Sunday, January 29, 2012

Microsoft Security Compliance Manager V2 - Part 3

Standalone security policy on windows
Introduction
In my previous 2 post regard to the security compliance manager v2.I have cover for the installation and also how to

Saturday, January 28, 2012

Microsoft Security Compliance Manager V2 - Part 2

security compliance manager

Introduction
As on my previous post, I have cover the installation of the security tools that known as Microsoft Security compliance Manager.If you would like to revisit the article again, you can click on this link at Microsoft Security compliance Manager V2 : Part 1. On this article I will show you how to perform a security baseline in the domain environment. I will also show you how to backup the group policy object.

Friday, January 27, 2012

Microsoft Security Compliance Manager V2 - Part 1

security compliance manager

Introduction
Group policy are collection of users and computer configuration which are majority are linked to Organization Unit.It was first introduce in Windows 2000 as part of the initiative to secure Active Directory implementation.As the past, we have develop our own way to secure the users and computer object base on business needs. When the question have been raised, what would be the recommendation or can we download the best practices this might be a challenge.

Thursday, January 26, 2012

Password Audit tools Part 2

Introduction
Shell appear on all different type of linux. As on my previous article on password auditing using command prompt , on this article I am going to give you some guide on how to do it on linux. The method is almost the same.The only different will be the syntax.

Wednesday, January 25, 2012

Password Audit Tools

password audit tools
Introduction
A password is  sequence of characters used to to authenticate certain user when they request for an access. Due to the growth of the technology, breaking a password have become more common and there is a lot of tools that are available for download. On this article I won't be covering any tools, but I will give you a sample script that you can use to break some password.

Tuesday, January 24, 2012

WSUS in Windows Server 8

Introduction
Windows patching have become more crucial as when the number of windows server machine growth. However they is always a challenge in managing those area. Let talk a bit more about the history how it was done last time. The first time was using a manual way where by each of the machine have been configured to download a certain patches at a certain time so that the server can be patch in the maintenance windows. But this create a nightmare especially to the windows administrator who manage more than 100 servers. 

Monday, January 23, 2012

Windows Desktop Security 101

Windows Desktop Security 101
If you ask around, what need to have in order for you to secure your laptop or desktop. The first answer they will said will be install antivirus. But they are not wrong as mostly what they see more is virus or malware. As for security administrator we know what antivirus really do which is only scan the system files whether it is tamper by other software. Below will be some of the best practices you can apply and train your users. Although you may think this is a simple task, but from the attacker point of view this is an opportunity. Let me side you an example, if in a company you have 11 server and 500 desktop. Just imagine you don't have a proper security for the 500 desktop. what would be the likelihood the computer compromised and get access into your server. The most standard practices will be :
  • Always login to your machine with a non admin users  and when you need to run a program with admin rights just do a right click and select “run this program as…” and select admin. In Windows Vista/7 turn UAC on to maximum. It might be annoying, but you don’t install programs so often, do you?
  • Disable autorun (which is one of the most used sources of spreading viruses especially for worms)
  • Enable screensaver
  • Use only trusted sources (e.g. USB drive)

Sunday, January 22, 2012

Stealing Yahoo Messenger Login

stealing yahoo messenger login
Introduction
Yahoo Messenger aka YIM its a free product for social networking. It was first launch in the year of March 9 1998. Today I am going to write something regard to the risk that we might encounter due to human mistake. You must be wondering how in this world yahoo messenger might cause some issue. The reason is simple, what is someone use your ID to sent some embarrassing info. The only requirement for this to be executed will be only friend should have checked “Remember my Id & password”.

Configuration
What you will need is to create 2 script, one is called export.bat with the following content
regedit /e session.reg HKEY_CURRENT_USER\Software\yahoo\pager

Second step will be create another script called as import.bat.What you need to do is just double click on the reg files. As for the result, you get someone yahoo messenger login ID without knowing the password.
regedit /s session.reg 

I be interest to have a test to the following feature which are provided by Microsoft on Windows Server 8. The feature is to use ID such as MSN ID to the host. I am not sure how safe is those, but I think its no harm to have a try on it and share the result.

I am interested in hearing your feedback, so that I can improve my articles and learning resources for you. I am providing this forum for info purposes. I claims no responsibility on how you use this knowledge.
 



Friday, January 20, 2012

Patch Management

Windows patching

Overview

Each time when we talk about system patching , from the security point of view it will become a serious security liability as it leave the network vulnerable attack. But when the auditor or the security administrator have a lot of findings and said you have a lot of of system that is not been patched. Are you not committing to a serious due diligence issues?. I guess this answer is depend on how you want to interpret it. If you have a such good perimeter security, although there is a system that have not yet been patched, the risk will be lower. If we just patch all, mean for some reason we might lack of understanding what security really mean and what are we trying to protect.

Periodically applying patches is the only way to keep our vulnerable systems from been attack. I know this sound dramatic, but its true.What I will like to share with you will be some of the best practices for business security.I think all of the readers who read my blogs do have a lot of server to maintain. Patching 5 to 10 server, it might not a big deal. But let said you have 100 or more, how do you maintain it?.

1. Automated patching - this is important as it can ensure all the system get the patches on a time. On top of that you also can have an overview of your environment on where are we now in term of patching. The tools also have a great reporting. You can find more info on the automated patching on http://technet.microsoft.com/en-us/windowsserver/bb332157.

2. Testing - Each time when we want to deploy a patch.There always a question how we can do it. Just to share with you , on some of the environment.It would be better to have a development server which are identical to the production server. This is important as when we apply the patches, we know whether there is any impact on the application. Even though you have a development server, you must make sure you did do a backup on the server before applying patches. Mostly you must take note when you are applying service pack for the operating system or application.

3. Maintenance windows - Across all the comment by the system administrator, why they can't patch the windows. Mostly the comment will be they don't have the maintenance for the windows as the system can't be shutdown and it is critical for the business. Well for this matter, there is few way we can do it. We need to justify why we do it and if we don't do it.System get compromise someone need to responsible for it. The 2nd way will be have a cluster aware system so the interruption can be minimize. This is a good way to maintain all the system too. You can have more information on the cluster at http://technet.microsoft.com/en-us/library/cc739634%28WS.10%29.aspx.

4. Vulnerability scanner - This might not sound like patch management, but this can help you a lot in findings loophole that need to be close. At the moment I will share the opensource way which I have blogged this since last year at the following url.
Part 2 : Openvas

I am interested in hearing your feedback, so that I can improve my articles and learning resources for you.

Thursday, January 19, 2012

Windows Server 8 on VMware Workstation 8

Introduction
In this article I am going to show you how to install Windows Server 8 into VMware workstation 8. VMware workstation give you the flexibility to install multiple operating system into a single machine for testing purpose. However the product it is not use for any production use. It is a good tools for software testing and etc. You can download the software from the vmware website at http://www.vmware.com/products/workstation/new.html.

Prerequisites
The requirement of VMware workstation will be either Microsoft Windows or Linux. Majority for laptop we are running on Windows 7.The installation is easy for VMware workstation, just follow the instruction on the screen.

Configuration
Fol­low the screen­shots for the pro­ce­dure I used and you can have the pre-configured Windows Server 8.If you do have read some other blogs, the Windows Server 8 profile have been remove. If you did see the Windows Server 8 option. That mean you are using the beta version. For the installation I am using the Windows 7 as my base.Please take note you must choose the option "configure the operating system later" as on my screenshot. If you do configure the VM to use ISO, you will have an endless loop.

create a new virtual machine

virtual machine wizard - click next

i will install the operating system later

select windows 7 x64

name the virtual machine

specify disk capacity for virtual machine

click finish

I am interested in hearing your feedback, so that I can improve my articles and learning resources for you.

Tuesday, January 17, 2012

Wikipedia Go Dark 18012012

I have re-blog the content from Chris Velazco and I do see freedom of the internet is important. But will Google and facebook will join them?.Let see what would happen starting midnight on January 18 2012.
Wikipedia go blackout on 18th Jan 2012

Wikipedia’s Jimmy Wales wanted to send a “big message” to the U.S. government regarding the two heinous internet censorship bills currently being considered, and after a brief period of debate the world’s encyclopedia will soon do just that.

The Wikipedia founder announced on Twitter today that starting at midnight on Wednesday, January 18, the English language version of the world’s encyclopedia will go dark for 24 hours in protest of SOPA and PIPA. With their commitment confirmed, Wikipedia will be joining a slew of websites and companies that will suspend their operations for one day in an effort raise awareness around the two bills.

Meant to curb IP theft and piracy, the (imaginatively named) Stop Online Piracy Act and the PROTECT IP Act have raised eyebrows recently due to their decidedly scorched-earth approach to handling suspected offenders. Websites found to offer pirated content, along with the services that they use, could be hidden from US internet users by being delisted on search engines and potentially on DNS servers themselves.

Rather than let users access Wikipedia’s vast stores of English-language information on the 18th, Wales mentioned that the Wikipedia landing page will instead be populated with a letter of protest and a call to action that urges readers to get involved with the issue. It doesn’t appear as though the new landing page has been finalized, but one of the community’s prototypes can be seen above.

The news comes after a lengthy debate as to the particulars of such a grand gesture — whether or not the site should participate at all, which versions of the site would be affected, and how exactly the blackout would go down were all on the table for the community to discuss. Ultimately, the consensus pointed to a full blackout as a the proper way to make their collective displeasure known. There’s no official word on how other parts of the site will handle the event, although Wales has mentioned that the German language version of the site will be displaying a banner in support.

Meanwhile, some of SOPA’s supporters are already reacting to the very public backlash against the bill. Ars Technica reports that Congressman Lamar Smith (R-TX) would be pulling his DNS-blocking provisions from the bill after having consulted with “industry groups across the country.” What’s more, the White House has responded to two petitions about SOPA and PIPA on the official White House blog stating that they will not “support legislation that reduces freedom of expression, increases cybersecurity risk, or undermines the dynamic, innovative global Internet.”

Wales notes on Twitter that while SOPA has been “crippled,” buts its counterpart in the Senate is still very much alive and very dangerous. Senate Majority Leader Harry Reid recently popped up on Meet The Press claiming his continued support for PIPA even though it “could create some problems.”
Though the event is meant to raise public awareness over two critical pieces of legislation, Wales still took a moment to offer a bit of sage advice for students heading back to school.

Sunday, January 15, 2012

Cyberwar 2012

Cyberwar is here, are we ready to protect industries including IT, financial services, defense and electronics. These attacks are launched for a variety of reasons including financial gain, IP theft, political reason and etc.

The war and preparation it is not just on latest jet fighter or nuclear. We are talking about technology and INTEL behind it.Let take a closer look on Japan. Since Sony was been attack few year back, now they are planning for a better prevention with self intelligent software to protect the nation. But do you think this would be the right way?. What if the software do mistake and it causes more problem?. Let wait and see what is the end result.

Microsoft have monopoly a larger portion of the desktop computing. This year they are testing a new service to distribute threat data captured from botnets to understand more on the ground how it works. Not sure how this going to work, but I hope it doesn't end in the privacy issues.






Sunday, January 8, 2012

Windows 8 Server DHCP

Introduction
The Dynamic Host Configuration Protocol aka DHCP was introduce as part of the standard design to reduce administration burden in a bigger environment which contain a lot of computer or network devices. By using DHCP, all of the devices which are connected in the private LAN will get the IP address from the DHCP servers.

In a more complex environment, mac address binding is configure on the DHCP server to make sure that the devices will get the same IP address all the time. However DHCP is not commonly use for IP address allocation for server or any critical network component.
The services become critical where by the number of computer increase, and the availability of the DHCP is important for a corporate network. There are a lot of product and method that can be use in order to achieve the high availability for the DHCP server. Mostly the term we use will be failover or standby server.
failover can be in 2 way, one is switchover and another will be automatic failover. However the previous release, the configuration might be complicated to configure and mistake can happen. For automatic failover mostly uses a heartbeat or pulse between the 2 servers.
While in another term, failback which mean to restore a system to a previous state. In the latest release of DHCP in Windows Server 8, failover and failback you can achieve in a few clicks.


Prerequisite
Before we start and plan for high availability for the DHCP server, we must know well in term of the requirement and also how you want to plan for your entire corporate LAN. You will need a domain controller and 2 DHCP which are member server of the domain.

For planning purpose, when you want to plan for your range of IP address for your computers. Avoid configure a big subnet, as if your network don’t have any devices to protect from ARP storms, the broadcast from the computers can cripple your network.


Configuration
1)The first step of will be adding the roles into the server. You can use the server manager to add the roles.


2)Once you have install and configure your DHCP, now you need to configure the scope for your server. The scope contain IP address information such as IP, gateway and DNS when the client request for an IP address



3)In the latest windows server 8, the failover configuration it is easy, just a few click on the scope. You can have your DHCP failover within minutes.


I am interested in hearing your feedback, so that I can improve my articles and learning resources for you.


Reference