Monday, February 24, 2014

Netstat Trick - Display Executable Generating Network Traffic

Windows Defender used to have a tools option which showed which applications were running and connecting to the network. For some reason they removed that in Windows 7.

Netstat provides another way to obtain that information.

Run a cmd window as administrator and type:

netstat -anob

This will give you the process id (PID) and the executable name in most cases.

 

Friday, February 21, 2014

Protocols Found Using WireShark

Testing out WireShark and delving into protocol details.

LLMNR
Microsoft DNS
http://en.m.wikipedia.org/wiki/Link-local_Multicast_Name_Resolution

Too much IP multicast
http://www.netcraftsmen.net/resources/archived-articles/283-ip-multicast-best-practices-and-control.html

ARP
Address Resolution Protocol
http://en.m.wikipedia.org/wiki/Address_Resolution_Protocol

NBNS
Netbios name service
http://wiki.wireshark.org/NetBIOS/NBNS
 
SSDP
Plug n play
and strange outbound connections to places I don't think I'm going. Odd.

"Magic Packet" for Wake On Lan
You thought your computer was safe when off...but no.
Best to turn off network connections if don't want your computer woken up by network traffic
http://wiki.wireshark.org/WakeOnLAN

Wednesday, February 19, 2014

Prevent Session Hijacking

Many sites are not properly secured against session hijacking.

5 steps to prevent session hijacking:

1. Randomly generate session ids (i.e. not sequential)

2. 50 character minimum length

3. Expire every 15 minutes

4. Tie session ID to source IP

5. Send over SSL

The top four of these are configurable in your web server in a few minutes.

Forcing IP to match Session ID can be a problem on cellular providers that change IP addresses when you cross cell towers. Maybe those wireless providers should fix their networks to maintain IP addresses.

Session IDs in URLs may be problematic if saved in browser history, sent to another person if not tied to IP address. 

To prevent session fixation should regenerate session ID on login. .Net forces doing this manually via session.abandon()

Saturday, February 01, 2014

Criteria for Distinguishing Credibility of Sources

As part of the curriculum SANS ISO 5000 / MGT305: Technical Communication and Presentation Skills for Security Professionals, students learn to consider the source when citing technical resources in white papers.

http://www.sans.org/course/technical-communication-presentation-skills-security-professionals

As I read the criteria for scholarly and non-scholarly sources, I think such critical thinking would benefit many companies that base decisions on media hype, fear, emotional arguments or personal agendas to make decisions. Critical review of sources will help flesh out faulty logic and lack of credibility of referenced sources. Checking credibility and track record of sources is always a good idea if you are basing a decision on what that source is saying whether it is a person or a document.

This class will possibly be very helpful at work. Sometimes it is difficult to sum up 20 years of experience in a conversation. Verbal explanations based on personal background and experience don't get the point across. Even a track record of successful projects with high ROI doesn't help. Writing a concise paper and citing numerous credible sources to back up years of experience could help people understand the need for the course of action being suggested.

Here is a description of the breakdown of scholarly and non-scholarly articles from Cornell University library (I'll save APA formatted citations for future white papers - this is just a casual blog full of notes for myself and anyone who cares to read):

http://guides.library.cornell.edu/scholarlyjournals

Scholarly or peer-reviewed journal articles are written by scholars or professionals who are experts in their fields. In the sciences and social sciences, they often publish research results.

Substantive news articles are reliable sources of information on events and issues of public concern.

Popular articles reflect the tastes of the general public and are often meant as entertainment.

Sensational intend to arouse strong curiosity, interest, or reaction. They are not factually accurate.

This type of critical thinking is really needed in all aspects of decision making in life. Sometimes it is difficult to distinguish the hype from the facts, and the emotional arguments from the logical conclusions. Consider the source. Evaluate the arguments.

People come to the table with beliefs systems and backgrounds that may make it difficult to see reality due to personal bias. Sometimes people have not researched the topic in depth before coming to a conclusion. Having solid sources won't fix faulty logic in a thought process clouded by emotions.  I would hope, however, that with enough facts, intelligent people could be persuaded even if they have strong personal opinions at the start of the document if the evidence warrants an alternative point of view.

---

Cornell would like you to know they give permission to cite the material referenced above:

http://olinuris.library.cornell.edu/ref/research/permission.html

Research & Learning Services
Olin Library
Cornell University Library
Ithaca, NY, USA