Archive

Posts Tagged ‘Security’

Occupy Flash! Because HTML 5 is Better, Right?

November 22, 2011 Leave a comment

I’m no fan of Flash. As a web developer, I absolutely hate working with it. As an end user, I cringe at its many vulnerabilities and security flaws. As an administrator, I’m exasperated with its near-weekly patch releases. But as much as I would like to see Flash be chased out of our browsers by an online mob bearing digital torches and pixelated pitchforks, HTML 5 isn’t quite ready to fill the void resulting from such a coup…


The rest of this story is posted on our new site: http://www.sysmincomputing.com

If you want to read this story, click here!

Advertisements

Yet Another “Sophisticated” Attack

November 10, 2011 Leave a comment

You know, I’m getting a little tired of companies using words like “advanced,” “sophisticated,” and “APT” to describe attacks that can be done after watching a 5 minute YouTube video. I’m sorry, but XSS, SQL Injection, and brute forcing passwords do not count as “Advanced.” It bothers me that companies use these words as a way of making excuses for being hacked. Just because someone got past your lousy security doesn’t mean that you are excused from all blame…


The rest of this story is posted on our new site: http://www.sysmincomputing.com

If you want to read this story, click here!

Tutorial: Using WinSCP to Connect to a FTP, SFTP/SCP, or AFP File Share

January 22, 2011 8 comments

Both Mac and Linux have built-in support for connecting securely to SFTP and SCP file shares. This is because both are closely connected to the Unix platform, where the ssh protocol was originally developed. Windows, however doesn’t have any such connection to these protocols. Luckily, there is a free program that will add the necessary functionality to easily work with these file shares. Its called WinSCP (http://winscp.net).

WinSCP (Which stands for Windows Secure Copy) is a lightweight program that allows Windows computers to connect to other servers running FTP or SSH (and thus securely to SFTP/SCP file shares) on them, and I’ve even had success connecting to AFP (Apple Filing Protocol) shares (edit: since I wrote this article, I have done some additional research, and found out that the Mac servers that were using AFP also had SSH enabled for remote management, which is what WinSCP was probably connecting to — my recommendation is if you need to access files on a Mac from Windows, you probably need to also enable SSH on the server to make it work). In this tutorial, I’ll show you how to install this software and use it to connect to a server.

Installing WinSCP

First thing to do is download WinSCP from its download page (http://winscp.net/eng/download.php). You’ll note that there are two different install packages available: the standard Installation package and the Portable Executable package. Use the Portable Executable package if you don’t have administrative permissions or if you want to install the program on a portable device like a USB drive. Otherwise use the Installation package to install the software onto a specific computer. After downloading the program, go ahead and run it.

WinSCP Install: Select LanguageThe first screen you’ll see is the Select Setup Language window. For the sake of this tutorial, we’ll leave it as English, but you can choose whatever you want. Click OK to continue.

Click Next on the Welcome window, and next again to accept the install license (WinSCP is distributed under the open source GPL license). The next window is the Setup Type window where you can choose to use the Typical Install option or do a Custom Install. For the sake of this tutorial, we’ll stick with the Typical Install option. Click Next to move to the next screen, select the Do Not Install radial button on the extra software window, and click next again.

Typical vs Custom Install

TCommander vs Explorer Interfacehe next screen lets you select the type of interface you want to use. The two options are the Commander and Explorer interfaces. The commander interface has a more traditional FTP program look with one frame on the left of the window showing your local files and another frame on the right showing the files on the server. You transfer files back and forth by dragging from one frame to the other. The explorer interface looks more like a typical Windows Explorer window of just the server’s files, and you transfer files back and forth by dragging them from one window to the other. Either interface will work, and you can switch back and forth after installation, so it really doesn’t matter which you choose (I happen to prefer the Commander interface myself). After selecting which interface you want, Click Next and then Install to complete the installation.

After its complete, click finish to close the install program. If you leave the Launch WinSCP  box checked it will open the program automatically when you click finish. Otherwise you can use the desktop icon or Start Menu to run the program.Finished Installation

Setting Up a Connection in WinSCP

WhWinSCP Starting Imageen you open WinSCP, you’ll see the main program screen. On the right hand side is a series of buttons that allow you to edit, delete, and create new connections. Left of that is a list of the connections that you’ve created and saved in the past. Click on the New button to open up the Login screen.

There are several fields on the Login screen that you should be aware of:

  • Host Name: This is where you’ll put the name of the server that you want to connect to (for example: fs.finearts.utah.edu).
  • Port Number: This is the port that the server will be connecting on. Unless otherwise instructed, just leave it set to its default number (port 22).
  • Username: This is the username that you would use to log into the computer normally (for example: u0123456). If you are not sure what to use, ask the server’s administrator.
  • Password: This is the password you would use to log into the computer normally (for example: password1234). Again, ask the server’s administrator if you don’t know what to use for this field.
  • Private Key File: If your connection is set up to use Public/Private key authentication, you would tell WinSCP where your private key file is. If you don’t know what a private key is, or if you don’t have one, just leave the field blank.
  • File Protocol: This is the type of protocol you’ll be using to connect with the server. Generally, you can leave this set to SFTP with the Allow SCP Fallback box checked.

WinSCP Login Screen

Once you’ve filled in the appropriate fields, you can click the save button and choose a name for the connection (this can be whatever you want). If you want WinSCP to remember your password, go ahead and check the box that says Save Password (otherwise WinSCP will ask you for your password every time you try to connect). Finally click the OK button to save the connection to your Connections List.Walks through

Transferring Files Using WinSCP

Once you’ve created and saved a connection, you can access your file share by clicking on the entry in the list and clicking the Login button at the bottom of the window. This will open a box saying it’s attempting to connect to the server. If the information you entered is correct, it will open up a window showing the files on the server, and (if you selected the Commander Interface) the files on your local computer as well. Commander Interface for WinSCP

To enter a folder on either the server or local computer side, simply double-click on that folder. To move back out of the folder, you can double-click on the folder at the top of the list with an arrow and two dots (the two dots mean move up one directory). Finally, to copy a file from one computer to the other, simply click and drag from one side to the other. This will cause WinSCP to verify that you want to copy that file. Click Copy, and when the transfer is complete, you should see a copy of the file on both the server and local computer in the place you dragged and dropped it to. You can also copy folders and multiple files the same way (to copy multiple files or folders, simply highlight them all using the shift or ctrl key, then drag and drop). It’s important to remember that this action only makes a copy from one computer to the other. The original file will still be in the same place it was before the transfer. When you are done, you can simply close the window like you would any other, and it will close the connection for you and exit the program.

You should now be able to use WinSCP to upload and download files from other servers. There are several features available in WinSCP that we haven’t covered in this tutorial however. If you are interested in learning what these features are and how to use them, simply check out the WinSCP Documentation page at http://winscp.net/eng/docs/start. I’ve also created a video tutorial demonstrating these steps that can be seen on Vimeo, or by playing the the embedded video below:

Advantages and Security Considerations of Utilizing the IPv6 Protocol

December 14, 2010 Leave a comment

* The PDF version of this paper can be downloaded here.

Abstract

Internet Protocol version 6 has been available for nearly a decade, but many entities in the private sector have been hesitant to adopt this new technology. With the decreasing number of IPv4 addresses, however, the switch to the newer protocol will soon become a necessity. Luckily, IPv6 offers several features that not only improve performance and security, but also allow for a gradual transition from one protocol to the other. It is essential however, that Administrators and other support staff become familiar with the new protocol before adopting it within their network. Several advantages and dangers of this protocol are highlighted, in order for the reader to become more familiar with the variety of risks and advantages associated with its implementation. By providing IT staff with training, and developing a plan for the gradual migration to the new protocol, organizations can make this transition smoothly and without disruption.

Why Use IPv6?

IPv4 Available Address Space

Figure 1: ARIN, Percentage of available IPv4 addresses as of September 2010.

In response to the inevitable departure from IPv4, the latest Internet Protocol (IPv6), has been available in most major operating systems

and network devices for nearly a decade. Its design includes features that resolve many of our modern-day networking concerns without relying on stopgap technologies, such as Network Address Translation (NAT) and Private Network Addressing. The United States Federal Government has even gone so far as to issue a string of deadlines going from 200

8 to 2014 in an effort to migrate both their internal clients and external servers to the new protocol (Marsan, 2010b). Despite various technological advantages for migrating to the new protocol, a large  percentage of the private sector have displayed a reluctance to venture into the unfamiliar IPv6 waters. As time  passes, however, it will become increasingly advantageous for these companies to invest the time and training to safely and effectively implement this new technology on their networks. For these corporations and their clients, the incentives for transitioning to IPv6 include: increased address space, the ability to gradually migrate from IPv4, and the native incorporation of the IPSec Protocol Suite.

The Numbers Behind Version 6

Perhaps the most well known advantage to IPv6 is the increased number of addresses available for use. In IPv4, network addresses are 32 bits long, which results in 232 (approximately 4.3 billion) unique addresses to be used around the world. Despite the adoption of stopgap technologies like NAT routing, the increasing popularity of PCs and mobile network devices have resulted in these addresses to be depleted at an alarming rate. According to the American Registry for International Numbers (ARIN), 94.5% of all IPv4 addresses have been assigned as of September 3, 2010 (See Figure 1). Furthermore, it has been projected that the remaining 5.5% will be assigned as early as the end of this year (Marsan, 2010a). IPv6 on the other hand, uses an address of 128 bits (approximately 3.4×10^38), resulting in an address space sufficiently large to handle future networking needs for years to come.

Making the Transition Easy

Most businesses today have a significant amount of money and time invested in their IPv4 networks. Normally, it would be impossible for most to switch their entire network over to a new protocol without devoting massive amounts of resources to the project. Such a financial burden would be both detrimental to the business, and ultimately hamper the success of the new protocol in general. In order to avoid this situation, the designers of IPv6 were careful to implement several features that allow both IPv4 and IPv6 networks to interact with each other. Such changes allow organizations to gradually transition from one protocol to the other without incurring a large financial burden. This is accomplished through the use of IPv4 tunnels and running both IPv4 and IPv6 in tandem on a host.

In order to route IPv6 traffic across IPv4 networks, IPv6 utilizes what is known as an “IPv6-over-IPv4 Tunnel.” In this situation, an IPv6-enabled host will package a datagram in accordance with the specifications of the protocol and send it over the network. When the packet reaches a router connecting an IPv6 network to an IPv4 network, the entire packet is encapsulated in the data section of an IPv4 packet and forwarded along to the next stop. Finally, when another IPv6 network is reached, the IPv4 header is removed and the packet is sent to its final destination (Miller, 1998). If additional security is desired through the use of a VPN, the entire VPN package is packaged as shown in Figure 2. This ensures that at any stop of its journey, the packet will have the correct header for the network segment it is on.

IPv6-Over-IPv4 Tunneling Packet

Figure 2: Diagram of an IPv6 packet being tunneled through an IPv4 VPN.

While tunneling is used to ensure a packet can travel successfully from one part of a network to another, it is also important that all hosts are able to understand both IPv6 and IPv4 packets in order to communicate with each other. In response to this need, most modern-day operating systems configure IPv4 and IPv6 to run in “dual-stack mode” by default (Hogg, 2009). This allows for transparent communication between two hosts without user interaction, despite the IP version being used. From the view point of Network and Systems Administrators, this is a very convenient feature. Such a configuration does bring about security implications that will be discussed in the next section of this paper.

Security from the Start

One of the greatest advantages from the standpoint of security is the protection provided in IPv6 by the IPsec Protocol Suite. IPsec provides both authentication and confidentiality to IP communications through the combined use of an Authentication Header (which depends on SHA-1, MD5, or AES-XCBC hashing algorithm, combined with HMAC for added security), and an Encapsulating Security Payload (which uses AES, DES, or TrippleDES combined with CBC to encrypt the packet, see Figure 3 for more details) (Network Working Group, 2007b). Because IPsec works on the network layer, the protection it provides occurs transparently. This helps to remove some of the burden of securing IP connections from the user (Panko, 2004). While IPsec is also available for IPv4, it requires extra configuration to setup and use, whereas in IPv6 it is built directly into the protocol.

CBC Encryption

Figure 3: Wikipedia, Top: CBC encryption mode is performed by using an XOR on an IV and the planetext message. Each subsequent message is XORed with the previous encrypted packet. This not only ensures that each packet is unique and secure secure, but also that each packet depends on all subsequent packets to be able to decrypt the data. Bottom: Decryption occurs much the same way as encryption, but instead of the planetext, the cyphertext is used in the XOR to decrypt each packet.

Read more…

Beginner's Guide to Removing Viruses

December 29, 2009 2 comments

We’ve all been there. Surfing online, minding our own business (or maybe not…), when you realize all too late that you clicked on the wrong link or popup. Bam! You’ve got a virus.*
If you’re lucky, your antivirus software (you are running up-to-date antivirus software on your computer, right?) will catch the mistake and eliminate the infection before it manages to take root on your system. All to often, however, the virus will manage to get in under the radar and wreak havoc before you’ve even realized its there. At this point, a simple scan of your antivirus software is often not enough to completely remove the infection. In this article, I’ve outlined several basic steps that can be taken to remove an infection.**

1. Prepare the Infected System

Before trying to remove a virus from your system, there are a few important things to do. First, avoid using your computer for any task where sensitive or private information will be used. It is not uncommon for some infections to steal passwords, financial information, or anything typed on your keyboard. If possible, you should disconnect your system from the Internet and not use it until you are certain that the infection is removed.
Second, it is important to know that the process of removing viruses from your system can be a very involved and time-consuming task, ranging from hours to a couple of days depending on how bad the infection is. Once you start the process of removing a virus, you should see it through to the end. Otherwise you run the risk of having the virus come back again.
Third, turn off System Restore (some viruses will use System Restore as a way to reinstall themselves after being removed) and clean out all temporary files (I recommend using CCleaner to do this, although Windows Cleanup can be used instead). In addition to helping with the removal of the virus infection, this will help speed up your virus scans.
Fourth, it is always a good idea to back up any important data before attempting to remove a virus. While these steps are fairly straight forward and shouldn’t result in any data loss or harm to your system, the only way to ensure your data is protected is by backing it up! Its tedious, I know, you should still do it. Also, don’t copy, run, or open any files from your backup without first scanning it with a working and up-to-date virus/adware/spyware scanner. After all, you don’t want to reinfect yourself or another clean system with the same virus.

2. Download Virus Removal Tools

The first rule of dealing with an infected system is to not trust any of the programs that are on that system. Therefore, you are going to need to download a few standard tools in order to deal with your virus problem. The first tool I would recommend is a good antivirus rescue live CD.*** The benefit of using a live CD is you can guarantee that your tools will be completely unaffected by the virus infection. There are several free live CD’s available for this purpose (a list with reviews can be found here). I would recommend using one or more of the following: Avira AntiVir Rescue System, BitDefender Rescue CD, and/or Dr. Web Live CD (it doesn’t hurt to use several different live CDs in succession to be thorough since different antivirus tools will sometimes detect and remove different viruses more efficiently). You will also want some other tools that are specifically designed for removing adware/spyware. I recommend using Malwarebytes, Spybot, and/or Ad-Aware (each has a free version available for home use). Be sure to run the update tool on each of the programs you’ve installed before using them.

3. Run the Live CD(s)

This seems fairly obvious, but at this point, go ahead and boot into a live CD and run the antivirus tools. Some live CDs allow you to update the virus definitions before running them (you will likely need a network connection via an Ethernet cable to perform the updates). Other live CDs will automatically have a set of fairly recent virus definitions already built in. After you’ve updated the virus definitions (if the option is available), start the virus scan and then go watch TV or read a book for a while because it will take some time (I’ve found that most virus scans take between 1 to 3 hours to run depending on the number of files on your system). Once its done, make sure to tell the CD to remove any infections it found and restart the computer with a different live CD if you are planning on running multiple scans. Rinse, lather, repeat! If there are any viruses found that the live CD is unable to remove, write down its name and do some research online (from another computer if possible). Sometimes antivirus companies, such as McAfee or Symantec, often have special tools and detailed instructions on removing some of the more difficult infections.

4. Start Windows in Safe Mode

Once you’ve finished running the live CDs that you’ve chosen to run, you’ll want to boot into Safe Mode in Windows to finish cleaning up the system. To do this, press the F8 key repeatedly while the computer is starting up. For detailed instructions on how to do this, click here. Once you’ve booted into Safe Mode log into an account (make sure the account has administrative privileges) and run a scan with each of your antivirus/antispyware programs (ie. Malwarebytes, Spybot, Ad-Aware, etc.) in turn. Again, these scans will take some time, but its the only way to make sure that your system is free of viruses. Have these tools clean/repair or quarantine any infections they find, and be sure to write down any infections that cannot be treated so you can do some specific research on how to remove those particularly stubborn infections. It also doesn’t hurt to run each scan again after you’ve cleaned off all the infections, just to ensure that none of them have re-spawned themselves after removing them.

5. Final Cleanup

After you’ve finished running your various scans and have achieved a clean bill of health, restart your computer and let it start up normally. Hopefully, your system should now be free of infections and as good as new. If everything seems fine and you don’t see any signs of the previous infection, go ahead and turn System Restore back on and (if you suspect that your current antivirus was compromised by the virus and no longer working properly), uninstall and then reinstall your antivirus software. Be sure that you update the antivirus and make sure that its working correctly. Finally, you can verify that all is well by running a free online scan of your computer from Panda or BitDefender.**** If everything checks out, your system is clean as a whistle and ready to go. If not, then you likely have a virus that will require some additional (and more invasive) steps to get it off of your system. If this is the case, you’ll probably need to seek additional help from someone with experience dealing with these kinds of infections.


* Since this article is meant to be a beginner’s guide, I will be using the term “virus” interchangeably with the term “malware.” While such a generalization is not technically accurate, I have done so in order to avoid confusing some of our less technical readers. Technically, a virus is defined as a malicious program capable of self replication (often without the permission of the user), while malware (which is short for “malicious software”) is a general term that includes a wide variety of infections (viruses, worms, trojans, rootkits, adware/spyware, etc.).

** While following these steps should not cause you to loose any of your data or cause problems with your system, you should know that attempting a virus removal is not completely without risk. You should always take precautions to back up your data in order to ensure that it isn’t lost. I am not responsible to any harm caused to your system or data by using this information. This article is for instructional purposes only and is not to be seen as a definitive guide to malware removal.

*** A live CD is a CD that you can boot into instead of your usual operating system (such as Windows). You can usually download an ISO file and burn it to a physical CD (the Avira CD actually has a program that you download and run to burn the CD for you). I would recommend downloading the file and burning the disk as close to when you plan on doing the virus removal so that it is the most recent version. Also, you may have to change your BIOS settings to allow you to boot into a live CD. If you don’t know how to do this, you can get more information here.

**** There are a lot of websites out there that claim to offer free malware removal tools but will actually further infect your system with viruses. Only trust tools from reputable sources, such as well-known antivirus companies (Norton, McAfee, Panda, BitDefender, etc.). If you don’t know whether a tool is legitimate or not, do some research before you act. Remember, the first rule of online security is to never trust anyone.