Password authentication is a one factor authentication method, by using something you know. Choosing passwords and remembering them are delicate issues that are the base of many compromised computers and systems around the world. You would be surprised by how many people around the world use passwords like “123456” or “password” for their accounts. It’s even worse when these accounts are bank related or enterprise related. It is still debatetable wether to still use passwords or to use password managers but this is a topic for another post. In this post i’m going to show you how i choose my passwords and what do i avoid when doing so.
This week i’ve understood that an out of the box deployment is never what you want. Especially for an NSM solution. Tunning Snort accordingly to your needs is the key to a succesfull deployment and to stopping attackers.
I’ve managed to place a SmoothSec running machine in a class, attached to a switch that will mirror all the traffic to it. The reason for this is to see how is it managing with traffic coming from more than 1-2 PCs and what kind of alerts does it generate. It is also a good testing ground for new rules. The following network diagram shows the system and how can i connect to the monitoring server. Continue reading “Professional Special Subject – w5 log”
We had a nice presentation today, done by a guest from Udvikling Fyn (Development Fyn). The guests name is Ridha Shimi and he is a business consultant. He ofered his consulting service for free for anybody thats thinking of starting his own business. I’m a tech guy but entrepreneurship is not something distant from my current education (Product Development and Techonolgy Integration) and its also something that i have interest in since i was in grade school.
It is basically useless to run great pieces of software if they are not configured according to user/system needs. An out of the box deployment of Snort will most likely be something that you don’t want. What you do want is to configure your deployment like you need to. Baisc Snort deployment issues:
- outdated rules
- “noisy” logs and alerts
I had the task of doing regular database backup on a server here at school and i needed some automatization. And encryption, of course, because there is a lot of info in database dumps including usernames and md5 hashed passwords and we don’t want that just laying around. That means that we have to leave phpmyadmin and do some command line stuff.
I was really bored some days ago, while waiting for something. I started to randomly browse my phone and ended up in the even-more-boring legal information section. I started to look around the Huawei EULA (settings – about phone – legal information – huawei eula) really fast (is there somebody that actually read a EULA from top to bottom?) and i’ve noticed 2 things – non-personal data usage and location-based services.
About a few weeks ago i mentioned that i bought a Huawei Ascend Y210, one of the cheapest Android smartphones out there. This post is about how i rooted it and how you can also do it. I tried several methods which simply didn’t work – you can read about that at the end of the post. The method that worked for me was by using Kingoapp, after running over a random forum post regarding the Y210 rooting process.
What to do before Continue reading “How to root Huawei Ascend Y210”
Week4 was all about digging into how Snort works, Snort rules and IT security lecturing. I had some resources prepared for this, so i started reading on Snort Intrusion Detection and Prevention Toolkit by Jay Beale.
I’ve managed to understand the basics of Snort rules and to create my first rule. For IT security lecturing i’ve used some interesting IT Security/Networking resources that i came across. One of them is the 10 rules of information security.
On Snorby custom PDF generating, there wasn’t so much progress because of the lack of documentation.
Plan for next week:
- dig more into Snorby custom PDF generating, i’ll probably have to do some hardcoding and i’ve never programmed in ruby+rails
- make a list for what kind of rules in would need in my system
- implement as many rules as posible
This is part of a series of blogposts that serve as my weekly log for my professional special subject project. It has documentation purposes and it is a nice way to present your work to the teachers. For further information about my work and what i’ve learned and did follow the inbound/outbound links within these posts.
While googling for resources related to my profesional special subject project, i came across some nice IT Security/Networking related websites, including DigitalThreat, and a cool post on the rules of information security. Continue reading “10 rules of information security”
I’ve talked about understading the basics of a Snort rule before, now i’m going to create my first rule and add it to Snort.
Before making the rule, i started thinking about what i want and why i want it.
Short scenario – you are a copyright freak and you want to know when somebody on your network (maybe a school network) is trying to download something by accessing The Pirate Bay.
Based on the short scenario i want my rule to send an alert (generate an event) whenever somebody is accessing The Pirate Bay website or a group of related websites. This is definately not the best way to stop people from downloading stuff on your network, but it’s just a simple scenario that will help me create my first rule.
I fired up Wireshark to see how that packet would so that i know what options i can set for my rule. I used my IP and the HTTP protocol as filters so i’ll spot the packet faster. Continue reading “Creating your first Snort rule”