Security

26K

Solutions

25K

Contributors

Security is the protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide. Computer systems now include a very wide variety of "smart" devices, including smartphones, televisions and tiny devices as part of the Internet of Things -– and networks include not only the Internet and private data networks, but also Bluetooth, Wi-Fi and other wireless networks.

The Nmap Security Scanner written by Fyodor is a widely used security and network administration tool that can be used to perform a port scan of remote systems.  A port scan of a system can let the Nmap user know which services are available on a system as well as if these services are accessible through a firewall.

This article discusses features that are available in Nmap 5.0 and higher. To download Nmap and access other related security resources, please visit www.insecure.org.

Conducting a Basic Nmap Scan from the Command Line

While a GUI front-end (Zenmap) now exists, Nmap has traditionally been used by administrators from the command line in both Windows and Unix/Linux environments.  When a basic Nmap scan is performed without any additional options, the following will occur:

-      Your system will scan the 1,000 most commonly used TCP ports on your target(s).  These ports were enumerated by Fyodor when he conducted an Nmap scan against every host on the Internet and compiled the end results.  The scan type conducted is a standard SYN scan.
-      Nmap will randomize the order in which the ports are scanned.  If you wish for the ports to be scanned in sequential order, perhaps to test your IDS/IPS capabilities, use the r option.
-      In addition to scanning ports, Nmap will attempt to retrieve the MAC address associated with the remote IP address(es) being scanned and resolve the MAC address to its associated manufacturer.
-…
1
The Luhn checksum is often used in analog to digital systems such as
many countries ID cards, credit cards and more.

The purpose is NOT to encrypt the number but prevent simple errors
such as digit misplacement and (usually) single digit errors.

Take the following non-existant Visa credit card number:
 
4580 4580 4580 4580

Open in new window


This number is correct using the Luhn checksum method, this doesn't mean
you can use it to shop but programmers often use it to perform a preliminary
check prior to sending it on to be approved.

How is the number checked, let's start:

 
4580 4580 4580 4580
                                          X
2121 2121 2121 2121

Open in new window

[for checking always start on the right from the digit 1]
 
----------------------------
8570 8570 8570 8570

Open in new window

Note that we perform single digit multiplication, top line by bottom line, right to left:
 
0 X 1 = 0
8 X 2 = 16 -> 1+6 = 7
5 X 1 = 5
4 X 2 = 8

Open in new window

etc...

As you can see 8 X 2 is written as 7, if the multiplication gives a value of 10
and above always combine the two digits together (e.g. 10 -> 1+0 = 1)

 
8+5+7+0+8+5+7+0+8+5+7+0+8+5+7+0 = 80

Open in new window


Since the right digit is 0 the number is correct!
Or in programmers language, 80 mod 10 = 0 means the number is correct, that is why Luhn is
also sometimes called MOD 10 checking.

Lets take a look at an invalid credit card number:

 
4580 1234 5678 9012
                                          X
2121 2121 2121 2121
----------------------------
8570 2264 1658 9022

Open in new window

Again from the right column

2X1=2, 1X2=2, 0X1=0, 9X2=18=>1+8=9, 8X1=8 

Open in new window

etc...

 
8+5+7+0+2+2+6+4+1+6+5+8+9+0+2+2 = 67

Open in new window

---> INVALID!! right digit needs to be 0 to be valid!

So, how do you generate a valid number ?!
The right most digit is the check digit which is why we always begin from the right
as described in the check above.
To generate the number we will begin with the digit 2 instead of 1:

 

Open in new window

2
Some malware (including virus's and other types of programs with bad intentions) as well as some hardening programs and utility's sometimes create files and directorys with illegal names.

Why "illegal" ?
Because some names such as LPT1, LPT2, LPTx, PRN, CON and more are reserved as
they have a unique meaning to the operating system.

Trying to rename/delete/modify a file or directory with such an illegal file name will return
 
Access Denied

Open in new window


LPT1 (LPTx) for example is usually the parallel port on the computer,
CON is short for console, PRN is printer, etc...

So if you see a directory or file such as
 
c:\LPT1

Open in new window

And can't seem to be able and rename or delete it, the reason is that
some names such as PRN, LPTx (LPT1, LPT2, ...), CON and more are system reserved.

The solution is straight forward, to rename for example:
 
ren \\.\c:\LPT1 c:\NNN

Open in new window


The reason why the line above would work is because of it's prefix:
 
\\.\

Open in new window

This is a back door of sorts that causes Windows not to check for illegal file names, this would also
prevent certain commands and is the easiest method to get rid of such files and directory's without disk hex editing.

If you still can access it the file/directory either has attributes turned on, turn off using:
 
attrib -s -h -r \\.\c:\LPT1

Open in new window


The file/directory might not provide have ACL rights to allow you access, to grant access:
 
cacls \\.\c:\LPT1 /t /c /g %username%:f

Open in new window

0

Administrative Comment

by:Articles101
Thank you.  Let's see what one of our technical Page Editors says.  I'm asking for their participation.

Articles101,
Articles Administrator
0
Protect the USB storage device
To disable write access only to USB storage devices (XP SP2 and above only!) set:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\StorageDevicePolicies

add:

DWORD: WriteProtect=1

Open in new window

To disable remove the DWORD value or set it to 0 (zero).

Preventing your USB drive from auto-infecting
Even if the computer is protected it could still become infected on other computers and have a malware autorun.inf and related files added to it, there are two ways to deal with it:

1) Use the following bat file to protect or unprotect your USB drive.  The imbedded instructions assume you named this file usbarpro.bat
@echo off
cls
if [%1]==[p] goto prot-prot
if [%1]==[P] goto prot-prot
if [%1]==[u] goto prot-unprot
if [%1]==[U] goto prot-unprot
::above - check protect or unprotect
goto prot-about
:prot-prot
if exist %2:\autorun.inf goto prot-bad
::file already exists - break out
md %2:\autorun.inf
::make dir
md \\.\%2:\autorun.inf\CON
::make illegal file names below
echo www.kalman.co.il>\\.\%2:\autorun.inf\CON\PRN
echo www.kalman.co.il>\\.\%2:\autorun.inf\LPT1
echo www.kalman.co.il>\\.\%2:\autorun.inf\LPT2
::change directory attributes
attrib +s +h +r %2:\autorun.inf
::for ntfs file systems remove everyones rights
echo y|cacls %2:\autorun.inf /t /c /d system >nul
cls
echo y|cacls %2:\autorun.inf /t /c /e /r system >nul
cls
echo Protection activated on drive %2:
goto prot-end
:prot-unprot
echo y|cacls 

Open in new window

1
Phishing is one of the trendiest information security related buzzwords, so what is it ?

Well, basically phishing can be explained as tricking a user to believe they are at a certain web-site when they're really at a bogus site or sending a forged email causing the user to believe the same.

The purpose of phishing can be summed up as an illegitimate technique to steal confidential information such as login credentials, passwords, passcodes, personal details, etc.

Phishing is just another spin on social engineering, think about it...

The way's phishing attacks are carried out are numerous and so we will only cover some of them, please remember this is not intended to be a tutorial so specific tools and methods are not provided here.

Web site phishing attacks can be integrated with forged phishing emails, the from address can be faked to appear from the legitimate web site such as bank, boss, etc.. and can request the user to perform certain actions such as change the password using the provided link, login, contact someone,
if contacted then...  and more.

A lot of these emails also mask the link "in plain sight" by bluffing the user showing a bogus address which forwards to an IP address; e.g. user see's www.google.com but if they click on the link they will reach www.kalman.co.il; this is done using simple mail and HTML manipulation methods.

Other methods include forwarding similarly named domain names to the bogus site, e.g. www.googel.com, hacking …
0
The information provided here is incomplete and is intended to provide some insight into OTP's, however does not fully cover all the elements of the algorithms, methods, etc

The most secure form of cryptography ever devised was the One-Time-Pad which involved randomly generated sheets of letters, numbers and symbols for each letter, number and symbol, e.g.:
A -> B, B->C, 1->2, 2->3

The method evolved from the substation cipher but had more cons then pros which is the reason it's not main-stream.

The key to the system was to have the substituted characters (or numbers, etc) be truly random, which is harder then one might think, as most systems have some sort of repetitive frequency which can be eventually found.

OTP is used for computer system access, software specific access, room access and even for person to person verification.

OTP works in one of two ways: either both sides have a method of computing the next expected password or the other side has a method of verifying the next password is really the next one expected.

Lets start with the latter, but first a very very quick introduction to "hash" or "hashing"; hashing is an algorithm (there are many hashing algorithms) that should theoretically always produce a unique output to a processed string/data sequence.

Note! S/key has some more properties not covered here. Read more about S/key elsewhere to fully understand the algorithm.

One of the earliest OTP solutions was called S/Key and was used …
1
This presumes you already set up the root CA, which is usually pretty straighforward but I will write an article on full CA setup sometime in the future.  Setting up the root CA offline is best for additional security.  Never install a CA on your Domain Controller!  You will have problems down the line when you need to run dcpromo to demote it.

Typically you should select Standard Edition OS (2003 or 2008) for your root and install as a stand-alone CA.  It should not be joined to the domain.

This also presumes you have set up a Subordinate CA (Sub CA) and created the certificate signing request (CSR) file.  This is usually going to be an Enterprise CA, but many things will work similar as a Standalone CA, it just won't have AD integration features like autoenrollment.

The Sub CA should normally be an Enterprise Edition OS (2003 or 2008) and installed as an Enterprise Subordinate CA, unless you have specific reasons to not do so.

For high security, it is best to keep your CA private key on a FIPS-140-x level 3 device.  For lower cost solution for your root, a smartcard or smart USB token may be used, however for an online issuing subordinate CA this will likely be too slow to sign the many certificate request that come through.  An HSM (High Security Module) is expensive (thousands of dollars, typically), but will protect your CA private key like nothing else, so even if the CA box is compromised the private key is still safe.  An HSM is also much faster to do the …
2

Expert Comment

by:fd4u
Thanks for the instructions! But I have one problem:

I wanted to setup subordinate CA on Windows Server 2012 Core, and I've almost succeeded :) I've installed AD CS, created cert request, got the cert from root CA, but I can't install it on the new subordinate CA. Server Core doesn't have "Certification Authority" snap-in of course, and when I connect to the server from remote Server Manager and "Certification Authority" snap-in - when I click "Install Certificate" - snap-in refreshes and nothing happens. There is no any "open file" dialog or something similar.

Any help?

Thanks!

Fat Dragon
0

Expert Comment

by:Sonali009
he Sub CA should normally be an Enterprise Edition OS (2003 or 2008) and installed as an Enterprise Subordinate CA, unless you have specific reasons to not do so.
Financial Analyst firm in Mumbai
0

Security

26K

Solutions

25K

Contributors

Security is the protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide. Computer systems now include a very wide variety of "smart" devices, including smartphones, televisions and tiny devices as part of the Internet of Things -– and networks include not only the Internet and private data networks, but also Bluetooth, Wi-Fi and other wireless networks.