Friday, November 30, 2012

Quit smoking now!

This time I am not going to talk about IT or Infosec. I am going to show you a Thai made quit smoking advertising. If you are a smoker, I would like you to have some minutes to watch. May be you will agree with the video.



That's all! See you.

Friday, November 09, 2012

HOWTO : Make Sure Your Server Is Really Hidden

You are so brilliant to find a way to hide your server from the internet. However, you are not 100% sure. By using Penetrating Testing tools, you can confirm your hidden server is really hidden.

Here we use the tools in the BackTrack 5 r3.

nmap -sS -sV -v -Pn samiux.com

cd /pentest/enumeration/dns/fierce/

perl fierce.pl -dns samiux.com

*** where "samiux.com" is the domain name, here is only an example.

From the last output result, make sure your server IP address is not listed when she says that she is hidden.

Now, your server IP address is not shown. So, your server is really hidden? I guess not, maybe. To further test it with the searchdns.netcracft.net for the history records. You may find your server's IP address history records unfortunately (if any).

If your server IP address is in the history record of netcracft, you may consider to change the IP address when necessary in order to hide your server from the internet.

That's all! See you.

Tuesday, November 06, 2012

DerbyCon 2012 - Intro to Linux System Hardening

Too sad that this talk is only from System Administrator to System Administrator but not for Information Security (InfoSec) guys. The speaker, Chris Jenks (rattis), is in the view of System Administrator to harden Linux system instead of an InfoSec view. However, it is an InfoSec Conference. Strange.

In general, a System Administrator has no knowledge of about how malicious hackers thinking and doing. Their knowledge about InfoSec is limited. They just guessing what they done can prevent from being attack.

Description of the Talk (Written by the speaker) :

This introductory level talk is designed for people that know a little bit about Linux and a how to run Backtrack. The main target audience would have a junior level administration experience, who also knows about Bactrack.

It looks at how to do basic system hardening on CentOS and Ubuntu, using systems with default installs. It then looks at using those same tactics to systems running Backtrack. Along the way, I discuss why I don’t like using virtual machines, multiboot, liveCD or USB to run Bactrack in the field, and why I think it should be ran on a dedicated machine.

BIO of Speaker :

Experience includes fifteen years of network engineering and thirteen years system administration. He is currently studying Information Assurance at Eastern Michigan University. That degree will supplement his degrees in Computer Information Systems and Anthropology. Certifications include Security+ and Offensive Security Wireless Professional. Involved in Michigan’s Locksport scene, and a regular at Arbsec and MiSec. He’s the ”rat” in the Rats and Rouges InfoSec Podcast.



My Own Opinion :

Basically, BackTrack Linux is a Linux distribution for Penetration Testing. That mean, it is a tool for attackers (you can think like this in order to make your mind clear). Just like Thai boxers who will not wear any protective equipment to protect themselve during the fight. It is because those protective equipment may causing obstruction to their performance in the fight.

However, the speaker of the talk advised users of BackTrack to enable firewall (iptables) and configure the Apache web server to listen to the localhost (127.0.0.1). He also suggests to re-configure the SSH to not allow root login and create a sudoer account. More tools, such as denyhosts, fail2ban, tripwire and logcheck, are also advised to be installed in BackTrack.

If firewall is enabled and other tools (such as denyhosts, fail2ban, tripwire) to be installed in BackTrack, it is something like shooting on our foot when using it to do the pentesting. Meanwhile, the speaker do not know the function of the Apache web server at the BackTrack as he do not know why she is there. Moreover, SSH in BackTrack is for attack purpose instead of administration function. Almost all the tools in BackTrack requires root privilege to run, therefore, the sudoer account is not required.

BackTrack is not a normal Linux distribution for general users to use daily and casually. It is a special designed distribution for Penetration Testing; it is designed for attackers (you can think that Penetration Tester is an attacker but he is not a bad guy). It is designed to attack but not to defence.

Weird enough that the speaker has some qualifications of InfoSec. Overall, this talk is misleading in the view of a BackTrack user. Not recommended.

UPDATED on November 10, 2012 :

I find out that he had another 2 more talks on the same topic and spreading the same wrong information to the listeners. Too sad.

I am doubt that if the SysAdmin hack back (if any), what can he get? What can he do? As he said, shut down the attacker's box? The attacker is just using a BackTrack and if the root password has been changed, there is no chance for a SysAdmin doing something evil to the attacker. It is really doubt, in my opinion.

He even don't know the difference between 127.0.0.1 and 0.0.0.0 as he suggest to turn off CUPS as it is running as root. However, CUPS is listening to localhost and the user account running is already root. So, what does he want?

By the way, he use Denyhosts to block the unwanted SSH access, that mean he do not know how to use SSH to perform an attack.

He also suggest to disable the mail function. However, how can we (attacker) to perform an attack via mail?

I am doubt that he do not know how to use BackTrack. Not kidding!

Finally, one thing that I do agree with him is to change the root password to something else and may be changing the hostname too.

Anyway, he is just a System Administrator only but not an Information Security guy.