ITSec Packets » Uncategorized

VIP Access on your IPhone/ITouch

admin — Fri, 28 Aug 2009 17:34:23 +0000

Appolgies for not writting in a while. I hope to make it up to you with this post and future posts with, hopefully, much less than 5 months between. Found a great little app for iPhone/iTouch that gives us home users multi-factor authentication with a cryptographically strong OTP (one time password). Many of us have a similar device to log onto our corporate networks. I have an RSA token from work that spits a new six digit one time code. The OTP adds an additional layer of security when logging onto to a site on the net and makes brute force attacks impossible. We discussed OTP in the post about Steve’s PPP authentication system.

This cute little app is offered by VIP (Verisign Identity Protection) and is a free download for your IPhone or Ipod touch. The app works with a bunch of popular sites including Ebay, Geico, PayPal and Merrill Lynch, amongst others. Most are financial sites and would be a high profile target for hackers. Would be nice if Bank Of America was there. When you download the app you will need to use a cell phone to activate it, which is quick and easy. Then you will need to register with those sites that you want to use the app. I registered with Paypal which required the credential ID found in the VIP app. When I now use the Paypal site, I log in just like I used to with my static password (something I know) and I’m then prompted for my OTP password (something I have) that is shown on my Itouch screen during that 30 second interval in time.

As always it’s good idea to have your Iphone/Itouch locked with a password in case you lose your device, and if you the VIP password app all the more so. Yeah someone trying to gain access to your site would need your static password only you know , but it’s all about layers in security and how paranoid you want to be. Overall this is a great little app that adds industrial level authentication for us non corporate users, hopefully we’ll see more companies where this form of authentication can be used.

5 Tips to Secure Your Web App

admin — Fri, 05 Dec 2008 12:08:35 +0000

Given the increased shift from packaged software to cloud computing, a growing number of applications are web-based. Both the business models of software-as-a-service, as well as the real-time distribution modelmake Web Apps the ideal platform for new projects. While web distribution has a number of upsides, in order to effectively scale applications,it’s crucial to implement best practices to safeguard data. Any database or code that remains in a cloud is potentially vulnerable to attack. We consulted with leading web application security specialists for their top security tips:

• Understand the Potential Sources of Vulnerability
Many developers assume that all attacks will come from outside of a network firewall, but this leaves open a potential attack from inside. Make sure that all data is guarded from unauthorized access by several layers of security,ensuring that lower-level employees, and others who might work in the office,do not have access to valuable code data. Internal attacks can come in any forms, all of which can be avoided by working to secure all levels of the application.

• Utilize Multiple Layers of Security for Your Application.
Often times, IT professionals will rely solely upon an external firewall in order to protect a web application. In order to truly get a high level of security,however, one must cover all the bases. In practice, this means having an effective network virus scanner that operates in real time as well as a comprehensive network traffic tool to keep up with data movement across the network and potential breaches.

• Integrate Security Concerns Into Your Development Cycle
When planning out the stages of development,whether you work on an agile process or a standard model, you’ll need to consider the security implications of each part of your application. Starting from the earliest conversations about requirements and design all the way to the final testing phase,security concerns should be at the forefront of your thought process from the very beginning. In particular, security testing should be as important as usability testing.

• Be aware of the security implications of your coding conventions
Even simple coding conventions such as file locations can have large implications in terms of the security of a given file. While you attempt to create a stable code base by integrating standard practices such as basic password protection,make sure that you block all routes to sensitive files,not just standard ones.

• Test for major, known sources of hacking
While there will always be unknown vulnerabilities that will require major testing and upgrades, you should always protect against the well-know, major holes that often arise in web applications,In particular,design your application to withstand SQL injections, remote code calls, format string weaknesses as well as XSS (Cross Site Scripting.)

This post was written by Maya Richard, who primarily writes about high speed internet deals . She can be reached with feedback by combining her name and gmail.com

301 Redirects Explained

Ron — Thu, 19 Jun 2008 00:04:47 +0000

Wrote a guest post about “301 redirects“ on my buddy, Shimon Sandler’s blog. Shimon is very well known in the SEO community and his blog has 1000+ subscribers. It is a great resource.

Thanks, Shimon, for giving me the opportunity share a post with your readers.

Living in the present

admin — Fri, 31 Aug 2007 18:34:00 +0000

I read a nice post on “Securitycatalyst.com” that made me stop and think. We really need to appreciate the here and now. Sometimes I’ll look at my kids; they understand what it means to live life in the present moment. There is so much going on in our heads, so many thoughts. Do you ever stop to reboot? Clean out the cache? I like to sit quietly sometimes and just follow my breath; if a thought comes in I let it pass gently. This little meditation can be very relaxing. I’m a firm believer that this type of practice on a daily basis is especially essential in today’s high-tech world. As security folk, we also have to appreciate what we have. There are so many things to be grateful for. Let’s stop, think and thank on this long Labor Day weekend. Thank you Security Catalyst for the nice post.

Netstat command

admin — Tue, 24 Jul 2007 19:51:00 +0000

The netstat command is a very handy command available for use on all OS’s. When invoked netstat shows the network connections made by your computer, the ports used, and the status of these connections. It will also show you what services that may open waiting for connections. This knowledge can help in ascertaining if your system is vulnerable to attack.

To understand this we need to give a quick and dirty definition of ports. A port is a “logical connection place” on your computer where a network connection is made. As I’m writing this blog in my browser my computer has established a TCP/IP connection to google’s machine at port 80. Simplistically , ports are like windows into your computer that can be closed or opened, knowing which windows are ok to be open and which should be closed can make your system more secure.

Ok. Let’s see our connection to google that is established so I can write this blog. In the command prompt I typed ‘netstat’.

As you can see, the last line shows a TCP connection the local information showing the outbound port; next you have the foreign address where you see google’s host information separated by a colon showing the port as http or 80 and last you have the state of this connection, which in my case, is established. If connection is established that the line represents a socket, that is an endpoint for communication between two machines.

There can be defend states for each connection or potential connection if it’s listening.

ESTABLISHED – connection has been made, the TCP three way handshake has taken place.
LISTENING – port on your computer is listening for incoming traffic.
TIME_WAIT - occurs at the end of an established connection, before connection is torn down it waits for any packets that didn’t make it across. This is done so as not to confuse things if a new connection gets established.
SYN_RECIEVED – unlikely to see this, since it happens so quickly; it’s part of the three way handshake that happens when connection is being set up.
SYN_SENT – unlikely to see this too as it’s part of the three way handshake when connection is being set up.

It is important to note that if you see a line in netstat showing LISTENING, it means that you have a port on your computer waiting for incoming traffic. No, don’t get all freaked out, “does that mean someone can hack into my computer at take control of it”? No, it does not. Most people today have routers that sit between their computers and the Internet. If someone wanted to make a connection to, say, some port that I found was in a listening state, they would not be able to. The router acts as a firewall for all inbound traffic (also called ingress filtering, hope to discuss this further on a new post). So, if you have a port in a listening state on a specific port, try to find out what application/process is using this port and then try to google the “exe” file. Now you will know if this process should, in fact, be listening for incoming requests or if it’s a Trojan.

Netstat can be passed a bunch of different parameters depending on what you’re looking to do.

Here is a really great feature – ‘netstat -b’ will show you the actual process that is using this connection. Back to me writing this blog. The process that made the connection would be my browser and you see below iexpolorer.exe shows underneath the connection line. So, if you see a connection made that you’re not sure about, you can use the -b parameter and then you can see the process. If you see an .exe file that haven’t heard of just type in google to see if it’s something safe, perhaps it’s malware on your computer; if that’s the case backup important files and reinstall your operating system.

It’s important to remember when you issue the Netstat command it will give you a snapshot of what is happening right then. You can use an interval, so that it keeps running. There is a really great, free program that is worth checking out called TCPView This is a windows GUI version of Netstat and it updates in real time. And just in case you need it to figure out why your mom’s Internet connection is slow, Netstat is always available on all OS’s; just fire it up; there is no need to install anything.

Nmap Reconnaissance

admin — Mon, 09 Jul 2007 23:57:00 +0000

Nmap a is a free popular port scanning security tool , used by both good and bad hackers alike.
For someone breaking into a network, this tool is used to gather as much information about the network that is possible; mapping it out or as it’s called, fingerprint the target. On the other side, the good guys use NMAP internally to determine if there are any unauthorized services running on their network. This tool kind of levels the playing ground so to speak.

I downloaded the free tool at home and was playing around with it on my internal network. As a caveat, scan your own hosts or networks that have given permission to scan only. Unauthorized scanning of a host with the intent to breaking into may be unlawful, one should keep this in mind when using this tool..

There are two ways of scanning using NMAP; regular TCP connect scanning and stealth scanning.
Without going into the geeky details of TCP/IP, stealth scanning attempts to determine if a port is open on the target system by soliciting a SYN/ACK and not completing the 3-way handshake, then ultimately going in under the radar. However, even this type of scanning is now being logged with modern firewalls and IDS (Intrusion Detection Systems).

The TCP connect mode actually completes the 3-way handshake. The downside for a hacker would be that most servers log connections including the source IP address and the IDS may be tripped , and these are things a hacker would like to avoid while fingerprinting a network.

Here is some basic NMAP commands to get started.

TCP() connect scanning:
# nmap -sT 192.168.1.2

Syn/Stealth scan.
# nmap -sS 192.168.1.2

Defend I.T.: Security by Example

admin — Sun, 01 Jul 2007 02:35:00 +0000

I wanted to share my first infosec book review on amazon I wrote back in August of ‘06.

“Defend I.T.: Security by Example” is one of my first reads on IT security. I am currently a programmer, looking to get into the information security field.

This book has successfully turned my interest in IT security into intrigue. Each chapter is a different real life case study, with techniques used and lessons learned. Coming from a technical background, I appreciated the technical depth that the authors delve into. From the get go in Chapter 1, the authors present a tutorial on the popular scanning tool called NMAP which is fascinating. The network diagrams throughout the book were very helpful in explaining to the reader the difficult concepts such as Distributed Denial-of-Service attack and Ingress and Egress filtering.

“Defend I.T.: Security by Example” introduced me to many new concepts including IDS, INGRESS, EGRESS, DMZ, SSO, ZOMBIE,FIREWALL’s, VPN’s, PKI, and DOS attacks, just to name a few. Overall, this book is very informative and well-written.

I highly recommend this book as a great addition to your IT Security library.

My First Posting

admin — Wed, 27 Jun 2007 14:42:00 +0000

Wow this is exciting !!!! I recently got my google reader all set up with a bunch of different feeds from bloggers and news ect. On a whim I decided start my own blog. I feel like writing in a blog can help my writing skills and help me express my thoughts and ideas, at the same time provide others with information that I hope will be informative. I’m totally intrigued by the information security world and hope to some day work in the field. To be proactive I started studying for the CISSP. I hope to share some of the things I learned that I find interesting. Please post your comments.