TackyCorp.com

This is the first post in a series of Server Security, about how to harden the server security.
There is a couple of things you should be aware of when dealing with server security, such as

• Antivirus
• Firewall
• User Rights
• Sharing and Permissions
• Services
• Logging
• Updates

And so on. This tutorial will focus on the “logging” part of the security aspect.

Since you should never assume that your system is secure, because nothing is secure. You must assume that the logging on your computer is doing its job.

The three steps to harden the security with logging is,

1. Log the data
2. Analyze the data
3. Fix any issue with the problem(s) that occur.

One logger that I have used for a while is SPLUNK a fantastic indexing system.

I have all my computers, switches, access points and routers to log against my SPLUNK server.
Splunk works by indexing the data that is sent to it. By setting up simple rules and timed searches, you can set it up so it sends you warnings, alerts and other messages depending on what it finds.

Looking at logs has never been more easier.

To download Splunk click here, or just go to http://splunk.com. There you will find general information on how to install it for your system. I always use a LINUX driven operative system when installing Splunk. Just because it works best.

I am not going to write a guide on how to install splunk, or how to send data to it. Because there are thousands of posts on that subject. But if you want me to guide you to one, click here

Search

This assumes you have installed SPLUNK and managed to send some data to it.

Search is a great app to begin with, it does exactly what it says. It searches trough the indexed data.
Something you will notice right away is the simple search bar, with absolutely no technicality at all about it. You simple write what you are looking for, and it shows all the results for that given type.

Then comes the time to use the filtering option. Be sure to filter trough your data so you don’t get to much at the time, because that is just a pain in the byte.

Let us create a scenario, for instance say you are looking to see when a specific user logged on to the network, or if there is a mac-address you don’t know who it belongs to. Say that our “specific” person is named John.

All you need to do is write is his name in the search field.

So all you need to write is,

John

OR

name="John"

OR

login John

Is it not cool? What you can do with so little? Now let us take on an even greater challenge, let us say you have had some couple of problems on your network recently, and you don’t know why. For the sake of this post, let us say you have an intruder on your network.

I have a couple of HP Switches and Linux driven routers with good logging features. Make sure that your network equipment is correctly configured, and that they are logging “EVERYTHING”. 

All you need to write in SPLUNK is,

MAC-ADDRESS

OR

PHYSICAL ADDRESS

OR

HW_ADDRESS

With this search you will get every physical address on your network. Be sure to write down your physical address for your network equipment, computers and every other gadget you own that is connected to the internet.

This truly depends on the way your network equipment logs the physical address.

Does this seems a bit to much, just to look up the physical address every time? The answer is yes.

The best thing with splunk is that you can save searches, and schedule searches.

So you simply need to write in the search query once, and exclude all of  your own physical addresses, then save it for later. You can read much more about how to use splunk if you go to “Getting Started” when you are logged in to the splunk web.

I also suggest you to look at all the apps that are available for splunk. There is everything from pinpointing the location of a user, to making grocery lists.

Some Tips

• Always be sure to make the syslog server secure. Having it on a virtual machine or a separate machine in the corner of your room is preferred. Or if you are lucky, use on of those lovely servers in your server rack.
• Be sure to stay informed on your equipment, then you know if there is something wrong or if there is some bug fixes you should do. Such as subscribing to RSS feeds about [YOUR EQUIPMENT] and the software you are using.
• Make sure that your computers and network equipment logs everything.
• Read the logs carefully, if you find something that catches your eye. Save it as a search.

Suggestion

I suggest using Splunk and Nagios together. That gives the best experience when dealing with both network and logging.

That is it for this post in the Server Security Series. Next time, I will be showing you how you can use Group Policy to push out network passwords, and how to setup Sharing the right way.

If there is anything I have missed or something you would like to say, please comment below.

Until next time’
Morten Haugstad

I am going to publish a series of code fuzz puzzles and weird ways on solving them(Like thinking out of the box, kinda way).

But CodeFuzz will not only be challenges and so on. It will be me posting funny code snippets, programming news and soo much more.

I can’t wait to show, what I have in my sleeve for you guys.

Languages:

• C++
  • I will mainly be using C++, for  all my programs. But I will be making them in Java and PHP to.
• Java
  • Java is great in showing how simple games can be made. So game making theory using Java.
• PHP
  • PHP is such a flexible server side language. Going to use PHP for all sort of login systems.

Main Focus:

• Increase my own experience in communicating with other people using code.
• Increase the quality of my code. From the “critics to quality” model.
• Make a fun environment for people who wish to learn more about programming and the computer structure.
• Bring fun and entertaining code news.
• Debugging.

Follow Along:

I am not much of a “video” making guy when it comes to programming. But I will give it a try. Maybe give myself some free-space when it comes to increasing the learning level.

But if you just want to follow along from start to finish, you will need some tools.

A great developer once said: You are only as good as the tools you have.
A greater developer once said: You are only as good as the tools you have created by yourself.

But we all gotta start somewhere, so here is a little list:

• Windows:
  • C++ : When programming in a Windows environment there is nothing better then the “VISUAL STUDIO”. But since it is not free to download, I suggest grabbing one at THE place where those PIRATE scum bags are, you know? Just left at the BAY.
  • Or just download the Express Edition of C++ 2010 HERE, HERE or HERE…
  • JAVA : There is just one program that satisfies your every need. ECLIPSE!
  • Download Eclipse HERE
  • PHP : When writing PHP, I suggest using the Notepad++ Editor.
  • Download Notepad++ HERE

• MacOSX:
  • C++ : You’ve got two choices(From my taste, and point of view), Xcode or using the terminal(g++/gpp).
  • Download Xcode HERE
  • JAVA : There is just one program that satisfies your every need. ECLIPSE!
  • Download Eclipse HERE
  • PHP : TextWrangler is absolutely perfect.
  • Download TextWrangler HERE

• LINUX:
  • C++ : You’ve got two choices(From my taste, and point of view) Terminal Compiling G++ or Code::Blocks.
  • Download Code::Blocks HERE
  • JAVA : There is just one program that satisfies your every need. ECLIPSE!
  • Download Eclipse HERE
  • PHP : Any text formatting will do just fine. I just use “vim” and upload them to my web server.

Super Tip: Get to know your environment. Read guides and join several forums everywhere.

If you have any ideas, or if there is something I have forgot to mentioned? Use the comment field below.

Until next time,
Morten Haugstad

Once a year there comes a time, when special events such as the Consumer Electronics Show takes its tour.

There are just so many new and exciting gadgets, televisions, cellphones, and electronic driven devices. That within an instant you understand how far we have come, in the technological era.

But this time there is something special, Microsoft is attending for the last time.
Read the rest of this entry

Ever heard about the deep web? or the dark side, the opposite of good? The Internet has one to.

We define and separate the two sides of the web, by using the names; surface web, and deep web.

A more simple illustration.

The one thing you must be aware of, is that there are lots of crazy shit down there. I mean it, there are shit loads of crazy ass shit down there.

But some facts are always welcome, so let me explain a few things about it. Some facts that could seem fairly exaggerated, but they are so true;

• Public information on the deep Web is currently 400 to 550 times larger than the commonly defined World Wide Web.
• The deep Web contains 7,500 terabytes of information compared to 19 terabytes of information in the surface Web.
• The deep Web contains nearly 550 billion individual documents compared to the 1 billion of the surface Web.
• More than 200,000 deep Web sites presently exist.
• Sixty of the largest deep-Web sites collectively contain about 750 terabytes of information — sufficient by themselves to exceed the size of the surface Web forty times.
• The deep Web is the largest growing category of new information on the Internet.
• Deep Web sites tend to be narrower, with deeper content, than conventional surface sites.
• Total quality content of the deep Web is 1,000 to 2,000 times greater than that of the surface Web.
• Deep Web content is highly relevant to every information need, market, and domain.
• More than half of the deep Web content resides in topic-specific databases.
• A full ninety-five per cent of the deep Web is publicly accessible information — not subject to fees or subscriptions.

So as you can see, there are lots of information on the Deep Web that you’d like to get your hands on.

But be aware, it is not illegal to enter the Deep Web, but there is “stuff” down there, that are considered “illegal”. So follow your countries law, before, while and after you have entered the deep web.

What lies beneath the surface is a who’s who of hackers, scientists, drug dealers, astronomers, assassins, physicists, revolutionaries, Government officials, Police, Feds, terrorists, perverts, data miners, kidnappers, sociologists, etc. As you can tell, the party goes across the entire moral spectrum.

To sum it up, it’s basically a private section of server space to share data off record. All that wiki leaks stuffed that leaked a couple months back? That’s been on deep web for years. Ever seen a movie and see the bad guy or hacker loggin’ into some weird looking private server? that’s all real. Generally, terrorist networks, spy agencies, drug dealers, assassins-for-hire, and those looking for child porn lurk around those parts. There’s a Hidden Wiki, there, and on the wiki they’re categories of links. There are things like blogs, forums (from normal to revolutionary to blatantly illegal), Tor-enabled instant messaging and chat, anonymous file hosting, anonymous financing, anonymous tipping and information exchanges, information on computer security/anonymity, info on warez/cracks/hacking, all the books, music, movies you can possibly imagine, even links to sports betting and trade information, links to international drug markets, prostitution rings, assassin markets, black market products, child pornography, Some of societies most deviant people use this network. Not just those that browse the sites on there but also those who create it and manage them..and it’s almost impossible to find either of the offenders.

I suggest you to read a little about the deep web, tor-network, and .onion network.

Here, you can read up more about the deep web: http://en.wikipedia.org/wiki/Deep_web

This has information on what the .onion network is and how it works: http://en.wikipedia.org/wiki/.onion

Here is where you can read up on TOR: http://en.wikipedia.org/wiki/Tor_(anonymity_network)

But before you take the tour down to the Deep Web, you will need to secure yourself first.

1. Download FIREFOX
2. Downoload https://www.torproject.org/
3. Before continuing, read below.

There is something called the check-list(The things you do before entering the deep web, obviously), that you should go trough step by step.

1. Make sure you have all the latest security updates installed on your computer.
2. Unplug web cams, external microphones and so on.
3. Make sure you have a working Firewall(It helps if you have experience with setting up rules yourself. But windows firewall works..)
4. Make sure you have a fully functioning Anti-Virus, and it has all the latest updates.
5. If you can, use somebody else’s Internet connection(Either trough wifi, or wire-tap)

Keep in mind that Tor is not 100% anonymous. Multiple proxies are needed in addition to tor, I’d disable javascript, cookies, temp data, and any other types that could be exploited while being down there. 

Then you can access the Deep Web.

*When you have done all the things above, and you have gained access to the .onion network, I suggest you read the hidden wiki: kpvz7ki2v5agwt35.onion *

Just remember; Security is not defined by how secure you are at all times, it is defined by how long it takes you to take back control.

So read, don’t be foolish. Walk before you run.

Stay safe. Until next time
Morten Haugstad

Many of you might now a thing or two about protocols, let me try to explain the TCP/IP family(standards) to you.

Disclaimer: I will be using examples, and  descriptions used by i.e: W3Schools.com, and literature such as; Counting bytes, Network Security – Principles and Practice.

I have always needed to learn everything by myself, therefor I have read lots of books, and gone trough a lot of tutorials in my time. But my guess is that I will never stop doing so.

If you want to go in dept of what we are going to discuss here today, you can read the book : Network Security – Principles and Practice, under the section Protocol Design.

What is an Protocol?

Imagine the number of people communicating in the world, the number of different languages they use, the number of different machines they use, the number of ways in which they transmit data and the different software they use. We would never be able to communicate worldwide if there were no ‘standards’ governing the way we communicate and the way our machines treat data. These standards are sets of rules.

There are rules governing how data is transferred over networks, how they are compressed, how they are presented on the screen and so on. These set of rules are called protocols. There are many protocols, each one governing the way a certain technology works.

Computer Communication Protocol

A computer communication protocol is a description of the rules computers must follow to communicate with each other.

What is TCP/IP?

TCP/IP is the communication protocol for communication between computers on the Internet.

TCP/IP stands for Transmission Control Protocol / Internet Protocol.

TCP/IP defines how electronic devices (like computers) should be connected to the Internet, and how data should be transmitted between them.

Inside TCP/IP

Inside the TCP/IP standard there are several protocols for handling data communication:

• TCP (Transmission Control Protocol) communication between applications
• UDP (User Datagram Protocol) simple communication between applications
• IP (Internet Protocol) communication between computers
• ICMP (Internet Control Message Protocol) for errors and statistics
• DHCP (Dynamic Host Configuration Protocol) for dynamic addressing

TCP Uses a Fixed Connection

TCP is for communication between applications.

If one application wants to communicate with another via TCP, it sends a communication request. This request must be sent to an exact address. After a “handshake” between the two applications, TCP will set up a “full-duplex” communication between the two applications.

The “full-duplex” communication will occupy the communication line between the two computers until it is closed by one of the two applications.

UDP is very similar to TCP, but simpler and less reliable.

IP is Connection-Less

IP is for communication between computers.

IP is a “connection-less” communication protocol.

IP does not occupy the communication line between two computers. IP reduces the need for network lines. Each line can be used for communication between many different computers at the same time.

With IP, messages (or other data) are broken up into small independent “packets” and sent between computers via the Internet.

IP is responsible for “routing” each packet to the correct destination.

IP Routers

When an IP packet is sent from a computer, it arrives at an IP router.

The IP router is responsible for “routing” the packet to the correct destination, directly or via another router.

The path the packet will follow might be different from other packets of the same communication. The router is responsible for the right addressing, depending on traffic volume, errors in the network, or other parameters.

Connection-Less Analogy

Communicating via IP is like sending a long letter as a large number of small postcards, each finding its own (often different) way to the receiver.

TCP/IP

TCP/IP is TCP and IP working together.

TCP takes care of the communication between your application software (i.e. your browser) and your network software.

IP takes care of the communication with other computers.

TCP is responsible for breaking data down into IP packets before they are sent, and for assembling the packets when they arrive.

IP is responsible for sending the packets to the correct destination.

TCP/IP uses 32 bits, or four numbers between 0 and 255, to address a computer.

IP Addresses

Each computer must have an IP address before it can connect to the Internet.

Each IP packet must have an address before it can be sent to another computer.

This is an IP address: 212.97.132.137
This might be the same IP address:  www.tackycorp.com

An IP Address Contains 4 Numbers.

Each computer must have a unique IP address.

TCP/IP uses four numbers to address a computer. The numbers are always between 0 and 255.

IP addresses are normally written as four numbers separated by a period, like this: 192.168.1.50.

32 Bits = 4 Bytes

In computer terms, TCP/IP uses 32 bits addressing. One byte is 8 bits. TCP/IP uses 4 bytes.

One byte can contain 256 different values:

00000000, 00000001, 00000010, 00000011, 00000100, 00000101, 00000110, 00000111, 00001000 – and all the way up to 11111111.

Now you know why a TCP/IP address is four numbers between 0 and 255.

Domain Names

A name is much easier to remember than a 12 digit number.

Names used for TCP/IP addresses are called domain names.

tackycorp.com is a domain name.

When you address a web site, like http://www.tackycorp.com, the name is translated to a number by a Domain Name Server (DNS).

All over the world, DNS servers are connected to the Internet. DNS servers are responsible for translating domain names into TCP/IP addresses.

When a new domain name is registered together with a TCP/IP address, DNS servers all over the world are updated with this information.

TCP/IP is a large collection of different communication protocols.

A Family of Protocols

TCP/IP is a large collection of different communication protocols based upon the two original protocols TCP and IP.

TCP – Transmission Control Protocol

TCP is used for transmission of data from an application to the network.

TCP is responsible for breaking data down into IP packets before they are sent, and for assembling the packets when they arrive.

IP – Internet Protocol

IP takes care of the communication with other computers.

IP is responsible for the sending and receiving data packets over the Internet.

HTTP – Hyper Text Transfer Protocol

HTTP takes care of the communication between a web server and a web browser.

HTTP is used for sending requests from a web client (a browser) to a web server, returning web content (web pages) from the server back to the client.

HTTPS – Secure HTTP

HTTPS takes care of secure communication between a web server and a web browser.

HTTPS typically handles credit card transactions and other sensitive data.

SSL – Secure Sockets Layer

The SSL protocol is used for encryption of data for secure data transmission.

SMTP – Simple Mail Transfer Protocol

SMTP is used for transmission of e-mails.

MIME – Multi-purpose Internet Mail Extensions

The MIME protocol lets SMTP transmit multimedia files including voice, audio, and binary data across TCP/IP networks.

IMAP – Internet Message Access Protocol

IMAP is used for storing and retrieving e-mails.

POP – Post Office Protocol

POP is used for downloading e-mails from an e-mail server to a personal computer.

FTP – File Transfer Protocol

FTP takes care of transmission of files between computers.

NTP – Network Time Protocol

NTP is used to synchronize the time (the clock) between computers.

DHCP – Dynamic Host Configuration Protocol

DHCP is used for allocation of dynamic IP addresses to computers in a network.

SNMP – Simple Network Management Protocol

SNMP is used for administration of computer networks.

LDAP – Lightweight Directory Access Protocol

LDAP is used for collecting information about users and e-mail addresses from the internet.

ICMP – Internet Control Message Protocol

ICMP takes care of error-handling in the network.

ARP – Address Resolution Protocol

ARP is used by IP to find the hardware address of a computer network card based on the IP address.

RARP – Reverse Address Resolution Protocol

RARP is used by IP to find the IP address based on the hardware address of a computer network card.

BOOTP – Boot Protocol

BOOTP is used for booting (starting) computers from the network.

PPTP – Point to Point Tunneling Protocol

PPTP is used for setting up a connection (tunnel) between private networks.

This is the list of protocols in the TCP/IP standard. Now you have a place to lookup what each individual protocol do, and how it works.
If there is interest, I will make some graphics to each individual Protocol explaining what it does and how the data is broken down and re-assembled on the other side.

Have questions, opinions? Post a comment below.

Until next time,
Morten Haugstad