The dangers of using outdated software


 Outdated software contains security flaws which cybercriminals can use as avenues to infiltrate the corporate network.

The dangers of using outdated software.

AlphiMAX PTP Estimator provides an excellent way to align your wireless antennas

Need an excellent program to estimate your wireless bridges from building to building?  AlphiMAX provides an excellent online program to estimate your wireless links.

Sign up is easy and fast.  The PTP Estimator requires that you have the Latitude and Longitude of both buildings.  You can get an estimated Lat. and Long. from Google maps.  Find your location on Google maps (you should use a GPS) and right click on the location you want then select “What’s here?” .    This will provide the numbers you need.  Remember, it is best to use a GPS on each site where you intend to erect an antenna.

PTP Estimator

You can also search for a location by name by clicking the area in the center of the online application.  icon

Once you have the Lat. and Long., enter the numbers at the top of the online application.  Click Estimate.

Entering LatandLong

The interface will show you the terrain, Antenna height, compass information, Fresnel Zone Clearance, approximate altitude,  along with product information they provide.

Aligned

 

The estimator also offers a 3D view of your project if you have an active subscription.

AlphiMAX Company Overview
AlphiMAX provides products to help you with your wireless needs.

How to guard your wireless network and see intruders

100% credit goes to Bill Mullins for sharing this information. (BillMullins.wordpress.com).

Softperfect has some of the best freeware for Windows.   With Netscan you can see devices on your network and find information about the  devices.  Now with their software “WiFi  Guard”, you can use a device on your network and find the devices that are attached to it.

While you should take precautions to secure your wireless network, is someone accessing your network without your knowledge?

Installation is fast and easy.  Simply follow the wizard and make sure you run the software at startup.

Scan

Once you install the software, select the adapter and scan your network.  Next double click on known devices and select “I know this device.”  Let the software run and periodically scan your network.   If you find a device connecting to it,   locate the device and remove it from the network or take action to prevent unknown devices from connecting.

I Know

The software is designed to run on Apple, Windows or Linux.

Note: The above pic is from a lab environment and the addresses and macs do not represent real machines or a production environment.

Protecting your network by pen testing it

This post is for educational purposes and any use of these tools against a network without explicit permission could be illegal.   Metasploit is designed to identify weaknesses in networks and hardware/software on a network.  Do NOT use metasploit for other reasons.

Want to protect your network and the computers in your network?  You can get updates for your operating systems (Linux, Mac, iOS, Android, Windows or whatever) along with updates for third party programs yet you can still be unsecure.    When updating these products, you also have to remember firmware and updates for wireless devices, access points, bridges, firewalls, routers, switches, SCADA devices, robots, mobile devices, printers and any device on your network.

Metasploit

http://www.metasploit.com/download/

Metasploit Community is free and allows for a free scan of your network or server. Although limited (Try Pro for details and Brute Force), Metasploit Community is a first step in finding open services and ports on your operating system, hardware devices such as routers and other devices.   The trick to installing Metasploit is to disable your antivirus or make exceptions to what your antivirus finds.   You should truly install the software inside of a VM (Virtual Machine) so that your computer remains protected.

You can use Metasploit to protect your network by ‘seeing’ what a hacker or malicious person would see.  Truly for network professionals and auditors, this software can help you identify services, ports and weaknesses in your network.

There are several versions of Metasploit – Community, Pro, Express and Framework (Compare Editions)

Metasploit     Metasploit Two

Metasploit Scan Complete     metasploit Hosts

Metasploit Services After Scan

The above scan was in a controlled lab.  Malicious scanning of networks may be illegal.  Read  Penetration Basics on Metasploit’s website.

Tutorials (Videos)

Your business and home needs a firewall…why?

So what happens when you install a firewall and make sure all operating systems on your home network are fresh installs?

craziness

 

You’ll probably see hits from foreign and U.S. IP addresses trying to make connections to your computers, phones and other devices on your network.   You’ll also notice common port numbers in the above log.  So what would happen if any of the services and ports were open?  It could result in the loss of data.

What should you do?  Install a hardware SOHO firewall and keep your OS firewall on.  While there are tons of other precautions you also need to take, ultimately this is a form of protection most home users and business users fail to implement.

Credit: Chris Davis

What should you do with an old computer? Create a home router/firewall!

ITX-motherboards can often be found in older computers from garage sales or thrift stores.  What is the practical use for these motherboards or older computers?

Here’s a small project that involves protecting your home.

After finding an ITX motherboard and gathering extra parts from broken laptops and computers, this project will put the software SMOOTHWALL Express onto the computer to make a mini firewall.  Total cost?

  • $22 250watt power supply
  • $5 Gearhead mini keyboard

0306141659a

Base processor
Athlon 64 X2 (B) 5400+ 2.8 GHz (65W)
800 MHz front side bus
Socket AM2

Chipset
GeForce 9100

Motherboard

  • Manufacturer: Pegatron
  • Motherboard Name: APX78-BN
  • HP/Compaq motherboard name: Nutmeg-GL6E

Power supply
250W

Memory
240 Pin DDR2 PC2-6400 MB/sec
4GB
Hard drive
120 GB SATA 6G (6.0 Gb/sec)
7200 rpm

Video Graphics

Integrated on motherboard (NVidia 9100)

Sound/Audio
High Definition 6-channel audio
ALC 888S chipset

Network (LAN)
Integrated 10/100 Base-T networking interface
Added Broadcom wireless to create a wireless router

External I/O ports connections – 6  USB

Expansion slots

PCI Express mini card socket – added Broadcom Wireless
PCI Express x16
PCI Express x1

Additions-

  • 2″ Fan for Chipset

In the video below, HAK5 shows just how to make a motherboard like this into a nice home router/Firewall.

Solving The Security Workforce Shortage – DarkReading

According to the study, the most sought-after quality is a broad knowledge of security — more of a strategic understanding than technical know-how followed by certifications.  Read More

Opinion – While certifications are an important part of IT, the technical know-how is the most important. Getting a degree or a certification is a great advancement for your education but can you configure a firewall? Run Linux-OSX- Windows? Support mobile, wireless, servers with Active Directory and monitor and control an IT environment?   That’s the difference between $12 an hour and a career.

FREE – Security engineering training by SAFECode

FREE – How can you beat it?  Once again, another excellent site has training that is Free.   While we have found Rackspace’s Cloud University,  Free Microsoft Training and virtualization this site adds an additional form of training that can help you supplement your training programs.

“Security engineering training by SAFECode is an online community resource offering free software security training courses delivered via on-demand webcasts.

Covering issues from preventing SQL injection to avoiding cross site request forgery, the courses are designed to be used as building blocks for those looking to create an in-house training program for their product development teams, as well as individuals interested in enhancing their skills. All courses are free and published under a Creative Commons license and open, non-commercial usage of the content is encouraged.

SAFECode will be adding new courses to the site on an ongoing basis. Our goal is to create a diverse catalog of security engineering training courses for all expertise levels as a community resource.”
https://training.safecode.org/

SAFECODE

“While registration is not required to view the courses, registered users of the site will benefit from the ability to:
–Download courses for offline viewing
–Post comments to provide feedback on the courses and ideas for updates.
Your feedback will be used to help keep the material up-to-date and ensure it best meet the needs of the community it aims to serve.
–Receive email updates when new courses and resources are available”

 

Sometimes you travel the world to get to where you are going…

Jay, one of our students,  was using a visual trace route on his iPad to see how many hops it took to go from Shelbyville, Tn.  to a business in Ohio.

Amazingly he went from - 

Shelbyville, TN
Murfreesboro, TN
Nashville, TN        x3
Los Angeles, Ca    x2
New Orleans, LA
Atlanta, GA
ST. Louis, MO
Atlanta, GA
Los Angeles, CA
Broomfield, IL
Newark, NJ
Munchen, Germany – That’s right Germany…
Detroit, MI
Arrived in Ohio at the Business

21 Hops - How long does it take to go this distance?  About a second.

The internet finds the fastest route.  This doesn’t always mean the shortest.   Which as you can see doesn’t mean the shortest.

tracert

 

US businesses suffered 666,000 internal security breaches

Over 666,000 internal security breaches took place in US businesses in the last 12 months, an average of 2,560 per working day, new research has revealed. The findings, revealed by IS Decisions, also found that despite this regular occurrence, only 17.5% of IT managers consider insider threats to be in their top three security priorities.

US businesses suffered 666,000 internal security breaches.

800M exposed records make 2013 record year for data breaches

While the number of incidents data loss incidents in 2012 is almost by a third bigger that that for 2013, the number of records exposed in 2013 breaches has reached a record 823 million.

800M exposed records make 2013 record year for data breaches.

Resizing your HDD partition to improve performance

Gamers and IT professionals along with home users that are power users can significantly improve HDD performance by shrinking the partitions on their HDDs.

By using the Disk Management utility in Windows you can shrink large HDDs as needed to increase performance.

How does this work?

For optimal system performance on an IIS server, you should install Windows and IIS on one drive and data on another drive.  When you install Windows, you can partition the entire drive with the full amount and use disk management to shrink the drive later OR you can give yourself enough space +30% for temp files (etc.).  By shrinking the drive, this optimizes the drive by not only placing files where they should go but allows the drive to become efficient by having only a certain amount to index and read.

The same should be done for the data drive.  You can extend the partition as data grows and space is needed.

Hopefully my math is right on the percentages…

Windows IIS Partition (Before and After)

Western Digital Black Edition WDC2002FAEX 2TB

HD Tune 5.0 (read test)      FULL 2 TB partition        Shrank to 1 TB     Increase or Decrease
Average transfer rate

80.1 MBps

119.9 MBps

34.2%

Minimum transfer rate

42.2 MBps

50.0 MBps

16.00%

Maximum transfer rate

123.4 MBps

143.1 MBps

14.8%

Burst rate

184.6 MBps

197.3 MBps

6.50%

Access time*

13.2 ms

10.1 ms

24.00%

Data Drive (Before and After)

HD Tune 5.0 (read test)      FULL 2 TB partition        Shrank to 1 TB     Increase or Decrease
Average transfer rate

94.1 MBps

113.9 MBps

17.4%

Minimum transfer rate

48.7 MBps

69.3 MBps

29.8%

Maximum transfer rate

131.4 MBps

143.3 MBps

8.3%

Burst rate

189.8 MBps

190.7 MBps

.50%

Access time*

11.2 ms

9.6 ms

14.3%

IIS using HD Tune 2.55

IIS

Data Drive using HD Tune 2.55

Data

Test your HDD Software (Freeware)

Notes:

Partitioning SSD drives will show a gain, but because of the economics behind SSDs at this time, it may not be economically feasible.  SSD drives can be optimized in other ways.

Linux and Apple drives can be optimized by partitioning.

Golden Rule – Do not use the unallocated amount.  Save it for growth or files that are not accessed often.

How to Shrink or Extend a partition