Sunday, February 12, 2006

Encrypted Malware and Code Reusability

A decent article walking through a malware analysis.

http://isc.sans.org/diary.html?storyid=2223
Posted by at No comments:

Tuesday, December 20, 2005

Car Webcam Surveillance System

Main Idea: LINUX-based Web Cam Recorder

The idea is to have an on-board laptop with web server to snap pics with the webcam every few seconds and record the data to the hard drive. A wireless connection at the house and server will provide for syncronization of the data when the car returns into the range of the base AP.

  1. Acquire an old laptop with a hard drive and USB port.
  2. Get a USB web camera. Mount it to the back of the car by the center brake light. Run the cable to the trunk. Get a USB extension cable if nec.
  3. Get a wireless card that is compatible with LINUX. Recommended, any Prism-based 802.11 card or Orinoco Gold. Prism 802.11g chips are supported in LINUX, but the driver setup can be involved. Do some research and be prepared.
  4. Get a DC/AC power converter. Run the DC power connect from the lighter or other car outlet back to the trunk of the vehicle.
  5. If the battery of the laptop is not operable, a small UPS may be desirable for use. Disable the alarms through the console setup, if available. APC brand recommended. Make sure it has "smart" firmware.
  6. Load LINUX to the laptop. Use a journaling file system, like xfs or reiserfs as the machine will probably experience frequent power loss. Software required: apache, cron, scp, webcam image capture software or scripts, wireless drivers/scripts.
  7. Setup the wireless connection. It can be configured in any way, so long as you can connect to it from another machine and view the apache dir with the webcam captures.
  8. Setup LINUX power management for no power alert alarms. Preferably, it will have no GUI (init:3) and no sound drivers as it can get distracting. Set the power management software to shut the system down at 5% on-board battery power. If using a UPS in lieu of an on-board battery, use NUT or APCUPSD and set for shutdown at 3% power. Or you can use both. :)
  9. Setup webcam capture script/app to collect the image every few seconds. Save it to a local directory in the web hierarchy.

Option: Wireless Sync to a base server

  1. Ensure the wireless settings do not allow the card to "roam" to any other APs or ad-hoc networks. It should only connect to the base AP.
  2. The base server in the house requires SSH. Create an account for the laptop to dump files to. Generate keys on the laptop and perform the exchange so that the laptop can connect to it's account on the server automatically with SCP.
  3. Create a script that will scp all files in the webcam directory to the base server, then delete them if successful.
  4. Schedule scp script to execute every minute in cron. Throw output to /dev/null.
  • An ftp client could be used for this exercise, but is not recommended as it is not encrypted.

Alternate Setup: Bootable LINUX CD

This configuration maximizes the HD space available for recording. Follow the above with the following modifications:

  1. Acquire an old laptop with hard drive, CD drive and USB port.
  2. Get a USB pen drive (flash drive, thumb drive). Recommend 1GB space.
  3. Burn a copy of a bootable linux CD. Knoppix, Debian, etc.
  4. Modify the BIOS of the laptop. set CDROM as the boot device. set power settings to power it ON in the event of a power failure. Save and exit.
  5. Boot to the LINUX CD. Establish the settings you want and save to the USB drive.
  • You will have to run some rc scripts from the usb drive at bootup to ensure that the web server, sync scripts, and wireless card are running when the machine powers up.
Posted by at No comments:

Clustered Intruson Detection System

Ideas for creating a scalable architecture for very large enterprises.
  • Create a LINUX-based IDS appliance with clustering enabled.
  • After establishment of first node, additional nodes can be dropped in and configured directly into the cluster.
  • Added nodes will pull configurations from existing nodes and self-configure after initial node config.
  • Once finalized, nodes will form cluster and share CPU, memory, and application space. This provides drop-in scalability merely by adding more appliance units and configuring.
  • Incoming spanned traffic will have to be load balanced among promiscuous NICs.
Posted by at No comments:

Thursday, December 15, 2005

Securing Wireless: Presentation Notes

Course 1 - Implementing Wireless Security

Agenda

  1. Standards Overview
  2. Considerations for Your Enterprise
    1. Regulations Compliance
    2. Data Value
    3. Public Perception
  3. Implementing Security
    1. WEP
    2. WPA
    3. WPA2/802.11i
    4. TKIP/LEAP/PEAP
    5. MAC filtering
    6. 802.1x
    7. Bluetooth
  4. Detecting Problems
    1. Rogue AP
    2. Rogue Client
    3. Attacks
    4. Failures
  5. Links
  6. Contact

Course 2 - Auditing Wireless Security

Agenda

  1. Auditing Wireless Security
  2. Discovery
    1. Kismet
    2. Netstumbler
    3. GPS Mapping
  3. Types of Attack
    1. WEP
    2. WPA
    3. LEAP
    4. Deauthentication
    5. Bluetooth
  4. Links
  5. Contact

Kismet

Netstumbler

Void11 DOS

WEP Cracking

WPA Cracking

Bluetooth Snarfing

Auditing Tutorials

LEAP Hack

Posted by at No comments:

Wednesday, December 14, 2005

Wireless Overview Notes

Agenda

  1. Overview
  2. Defining Wireless
  3. COTS Products
  4. Considerations for 802.11b/g
    1. Frequency Interference
    2. Range/Coverage
    3. Speed
  5. Configuration Example
    1. Linksys WRT54G
  6. COTS Security
    1. Levels of Security
    2. Need v. Complexity
    3. Linksys Example
  7. Links
  8. Contact

Wireless Alphabet Soup

Ubiquitous Municipal Coverage Initiatives


Posted by at No comments:

Monday, September 12, 2005

Password Rules for Kids

A decent password policy for kids and, frankly, most users.

from KidzOnline

Password Creation

Chapter 1

1. Passwords are crucial in keeping your personal information confidential and your computer system secure.

2. Sharing your passwords: 

    * can allow people access to your email and other sensitive files
   * can cause you to lose access to saved files and private information

3. To be TRULY secure, every password needs to be different.

4. Use different passwords for different levels of security: 

    * Level 1 – routine downloads and product registrations
   * Level 2 – e-mail accounts and operating systems
   * Level 3 – bank accounts, online auctions, administrative logins

Chapter 2

5. To ensure your password remains secret: 

    * memorize your password
   * if you have to write it down, keep it on you
   * don’t leave your password where its easy to find it

6. Password basics: 

    * do not share your passwords with anyone
   * make them impossible to guess
   * create different passwords
   * try to memorize your password
   * do not write them down
Posted by at No comments:

Friday, July 8, 2005

Creating a Vericept Instance in VMWare

Here's the generic host creation VM documentation with the promiscuous NIC setup and drive conversion sections. Here's a better structure below:

  • Determine customer platform (Vmware version: ESX v?, workstation, gsx, etc) and total space dedicated for this VM.
  • Create the VM in workstation with the total space defined as the MAXIMUM. Allow for auto-expansion of the disk to maximum. This will yield about a 6 GB partition. This was done correctly the first time.
  • Compress this final disk image with a file utility appropriate to the receiving host machine. Windows = winzip or windows compress utility. ESX, Linux = Tar/Gzip.
  • Burn to disk and ship. Be ready to have this available via FTP should the disk be damaged in transit. Include a document with step-by-step installation instructions from disc to image, through conversion, into VM setup and promiscuous port settings.

On the receiving end (ESX ONLY):

  • copy the compressed file from DVD and uncompress/untar it to the /vmfs directory of an ESX box (handles large files well).
  • Run the disk conversion process.

vmkfstools –i vmhba:X:X:X:X:.vmdk 

  Make sure the customer has MAX DISK SPACE _plus_ the 6GB overhead of the original disk file.  When done, delete the old 6GB file.
  • Create a new VM, define for Linux, name, RAM, etc., and attach the new ("existing") disk you just converted.
  • You previously wired the NICs, defined the virtual switches and such so you have a _separate_ production and sensing network connections and virtual switches, right? Add one virtual NIC for this VM connected to the production network's virtual switch. Add one v-NIC connected to the "sensor" v-switch (don't worry about the terminology, it works). The production network can be shared amoung the VMs. The "sensor" network can only be used by Vericept VM and needs a dedicated NIC bound to a dedicated virtual switch within VM.
  • Set the "sensor" NIC into promiscuous mode.

echo "PromiscuousAllowed yes" > /proc/vmware/net/vmnicX/config

  • Run the VM.
  • Test test test
  • *optional* Log into Paypal.com and send $10 to Drew Hunt (pinowudi@yahoo.com) for his efforts.
Posted by at No comments:
Subscribe to: Posts (Atom)