Sunday, August 11, 2013

Write-Protect USB Drive

 Write protect USB flash drive in order to protect it from viruses and other malware programs.Because USB drives are widely used to move data between computers, these drives are the target for attackers to transfer virus etc from one computer to other. Data inside USB can easily be modified or deleted by malware programs. To write protect it, follow these steps:

 Step 1: Open the Registry Editor by opening the “Run” dialog box, type regedit and hit “Enter”).

 Step 2.Go to Registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\

  Step3: Right-click on Control, click on New->Key and name it as StorageDevicePolicies. Now a New Key named as StorageDevicePolicies is created.

 Step 4. Right-click on StorageDevicePolicies and create a New->DWORD (32-bit) Value and name it as WriteProtect

 Step 5: By double clicking on WriteProtect, set value 1 from 0. 
Now the right-protection for USB drives is enabled on your computer thus it would not be possible for anyone or any program to add/delete the contents from your USB flash drive. Any attempt to copy or download the files onto the USB drive will result following error message:

"Remove the Write Protection or Use another Disk" 


Action to Revert Back
To revert and remove the write-protection, all you need to do is just change the Value data for WriteProtect (Step-5) from 1 back to 0. Now write access to all the USB devices is re-enabled.

Monday, August 5, 2013

Computer Protection Steps which can be implemented by a non -IT person/ How to avoid intrusion in a computer

 
Earlier when technology was not advanced, human beings used to work in paper files and those documents used to be kept safely in almirah and if document was of utmost important that time there used to be a strong lock in order to have more protection and at times protection of room was also required. Whenever some mischievous people intended to steal the documents, they used to scan the building, room etc, purpose was to find out weakness in the building, room and almirah. Or we can understand it like if you do not lock your vehicle, it is insecure. Now we are living in a era of technology so things have changed a lot. Presently we use computer to store our documents, files and important conversation etc. So we need to protect our computer likewise, hackers try to find out loopholes in the computer and technology. Therefore you need to maintain your computer security in order to block all vulnerabilities.

Here are few suggestions for best computer protection which can be implemented to avoid intrusion into the computer:

Make sure that firewall is turned on. It is very vital tool to stop a cracker from gaining access to your computer. If it is home computer then single firewall is sufficient but in case of a organization's computer where data is more crucial, some hardware tools ie router which also comes with firewalls.


Install a legal and antivirus software, avoid using pirated one. Pirated antivirus program is not able to provide required protection. Do not forget to upgrade anti viruse or you can configure those for auto upgrade option. New viruses also come on daily basis, so regularly check the antivirus manufacturer's website for updates. Most antivirus programs are sold with annual subscriptions, which can be renewed as needed 

A computer virus is the common problem. Computer virus gets install into your computer system and as you run a program to which virus is already attached itself. Virus reproduces multiple copies of itself from your computer only.
One good example can be of "Trojan horse" programs. Trojan horse programs are similar to viruses, but these do not reproduce their multiple copies. Normally Trojan horses tries to install a malicious program into your computer. Sometimes due to malicious program into your computer, it may start doing some very funny activities like auto booting itself. If it  is your home computer the you may try some freely available anti virus programs like AVG, avast etc for best computer protection. Well established companies do offer free antivirus programs for best computer protection specially for home users.

Install anti spyware software, it stops a malicious user from peering into your computer. Malicious users quietly send spyware program to your computer so that without your consent they can theft the data or can produce advertisement popup whenever you browse internet or access social networking websites. Nowadays most of the operating system comes with inbuilt anti spyware programs but should be keep on upgrading your operating system in order to upgrade anti spyware.


Attentively download anything from internet or do not open an attachment which comes via email as it may contain some harmful exe (executable) files. As you click on those, they install malicious code in to your computer.

Upgrade operating system on regular basis because manufacturer periodically fix the security holes.

For emails try to use Microsoft outlook or windows email as they are quite capable to restrict the virus entry.


Do not forget to turn off your computer once you finish your work. Sometimes crime could take place just because the computer, built-in camera or printer etc was on. Sometimes crackers use your computer resources without your knowledge and they may indulge in some illegal activity.

Take regular backup, anytime anything may happen so better to be alert than sorry.

Nowadays almost everyone is on internet, visually roaming here and there, downloading and uploading files, If you are not careful then crackers may crash your computer, can send pop ups of bizarre messages.


Delete unknown emails; never click on advertisements links, or any link which directs you to some other website.


Computer must be password protected and password should be toughest so that it will be hard to crack.

Friday, August 2, 2013

Key challenges involved in penetration testing and vulnerability analysis of web applications

Penetration testing attempts to exploit any one of the vulnerabilities, weakness, technical flaws to gain unauthorized access. It is a method of evaluating the security of a computer system or network by simulating an attack by a malicious hacker. There are two types of penetration services:

Network Penetration Testing:
Network Penetration Testing attempts to break into a system’s network or servers. It involves use of tools, grab bags of tricks & exploits, network scanning, social engineering, port scanning etc.

Application Penetration Testing:
Application Penetration Testing does not involve network or servers. Its purpose is to find out the vulnerabilities in a software application using automated tools along with manual analysis. Usually a set of accounts is given to an auditor with varying level of privilege on the application, and is tasked to find  OWASP-type vulnerabilities in the application.

It helps in identifying vulnerabilities and risks in web applications. It helps in finding the vulnerabilities in URL manipulation, SQL injection, cross site scripting, back-end authentication, password in memory, session hijacking, buffer overflow, web server configuration, unauthorized logins, personal information modification, breach of customer trust etc 

Execution aspects of Web Application Pen Testing
It is a common myth that all security flaws can be detected by merely running automated tools.
Understanding the web application architecture and its business logic is the first and critical step in the security testing life cycle of web applications. Understanding of architecture, application functionality, interaction among various components of the application, data handled by the application, data flow, and the underlying technology is gained by browsing the application and detailed discussions with the system architects / developers of the application. 

Automated tools attempt to discover the structure of the application in one of the following two ways: In Spider mode the tool is given an initial starting URL of the application to be tested along with some information necessary to traverse through the application (e.g. credentials required for accessing the application). The second way is Manual recording mode where the security engineer browses through the application just as a typical user of the application would in the course of his normal interaction with the application. While this is going on, the tool captures and records information about pages visited as well as the data submitted. Automated tools cannot understand how data flows in the application, nor can they identify critical data in the application. Automated tools treat all portions of the application the same way because of this limitation. As a result, these tools cannot differentiate between critical and non-critical assets of the business application during the simulation of attacks. In order to overcome the deficiencies of these automated tools, human intervention and intelligent analysis is required. That is why assessing the security preparedness of the application is essential. Auditing an application for security involves interacting with the application designers and developers to discover the security mechanisms implemented within the application. For Example, the response of the software developers to an auditing question “Does any part of the application use dynamic SQL? If yes, how do you prevent SQL injection?” These type of questions help in determining whether SQL Injection is possible. The Analysis of  business processes and data is also a crucial part. This analysis is helpful in determining the application portions to be tested and vulnerabilities to be exploited. In an e-commerce application, critical business scenarios would be the login, shopping cart process etc

Understanding the attacker's view, characterizing the security of the system, and determining threats is not possible with automated tools. Automated tools cannot identify threats for a given application on their own. The Security Engineer needs to key in the threats into these tools. These tools are essentially helpful in storing the information about threats in a structured fashion. There are models like STRIDE and DREAD to categorize and rate the identified threats. These models are platform-and technology-neutral and can be used for threat modelling of most genres of applications.

Web applications have a number of well-known vulnerabilities like XSS, insecure session management. During the attack simulation the automated tool modifies the originally recorded requests and resubmits them using test data i.e. the injections database. Automated tools do these simulation attacks blindly without identifying the vulnerable fields or without understanding the underlying business logic. These attacks need to be supported by activities like threat modeling and test data creation to make them more effective.
For example, a securely designed application may respond to a simulated injection attack from a tool with a session logout. Since the tool has no way of detecting that it has been logged out, it continues to carry out its injections, unaware that the application is refusing to respond to these requests as these requests are from an expired session. As a result, the application is never really subjected to the number of attacks that the tool claims to have executed. Another example where these tools prove to be inadequate and the human touch is required is the detection of the stored XSS  vulnerability, which requires some understanding of how data flows through the application.

Testing business logic is not covered by automated tools. Most of the security testing efforts are concentrated on testing the well known vulnerabilities. There are various mechanisms and open source / commercial tools to test well known vulnerabilities. But hardly any efforts have been put into developing similar mechanisms and tools for business logic testing.

In an e-commerce application purchasing an item at $10 price or changing price of an item to $10 are potential threats. In a Leave Management application, being able to approve one's own leaves, or changing the leave balance are potential threats. Testing for such business scenarios using various techniques like escalation of privileges, session hijacking during the security testing efforts is essential.

Automated tools have a database of SQL constructs which they simply insert in every application request and the response is analyzed. These tools report the SQL injection vulnerability as being exploited incase there is no application error, unexpected input error etc.

This is an example of a false positive as we cannot solely rely on the vulnerabilities reported by tools. A sanity check and further analysis might indicate that the injection was not successful in the real sense i.e. no sensitive data was retrieved or deleted from database etc.

Another reason why analysis of results is important is the multiple occurrences of the same vulnerability.As discussed earlier, the automated tools simulate attacks blindly and they are not smart enough to analyze the results in real time. As a result these tools end up trying the same attack at all possible locations and report the findings. It is very important to analyze how many threats are actually exploited.

For example, while simulating XSS attack, these automated tools will try to inject scripts in all the fields. These tools will continue doing these injections even if they find that the application is vulnerable to XSS. Penetration testing involves exploiting security threats using both a manual and an automated approach. This uncovers various threats that can be exploited to harm the users and the application. The analysis phase now involves figuring out the actual loopholes which cause the threats. This would help to identify the vulnerabilities and the impact of those vulnerabilities on the entire application.

For Example, If we are able to gain administrator account access by manipulating some parameters, then we have exploited a threat in which a normal user can perform the functions of the administrator. Now the analyst knows that the underlying vulnerability is Insecure Id's and it's his job to find out the impact of this vulnerability on the entire application. This also helps in suggesting the appropriate mitigation strategies.
Suggesting mitigation strategies
Assessing web applications for security is not enough. Carrying out security testing and exploiting vulnerabilities is just half of the work; suggesting mitigation strategies for exploited vulnerabilities is also critical. Mitigation strategies help in preventing attackers from attacking the web application.

Some of the automated tools suggest mitigation strategies. These tools have repositories of
mitigation strategies for common vulnerabilities just like they have a repository of injections for attacks. Based on the attacks exploited these tools pick up a mitigation strategy associated with it and include it in the final report. The problem with these mitigation strategies is that these mitigation strategies are vanilla and popular and attackers often know how to bypass those mitigation strategies.

The Analysis phase consists of suggesting mitigation  strategies which are application specific on the basis of deep understanding of the application, underlying technology etc. This includes suggesting defense in depth kind of strategies i.e. strategies at different layers in the application which makes the software more secure. Hence, the mitigation strategies are not limited to the application but they also cover other components like web servers, application servers, database servers and so on.

Automated tools like Appscan and WebInspect scan the web application by crawling all user-visible pages and sending attack vectors for well-known vulnerabilities such as, cross-site scripting and SQL injection. Such penetration tests do not enumerate all possible vulnerabilities present in the application, for reasons discussed above, but are meant to gain unauthorized access. Vulnerability assessment, on the other hand, is performed by Test Analysts with the help of such scanning tools, and is expected to locate as many potential problems as possible.

With the web platform adding newer technologies all the time, like RIA (Web 2.0 rich Internet
applications), the automated tools end up playing a catch-up game while a Test Analyst is able to plug such gaping holes in the tool-based approach. For Ajax in fact, very few of the present-day tools are able to catch even all of the standard vulnerabilities.

Highly integrated applications are also difficult to scan using automated scanners. For example, webmail has always been tricky for the tools. The scanner in some cases has to learn how to send mail to itself and then analyze them, and in some cases it has to realize that the XSS filtering system can be used against itself.

Thursday, August 1, 2013

Web Application Security Preservation and Hacking

Are you sure that your web application is protected against cyber attacks? Is it possible for an attacker to get unauthorized access of your web application? Here I would like to focus on some of the major issues which need to be fixed while programming. Nowadays lots of automatic security audit tools are available in the market so it is better to use those tools however manual testing is a must for better and improved security.

Here, I am giving the parameters for better security measures:

Encrypted Login Pages:

 After user authentication is accomplished, lots of web applications use only Secure Socket Layer as a security measure, which is not a safe practice. After login, “Session Encryption” may be useful but failing to encrypt logins is like leaving the key in the lock when you’re done locking the door. SSL provides no protection beyond the session, and an SSL-enabled Web server cannot protect the text data file stored on the server. SSL provides no protection against Web-based attacks such as exploiting a flaw with a Common Gateway Interface (CGI) script. If your login form POSTs to an encrypted resource, in many cases this security can be bypassed by a malicious security cracker who deploys his own login form to access the same resource and he may get access to sensitive information.

Server Side Data Validation: 

At times hackers bypass JavaScript to submit the malicious data on your webserver therefore you need a good and proper validation on your webserver. Many web application’s forms include JavaScript data validation. A malicious security cracker can deploy a form of his own that accesses the resource at the other end of the Web page’s form action that doesn’t include any validation at all. Rejected Data must not be persisted to the data store unless it is scanned properly. This is a common mistake to log incorrect data and that may be what the attacker wishes your application to do.

In many cases of JavaScript form, validation can be bypassed by just deactivating JavaScript in the web browser or by using a Web browser that doesn’t support JavaScript at all. Some programmers validate the password at client-side. If you are one of those then better leave this practice as these login pages can expose the passwords to the end user via the ability to view page source or, allows the end user to alter the web form so that it always reports successful validation.

Secure/Encrypted Connections: 

Programmers commit a common mistake by using unencrypted connections such as unencrypted FTP or HTTP for Web site or Web server management. Unencrypted or weak connections can make your web application vulnerable via man-in-the-middle attacks and login/password sniffing. Always use encrypted protocols such as Secure Shell ( SSH) to access secure resources, using secure tools such as OpenSSH. It is a FREE version of the SSH connectivity tools that technical users of the Internet rely on. Once someone has gained your login and password information, that person can do anything you could have done.

Use strong, cross-platform compatible encryption: For secure data transfer use SSL ( Secure Socket Layer) certificate. Transport Layer Security (TLS) — the successor to Secure Socket Layer encryption can also be used. Make sure any encryption solution you choose doesn’t unnecessarily limit your end user base as this can lead to lesser web traffic.

Connect to a Secure Network: 
Avoid connecting with unknown networks or with known poor security network such as open wireless access points in coffee houses etc. This is especially important whenever you log in to the server or Web site for administrative purposes or access secure resources. If it is necessary to access the Web site or Web server using an unsecured network, use a secure proxy so that your connection to the secure resource comes from a proxy on a secured network. You can use a virtual private network (VPN) connection that encrypts all the data between a device and a VPN server on the other end.


Never Share Login Details: 
Shared login credentials can cause a number of problems for security. This applies not only to you, Web server administrator, but to people with login credentials for the website as well — even clients should never share login details. The more those are shared, the more difficult it is to establish an audit trail to help track down the source of a security breach or threat.

Prefer Key-based Authentication:
 Use cryptographic key-based authentication for password authentication. The distinguishing technique used in public key cryptography is the use of asymmetric key algorithms, where the key used to encrypt a message is not the same as the key used to decrypt it. Each user has a pair of cryptographic keys - a public encryption key and a private decryption key. The publicly available encrypting-key is widely distributed, while the private decrypting-key is known only to the recipient. Messages are encrypted with the recipient's public key and can only be decrypted with the corresponding private key.

Maintain a Secure Workstation: 
Work station audit is required in order to be sure that no key-logger or any other malicious software is lying on the computer. Because it can lead to un-authorised access to sensitive information regardless of all the security eg secured networks, encrypted communications, and other networking protections. If you connect to a secure resource from a client system and you are not sure about its security, then how can you be sure that someone isn’t “listening in” on everything that you are doing. So workstation auditing may be the only way to be sure, with any certainty, that your workstation has not been compromised.


For more articles visit www.cybersecuritydelhi.com

Email Security

Your organization security is at substantial risk if you have not implemented email security policy. Daily we all receive emails which con...