Ego-surfing
So I did a google search on myself because my colleagues claimed that they searched everywhere on the Internet for me, to find my phone number, but they could not find me. I'm not convinced because I am who I am. I run the search myself on my firstname lastname city; most hits on the first page are true, albeit outdated. A job I posted as a prospective employer, an old work email address that got too much spam, what I studied and where I went to school, my volunteer work at a professional organization, and my resume as a piano teacher resume. The part about me running a half marathon? That's not true. LOL I am registered for a mini-triathlon, but no I have never run that far in my life.
On the next page I see a Linked In profile for a girl with the same name as mine in Washington. She's American but not asian, with 30 years of experience in Law Enforcement, industry specific skills and two big stints in Interpol. Her photo is a really good looking chic, probably age 25. I'm nice so I decide to send her a friendly note to say... "hey we have the same name but your resume is so amazing! But the linked in profile is wide open to the public and you have security clearances, perhaps you could change the default privacy settings, but you don't have to friend me." I had to send the message like a "connection request" because that's the only way you can contact someone you are not actually connected to. Surprisingly, she accepts. I'm intrigued by this mysterious and successful persona with my name. I get frequent updates that she has new connections joining her from Northrop Grumman (US DOD contractor) and other interesting people. In the back of my mind, I have suspicions why someone has 30 years experience and looks 25 (but that cannot be a crime).
Managing your online relationships
I decide to talk to my old boss because he is in the IT Security industry, he would know what to say about these kind of sticky things I get myself into. He jokes that women with my name simply cannot be trusted. He sends me a link to this article about the famous Robin Sage Experiment. It's a good read about basic online security awareness and social engineering. The "girl" who duped military intelligence and top notch IT Security professionals.
He reassures me that he did some peripheral background checks on my new contact and the info in her resume does check out; and he even convinces me that based on her info if she is 46, well some women could still look that good. (So that confirms that he thinks she is good looking too) But he cautions me with something I should know already, as a general rule, be careful about being friends with someone you haven't actually met in real life.
Another time on Facebook, I accepted a friend request from a person who I assumed was a twenty-something year old friend of my sister because it was a name I thought I recognized. As soon as I accepted, she chatted me up and started her note with "hihi" and her writing style was very girly and teeny boppy and we talk about similarities with her hometown Vancouver and mine. Her friend list is full of really good looking asian chics, but no guyz. Well that's odd but I think nothing of it. Over the course of weeks we continue to talk, about Victoria Day long weekend, how cute the kids are with tulips. Soon after I get a friend request from her again because she told me her account got locked so she started a new one. This keeps happening on a weekly basis and I decide to forget about it. On a whim I search for her profile name and there are many many profiles (without a profile picture) with her name, but there was one with a photo of a really ugly looking guy. Reminds me of a guy who did too much boxing in the face, was my first impression. I was shocked to learn that my new "friend" was probably some kind of predator. What should've been my first clue? What kind of teeny-boppy girl doesn't have guy friends on the friend's list?
Managing your online profile
You ask yourself, Who am I? Well if you feel the need to do some ego-surfing and google yourself and if you don't like what you see, here is a good article I found about un-googling yourself and managing your online identity a little bit better. Un-google yourself!
Verify the privacy settings on your various social media websites, especially access policies to the photos you post of yourself and your own children! Google has recently updated their privacy policy, which makes it harder to delete your online search history. So, um don't google something criminal like that other guy, "where to hide a body".
Showing posts with label Password Security. Show all posts
Showing posts with label Password Security. Show all posts
Thursday, March 15, 2012
Monday, February 27, 2012
Cisco Port Security
Use port security to manage the ingress of traffic from dynamically learned and static MAC address. When a secure MAC address is assigned to a secure port, the port will not forward traffic from any other MAC address outside the defined MAC Address.
There is a security violation if one of these infractions occur
1) When access is attempted by a MAC addresses that is different from any of the identified secure MAC addresses, port security applies the configured violation action or mode.
There is a security violation if one of these infractions occur
1) When access is attempted by a MAC addresses that is different from any of the identified secure MAC addresses, port security applies the configured violation action or mode.
2) If traffic with a secure MAC address that is configured or learned on one secure port attempts to access another secure port in the same VLAN, port security applies the configured violation action or mode. It is a move violation!
Possible actions are:
switchport port-security violation {protect | restrict | shutdown}
protect—Drops packets with unknown source addresses until you remove a sufficient number of secure MAC addresses to drop below the maximum value.
restrict— the same, but causes the SecurityViolation counter to increment.
shutdown—Puts the interface into the error-disabled state immediately and sends an SNMP trap notification.
To bring a secure port out of the error-disabled state, in global configuration mode
usage: errdisable recovery cause violation_mode command
or manually reenable it usage: shutdown and no shut down interface configuration commands
To prevent overtaxing the CPU, use the port security command with rate limiting
usage: errdisable recovery cause violation_mode command
or manually reenable it usage: shutdown and no shut down interface configuration commands
To prevent overtaxing the CPU, use the port security command with rate limiting
Methods of MAC address configuration
Static
How to statically configure all secure MAC addresses?
Dynamic
Dynamiclly configure secure MAC addresses?
1) You can allow the port to dynamically configure secure MAC addresses with the MAC addresses of connected devices.
2) You can statically configure a number of addresses and allow the rest to be dynamically configured by sticky!
Sticky MAC addresses
These can be learned dynamically. Port security with sticky MAC addresses retains dynamically learned MAC addresses during a link-down condition.
Remember to write memory (wr is the shortcut) or copy running-config startup-config command, then port security with sticky MAC addresses saves dynamically learned MAC addresses in the startup-config file. Theport does not have to learn addresses from ingress traffic after bootup or a restart.
Friday, February 24, 2012
Cyber Defense Engineering Rant
I read up on some recent SANS White papers and a topic caught my eye, toting the weakness of Defense in Depth Alright, I'm taking notes. Companies spend millions of dollars on ITS and they are still getting hacked, well the ones worth hacking into anyway. Sony PS3 customer credit card data, Citibank, US military drones, like really run targets! So what are some alternatives, what are the weaknesses and strengths of technologies today?
The author seems to promote the fact that Defense in Depth is not employed properly by governments and IT departments doing IT Security and Cyber Defence. The Layered defense approach works for the physical and kinetic world (as they call earth). Even an armed intruder cannot walk through walls of fire (clever). However all kinds of cyber threats can be "encapsulated" and shift silently through one layer to the next, both OSI Layer and Layers of Security I presume. Frequency of attack is increasing, and skill level required for success attack is decreasing. IT departments have limited people, process and technology. Hackers can launch attacks as effectively and quickly overseas as next door with limitless power, process and technology. Actions cross international boundaries and legal jurisdictions.
Analogies of common approaches
1) Fire prevention - more like the use of a fire extinguisher or incident handling when an intrusion occurs
2) Nuclear Energy - the core is highly reactive. Clarification please?
3) Engineering - many redundancies built in, failover and contingency plans
4) Online gaming - chance encounters, attack by attrition, using up resources until they're gone
Defense in Breadth was a complementary initiative, involving multiple vendors not competing but rather collaborating. Perhaps something as simple as preventing the attackers from getting back out the internet with the stolen sensitive electronic information. Threat detection, intrusion detection, network baseline monitoring, anomalous behaviour tracking.
Cyber Siege Defense sounds cool but I couldn't quite capture it in notes. Rather I got out of it one really good idea about Managing the Attacker with strategies like
1) Understand the mindset and motivation
2) Feed false information by setting up honeypots or false data
3) Increase the attackers level of effort
4) Drive up their costs, combine defensive technologies to increase complexity
5) Deprive the profits they seek
6) Damage their reputation
What does this all mean? The whole point I got out of it was rather dismal, the hackers know everything that is commercially available and it's weaknesses. Some professionals have to take the SANS course to even learn what the weaknesses are. How do you know that hackers aren't on the same course and laughing at everyone in the back of the room?
Now it's too late, you're already under attack. I found some notebook ideas here useful for incident handling on Windows anyway. Here's a link to a CIRT Whitepaper. Well that is SAN safe link, but how do you know it's really safe, and it's not downloading malicious code? That's what I mean that the weakest security is the OSI Layer 8, the Between Chair and Monitor Error, desktop USER.
More fuel to the fire that IT Security is defenceless... even CEO's agree.
The author seems to promote the fact that Defense in Depth is not employed properly by governments and IT departments doing IT Security and Cyber Defence. The Layered defense approach works for the physical and kinetic world (as they call earth). Even an armed intruder cannot walk through walls of fire (clever). However all kinds of cyber threats can be "encapsulated" and shift silently through one layer to the next, both OSI Layer and Layers of Security I presume. Frequency of attack is increasing, and skill level required for success attack is decreasing. IT departments have limited people, process and technology. Hackers can launch attacks as effectively and quickly overseas as next door with limitless power, process and technology. Actions cross international boundaries and legal jurisdictions.
Analogies of common approaches
1) Fire prevention - more like the use of a fire extinguisher or incident handling when an intrusion occurs
2) Nuclear Energy - the core is highly reactive. Clarification please?
3) Engineering - many redundancies built in, failover and contingency plans
4) Online gaming - chance encounters, attack by attrition, using up resources until they're gone
Defense in Breadth was a complementary initiative, involving multiple vendors not competing but rather collaborating. Perhaps something as simple as preventing the attackers from getting back out the internet with the stolen sensitive electronic information. Threat detection, intrusion detection, network baseline monitoring, anomalous behaviour tracking.
Cyber Siege Defense sounds cool but I couldn't quite capture it in notes. Rather I got out of it one really good idea about Managing the Attacker with strategies like
1) Understand the mindset and motivation
2) Feed false information by setting up honeypots or false data
3) Increase the attackers level of effort
4) Drive up their costs, combine defensive technologies to increase complexity
5) Deprive the profits they seek
6) Damage their reputation
What does this all mean? The whole point I got out of it was rather dismal, the hackers know everything that is commercially available and it's weaknesses. Some professionals have to take the SANS course to even learn what the weaknesses are. How do you know that hackers aren't on the same course and laughing at everyone in the back of the room?
Now it's too late, you're already under attack. I found some notebook ideas here useful for incident handling on Windows anyway. Here's a link to a CIRT Whitepaper. Well that is SAN safe link, but how do you know it's really safe, and it's not downloading malicious code? That's what I mean that the weakest security is the OSI Layer 8, the Between Chair and Monitor Error, desktop USER.
More fuel to the fire that IT Security is defenceless... even CEO's agree.
Monday, February 20, 2012
Cisco Self Defending Network Strategy
I found a CCNA test question on the Cisco Self Defending Network Strategy so I looked it up.
Cyber Security
Trust and Identity Management, responsible for security of critical assets
Threat Defence, respond to problems caused by security outbreaks
Physical Security
Potential security breaches should be evaluated.
Asses the potential impact of stolen netwokr resources and equipments
Secure Connectivity, ensures privacy and confidentiality
Properties of a Self Defending Network
Network Availability: remain active when under attack
Ubiquitous Access: provide secure access from any location
Admission Control: authenticate all users, devices and their posture
Application Intelligence: extend application visibility controls into the network
Day-Zero Protection: ensure endpoints are immune to new threats
Infection Containment: rapidly identify & contain virulent attacks
Network Monitoring:
Monitoring Analysis Response System (MARS) provides security monitoring for networks and hosts
Key Components and Necessary Behaviours
Summary of Cisco Threat Detection Technologies
IPS Sensor Application
Adaptive Security Appliance (ASA)
Cisco Security Agent (CSA)
Cisco PIX Firewall
FWSM Catalyst 6500 Firewall Services Module
IOS Firewall (feature of Cisco IOS)
IPS (feature of Cisco IOS)
Movies on Network Security
War Game (script kiddies break into the Pentagon computers)
Hackers (Angelina Jolie, 1995. Hacking, dial-up modems, social engineering, dumpster diving)
The Net (not so much hacker movie, but privacy issues online)
Mission Impossible 4: Ghost Protocol (breaking network security and halting a nuclear disaster)
Cyber Security
Trust and Identity Management, responsible for security of critical assets
Threat Defence, respond to problems caused by security outbreaks
Physical Security
Potential security breaches should be evaluated.
Asses the potential impact of stolen netwokr resources and equipments
Secure Connectivity, ensures privacy and confidentiality
Properties of a Self Defending Network
Network Availability: remain active when under attack
Ubiquitous Access: provide secure access from any location
Admission Control: authenticate all users, devices and their posture
Application Intelligence: extend application visibility controls into the network
Day-Zero Protection: ensure endpoints are immune to new threats
Infection Containment: rapidly identify & contain virulent attacks
Network Monitoring:
- Syslog maintans a lot of data, feature of Cisco IOS
- Simple Network Management Protocol (SNMP) Cisco IOS feature for network management
Monitoring Analysis Response System (MARS) provides security monitoring for networks and hosts
- Netflow provides packet level stats
- Cisco Traffic Anomaly Detector Module - detects high speed DoS attacks
- Firewall and IDS - IPS Sensor Application, Adaptive Security Appliance (ASA) and Cisco Security Agent (CSA)
Key Components and Necessary Behaviours
- 100% Network Up Time. Keep functioning in the presence of viruses and related infections.
- Network Admission Control (NAC) program. NAC allows customers to determine what level of network access to grant to an endpoint based on its security posture
- Infection Containment as a third-order dampener to the virus and worm propagation effect.
- Adaptive Threat Defense (ATD) capabilities, which enhances the ability of a network to respond to threats based on a new set of Anti-X technologies.
- Network Intrusion Detection Systems (NIDS), integrate NIDS into its router and switching platforms and transforms aspects of into an intrusion prevention system (IPS) with inline filtering capabilities.
- Beyond endpoints, apply to points of presence (POPs) in the network (firewalls, network intrusion detection systems -NIDS, routers, switches, and hosts) with context while learning the L2 and L3 network topology.
Summary of Cisco Threat Detection Technologies
IPS Sensor Application
Adaptive Security Appliance (ASA)
Cisco Security Agent (CSA)
Cisco PIX Firewall
FWSM Catalyst 6500 Firewall Services Module
IOS Firewall (feature of Cisco IOS)
IPS (feature of Cisco IOS)
Movies on Network Security
War Game (script kiddies break into the Pentagon computers)
Hackers (Angelina Jolie, 1995. Hacking, dial-up modems, social engineering, dumpster diving)
The Net (not so much hacker movie, but privacy issues online)
Mission Impossible 4: Ghost Protocol (breaking network security and halting a nuclear disaster)
Monday, January 30, 2012
Cisco Troubleshoot: Password Recovery
If you have encountered the unfortunate tragedy of losing the password for your Cisco router, do the following steps in order. This post also sounds very similar to the other situation requiring the tftpnld command.
- Read the entire list of directions first.
- Boot the router but send a break signal using the Break key. In this mode halfway between heaven and hell, set the configuration register to 0x2142
- Reload the router
- The router comes up into the initial setup dialog. Hit Ctrl C, type enable
- Copy the startup config into the running config, copy start run (tricky!)
- Change the passwords and save the config file. The letters 'wr' is a legacy command that mean write configuration and is the same as copy run start.
- Reset the configuration register to the default value, which should be 0x2102
- Reload the router.
Wednesday, January 25, 2012
Cisco Router Configuration: rate-limit and bandwidth monitoring
For the purpose of managing bandwith usage on peak hours (office hours) and off-peak hours (after work hours), use access lists in the router configuration in conjunction with the Cisco rate-limit command and time related rules, like enable ntp, scheduler, and the time-range commands.
Mitigate Denial of Service Attack
Another application for the rate-limit command is a method to prevent DoS attacks, by controlling the bandwidth rate or to limite the connection rate of incoming traffic. If used properly, this command will reduce the impact of an attack on a vulnerable computer. Most effectively used in conjunction with an Access Control List (ACL), a firewall, and an intrusion detection system (IDS). However it may be necessary to establish a traffic flow reporting baseline first.
Firewalls are a separate topic beyond the scope of the course, but I saw a practise quiz question ask about Cisco PIX firewalls. A firewall is useful for infection containment during threat detection in the mitigation process by splitting the network into different security zones.
Configuration
The full description is found on the Cisco website in the set qos-group of commands, and I have the habit of taking a few notes down for myself. The usage:
rate-limt {input|output}[dscp dscp-value] [access-group rate-limit access list] bps burst-normal burst-max conform-action [action you want] exceed-action [action you want]
To remove the command, use no in front of the whole configuration line.
rate-limit output access-group 100 192000 36000 72000 conform-action transmit exceed-action drop
rate-limit output access-group 101 800000 150000 300000 conform-action transmit exceed-action drop
Where access-list 100 is for office hours
access-list 101 is for off peak hours or after work hours
The three numbers indicating bit rates for the rate-limit command listen in order. The bit rates to use can be calculated form the excel bit rate calculator link below.
bps - average bit rate in increments of 8kps
burst-normal - average burst size in bytes. The minimum value is bps/ 200
burst-max - excess burst size in bytes
Specify a time-range, example if Office Hours were 8am to 4pm Zulu (you'll have to change your numbers to match your real office hours but Cisco uses the time settings in Zulu only. I don't actually work 8am to 4pm Zulu just makes it easy to write this time-range article). The question mark is a symbol that prompts the Cisco IOS to list follow on options you can use.
time-range OFF-PEAK-TIME-RANGE
periodic ?
list days of the week: Monday Tuesday Wednesday Thursday Friday Saturday Sunday
periodic Monday Tuesday Wednesday Thursday Friday ?
specify the time in zulu
periodic Monday Tuesday Wednesday Thursday Friday 16:00 to 23:59
periodic Tuesday Wednesday Thursday 0:00 to 7:59
time-range OFFICE-HOURS-TIME-RANGE
periodic Monday Tuesday Wednesday Thursday Friday 8:00 to 15:59
My question is what happens with Saturday and Sunday? I've been just leaving it blank and assuming that goes full throttle. Never seen anything bad happen so I've been assuming it's working out ok.
Download your own Bit Rate Calculator here:
https://learningnetwork.cisco.com/docs/DOC-7874
Mitigate Denial of Service Attack
Another application for the rate-limit command is a method to prevent DoS attacks, by controlling the bandwidth rate or to limite the connection rate of incoming traffic. If used properly, this command will reduce the impact of an attack on a vulnerable computer. Most effectively used in conjunction with an Access Control List (ACL), a firewall, and an intrusion detection system (IDS). However it may be necessary to establish a traffic flow reporting baseline first.
Firewalls are a separate topic beyond the scope of the course, but I saw a practise quiz question ask about Cisco PIX firewalls. A firewall is useful for infection containment during threat detection in the mitigation process by splitting the network into different security zones.
Configuration
The full description is found on the Cisco website in the set qos-group of commands, and I have the habit of taking a few notes down for myself. The usage:
rate-limt {input|output}[dscp dscp-value] [access-group rate-limit access list] bps burst-normal burst-max conform-action [action you want] exceed-action [action you want]
To remove the command, use no in front of the whole configuration line.
rate-limit output access-group 100 192000 36000 72000 conform-action transmit exceed-action drop
rate-limit output access-group 101 800000 150000 300000 conform-action transmit exceed-action drop
Where access-list 100 is for office hours
access-list 101 is for off peak hours or after work hours
The three numbers indicating bit rates for the rate-limit command listen in order. The bit rates to use can be calculated form the excel bit rate calculator link below.
bps - average bit rate in increments of 8kps
burst-normal - average burst size in bytes. The minimum value is bps/ 200
burst-max - excess burst size in bytes
Specify a time-range, example if Office Hours were 8am to 4pm Zulu (you'll have to change your numbers to match your real office hours but Cisco uses the time settings in Zulu only. I don't actually work 8am to 4pm Zulu just makes it easy to write this time-range article). The question mark is a symbol that prompts the Cisco IOS to list follow on options you can use.
time-range OFF-PEAK-TIME-RANGE
periodic ?
list days of the week: Monday Tuesday Wednesday Thursday Friday Saturday Sunday
periodic Monday Tuesday Wednesday Thursday Friday ?
specify the time in zulu
periodic Monday Tuesday Wednesday Thursday Friday 16:00 to 23:59
periodic Tuesday Wednesday Thursday 0:00 to 7:59
time-range OFFICE-HOURS-TIME-RANGE
periodic Monday Tuesday Wednesday Thursday Friday 8:00 to 15:59
My question is what happens with Saturday and Sunday? I've been just leaving it blank and assuming that goes full throttle. Never seen anything bad happen so I've been assuming it's working out ok.
Download your own Bit Rate Calculator here:
https://learningnetwork.cisco.com/docs/DOC-7874
Subscribe to:
Posts (Atom)