox does not allow scripts to run in the background and require you to run each script manually this can also be a pain

All in all the idea to stop these types of attacks are common sense and making sure you have up to date software and making sure to have the most basic of protection

That’s all for now

Until next time stay secure!!!

And as always if you have any questions/comments /suggestions please let me know!

Protecting Laptops/Mobile devices with VPN while on public WiFi

With the popularity of free public WIFI new precautions need to be taken when using your mobile device on the road free public wifi is a great public service but it can come with severe security risks
In this post I will show you how to protect your connection on a public wifi connection using free and paid for vpn services

To setup up a vpn connection you can use one of two ways

1.) Sign up for a VPN service
2.) Host your own VPN server or VPN router

But before we go into how to do it lets go over some of the security risks you can be exposed to when using a public wifi network

some of the security risks you would find on a public wifi is a lack of security measures to prevent accounts mac spoofing , packet sniffing for example since all of the computers are on the same broadcast domain and are all on the same network a hacker with a packet sniffer would be able to scan the open unencrypted wifi connection for packets over the air for example an application called driftnet would allow an attacker to scan the air for an open wifi connection and listen for tcp streams to contain jpeg images and display the content in a terminal window for the hackers viewing

Worms’s hackers with a laptop or device that hosts a worm can spread the worm and its payload through the network and infect the hosts attached to the network

Router security if you go to a small mom and pop cafe that is offering free wifi by simply ordering an internet connection and using a store bought router with default settings which happens more than you might think could allow an attacker to take it upon themselves to setup rouge dns server in the routers dhcp settings and would make all hosts connect to the infected dns servers which can then be used to hijack unsuspecting users connection and redirect to phishing website and malware sites etc. also a hacker can redirect certain networks and poison the routers routing table

VoIP security if you make a VoIP call it can be possible for an attacker to packet sniff on the wifi connection and record you voip call if your voip is unencrypted

The above are the most common there are of course may other threats that a host can be susceptible to on a public wifi connection

How does VPN secure my connection?

Vpn technology provided a virtual connection between your computer and you network a virtual encrypted tunnel is established over the internet which can be encrypted in many ways the most popular of ways are
PPTP encryption or IPsec VPN is a client server type connection which means that some servers require their own client software in order to connect for example OPENVPN uses its own client software tp connect but some vpn server don’t require a separate client software usually if you use l2tp windows/Linux/mac have a vpn client built in that is compatible with this type of connection

With a VPN connection your computer is essentially put on the network the vpn is hosted on which means you can access all of the networks resources for example shared drivers and printers

as the vpn connection is encrypted all of the traffic to and from the network and the host cannot be intercepted if you were to use a packet sniffer to sniff out a computer using vpn all you would see is l2tp traffic no matter what the traffic really is for instance if you were ion a VoIP call the the sniffer would not see the call in progress which is very useful in protecting yourself over a public network also if for instances someone did hijack the public wifi routers dns you would not be affected as the dns servers you would be using would be the ones on your network and not the public networks

How to use VPN

Ok so now we know public wifi is not safe and now we know how to protect ourselves let’s put it into practice

1.) subscribing to a vpn service

This way is the simplest of all however you lose on the benefits of accessing your home/business networks
Resources like your shared drives but you gain the aspect of speed and resilience of the company’s vpn servers

Some examples of paid for vpn services are

www.hidemyass.com
www.accessvpn.com
www.blacklogic.com

some of these services need their own client software to be installed I have personally used hide my ass and blacklogic with hide my ass you dont need software installed in order to use it and they have been very stable when i have the need to use it i have since moved on to hosting my own vpn

2.)

setup cisco ios router as vpn server
setup windows 7/vista as a von server
setup openvpn for windows/linux

the first way i feel if you have a cisco router using ios for your gear as i do is the best way
your router is serving 2 purposes for you in the same device and is fairly easy to setup follow these commands to setup a vpn server on your cisco ios router

conf t
vpdn enable << enables vpn service
vpdn-group 1 << creates a vpn group
accept-dialin << accept incoming vpn connections
protocol pptp << enables the pptp encryption type
virtual-template 1
end

ip local pool VPN ip pool 192.168.1.10 192.168.1.15 << allows 5 vpn connections at one time

conf t

interface virtual-template 1

encapsulation ppp
peer default ip address pool test
ip unnumbered FastEthernet0/0 <<< use your wan interface
no keepalive
ppp encrypt mppe auto
ppp authentication pap chap ms-chap

end

conf t

Username your username password your password << create a vpn username/password combo

end

Use windows 7 as a vpn server

you can follow this YouTube video which illustrates this

Use open vpn as a vpn server

http://www.youtube.com/watch?v=GT6pANoZ4Jg

 

Things to remember when hosting your own vpn server

while hosting your own vpn server is an awesome way to gain experience in managing vpn services and the accomplishment of setting up something yourself for free in most cases you also need to know that your connection speed can hinder your performance and in some cases it would be better to sign up for a paid for service if you have less that 1mbps upload your internet connection when using the vpn connection will be slow because the information would need to be sent from your network to your device and if your upload is slow your connection can be hindered this may not be noticeable if all your doing is surfing the net though so i would definitely give it a try first

Thats all for this post

if your have any questions/comments/suggestions

please let me know

till then stay secure !!!