Today bad Guys shoot bytes more than bullets.(Security in kenya in a nutshell)

Posted: November 9, 2010 in Admin

Today bad folks shoot bytes more than bullets.

I always tell my friends the best anti-malware, anti-virus, anti-hacking is common sense.

Am writing this not as a security expert or working with some security firm but because I have interest in security and always learning and practicing stuff to do with pen-test, vulnerability assessments and security.

Why security? Security enables the following reliability, confidentiality and integrity of the information being transmitted. Reliability is being there when needed, confidentiality this to do with privacy (intellectual property rights and patents), Integrity -info received as it was sent not modified or altered.

In a nutshell I will highlight a few issues:

Networks:

Interconnection of the computer to share resources, networks have to be secure internally and externally this can be achieved by:

  • Wireless networks – When I walk around Nairobi with a borrowed laptop I tend to stumble upon so many unsecured networks, this is by using typical windows XP scan no need to use the likes of kismet and Netstumblers for most of the networks are always broadcasting. If you happen to get a secured one, passwords are easily guessed, or if you try cracking a password It doesn’t take long for one to connect. Security is of essence especially around hotspot, folks connects to a hotspot starts browsing not knowing someone is accessing file on their computer Shared folder (this a no brainer) no rocket science involved .I recently tried the Firesheep on a friend and it worked well thank God windows has a patch for that (Google is your best friend) and now BlackSheep, which serves as a counter-measure. BlackSheep combats Firesheep by monitoring traffic and then alerting users if Firesheep is being used on the network.
    BlackSheep does this by dropping ‘fake’ session ID information on the wire and then monitors traffic to see if it has been hijacked. Remedy secure you wireless networks with strong passwords, browse securely by encryption , shared folders should be unshared  while in public hotspots .
  • Firewalls -This includes filtering packets and ports to allow only genuine traffic in and out of the internal network. This can be achieved by deploying firewalls the hardware and software or configuration on router (Cisco is simpler).
  • Banners on network devices being accessed must have disclaimers (#unauthorized access will be prosecuted#).
  • Remote access to devices must be secure …do not use telnets (with Wireshark packets can be captured and passwords revealed) please use SSH (secure shell).
  • Network devices should not be left with default passwords visit http://www.phenoelit-us.org/dpl/dpl.html to see default passwords for various devices. Implement strong passwords (#4d01phU$Lw0v@*) not simple and guessable ones, do not write the passwords on some sticky notes or save them.
  • Separate internal networks according to departments and others .Different departments on different subnets (VLANs).
  • Physical access to devices should be controlled either by well secured locked doors or by only a certain MAC address allowed to connect to a port.

Workstation/PCs/Laptops

Most of us here in Kenya happen to be using free or pirated softwares (thank God I use Linux (open source)) most of this softwares are normally outdated and unpatched   the following are risks are involved;

  • Computer operating systems are never patched –most of us use pirated Microsoft products with vulnerabilities and holes discovered and patched years ago .This makes it easy to run old exploits and gain access to the machines easily here in Kenya.
  • Firewalls and anti-virus- Anti-viruses must be up to date to be able to detect, delete and neutralize viruses failure to which might cause a lot of distraction, windows firewalls too should be turn on. It is advisable to acquire legit anti-virus and install on your computer to download updates. Users must be educated on browsing, downloading freeware and visiting malicious websites which are normally source of viruses.
  • Downloading of freewares in the name of spyhunter or spamblocker is highly discourage ,this kind of software might removes all spywares but install there on to spy on you or install Trojans/ keyloggers and rootkits connecting to a remote server expositing your private data including passwords and personal info.
  • Humans being the worst enemy – do not to write passwords on sticky notes share passwords and use the same passwords to log onto different websites and applications.

E-Mails and Mail servers

Email is a vital part of communication in this age it can be sent and received from pc to handheld devices .We must ensure our emails are secure this involves;

  • Passwords –Use strong passwords and they have to be unique for every address simple passwords can be guessed easily this is risky for one who uses the same password for several email addresses.
  • Email client application-most us here use Microsoft outlook to pop and receive our emails, I performed an ARP poisoning on a network (was testing a network administered by a friend) using Cain& able with this I was able to get email addresses and there passwords (all the @theorganization.org) .this is because the email are never encrypted, outlook has the option of full encryption with SSL or use certificated.
  • Mozilla Firefox and Google chrome save the passwords in clear text if you agree to save the passwords, they can be accessed by anyone using the same browser this is risky especially for folks checking their mails from cyber cafes .Do not save the passwords is the browser if it is to be used by someone else other than you. Someone can use your email address maliciously.
  • Mail serversPort 25 on most mail servers I have checked on is normally open ,this is a risk because if someone telnets to the server via port 25 using a simple command prompt and some simple commands ,he can be able to send mails from you server (beware it can be used for uchochezi (incitation)).

Websites

Websites today have become a requirement, for business, cooperates, governments and personal use  Webhosting is affordable, more folks are having one online which is a good a thing. Are the websites secured? Web design now here in Kenya is affordable at KSH.2000 someone can develop one for you or with Dreamweaver, xampp and internet to download templates you are good to go .Folks concentrate more on the design and contents assuming security:

  • Copying JavaScript that they have no idea about how they function, most of the Java Scripts perform exactly what you want to do, but failure to understand the lines in the script is a security threat, some scripts expose your website to threats or simply give privileges to the person who created them (backdoors).
  • Unsecure code like the php scripts Sql commands exposes the website to xss(cross site scripting) and Sql injection which can lead to defacement and exposure of usernames ,passwords  and details stored in databases.
  • Joomla –This a web 2.0 CMS that is easy to use and develop a website , it has its shortcomings,  simply because one can download templates that they like and edit to come up with their  desired website , It is not so secure especially when one adds plug-ins that they barely know just to make their websites look good ,from experience hackers mostly target plug-ins that are vulnerable to  exploit them, It is advisable to download the plug-ins unzip them modify or simply check what it entails just to be sure. Another thing is the URL itself most Joomla websites are left to the default whereby if you add a suffix /administrator to the URL boom! You are greeted with enter username ,password  and language this is a security risk especially for  folks who write passwords on sticky notes, simple to guess passwords, sniffers capturing passwords and a colleague shoulder surfing while you are doing your thing. This can be rectified by Installing the jSecure Authentication plug-in where you can add a suffix to your back-end URL http://yousite/administrator?h3ll0w0rld , this will help only if you memorize the URL ,if anyone stumbles upon the password he/she will not be able to login in (/administrator = 405 error) .It’s a shame even government sites have not effected this.

That’s all for now, If you think some of this is scary unplug your network cable and play solitaire for the rest of your life.

The only way to know you are secure is to test it

Antiviruses,anti-malware, spyhunters, spam filters are like religion .There to give hope ..use your common sense.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s