Saturday, December 31, 2011

Bitlocker Improvement in Windows Server 8

As the technology growth in this past few years, we have notice an opportunity for a risk to growth which will be targeting toward information that are stored inside the hard drive. In the past, we are looking into the waste container for any shredded information and we try to find the information from it. But now, everyone store data into hard drive. Do you really think all of us really secure those data?. What if your drive spoil and what you will do?. The first thing you will do is called for a replacement. This is where by the opportunity for the hacker come into picture. They have 50% opportunity to get hold of the data. I have test this on my self on the spoil hard drive, I am lucky enough for able to retrieve those. The work to get it back it is not hard. As what I did was put into the freezer for few hours and then I get back my drive to work for few hours which is enough for me to backup those data.

Now in the technology trend, we are working on virtualization. We can store the entire data center information into a portable drive. Chances to get those data might be high if the physical disk is not properly secure. Just imagine your entire Active Directory is inside the hard drive. From hacker perspective we can perform an on offline attack on it.

What I always believe, security is not a product. It is a tools to delay bad guys to perform damage and I do believe encryption is important.

Encryption tools
There is a lot of company provide encyrypton software such as truecrypt, checkpoint DLP, Symantec DLP and etc. What I want to cover today will be the Microsoft encryption. BitLocker Drive Encryption is a data protection feature available Windows Server 2008 R2 and in some editions of Windows 7. What it need to run will be a Trusted Platform Module 1.2 aka TPM but it also can be enabled without TPM. For the latest version of the Microsoft Windows Server it does provide a new improvement whereby it only encrypt the portion of the data that are stored into the machine.

Bitlocker Consideration
As you must aware as well, bitlocker can't protect your machine for malicious code what it does it only provide encryption. For server deployment, you might want to deploy to this to the branch office whereby the physical security it lower.

Here I would like to share some of the video clips on how to configure and also the difference on bitlocker.

Video Demo 1 : Installation of bitlocker on Window Server 8
For a direct link, please click install bitlocker on Windows Server 8.

Video Demo 2 : Bitlocker comparison Windows Server 2008 R2 VS Windows Server 8
For a direct link, please comparison on bitlocker

I am interested in hearing your feedback, so that I can improve my articles and learning resources for you.Here I would like to take this opportunity to wish you all have a wonderful holiday and happy new year:).

Saturday, December 17, 2011

Windows 8 boot from USB

Step by Step: Windows 8 To Go on a 16 GB USB memory stick

The steps of creating a USB boot it is almost the same for booting from vhd which I have cover in my earlier post on booting windows server from vhd. The only difference I see when you want to create the windows 8 to go is it need the bcdboot version. I will cover some of the differences later on.
Below will be the steps of preparing the USB stick, I haven't got chances to test this on 8gb but I believe it will work. The only difference here is I didn't assign any drive for the USB stick, but in VHD format you need to do so.

2)select disk 1
3)select partition 1
4)delete partition
5)create partition primary
6)format fs=ntfs quick

You can use list disk to query all drives, and list partition shows all partitions on a drive. The select command selects the drive and the required partition. Above I used disk 1 and then I deleted an existing partition on the memory stick. Afterward I created a primary partition and formats it with ntfs. The active command made the stick bootable.

After terminating diskpart, we need to copy Windows files to the USB thumb drive using imagex.exe. This can be done, using the following command in a administrative console window.

imagex.exe /apply e:\vm\install.wim 1 e:\

Here I launched imagex.exe from the currect directory of my Windows 8 drive. E: was the folder (containing the setup media with the file install.wim) and E: was the drive letter of my USB memory stick. The number 1 defines, that only on Windows 8 edition should be copied.

After you have completed the neccessary steps, you will need to perform the last steps as shown as below.The command what it does is to copy the boot information to the USB stick. The only difference I see in the command compare to the previous version, it don't have the last parameter which I have highlighted in red as below.

bcdboot.exe e:\windows /s e: /f ALL

The next step will be restart your computer and select the USB boot during the startup by pressing F1( this will be depending on your hardware manufacturer).
Overall I see windows 8 to go is awesome, I have try to unplug the USB stick drive. I expect the machine to crash, but indeed it didn't happen. When I plug in back the windows resume. I have try this by opening a MP3. But for deployment purpose, I would see this need to be run on USB 3 because USB 2.0 is too slow.

I am interested in hearing your feedback, so that I can improve my articles and learning resources for you.

Thursday, December 15, 2011

Android Spy - Carrier IQ

Smartphones is getting popular and it become part of a basic communication tools. It does have a massive grow comparing to apple iphone. As you all aware android is an operating system for mobile devices. Recently an Android developer discovered a clandestine application called Carrier IQ built into most smartphones that doesn't just track your location; it secretly records your keystrokes, and there's nothing you can do about it.Check out the video above which show how it works

What is Carrier IQ, exactly?
Jump to 9:00 in the YouTube video below for the proof this is basically a keylogger running on your phone that you didn’t know about.

The comment given its to understanding on the user behaviour so that they can provide a better service to the users. But what do you think?

"Our action was misguided and we are deeply sorry for any concern or trouble that our letter may have caused Mr. Eckhart," the company said in response to the EFF's letter. "We sincerely appreciate and respect EFF's work on his behalf, and share their commitment to protecting free speech in a rapidly changing technological world."

Apparently FBI was aware on the Carrier IQ what it able to do and so on , but they are not willing to reveal anything including the usage. Some believe FBI use in investigation. The most worry part, the company claims Carrier IQ was installed 150 millions handset globally. MuckRock did sent an Freedom of Information Act request to the FBI, asking for "manuals, documents or other written guidance used to access or analyze data gathered by programs developed or deployed by Carrier IQ."

Wednesday, December 14, 2011

Securing Wireless Lans with PEAP and passwords

As what you have read on my previous post regard to the wireless peap attack, it does need to have certain weakness before we can exploit them. There are something you can do to protect for an unauthorized access.

To secure PEAP against key distribution attacks it is recommended that RADIUS shared secret is least 16 characters in length, consisting of a mixed-alphanumeric character set. The RADIUS shared secret should also be rotated on a semi-regular basis. 


Ensure the common name (CN) of the RADIUS server’s certificate is defined. This setting will ensure clients only accept certificates that contain the specified CN.

Select only the trusted certificate authority (CA) that will be issuing the certificates. This will prevent attackers from using a certificate with the required CN but signed by a different CA.

By not prompting users to authorize new servers the decision to accept or reject certificates from unidentified RADIUS servers is taken away from the user. This setting will silently drop all requests whose certificate CN does not match that which is specified in Step 1.

By supplying an “anonymous” identity during the initial PEAP identity exchange attackers will be unable to leverage unencrypted usernames. This setting prevents against PEAP authentication attacks. Note: This configuration setting is only available in Windows 7 and above.