Category Archives: Security - Page 2

Overview of Kiwicon 2015

Kiwicon 9 2015 Overview

This year for the first time I made my way down to Wellington in New Zealand to attend Kiwicon 9. Kiwicon is a security / hacker conference that has been held each year since 2007.

I’ve previously attended Ruxcon 6 times, which is another computer security conference but here in Australia so it’s a bit easier for me to get to. After my experience with Kiwicon I am definitely interested in going back, it was easily the best security conference that I’ve been to so far.

Read more »

How To View BitLocker Disk Status

Bitlocker status

BitLocker is Microsoft’s solution to providing full disk encryption. While setting up BitLocker and encrypting your disk you probably want to check and view the progress and see the current status, as it can take quite a long time depending on the size and speed of your disk.

Here we cover how to view the current BitLocker status in both the graphical user interface, and with PowerShell.

Read more »

How To Disable USB Storage Devices In Linux

How To Disable USB Storage In Linux

By default when you plug in an external USB storage device into a computer running Linux it will automatically mount, allowing the user to access the contents.

This behaviour can be less than ideal from a security perspective, as it can allow an attacker to copy confidential files, or allow a user to run a malicious script stored on the USB device for example.

With some simple configuration changes we can disable USB storage in Linux for unprivileged users.

Read more »

Use SELinux Port Labeling To Allow Services To Use Non-Standard Ports

SELinux Ports

By default SELinux policy defines the ports that a particular service is allowed bind to and make use of with port labeling. This increases system security by preventing random services or malicious code from being able to bind to a well known defined port that may otherwise be used by a legitimate service.

In order to change a service to use a non standard port we must change SELinux policy and specify the SELinux port types that are allowed to use specific ports.

Read more »

Overview of Ruxcon 2015

Ruxcon 2015 Overview

I attended the Ruxcon 2015 computer security conference this year in Melbourne Australia for my 6th consecutive year and thought I’d post an overview of the event. I’ll cover the awesome presentations that I saw as well as the capture the flag hacking game where I spent most of my time.

Read more »

How To Configure Private Directories With Apache

Password Login

By default Apache will serve content out to anyone that requests it which essentially makes it public. We can add some additional simple configuration to create a private directory that can only be accessed based on source IP address, or with a username and password combination, or even based on user group membership.

Read more »

How To Provide NFS Network Shares to Specific Clients

NFS share for specific clients

With NFS we can export specific directories within a file system over the network to other clients allowing us to share various files over the network. It is important to configure this properly and secure it as much as possible so that only the required clients have access to the NFS share, otherwise it may be possible for anyone to mount it and access the data.

To do this we are going to use the /etc/exports file on the NFS server and lock down shares to only be accessible by specific IP addresses.
Read more »

23 Hardening Tips to Secure your Linux Server

It is important to secure a Linux system as much as possible in order to reduce the likelihood of compromise.

Here are 23 security tips to guide you through hardening your Linux operating system.
Read more »

How to “ping” a port

Most of us would be familiar with the simple ICMP based ‘ping’ command which allows us to test for a basic response from some network connected device. While great for basic troubleshooting it does not allow us to confirm if the particular host at the other end is responding on TCP or UDP ports where the majority of services are likely to be provided.

Ping isn’t the be all and end all of network troubleshooting, if a firewall blocks inbound ICMP traffic then a ping will not succeed which can produce a false perception that the host is down as it is not responding to the ping, however other services could still be responding fine.

Alternatively while ping may come back fine with a response it doesn’t indicate if a web server is responding on port 80 for HTTP requests, the web server may have failed and no longer be responding.

So if ping is ICMP based, can we hit a TCP or UDP port for response instead? The answer is yes, let’s take a look.

Read more »

Monitoring devices by sending syslog to OSSEC

Lately I’ve been working a lot with OSSEC, which is an open source host-based intrusion detection system (HIDS). This has primarily involved installing Linux or Windows based agents onto servers and configuring them to point to the OSSEC server, a process which is straight forward and fairly well documented. Unfortunately you aren’t going to be able to run an agent on some devices, such as those provided by Cisco or Juniper, so we instead have to look towards agentless or syslog monitoring.

Read more »