The dangers of using outdated software


 Outdated software contains security flaws which cybercriminals can use as avenues to infiltrate the corporate network.

The dangers of using outdated software.

Installing Linux Lite – A mini review

Home users that ONLY check email and use very few other programs may consider replacing their OS.   Linux has made an exceptional gain over the past several years with a Programs (Add/Remove) component and with hardware drivers.

To see just how Linux Lite stacked up other OSs, I decided to load it in Oracle’s VirtualBox.  The little over 600+mb download is comparable in size to Windows XP.  The ISO can be burned with an image burner to make a bootable CD/DVD.  Before you decide to switch, remember there are limitations to Windows software even with Wine.  Wine is a software application that allows you to run Windows programs.  Hunting around the internet you’ll find hundreds of Linux programs comparable to Windows programs.  You don’t have to look far considering the Linux repository has hundreds of programs.

After loading Oracle’s VirtualBox, simply walk through the New OS wizard, select Linux, allocate 2 GB of RAM and 8 GB of HDD space if you can.  Once you have completed this step, click on Settings and select bridge on the Network Card and load the ISO under storage.

Once you complete that step, start the OS and follow the on screen prompts.

1

(Above) – initial load screen.

2

Loading the OS into RAM

3

Load time of around two minutes for the initial screen to appear.

4

Select your language.

5

The above screen is checks to insure hardware and internet connectivity is ok.

6

Erase the hard drive.

7

Below – set your location for the time.

8

Select the keyboard layout.

9

Setup an initial user and password.

10

Copying files

11

After the installation, Restart your computer (VirtualBox)

12

Booting up from the hard disk drive.

13

Login and options.

14

The initial desktop is clean.  Don’t let this fool you.  The amount of programs and options for an internet user is excellent.

15

 

17 updates

 

Checking for updates is easy.  Simply click on the menu and select update.  Provide your login password and Linux Lite does the rest.

Printer setup

If you have a printer that supports IPP Protocol, login to the printer’s web address and Enable IPP.   The printer in our home is the Samsung SCX-3400 wireless.  An inexpensive laser printer that provides for thousands of pages with Samsung’s toner cartridge.  The printer provides hundreds of options for Windows, Apple, Linus or mobile devices.

printer

 

What programs come with Linux Lite?  Hundreds of items.  Here’s the main categories.

  • Office
  • Games  (Such as steam and others)
  • Graphics  (Gimp and more)
  • Accessories
  • Internet (email and browsers)
  • Multimedia
  • System (dozens of tools)
  • Settings

accessories Games Graphics Internet Multimedia Office settings Sharing System

 

If you ONLY use the internet and want to look into an alternate operating system.  Linux Lite may be for you.  It is easy to use, install and offers hundreds of programs.

Defending your network with Snort for Windows

SNortlogo
When you hear about Snort, the De facto of Intrusion Detection Systems, you think of Linux.  Snort offers a Windows setup and signatures that can be used with any operating system.

Snort should be a dedicated computer in your network.  This computer’s logs should be reviewed often to see malicious activities on your network.

Steps to install Snort on Windows :
1. Download Snort from the Snort.org website. (http://www.snort.org/snort-downloads)
2. Download Rules from here. You must register to get the rules. (You should download these often)
3. Double click on the .exe to install snort.  This will install snort in the “C:\Snort” folder.
It is important to have WinPcap installed
4. Extract the Rules file. You will need WinRAR for the .gz file.
5. Copy all files from the “rules” folder of the extracted folder.  Now paste the rules into “C:\Snort\rules” folder.
6. Copy “snort.conf” file from the “etc” folder of the extracted folder.  You must paste it into “C:\Snort\etc” folder. Overwrite any      existing file.  Remember if you modify your snort.conf file and download a new file, you must modify it for Snort to work.
7. Open a command prompt (cmd.exe) and navigate to folder “C:\Snort\bin” folder. ( at the Prompt, type cd\snort\bin)
8. To start (execute) snort in sniffer mode use following command:
snort -dev -i 3
-i indicates the interface number.  You must pick the correct interface number.  In my case, it is 3.
 -dev is used to run snort to capture packets on your network.

To check the interface list,  use following command:
 snort   -W
Finding an interface

You can tell which interface to use by looking at the Index number and finding Microsoft.  As you can see in the above example, the other interfaces are for VMWare.  My interface is 3.

9. To run snort in IDS mode, you will need to configure the file “snort.conf” according to your network environment.
10. To specify the network address that you want to protect in snort.conf file, look for the following line.
var HOME_NET 192.168.1.0/24  (You will normally see any here)
11. You may also want to set the addresses of DNS_SERVERS, if you have some on your network.

Example:

example snort
12. Change the RULE_PATH variable to the path of rules folder.
 var RULE_PATH c:\snort\rules

path to rules
13. Change the path of all library files with the name and path on your system. and you must change the path    of snort_dynamicpreprocessorvariable.
C:\Snort\lib\snort_dynamiccpreprocessor
You need to do this to all library files in the “C:\Snort\lib” folder. The old path might be: “/usr/local/lib/…”. you will need to    replace that path with your system path.  Using C:\Snort\lib
14. Change the path of the “dynamicengine” variable value in the “snort.conf” file..
Example:
 dynamicengine C:\Snort\lib\snort_dynamicengine\sf_engine.dll

libraries

 

15 Add the paths for “include classification.config” and “include reference.config” files.
  include c:\snort\etc\classification.config
include c:\snort\etc\reference.config
16. Remove the comment (#) on the line to allow ICMP rules, if it is  commented with a #.
 include $RULE_PATH/icmp.rules
17. You can also remove the comment of ICMP-info rules comment, if it is commented.
 include $RULE_PATH/icmp-info.rules
18. To add log files to store alerts generated by snort,  search for the “output log” test in snort.conf and add the following line:
output alert_fast: snort-alerts.ids
19.  Comment (add a #) the  whitelist $WHITE_LIST_PATH/white_list.rules and the blacklist

Change the nested_ip inner , \  to nested_ip inner #, \
20. Comment out (#) following lines:
#preprocessor normalize_ip4
#preprocessor normalize_tcp: ips ecn stream
#preprocessor normalize_icmp4
#preprocessor normalize_ip6
#preprocessor normalize_icmp6

21. Save the “snort.conf” file.
22. To start snort in IDS mode, run the following command:

snort -c c:\snort\etc\snort.conf -l c:\snort\log -i 3
(Note: 3 is used for my interface card)

If a log is created, select the appropriate program to open it.  You can use WordPard or NotePad++ to read the file.

To generate Log files in ASCII mode, you can use following command while running snort in IDS mode:
snort -A console -i3 -c c:\Snort\etc\snort.conf -l c:\Snort\log -K ascii

23. Scan the computer that is  running snort from another computer by using PING or NMap (ZenMap).

After scanning or during the scan you can check the snort-alerts.ids file in the log folder to insure it is logging properly.  You will see IP address folders appear.

Snort monitoring traffic -

traffic

Snort’s detailed report when scanning has stopped -

termination

 

Log files -

logs

 

 

Note:  Read the setup and configuration of Snort from Snort.org.  While this is a demo, Snort can be configured thousands of ways to detect and alert you in the event you have malicious activity on your network.  Downloading signatures often is extremely important

Cannot update Windows 7 with Service Pack

Windows 7 SP1 is a necessary critical update that should be applied when reinstalling or updating Windows.  You may run into errors when applying this service pack.  During the update, the update may stall or revert changes.  What should you do?

Be Patient – The installation failure or reverting changes may take up to an hour or more.

  • Boot into Safe Mode with networking (Reboot hit F8 several times and select Safe Mode)
    • Be patient this can take an hour or more during the reverting process
    • Once in Safe Mode with networking, disable all antivirus software – Look for other antivirus software programs that may have been installed at an earlier date and remove these (You may have to use removal tools from the vendor).  Also look for any old installations of other anti-virus software or malware tools under c:\program files\any old anti-virus software.  Remove these with Programs and Features (Add/Remove Software) if possible.
  • Rename the SoftwareDistribution folder under C:\Windows\SoftwareDistribution to C:\Windows\SoftwareDistributionold
  • Delete any files under C:\Windows\Temp and C:\Temp
  • Download Tweaking from here
    • Select all repairs and reboot (This may take 20 minutes to 1 hour)
  • Download the System Update Readiness Tool from here
    • Run this Tool
  • Download Windows 7 SP1 (Full Download) from here 

Why Tweaking All-in-one?
Reset Registry Permissions
Reset File Permissions
Register System Files
Repair WMI
Repair Windows Firewall
Repair Internet Explorer
Repair MDAC & MS Jet
Repair Hosts File
Remove Policies Set By Infections
Repair Icons
Repair Winsock & DNS Cache
Remove Temp Files
Repair Proxy Settings
Unhide Non System Files
Repair Windows Updates
Repair CD/DVD Missing/Not Working
and more…

Capture

How to guard your wireless network and see intruders

100% credit goes to Bill Mullins for sharing this information. (BillMullins.wordpress.com).

Softperfect has some of the best freeware for Windows.   With Netscan you can see devices on your network and find information about the  devices.  Now with their software “WiFi  Guard”, you can use a device on your network and find the devices that are attached to it.

While you should take precautions to secure your wireless network, is someone accessing your network without your knowledge?

Installation is fast and easy.  Simply follow the wizard and make sure you run the software at startup.

Scan

Once you install the software, select the adapter and scan your network.  Next double click on known devices and select “I know this device.”  Let the software run and periodically scan your network.   If you find a device connecting to it,   locate the device and remove it from the network or take action to prevent unknown devices from connecting.

I Know

The software is designed to run on Apple, Windows or Linux.

Note: The above pic is from a lab environment and the addresses and macs do not represent real machines or a production environment.

Protecting your network by pen testing it

This post is for educational purposes and any use of these tools against a network without explicit permission could be illegal.   Metasploit is designed to identify weaknesses in networks and hardware/software on a network.  Do NOT use metasploit for other reasons.

Want to protect your network and the computers in your network?  You can get updates for your operating systems (Linux, Mac, iOS, Android, Windows or whatever) along with updates for third party programs yet you can still be unsecure.    When updating these products, you also have to remember firmware and updates for wireless devices, access points, bridges, firewalls, routers, switches, SCADA devices, robots, mobile devices, printers and any device on your network.

Metasploit

http://www.metasploit.com/download/

Metasploit Community is free and allows for a free scan of your network or server. Although limited (Try Pro for details and Brute Force), Metasploit Community is a first step in finding open services and ports on your operating system, hardware devices such as routers and other devices.   The trick to installing Metasploit is to disable your antivirus or make exceptions to what your antivirus finds.   You should truly install the software inside of a VM (Virtual Machine) so that your computer remains protected.

You can use Metasploit to protect your network by ‘seeing’ what a hacker or malicious person would see.  Truly for network professionals and auditors, this software can help you identify services, ports and weaknesses in your network.

There are several versions of Metasploit – Community, Pro, Express and Framework (Compare Editions)

Metasploit     Metasploit Two

Metasploit Scan Complete     metasploit Hosts

Metasploit Services After Scan

The above scan was in a controlled lab.  Malicious scanning of networks may be illegal.  Read  Penetration Basics on Metasploit’s website.

Tutorials (Videos)

Office 2013 Problems? Use Microsoft Office Configuration Analyzer Tool 1.1

Installation problems with Office 2013?  Check out the Microsoft Office Configuration Analyzer Tool.  This tool can be used to help you analyze problems with your installation.  Download it here from Microsoft.

Office Analyzer

Office Scan

 

Scanning

 

 

 

 

 

Check a process – Can you trust it? Use CrowdInspect

CrowdInspect by CrowdStrike uses resources such as WOT,  VirusTotal  and Team Cymru’s Malware to check a running process.   This allows you to see if the process may be malicious or not.   The DNS information about any connections is also listed to let you determine if a process that is running should be looked into.

Crowd Inspect

What should you do with an old computer? Create a home router/firewall!

ITX-motherboards can often be found in older computers from garage sales or thrift stores.  What is the practical use for these motherboards or older computers?

Here’s a small project that involves protecting your home.

After finding an ITX motherboard and gathering extra parts from broken laptops and computers, this project will put the software SMOOTHWALL Express onto the computer to make a mini firewall.  Total cost?

  • $22 250watt power supply
  • $5 Gearhead mini keyboard

0306141659a

Base processor
Athlon 64 X2 (B) 5400+ 2.8 GHz (65W)
800 MHz front side bus
Socket AM2

Chipset
GeForce 9100

Motherboard

  • Manufacturer: Pegatron
  • Motherboard Name: APX78-BN
  • HP/Compaq motherboard name: Nutmeg-GL6E

Power supply
250W

Memory
240 Pin DDR2 PC2-6400 MB/sec
4GB
Hard drive
120 GB SATA 6G (6.0 Gb/sec)
7200 rpm

Video Graphics

Integrated on motherboard (NVidia 9100)

Sound/Audio
High Definition 6-channel audio
ALC 888S chipset

Network (LAN)
Integrated 10/100 Base-T networking interface
Added Broadcom wireless to create a wireless router

External I/O ports connections – 6  USB

Expansion slots

PCI Express mini card socket – added Broadcom Wireless
PCI Express x16
PCI Express x1

Additions-

  • 2″ Fan for Chipset

In the video below, HAK5 shows just how to make a motherboard like this into a nice home router/Firewall.

Boot to Safe Mode and Last Known Good Configuration – Windows 8

If you have Windows 8, do yourself a favor and enable legacy boot to troubleshoot the OS.

Open a command prompt as an administrator -

Type the following -
bcdedit /set {default} bootmenupolicy legacy
You can now reboot and hit F8 to troubleshoot your computer….

Thrift stores -an Internet and computer goldmine

Thrift stores and yard/garage sales can become a goldmine for computer geeks.  You have to know your technology and how to upgrade the device – and you have to truly know the value of a device/computer you stumble on.  Here’s an example -

The D-Link Dir-601 is a home router that lacks many features of other Wireless N routers.   This $60 router lacks MIMO antennas and has a throughput of about 65 -150 mbps.  However, the router can be upgraded to DD-WRT and dozens of features are added to this little router including power settings, virtual wireless, IPv6, QoS and more.

Dir-601

Amanda picked one up for the class for $1.99.   A real bargain for anyone.  So what can you get for $20 ?

D-Link, Belkin, Hawking, Linksys (WRT-54g), Cisco 150  - Most of which can take alternate firmware.

2310 Belkin Hawking wrt54g WRT120N

How about a cool project with a Pegatron motherboard so you can make a hardware firewall (Picked up for $0) -it included a quad core AMD processor and fan and 2 Gb of Ram.  Add a laptop hard drive, a 220 watt power supply and Smoothwall firewall to create a tiny firewall that protect you from malicious activity.   Total investment – $22.  I have a hard drive from Amanda’s old computer and ordered the power supply from Amazon.

Motherboard

Speaking of Firewalls – How about a Netgear FVS328 VPN firewall for the home.  Although it has reached EOL, $1.99 and uploading the latest firmware will still add extra protection to your home.

prosafe

Learn cloud computing with Rackspace’s CloudU

Ever wonder what cloud computing is?  Rackspace has an excellent program that you can take for free.   Cloud University offers ten detailed modules along with a exams for each module.    A final exam reviews each of the modules and with a score of 80% you can earn a certificate in cloud computing from Rackspace’s CloudU.   This detailed program is the work of Ben Kepes.   Ben is the curator of CloudU.    Through his arduous work, you can download a detailed curriculum, listen to webinars and take exams as many times as you need to in order to understand cloud computing.    In today’s  world of virtualization and cloud computing, Rackspace leads the pack by educating anyone who wants to learn about these exciting technologies.

After contacting Rackspace so that my students could benefit from the cloud university curriculum as a supplement.   I was met with open arms and personally talked with Greg Alfaro, Michael Ferranti and Ben Kepes either by phone or email.     Ben sent us this video as a statement.    (Thank you Ben!)

Confused about the cloud? Have no fear, CloudU is here. Whether you are simply searching for more information about cloud computing, or are looking to boost your resume with a formal certificate, Rackspace Cloud University, known as CloudU, is for you. CloudU is a vendor-neutral cloud computing curriculum designed by industry analyst Ben Kepes. It’s also completely free.

The extensive CloudU library and certificate program contain all that you need to learn how to take advantage of the biggest technology innovation since the Internet.     Boost Your Resume. Gain New Skills. Enroll in CloudU Today.

“CloudU is an excellent resource for anyone wanting to learn about Cloud Computing. As an instructor of information technology, the certificate provides a great learning tool for the planning, deployment and logistics behind cloud computing.”    ~ Ben Kepes