Most small businesses see IT security as a threat that doesn't really target them. I was over at the NIST website today and stumbled on some information they released for Cyber Security Awareness Month, which is this month if you didn't know :) The video was decent and brought up some good stats that I think any small business should listen to. A large percentage of small businesses experience laptop theft, insider abuse, virus infection and bot infection.
The page brings out that although as a one off, small businesses are small targets. However, when you take into account that small businesses make up what they are stating 95% of businesses in America and 50% of the nations gross national product, that isn't so small is it? Control of that could be quite devastating to the whole country.
They have released a 20 page guide outlining common things small businesses can do to help secure their networks. If you want a copy of this, or just want to watch the video, you can find them at the following links:
Article
Video
Security Document
SMB Security Page at NIST
Sunday, October 18, 2009
Saturday, October 10, 2009
Security Group Study
Calling anyone interested in security in the Washington DC area! I am trying to get a group together to have a group study effort to sharpen our general security and pentesting skills. I plan on finding a place where we can meet and go through the Offensive Security Metasploit Unleashed course. I think it will be a good way to get an introduction into general security as well as pentesting, but it will also help some who may know this already sharpen or help keep their skills sharp. I have not decided on a place to have this yet. I would like it to be as central as possible to the metro area so its as convenient as possible for everyone interested. If you have ideas for meeting places let me know.
The fee for this group effort will be $4 donation to Jonny Long's Hackers for Charity per the request of Offensive Security. Depending on the venue we may need to purchase drinks/food or some other customer item for the example of a Starbucks. If we can find a free place, that's great. I would like to have Internet available if possible, but hey, we're hackers I'm sure we can figure that one out :)
What do I need to participate?
Technically nothing. If you want to get the most out of it, being that this will be a meeting where a desktop will probably not be available, you should have a laptop that can run some virtual machines. The Offensive Security group has the requirements for the class here:
Lab Requirements
With that said, I have my laptop and one other I can bring. If anyone has extra laptops they can bring to the group meeting for people to use while they are there, that would be great. It will be more than just the lab as discussions will be a majority of the time. Thus, even if you don't have the gear, you will still learn a ton.
I will post again when more details are available. If you are interested please let me know by emailing me at pleasedontspam-cshaffergmailcom (remove the pleasedontspam- and of course add the @ and the . in their respective places :P)
Also if you are part of mailing lists or groups in the area, pass the info around.
The fee for this group effort will be $4 donation to Jonny Long's Hackers for Charity per the request of Offensive Security. Depending on the venue we may need to purchase drinks/food or some other customer item for the example of a Starbucks. If we can find a free place, that's great. I would like to have Internet available if possible, but hey, we're hackers I'm sure we can figure that one out :)
What do I need to participate?
Technically nothing. If you want to get the most out of it, being that this will be a meeting where a desktop will probably not be available, you should have a laptop that can run some virtual machines. The Offensive Security group has the requirements for the class here:
Lab Requirements
With that said, I have my laptop and one other I can bring. If anyone has extra laptops they can bring to the group meeting for people to use while they are there, that would be great. It will be more than just the lab as discussions will be a majority of the time. Thus, even if you don't have the gear, you will still learn a ton.
I will post again when more details are available. If you are interested please let me know by emailing me at pleasedontspam-cshaffer
Also if you are part of mailing lists or groups in the area, pass the info around.
New Blog
I have created a new blog. A new blog you say? We barely read this one :). This new one is more professional in nature. It is the beginning of a new open source community creating custom IPS signatures for Symantec Endpoint Protection. So the good news is, unless this is something you are interested in you can still get my normal great content here :). If it is something you are or may be interested in check it out!
Open Source SEP Signatures
Open Source SEP Signatures
Sunday, October 4, 2009
My Anti Virus will keep me safe and warm! Won't it?
There is always questions being asked to me as to what the best Anti Virus is. This is a difficult question. The truth of it is, they can all be beaten. I know that might come as a shock to you, maybe not, but it's very true. I decided to take this post and try to explain why this is difficult.
What I have done is created a simple backdoor trojan using our favorite Metasploit shell_reverse_tcp. I encoded it with Shikata_ga_nai. Loosely translated this is Japanese for "nothing can be done about it". This method basically utilized a polymorphic XOR additive feedback encoder. (for those of you unacclimated to this is means it has the ability to change things in what appears to be a random fashion.)
This is a simple shell code. It has a specific purpose to connect back to any system I tell it to. This should be caught by any normal means. I encoded one version with Shikata_ga_nai and built one version with no encoding. I uploaded both to VirusTotal. This site scans your files that you upload with 41 (at this time) different virus scanners and lets you know which ones found it malicious. Both versions were said to contain no malicious code. Now this could be an unfair test as it was simple code, so I decided to encode Netcat both ways and run that through. For those of you that are not familiar with Netcat; it is a back door program that can be used for good or bad but is definitely seen by major vendors as malicious. I again ran this through Virus Total and the unencoded version was caught 25 of the 41 vendors easily. The version I encoded was not recognized at all.
So what does it all mean Basil? It means that even all of those old viri can get past your anti virus. What you really need is an endpoint protection from companies such as Symantec, McAfee or Sophos. Why are they better? Because they are created to look for "odd" behavior rather than just a signature of the file. This is becoming more and more important as attacks and attackers are getting more complex.
For those of you that will still use the free anti virus programs out there, do what you can to keep them up to date, scan your systems often. Microsoft has released a free version of Anti Virus. You can get it here Microsoft Security Esstentials. Make sure you are downloading this from the Microsoft web site! There are many fakes out there already. I have not tested it fully, but the little I have tested it shows that it is pretty decent for free. It would be nice to run multiple anti virus programs but usually they fight with each other. I am testing this one with AVG on my wife's PC and will report back if they work well together or not. I also recommend running Malwarebytes as often as possible. Especially if you are a constant Facebook or Myspace user. Running it nightly might be a good choice.
As always, if you have any questions, let me know.
What I have done is created a simple backdoor trojan using our favorite Metasploit shell_reverse_tcp. I encoded it with Shikata_ga_nai. Loosely translated this is Japanese for "nothing can be done about it". This method basically utilized a polymorphic XOR additive feedback encoder. (for those of you unacclimated to this is means it has the ability to change things in what appears to be a random fashion.)
This is a simple shell code. It has a specific purpose to connect back to any system I tell it to. This should be caught by any normal means. I encoded one version with Shikata_ga_nai and built one version with no encoding. I uploaded both to VirusTotal. This site scans your files that you upload with 41 (at this time) different virus scanners and lets you know which ones found it malicious. Both versions were said to contain no malicious code. Now this could be an unfair test as it was simple code, so I decided to encode Netcat both ways and run that through. For those of you that are not familiar with Netcat; it is a back door program that can be used for good or bad but is definitely seen by major vendors as malicious. I again ran this through Virus Total and the unencoded version was caught 25 of the 41 vendors easily. The version I encoded was not recognized at all.
So what does it all mean Basil? It means that even all of those old viri can get past your anti virus. What you really need is an endpoint protection from companies such as Symantec, McAfee or Sophos. Why are they better? Because they are created to look for "odd" behavior rather than just a signature of the file. This is becoming more and more important as attacks and attackers are getting more complex.
For those of you that will still use the free anti virus programs out there, do what you can to keep them up to date, scan your systems often. Microsoft has released a free version of Anti Virus. You can get it here Microsoft Security Esstentials. Make sure you are downloading this from the Microsoft web site! There are many fakes out there already. I have not tested it fully, but the little I have tested it shows that it is pretty decent for free. It would be nice to run multiple anti virus programs but usually they fight with each other. I am testing this one with AVG on my wife's PC and will report back if they work well together or not. I also recommend running Malwarebytes as often as possible. Especially if you are a constant Facebook or Myspace user. Running it nightly might be a good choice.
As always, if you have any questions, let me know.
Subscribe to:
Posts (Atom)
