myprofessorvoip blog

I have spent a lot of time around people who claim to be security specialists and companies who claiming to have security professionals. Let me clarify a little bit, there is a such thing as a security engineer. And to define that role I will have to simply state that it is an individual that can design, implement and configure Security devices such as IDS, Firewalls, and VPN. This role is very similar and can be the same as a network engineer. Only difference is that there is more job security as a Security engineer.

However, it is important to know that a Security engineer is not a security professional. A security professional breathes security. I know how an IDS system works, but do you know why to deploy it? Realistically an IDS system provides very little protection. Even if it tells you where penetration is occurring, would you know how to prevent it? Download a patch that guarantee’s it is the fix for the vulnerability, do you know how to test the patch?

The truth of the matter is most companies do not implement security as it should be implemented. They hire security engineeers and use vendors that can provide benefits to using their products, but none of the people involved can tell you how to prevent and correct vulnerabilities. Security is not a cookie cut solution. Networking is in fact a cookie cut solution. You have a need you design a solution. In security, each solution opens up another vulnerability.

The biggest Vulnerability are people. The government has been exposed yet again. Hackers Steal U.S. Government Corporate Data from PCs - AGAIN

Think about it this way, how easy would it be to walk up to a coworker you barely know or a person you barely know and ask them if you can check your web email on their system? In fact, they will leave you alone so that you may have privacy. Full access to their system for 5 minutes is more than enough time for me to plant a client on their network or get valuable information from their pc such as username and password.

Don’t ever illusion your self to think that you are protected. No one is protected.

Professor’s dictionary:

Ignorance - Having awareness of, but no knowledge of. For example, Derek is ignorant to Nascar. I know it consists of driving a car around in circles, but other than that he is clueless.

I don’t consider ignorance a bad thing. It is great for the economy, and besides everyone is ignorant to a degree.

You don’t leave your wallet or purse lying around because of possible theft. If you don’t have any money in it then you dread standing in line all at Motor Vehicles requesting another ID. Or canceling your credit cards and waiting for the new ones to come in the mail. Or interrogating yourself as to what was actually in your wallet or purse.

Let’s just say your wallet was in your wallet or purse. Then what? How long do you think it would take for someone to figure out your pin? Well who needs your pin if it is a visa checkcard? How long do you think it would be until the first charge. If someone experienced took your wallet then before you knew it was gone the “Macy’s once a day housewife need to spend money sale” would be the first target.

You are not ignorant to the idea of personal security. You live it and you are intimidated by it. Computer security is not that much different. Every website you go to is stored on your computer. Anogolous to an address book, receipts, day planner, or kid’s pictures. They tell anyone, unauthorized otherwise, personal information about you. Where you shop, where to run into you, possible pin numbers, bank account numbers, passwords. Don’t pretend like you don’t use your kids names as passwords!

There alot more data to gather from a computer than a wallet. However, as ignorance would have it, most people are rather comfortable and secure with the notion of doing personal transactions on their or any computer. Besides, most bank websites state that they are encrypted and protected. Translation, an intruder would be hard press to get any information from the bank’s website about you, and there is a high probability that the actual transaction cannot be hacked real time. So where is the vulnerability, your computer.

Bank transactions are secured using SSL. SSL encryption at 128 bit is a long lunch for the experience hacker. I am not writing this to explain how to get the information. I just want you to understand that it could be gotten. You go to a website it is on the computer. You have cookies, cache, and deleted file data residue left behind. More forensic tools than Los Vegas CSI. Just do a websearch.

Simple exercise. On your computer, and i take it you don’t use nmap, ping your entire subnet. If you are at home, ping your entire public subnet. You will find there are alot of pingable addresses.

Rule 1: The best kind of security is the prevention of being found. Block ICMP.

Okay. Once you find an address, use nbstat -A ipaddress.

Node IpAddress: [10.0.0.126] Scope Id: []

NetBIOS Remote Machine Name Table

Name Type Status
———————————————
DWINCHESTER-L1 <00> UNIQUE Registered
DWINCHESTER-L1 <20> UNIQUE Registered
WORKGROUP <00> GROUP Registered

Rule 2: You wouldn’t get this far if you used Rule 1.

Since you did please know that if you are not on a corporate network you do not need ports 137,138,139, and 445 reachable. These are used for windows for windows to do what it does best. Annoy the hell out of other Window workstations. The name output above gives you the name of the host. The type gives you…well it gives you the type of service running. Microsoft helps you identify their vulnerability. Go Here go here to find out what Microsoft has volunteered. The output above shows that dwinchester uses file services. Meaning that it has a share and uses shares. Good to know. Now you know that I either have valuable information for others, or that I am authorized to receive valuable information from others.

Rule 3: You should have used Rule 1.

Now you really should stop services that you don’t use on your computer. Make sure you clean your personal data regularly. It is convenient to no have to type out passwords, but what is easy for you is easy for a person trying to be you.

And getting back to the fear of using your wallet, if your PC is violated, trust me they will not leave anything behind for you track them down. Rebuilding a PC is a pain. Restoring from backup is a nightmare, and being reactive is not as easy as being proactive.

And if you still chose to be ignorant after this and most of you will, then chose to invest money in a program that secures your PC like Norton and just like Norton, make sure it tells you when you do stupid stuff like name a password after starbucks or something.

E xtra :

I am not a penetration tester by any means. I am a hobbyist. I could put my laptop on any segment in any network and run NMap. From the output I can identify workstations, printers, servers, and routers and switches. With that knowledge i can use the nbtstat command to find out the domain name. I can also find a username because in most organizations the machine name gives away a lot. I now have all the knowledge I need to do some damage. You think going further from there is difficult? Grab a book on security hacking, there is a nice selection of tools out there that I can use to gain access to your workstation.