Tag Archives: security

1984 Has Arrived, Though a Bit Late

If you want to read a novel that paints a bleak picture of our future, then read Nineteen Eighty-Four. It was written by George Orwell way back in 1949, and basically describes a future society that controls all thought and expression, in favor of the ruling party. Government surveillance of the population runs rampant, with little or no privacy.

I remember when 1984 arrived thinking how glad I was that this vision of the future was wrong. Unfortunately though, it’s starting to look like certain aspects of the novel are in fact becoming real. Just look at the NSA and it’s surveillance program (which it just ended…maybe), or all the talk about installing back-doors into applications so that governments can track “terrorists”. Of course they won’t track us, right??

So today I read an article at ComputerWorld authored by Darlene Storm…

LA’s plan to scan license plates and send Dear Prostitute-seeking John letters

Incredible!! Just driving through the area could trigger this letter. Yes, we need to target the John’s and do what we can to shut down the sex-slave industry, but I’m not sure this is a good solution. Plus, our society is already a lot closer to 1984 than some may care to think…with all of the license plate scanning, facial recognition, and related Internet tracking that is in effect now, our perceived level of privacy is much smaller than we think.

So, we need to ask (if it’s not already too late), where do we draw the line?

New Versions of NMAP and Wireshark

If you have not already heard, new versions of NMAP and Wireshark have been released recently. These are my favorite open source programs, and to be honest, pretty much my favorite programs period. They are both maintained and managed by a dedicated team of people, and the quality of the software shows. Plus, the main authors (Gerald Combs for Wireshark, and Fyodor for NMAP) are both class acts…

NMAP is THE tool for running forensics on your network…to find the weaknesses before the bad guys do. It has MANY parts, which all work together in a very seamless manner, and should be in every network engineers tool kit. If you are not using it, stop what you are doing and get it now!! (Enough said!!) New version is 7.00.

Same thing about Wireshark. I’ve said it before and I’ll say it again…if you don’t have a network analyzer, then you’re not really a full and complete network engineer. Get it and learn it. There are plenty of resources on the Internet, for free, to help you get started (Google is your friend), and if you want to pay a little bit of money, Laura Chappell has a great website devoted to Wireshark training.

I just downloaded the updated Wireshark today (version 2.0.0), and I have to say the default screen is spartan, to say the least. Not sure if this is temporary in this initial v2 build, but either way, it does not look like it’s predessor. Note how clean (and empty) the startup screen is…

Initial Wireshark startup screen

Initial Wireshark startup screen

Here is some info from Gerald about this new version. I’m looking forward to learning what it has to offer!

A Good Laugh for a Friday!!

So, did you hear that China and the US have agreed to no longer engage in cybertheft against each other? No…I’m serious. Really. Take a look at this…

CNN Report – US & China Agreement

See…I told you!

When I first heard this I just laughed. Is today April 1st??  Way too funny. I’m just sure that China will now curtail their state sponsored cyber warfare. No…seriously…I’m sure they will.

Oh…and I saw some pigs flying today too!!

More Internet Scumbags to Report On

I just got an email forwarded to me from another employee within my company (she doesn’t work in IT). This is a scam that’s been around a long time…first via regular snail mail, and now via email. The problem, though, is it still works and it’s very easy to do. Just send a bunch of letters and emails to as many people as possible, stating that their domain names are expiring, and just send a check (or visit a website) to renew. Take a look at this…

Email example notifying me of domain expiration for "search engine submissions"

Email example notifying me of domain expiration for “search engine submissions”

Yes, the wording is simplistic, but it does look nice, and the cost is rather insignificant compared to all the other day-to-day invoices that crosses a employees desk. And you know what? A lot of people just pay this, without even thinking about it.

As for the link to make the payment, it points to the domain:  confirmation5408.com

WHOIS results

WHOIS results

A simple whois shows that this is located in China, and the domain was just registered in early July. (Yeah, I know…I’m so shocked that this is located in China!!)

So…what to do? Ignore these letters and emails, and make sure that your employees forward any IT related invoices to you for approval. Lots of companies fall prey to this, but with your diligence your company won’t be one of them.

Cisco Security Alert – ROMMON Firmware Hack

Cisco Security Alert

Cisco Security Alert

Well, it looks like the hackers are at it again. (BTW…I use the term “hackers” as my preferred term “slimy dog-poop scum” is too wordy…but either one works just as well.) Cisco just released a security alert concerning a hack which replaces the ROMMON firmware (the boot firmware) with malicious ROMMON code. This code does work, in terms of booting the router/switch properly, but it also contains malicious code. Fortunately, you do need either privileged access or physical access to the device. Note the credibility level…”Confirmed”.

Check out Cisco’s security alert here.

Using Whois to Find Domain Ownership

Over the last several days, there has been a bit of a media skirmish concerning a report from the Global Energy Balance Network, a non-profit science group dedicated to preventative education to reduce obesity. A recent report of theirs stated that lack of exercise is primarily responsible for the dramatic upswing in the obesity rate here in the US, and not necessarily what we eat (such as sugary drinks). All well and good, and I would tend to agree with them…we have become a nation that sits on it’s butt.

However, news then surfaced that the report was funded in part by Coca-Cola Company. Hmmmm…that could tend to tarnish the report a bit. I heard that the domain name for Global Energy Balance Network (gebn.org) was registered to Coca-Cola. So last night (Tuesday 8/11), before I went to bed, I did a “whois” lookup on my Linux system, and sure enough…the domain was registered to Coca-Cola. Very interesting.

So, at work today (Wednesday 8/12) I ran another whois so i could screen capture it and put it in my blog as an example. Well guess what…the registration had changed. I was surprised. Here is what I found today…

Current WHOIS for GEBN.ORG

Current WHOIS for GEBN.ORG

As you can see, registration was updated this morning around 14:52 UTC (around 10:52 AM EDT). So, why the University of South Carolina? I’m guessing there is a relationship between the non-profit and the University…which is fairly common these days. Also, if you go to the website and check out the “About” page, there is a disclaimer stating that part of their funding is from the Coca-Cola Company…so they are not trying to hide anything.

Now, I’m just pointing this out as an example of domain name registration and some of the gotcha’s to be aware of…and for the use of the “whois” command, which is part of Linux.

Disclaimer:  Yep, I guess I need to fess up a bit too…being a good ol’ Georgia boy, I do love drinking my Coke and Dr. Pepper. I have a joke I tell friends that when I go to the doctor’s office and give blood, it fizzes.

Security Certifications – In High Demand

This should be obvious, but security certifications are in HIGH demand, let me tell you. Just look at all the high profile hacks over the last several years…and all of that is just the tip of the iceberg. So if you have a strong understanding of networks and protocols, and enjoy the security side of things, then I would suggest you pursue some security certifications. And start getting some experience within the security field, perhaps even where you are currently working. The security field is already going strong, and will only get stronger in the years to come. And…did I mention the pay is excellent??!!

Take a look at this ComputerWorld article on the top 8 security certs that are in demand.

The CISSP and SANS certs probably pertain most to the network side of things. (Disclaimer: I attend SANS conferences on a some-what regular basis, and I hold a SANS GSEC certification.)

Summary:  Security is vitally important in the network field, so do your career a favor and learn it!

The Sony Hack – With Plenty of Drama

I just finished reading a lengthy and interesting story surrounding the hacking of Sony’s network and related services. Yes, the hackers were nasty, and yes, Sony did not have the needed security measures in place. But what really hit me in reading this story was all the drama surrounding the events leading up to and after the hack. My goodness…I thought I was back in junior high school. It was both funny and sad…all at the same time.

Anyway, I would encourage you to read the whole story. In the midst of all the fluff and drama, you will find tidbits of good security information…things you should check and verify at your work. Remember…we might not be Sony (and all that that entails), but at the same time we don’t want to make the evening news…even if it’s just the local stations.

The story is in 3 long parts…it will take time to read, so I would suggest grabbing a good beverage of choice (for me, Dr. Pepper!!), and enjoy…

Fortune:  Sony Hack Part 1
Fortune:  Sony Hack Part 2
Fortune:  Sony Hack Part 3

Securing SNMP Access on Cisco Switches

Here is a quick and easy one…

I installed and configured Solarwinds Network Engineer’s Toolkit on a new server today, and did a quick SNMP (Simple Network Management Protocol) test to my core switch. Well, it didn’t work…which actually is good. It meant that I did configure access restrictions via SNMP. And you should too…if you don’t, then ANYONE can install an SNMP utility and try and gain access to your switches, or other network devices.

Here is my SNMP config on my switch…

SNMP Configuration

SNMP Configuration

The “2” at the end of the line references access control list number 2…

ACL #2 - Restricting SNMP access

ACL #2 – Restricting SNMP access

As you can see, I have configured SNMP access from two separate servers, which did not include the new server I was using today. (If no ACL was referenced, then anyone can access the switch via SNMP). I then added that server into ACL 2…

Adding another server to ACL 2

Adding another server to ACL 2

And everything worked just fine! So, moral of the story is to make sure and secure your SNMP access…and test it every now and then to make sure it’s working properly.