OPSWAT Gears – Manage your devices’ security remotely

Have mobile devices, servers and need to monitor these devices remotely?  OPSWAT Gears allows you to monitor your computers remotely – update antivirus software, discover compromised devices, manage threats and more.

MySQL Wworkbench – manage your MySQL installation

If you are a beginner or an expert, MySQL Workbench is a must have if you have installed MySQL.  The community edition allows you to Start/Stop your MySQL instance, write queries, monitor performance and has dozens of other features.

With MySQL, the my.conf file normally found in Linux installs is the my.ini file.  This configuration file can be found under the ProgramData folder (you have to show hidden files in Windows Explorer to see it).   This file can be configured using MySQL Workbench.   If you get an error connecting to it, go to the server instance and navigate to the my.ini file.   This is a common error when reading the configuration file.

WorkBench Status

Other features -

SQL Editor – SQL Code Completion, SQL Code Formatter, SQL Syntax Highlighting, SQL Code Generation, SQL History, SQL Snippets, Server-Stop/Start, Server Status, Performance and more.

WorkBench One

 

 

Free-Windows Server 2012 R2 Technet Document -7970 pages

Want to know how to be an administrator of Windows Server 2012 R2?  This 7900+ page document has everything you want to know about Microsoft’s latest server.  Included in this massive manual is-

  • Technical Scenarios
  • Install and Deploy Windows Server
  • Migrate Roles and Features to Windows Server
  • Secure Windows Server
  • Manage Privacy in Windows Server
  • Support and Troubleshoot Windows Server
  • Server Roles and Technologies
  • Management and Tools for Windows Server

Download Microsoft Windows Server 2012 R2 and Windows Server 2012 TechNet Library Documentation here.  111 mb

Microsoft also offers free virtual labs (Virtual Microsoft Server from your browser).  Coupled with this 7900+ page manual, this is an excellent resource to learn Windows Server 2012.

If you want to print this, it will take approximately 16 reams of paper and 3.25 high capacity laser toner cartridges.  Of course once you print it, you’ll have your first 32″ wide book.

Windows Hotfix Rollup with 90 updates for Windows 7 and Server 2008

The Microsoft Update may show that your computer is up-to-date but you may be able to improve system stability and performance with these 90 updates for Windows 7 and Server 2008 with a hotfix that was released earlier in 2013.  

This enterprise hotfix fix WebDAV, DFSN client, Folder Redirection, Offline Files and Folders, SMB client, Redirected Drive Buffering Subsystem, Multiple UNC Provider, SMB Service, TCP protocol components (Network Performance), processing of Group Policies, Group Policy preferences, helps to reduce network load and domain load, WMI and more.

Information on the hotfix is here – (http://support.microsoft.com/kb/2775511/en-us)

Where do you get the hotfix?  The hotfix can be downloaded here.  You MUST use Internet Explorer to apply the hotfix.  The hotfix from the Windows Update Catalog requires you to install components to download the files of your choice.

Microsoft Update Catalog

 

Install

 

Available updates

 

Progress

 

After downloading the update, you will need to double click the installation file and after the hotfix is applied, you must restart your computer.

How reliable is your Windows 7 computer?

You can use these command line tools to take a quick short-cut to your reliability monitor and other performance tools.

perfmon /rel  

Lets you review your computer’s reliability and problem history.

perfmon /report

Collects performance data for 60 seconds and then generates and displays a system diagnostics report.

My laptop shows the network card (LAN) as being disabled.  (Thus showing a fail – I use wireless)  This report gives stats across your OS and hardware.

perfmon /res  This opens your resource monitor and allows you to see comprehensive data about your system.

Security Onion- IDS, NSM, and log management

What if you want an IDS system that monitors malicious activities and provides you with logs (Network Security Monitoring) and graphs to help protect your network?  And what if you want an easy setup that provides you with information that will help you – something with a GUI interface?   Security Onion can provide you with the defacto IDS system – Snort, Squert and a ton of other tools to help you.  While there are options, Security Onion offers the choice of Snort (http://snort.org/) or Suricata (http://suricata-ids.org/).

The setup below shows a test system using VMWare with 2 processors and 2 Gb of RAM if you want to try it out.   While the bare minimum is suggested to be 3 Gb, a production environment should have 8- 128 Gb of RAM, a ton of hard drive space for logs and two network cards.  One network card for management and one to sniff.

Security Onion’s ISO can be downloaded from SourceForge.   While there is a ton of how-tos on the internet about Security Onion, there is a great deal of information on there blog located here.

Here’s a simple setup I did at home to try out Security Onion.  Using VMware’s Player (non-commercial use).  If you plan on trying Security Onion or deploying it in a production environment, you should use the commercial version or have a system that supports the minimum requirements.

menuinstallliveLive Runninginstalling rullinstalling driveinstalling drive erase  Installing files after time keyboard finished

 

Once you restart, you’ll need to run setup again to enter an email address for squert and setup a password. Once this is done, you can open the shortcuts on the desktop or use your host computer to login. Once this is complete, login to Snorby’s url.

While snort is running, Snorby will present a dashboard.  You may be surprised to see no threats once you login.  You can expedite this process by running NMap (Zenmap against the virtual machine) if you want to see threats.

What is Snorby? “ Snorby is a web application interface to view, search and classify Snort and Suricata alerts and generate various types of reports, such as most active IDS signatures, most active sensors, and top source and destination IP addresses.”  more information.
2 snorby

Once you run NMap, click on More Options in the right corner and update the Cache

2a cache update

Give Security Onion just a few seconds and refresh the screen.  You’ll see the events logged.  This will visually show you not only how  many threats were ‘ seen’ on the network but will categorize and graph them.

3 snorby 3 severity

Clicking on the events will show each event and give you the option to categorize unknown threats or to reclassify threats.
4 nmap to test

Logging in to Squert allows you to see threats along with maps and information from threats.

5 squert

Squert map

ELSA – allows you to query and look for information.

6 Elsa

What does NMap show when Security Onion is scanned?

7 is it logging

 

 

 

Introduction to Security Onion

Security Onion Blog

 

Microsoft Surface Pro-ready for manufacturing, business and industry

The Microsoft Surface Pro has proven to be versatile in the workplace.  Mr. Arnold our Industrial Maintenance instructor uses the Microsoft Surface Pro to connect to nearly a hundred PLCs, motors, robots and other industrial components.

So why is this tablet perfect for business and industries?

100_3087

External DVD Attached through USB port

100_3088

USB EasyLINK to transfer files from one computer to another

100_3091

The Windows below shows the USB EasyLINK software (loaded on the USB device)

100_3090100_3093

100_3094

Many industrial components require a floppy disk drive – (Above and Below)

100_3092

What if you need to expand your USB with a USB hub or two?

100_3095

100_3097100_3096

IT personnel can attach a Wireless Spectrum Analyzer or multiple wireless cards for site surveys or other wireless needs.

100_3099

 

100_3103100_3101   100_3100100_3102

Four Wi-Fi Nic cards shown above

100_3104

Multitasking (above)

100_3105

Joining a domain (above)

100_3106

100_3107

Connect an external drive, card reader or multiple USB drives at the same time.

Use all of your Windows based software…now why was the Surface a bad idea?  It’s not…

Installing Linux Lite – A mini review

Home users that ONLY check email and use very few other programs may consider replacing their OS.   Linux has made an exceptional gain over the past several years with a Programs (Add/Remove) component and with hardware drivers.

To see just how Linux Lite stacked up other OSs, I decided to load it in Oracle’s VirtualBox.  The little over 600+mb download is comparable in size to Windows XP.  The ISO can be burned with an image burner to make a bootable CD/DVD.  Before you decide to switch, remember there are limitations to Windows software even with Wine.  Wine is a software application that allows you to run Windows programs.  Hunting around the internet you’ll find hundreds of Linux programs comparable to Windows programs.  You don’t have to look far considering the Linux repository has hundreds of programs.

After loading Oracle’s VirtualBox, simply walk through the New OS wizard, select Linux, allocate 2 GB of RAM and 8 GB of HDD space if you can.  Once you have completed this step, click on Settings and select bridge on the Network Card and load the ISO under storage.

Once you complete that step, start the OS and follow the on screen prompts.

1

(Above) – initial load screen.

2

Loading the OS into RAM

3

Load time of around two minutes for the initial screen to appear.

4

Select your language.

5

The above screen is checks to insure hardware and internet connectivity is ok.

6

Erase the hard drive.

7

Below – set your location for the time.

8

Select the keyboard layout.

9

Setup an initial user and password.

10

Copying files

11

After the installation, Restart your computer (VirtualBox)

12

Booting up from the hard disk drive.

13

Login and options.

14

The initial desktop is clean.  Don’t let this fool you.  The amount of programs and options for an internet user is excellent.

15

 

17 updates

 

Checking for updates is easy.  Simply click on the menu and select update.  Provide your login password and Linux Lite does the rest.

Printer setup

If you have a printer that supports IPP Protocol, login to the printer’s web address and Enable IPP.   The printer in our home is the Samsung SCX-3400 wireless.  An inexpensive laser printer that provides for thousands of pages with Samsung’s toner cartridge.  The printer provides hundreds of options for Windows, Apple, Linus or mobile devices.

printer

 

What programs come with Linux Lite?  Hundreds of items.  Here’s the main categories.

  • Office
  • Games  (Such as steam and others)
  • Graphics  (Gimp and more)
  • Accessories
  • Internet (email and browsers)
  • Multimedia
  • System (dozens of tools)
  • Settings

accessories Games Graphics Internet Multimedia Office settings Sharing System

 

If you ONLY use the internet and want to look into an alternate operating system.  Linux Lite may be for you.  It is easy to use, install and offers hundreds of programs.

AlphiMAX PTP Estimator provides an excellent way to align your wireless antennas

Need an excellent program to estimate your wireless bridges from building to building?  AlphiMAX provides an excellent online program to estimate your wireless links.

Sign up is easy and fast.  The PTP Estimator requires that you have the Latitude and Longitude of both buildings.  You can get an estimated Lat. and Long. from Google maps.  Find your location on Google maps (you should use a GPS) and right click on the location you want then select “What’s here?” .    This will provide the numbers you need.  Remember, it is best to use a GPS on each site where you intend to erect an antenna.

PTP Estimator

You can also search for a location by name by clicking the area in the center of the online application.  icon

Once you have the Lat. and Long., enter the numbers at the top of the online application.  Click Estimate.

Entering LatandLong

The interface will show you the terrain, Antenna height, compass information, Fresnel Zone Clearance, approximate altitude,  along with product information they provide.

Aligned

 

The estimator also offers a 3D view of your project if you have an active subscription.

AlphiMAX Company Overview
AlphiMAX provides products to help you with your wireless needs.

Defending your network with Snort for Windows

SNortlogo
When you hear about Snort, the De facto of Intrusion Detection Systems, you think of Linux.  Snort offers a Windows setup and signatures that can be used with any operating system.

Snort should be a dedicated computer in your network.  This computer’s logs should be reviewed often to see malicious activities on your network.

Steps to install Snort on Windows :
1. Download Snort from the Snort.org website. (http://www.snort.org/snort-downloads)
2. Download Rules from here. You must register to get the rules. (You should download these often)
3. Double click on the .exe to install snort.  This will install snort in the “C:\Snort” folder.
It is important to have WinPcap installed
4. Extract the Rules file. You will need WinRAR for the .gz file.
5. Copy all files from the “rules” folder of the extracted folder.  Now paste the rules into “C:\Snort\rules” folder.
6. Copy “snort.conf” file from the “etc” folder of the extracted folder.  You must paste it into “C:\Snort\etc” folder. Overwrite any      existing file.  Remember if you modify your snort.conf file and download a new file, you must modify it for Snort to work.
7. Open a command prompt (cmd.exe) and navigate to folder “C:\Snort\bin” folder. ( at the Prompt, type cd\snort\bin)
8. To start (execute) snort in sniffer mode use following command:
snort -dev -i 3
-i indicates the interface number.  You must pick the correct interface number.  In my case, it is 3.
 -dev is used to run snort to capture packets on your network.

To check the interface list,  use following command:
 snort   -W
Finding an interface

You can tell which interface to use by looking at the Index number and finding Microsoft.  As you can see in the above example, the other interfaces are for VMWare.  My interface is 3.

9. To run snort in IDS mode, you will need to configure the file “snort.conf” according to your network environment.
10. To specify the network address that you want to protect in snort.conf file, look for the following line.
var HOME_NET 192.168.1.0/24  (You will normally see any here)
11. You may also want to set the addresses of DNS_SERVERS, if you have some on your network.

Example:

example snort
12. Change the RULE_PATH variable to the path of rules folder.
 var RULE_PATH c:\snort\rules

path to rules
13. Change the path of all library files with the name and path on your system. and you must change the path    of snort_dynamicpreprocessorvariable.
C:\Snort\lib\snort_dynamiccpreprocessor
You need to do this to all library files in the “C:\Snort\lib” folder. The old path might be: “/usr/local/lib/…”. you will need to    replace that path with your system path.  Using C:\Snort\lib
14. Change the path of the “dynamicengine” variable value in the “snort.conf” file..
Example:
 dynamicengine C:\Snort\lib\snort_dynamicengine\sf_engine.dll

libraries

 

15 Add the paths for “include classification.config” and “include reference.config” files.
  include c:\snort\etc\classification.config
include c:\snort\etc\reference.config
16. Remove the comment (#) on the line to allow ICMP rules, if it is  commented with a #.
 include $RULE_PATH/icmp.rules
17. You can also remove the comment of ICMP-info rules comment, if it is commented.
 include $RULE_PATH/icmp-info.rules
18. To add log files to store alerts generated by snort,  search for the “output log” test in snort.conf and add the following line:
output alert_fast: snort-alerts.ids
19.  Comment (add a #) the  whitelist $WHITE_LIST_PATH/white_list.rules and the blacklist

Change the nested_ip inner , \  to nested_ip inner #, \
20. Comment out (#) following lines:
#preprocessor normalize_ip4
#preprocessor normalize_tcp: ips ecn stream
#preprocessor normalize_icmp4
#preprocessor normalize_ip6
#preprocessor normalize_icmp6

21. Save the “snort.conf” file.
22. To start snort in IDS mode, run the following command:

snort -c c:\snort\etc\snort.conf -l c:\snort\log -i 3
(Note: 3 is used for my interface card)

If a log is created, select the appropriate program to open it.  You can use WordPard or NotePad++ to read the file.

To generate Log files in ASCII mode, you can use following command while running snort in IDS mode:
snort -A console -i3 -c c:\Snort\etc\snort.conf -l c:\Snort\log -K ascii

23. Scan the computer that is  running snort from another computer by using PING or NMap (ZenMap).

After scanning or during the scan you can check the snort-alerts.ids file in the log folder to insure it is logging properly.  You will see IP address folders appear.

Snort monitoring traffic -

traffic

Snort’s detailed report when scanning has stopped -

termination

 

Log files -

logs

 

 

Note:  Read the setup and configuration of Snort from Snort.org.  While this is a demo, Snort can be configured thousands of ways to detect and alert you in the event you have malicious activity on your network.  Downloading signatures often is extremely important

How to guard your wireless network and see intruders

100% credit goes to Bill Mullins for sharing this information. (BillMullins.wordpress.com).

Softperfect has some of the best freeware for Windows.   With Netscan you can see devices on your network and find information about the  devices.  Now with their software “WiFi  Guard”, you can use a device on your network and find the devices that are attached to it.

While you should take precautions to secure your wireless network, is someone accessing your network without your knowledge?

Installation is fast and easy.  Simply follow the wizard and make sure you run the software at startup.

Scan

Once you install the software, select the adapter and scan your network.  Next double click on known devices and select “I know this device.”  Let the software run and periodically scan your network.   If you find a device connecting to it,   locate the device and remove it from the network or take action to prevent unknown devices from connecting.

I Know

The software is designed to run on Apple, Windows or Linux.

Note: The above pic is from a lab environment and the addresses and macs do not represent real machines or a production environment.

Protecting your network by pen testing it

This post is for educational purposes and any use of these tools against a network without explicit permission could be illegal.   Metasploit is designed to identify weaknesses in networks and hardware/software on a network.  Do NOT use metasploit for other reasons.

Want to protect your network and the computers in your network?  You can get updates for your operating systems (Linux, Mac, iOS, Android, Windows or whatever) along with updates for third party programs yet you can still be unsecure.    When updating these products, you also have to remember firmware and updates for wireless devices, access points, bridges, firewalls, routers, switches, SCADA devices, robots, mobile devices, printers and any device on your network.

Metasploit

http://www.metasploit.com/download/

Metasploit Community is free and allows for a free scan of your network or server. Although limited (Try Pro for details and Brute Force), Metasploit Community is a first step in finding open services and ports on your operating system, hardware devices such as routers and other devices.   The trick to installing Metasploit is to disable your antivirus or make exceptions to what your antivirus finds.   You should truly install the software inside of a VM (Virtual Machine) so that your computer remains protected.

You can use Metasploit to protect your network by ‘seeing’ what a hacker or malicious person would see.  Truly for network professionals and auditors, this software can help you identify services, ports and weaknesses in your network.

There are several versions of Metasploit – Community, Pro, Express and Framework (Compare Editions)

Metasploit     Metasploit Two

Metasploit Scan Complete     metasploit Hosts

Metasploit Services After Scan

The above scan was in a controlled lab.  Malicious scanning of networks may be illegal.  Read  Penetration Basics on Metasploit’s website.

Tutorials (Videos)