Importance of establishing a security baseline

Hello all,

In this post I will go over what I think should be part of every businesses security process

What is establishing a base line ?

the purpose of establishing a baseline is to know what is normal and what is not normal activity
on your network for example

if you have a website www,mysite.com you should know how much traffic you get to your site
how many logins a day how much server resources are needed to run this website

this helps with security and troubleshooting example

if your site is really slow you check your servers logs and you have 100+ logins per hour and your CPU usage is high
if you have no baseline what do you compare to ? is this simply regular traffic and your server needs to be upgraded or are you being attacked ?

without a simple baseline you would never know

Also a baseline means rolling out servers and network equipment with a security configuration that adheres to security best practices
for example Microsoft has a tool called MBSA or Microsoft security baseline analyzer this tool make sure
your server are configured to meet the security needs of you servers and your clients
making sure your systems are patched and are following best practices for password security

how else can you establish a baseline ?

1.) check your servers and network equipment regularly for trends in activity
2.) keep a minimum security baseline by following security best practices i.e password with at least 8 characters
3.) run automated tools like Microsoft baseline security analyzer for your windows server

These are just some examples

you can also reference this document by the NIST http://csrc.nist.gov/publications/nistpubs/800-27A/SP800-27-RevA.pdf
which recommends other ways to establish a baseline security policy

So all in all remember maintaining a baseline is just as important as the firewall you rely on to
secure your network

That’s all for this article
If you have any comments or suggestions please let me know !
as always stay secure !!!

Apple attacked by hackers

Apple is reporting being attacked by hackers

the attack affected a small number of Apple corporate computers
after a hacker crafted a sophisticated attack which took advantage of an exploit in the java browser plugin after the exploit was successful the attacker was able to install malware on the affected computers the attack was started when the affected system visited a compromised website hosting the exploit

Apples statement to www.pcmag.com

“Apple has identified malware which infected a limited number of Mac systems through a vulnerability in the Java plug-in for browsers,” Apple said in a statement to PCMag.com. “The malware was employed in an attack against Apple and other companies, and was spread through a website for software developers.”

A “small number” of Apple employees’ Mac computers were breached, though “there was no evidence that any data left Apple,” the company said. Upon discovering the intrusion, Apple isolated the infected computers from its network and began working with law enforcement to find the source of the malware.

Apple said it will release a software tool on Tuesday to protect Mac users against the malware leveraged by attackers.

“Since OS X Lion, Macs have shipped without Java installed, and as an added security measure OS X automatically disables Java if it has been unused for 35 days,” the company said. “To protect Mac users that have installed Java, today we are releasing an updated Java malware removal tool that will check Mac systems and remove this malware if found.”

apple has since released a software update to fix this vulnerability in the operating system you can find the update in the software center
or you can find it by following this link

This attacks comes shortly after similar attacks against facebook

This is just another reminder that regardless of operating system
all systems are not 100% safe from internet threats and we all should do our part to be security cautious

As always stay secure !

New youtube channel started

Hey all,

I have recently launched a youtube channel so I make nake tutorial videos on the topics I cover on my blog as well as video contect from when I do my public speaking

My channel is located at http://www.youtube.com/user/seanmancini

I will also post my videos in the video section of this blog as well so
check them out !

Please let me know what you think I am also looking for suggestions

Thank you all in advanced

And as always stay secure !!!

How 2factor authentication will soon replace passwords

Hello all,

In this post, I will provide my view on the future of the username and password

With the recent attacks against Twitter/Dropbox, the need for more websites to adopt 2factor authentication has never been higher 2-factor authentication is the future authentication mechanism which should be widely deployed in the corporate world and for home users

What is 2-factor authentication?

Two-factor authentication uses your traditional username and password but adds another layer of protection
With two factor authentication, you are given either a piece of hardware or software that generates a onetime code often called a token that can only be used for a certain amount of time

What is the advantage?

The advantage of 2-factor authentication is it adds a dynamic piece of information to the login process
therefore if a user database was compromised due to an attack the hackers would only have the static information which would be the username and the password static information is values that don’t change regularly such as your username you probably don’t change that often and for some same as passwords
before 2 factor authentication if a hacker was able to get a user database and was able to decrypt the values the hacker would have login details for the affected system and it would put the system at risk until the values were changed but 2 factor has thwarted these types of attacks

What sites currently Support 2factor

As of now
Google Gmail
Facebook
WordPress

There is even a way to implement the service in OpenSSH which I will cover in another post

Twitter and Dropbox have announced plans to offer this type of service as well

2factor authentication is used in a lot of corporate applications
VPN is the most common with RSA VPN token key

All in all 2-factor authentication is the more secure form of the username and password
And is the future of username/password security

Hope this post provided insight into this security enhancement

I will do some other posts about how to implement this protection on some sites later on
so make sure to check back for that!

Until next time

Stay secure!!!

and of course, if you have any comments/suggestions please let me know!

Encrypting your data with Truecrypt

Hello All,

In this post I will show you how you can protect yourself against data theft using free open source software

You have heard it on the news someone working for some company was taking an usbstick/portable hard drive from one place to another and lost it and now there are thousands of people’s personal data going around and on some cases not even encrypted! So anyone can simply take that usb stick plug it into a computer and now have all those people’s personal data!

As a company what a pr disaster
As a customer your thinking how did this happen? Is my data safe?

the above scenario isn’t just for business think of how many regular people have personal information on these devices that are lost on a daily basis think of it your personal information,pictures,tax returns,emails,documents,resume

These are not out of the ordinary to find on an usb stick
a piece of data as simple as a resume carries a significant amount of information about you that you may not want a stranger knowing such as your email address/phone number /address etc.

So let’s dig in

First what is encryption?

The best way to put encryption into general terms is you have a secret message for example
Hello everybody
Now you don’t want anyone but the person you or someone you want to see your message
So you create a special code to make the text look like gibberish
For example @^&@^#**#*( *#&(*#& << this would be an example of an encrypted message Now with every encryption you need two sets of encryption keys your public key which everyone can see And you’re private key this key only you know the public key is your garbled text and your private key Makes sense of that garbled text to generate an encryption key you need a cipher a cipher depending on the strength can make a longer stronger this is done by the creating the key using the random number generator to generate the keys the whole point about the length of the key is to make a brute force attack against the encryption key not feasible depending on the size and complexity of the key it can takes decades before you would come close to breaking the encryption Now there are also 2 types of encryption the one above I have explained is call public key encryption where you need 2 sets of keys to decrypt the information or this is also known as asymmetrical encryption The other type is symmetrical where two people or computers have the same key on either end to decrypt the information For more information and a complete rundown on how encryption works True crypts documentation has A lot of technical information on how this all works if interested I highly suggest reading it Now let’s install and use this awesome software The software we are going to use to encrypt our flash drives/portable hard drive is called True Crypt available @ http://www.truecrypt.org

I personally use this software and its great not only is it free and open source which I am all for
It supports many industry standard encryptions and is super easy to use which is always nice
The software also gives you an option to encrypt your system drive but for that I would follow the
Manual available on the site

To use the software first we download the software
Now install the software the process in windows is basically next
for Ubuntu/debian sudo apt-get update && sudo apt-get install truecrypt

Once the software is installed you will get to the main screen see below

xp_main-v7.0

Now from this screen you will choose the option “Create volume”

xps_wizard-v6.1a

Select “Encrypt a non-system partition/drive”

Now choose your flash drive click next

You will now be able to choose the encryption type you want

I recommend SHA-512 algorithm with AES-twofish

xps_wizardciphers

Now click next

You will now create your passphrase

please remember your encryption is only as powerful as your password if you use a simple dictionary based password your encryption is useless as someone will be able to guess your passphrase and unencrypt your data I suggest 10 character password with uppercase and lowercase letters and numbers and a special character this type of password would take years to crack with a password brute force attack

You will now format your drive I recommend the slow way (Not the quick format) as a next layer of protection as your drive is now filled with zeros even though its slower quick works well too it depends on how paranoid you are

And voila you have a fully encrypted flash disk now remember you will need the truecrypt portable version with you possibly on another stick or you can get creative and make a second partition on your stick with only the executable on it to mount the drive

And now with all that you now can carry your flash drives and harddrives with confidence that if lost or stolen your information is safe

if you have any questions/comments/suggestions please let me know

Till Next time stay secure !!!!