Security – Interface Technical Training https://www.interfacett.com Wed, 21 Jun 2017 19:26:18 +0000 en-US hourly 1 How Hackers Hack Your Assets – A Security Training Video for Everyone https://www.interfacett.com/blogs/hackers-hack-assets-security-training-video-everyone/ https://www.interfacett.com/blogs/hackers-hack-assets-security-training-video-everyone/#respond Thu, 25 May 2017 18:59:50 +0000 https://www.interfacett.com/?post_type=infct_blogpost&p=11457 In this training video, IT Security Instructor Mike Danseglio presents the philosophy and processes hackers engage in when trying to hack your information and assets. Interface Technical Training offers IT Security Certification Training classes. Our courses are available in class or online with our virtual instructor-led training product RemoteLive™. CompTIA Security + SEC155: CompTIA Security+ Skills … Continue reading How Hackers Hack Your Assets – A Security Training Video for Everyone

The post How Hackers Hack Your Assets – A Security Training Video for Everyone appeared first on Interface Technical Training.

]]>


In this training video, IT Security Instructor Mike Danseglio presents the philosophy and processes hackers engage in when trying to hack your information and assets.


Interface Technical Training offers IT Security Certification Training classes. Our courses are available in class or online with our virtual instructor-led training product RemoteLive™.


While this presentation is intended for System Administrators and those who defend assets, it’s really valuable for anyone who needs to understand how to protect and defend information.

Mike discusses the hacker’s attack methodology. From Setting Objectives, Recon, Exploitation and their need to hide what they’ve done.

Hacker Philosophy:

It’s important for those who need to protect their assets to understand the Hacker’s philosophy. There are three primary tenants to a hacker’s philosophy.

  1. Attackers do not typically attack strong points, they usually go after the weakest parts in an information system.
  2. Most attackers see defenses as obstacles or challenges.
  3. Once inside, attackers usually leave the door open to get back into your systems.

In this video, Mike presents an actual example of a successful malware attack and how the hackers where able to infiltrate a large consumer company.

Hacker Methodology:

Hackers usually have a well-established approach for attacking systems.

Their methodology begins by Setting Objectives. They evaluate what they want and why they want it.

Before a hacker begins to exploit information and assets, they will engage in a recon process to determine what systems (hardware and software) they will be working with. Only after they’ve gathered enough data to determine how they will attack then they will start the exploitation process of hacking information.

Throughout this entire process, hackers will hide what they are doing to avoid detection.

By learning how and why hackers attack, you’ll learn what steps you can take to help protect your information and simple solutions to further secure your environment.

IT Professionals who are involved with defending their information and environments can benefit by using security models such as the Defense In-Depth Model which addresses security processes of behavioral, physical and external and internal network security vulnerabilities in your environment.

Mike informs you that it’s not always about having the best firewalls to help defend your data. Simple vulnerabilities such as non-patched applications and data exchanges can be the weakest link in your environment which can be an easy entry point for a hacker. Mike also presents the simple mistakes we do in our physical environment that can open the door for hackers such as keeping our login and passwords visible in our workspace. IT Professionals can also utilize the Triad or Security – Usability – Cost Effectiveness when determining how to build and maintain their security implementation efforts.

Finally, you will learn about the Three Solution Pillars model of Security. This includes People, Process and Technology. When defenders are engaged in protecting information and assets, they begin with teaching people how to behave in a more secure way. Then the defender can evaluate the process of day-to-day security such as how they onboard new systems and patch existing ones.

For more information on IT Security, see our Tech Blogs and Training Schedule.

Mike Danseglio – CISSP, MCSE, and CEH

Mike Danseglio teaches IT Security Training, Windows, System Center and Windows Server 2012 classes at Interface Technical Training. His classes are available in Phoenix, AZ and online with RemoteLive™.

The post How Hackers Hack Your Assets – A Security Training Video for Everyone appeared first on Interface Technical Training.

]]>
https://www.interfacett.com/blogs/hackers-hack-assets-security-training-video-everyone/feed/ 0
CompTIA Security+ What Motivates People to Take Your Intellectual Property? https://www.interfacett.com/blogs/comptia-security-what-motivates-people-to-take-your-intellectual-property/ https://www.interfacett.com/blogs/comptia-security-what-motivates-people-to-take-your-intellectual-property/#respond Tue, 29 Nov 2016 16:31:48 +0000 http://www.interfacett.com/blogs/?p=?p=23711 CompTIA Instructor Steve Fullmer describes the importance of getting Security+ Certified. Security is no longer about the “haves” and the “have nots” a small group of people who are trying to take advantage of your possessions and intellectual property (IP). In the book ‘Tribal Leadership’ by Dave Logan, John King, Halee Fischer-Wright, they discuss the stages of … Continue reading CompTIA Security+ What Motivates People to Take Your Intellectual Property?

The post CompTIA Security+ What Motivates People to Take Your Intellectual Property? appeared first on Interface Technical Training.

]]>


CompTIA Instructor Steve Fullmer describes the importance of getting Security+ Certified.

Security is no longer about the “haves” and the “have nots” a small group of people who are trying to take advantage of your possessions and intellectual property (IP).

001-comptia-security-triable-leadership

In the book ‘Tribal Leadership’ by Dave Logan, John King, Halee Fischer-Wright, they discuss the stages of a tribal culture and the global concept behind this is that 2% of the population the population of the tribe or the planet by extension of all tribes in aggregate live in this undermining mindset of “All Life Sucks” they are disbanding people banding together to go towards a violent end. These are the people who vandalize your content – intellectual property.

We have 25% of the tribe who operate in a mindset of being apathetic victims. They’re looking for more. When you think about the technology that you utilize every day such as your telephone and texts, a large percentage of the world doesn’t have this technology and want it. The way they can acquire this technology is to take it away from you.

What does this represent in terms of numbers?

002-comptia-security-triable-leadership

We have a global population of over 7 billion people. 2% represents a 148 million people who want to vandalize content to make their lives to what they perceive as “better” or “best as they can get it”.

We have almost 2 billion people that are the “apathetic victim”.

You need to have not only the knowledge of what they’re approach is to try to take you intellectual property or assets away, what you need to do is have a layered approach. You need to have determents in place that hold these people away and you need to prevent them from getting into the inter layers and you need to be able to detect, prevent and lock down your important assets.

It’s not just good enough to understand these possible threats. In our CompTIA Security + Certification class you need to learn more than just the vocabulary to pass the certification, you need to learn more.

003-comptia-security-triable-leadership

Security amongst the fifteen top paying IT jobs ranks six of them. From Certified Information Security Manager (CISM), Certified Information Systems Professional (CISSP), Certified Information Systems Auditor (CISA), Certified Ethical Hacker (CEH) etc. CompTIA Security + Certification is just below these fifteen professional certifications as the entry level certification you need to get started in the IT Security Industry.

In CompTIA Security + you understand the basic tools set and vocabulary you need to be able to prepare yourself to defend your intellectual property, employees and systems.

004-comptia-security-triable-leadership

Security + is considered an Intermediate CompTIA certification. You will need basic CompTIA A+ skills as it’s the prerequisite to take the Security+ class.

Here it is determined to be an intermediate skill-set.

054-comptia-security-triable-leadership

There are additional more advanced Certification such as CISSP, CEH etc. that are on the track as you move forward but you will need to obtain the certificate of Security+’s basic skills before you can move on.

It’s not good enough for example if you’re protecting you house to just put a sign up that says “Beware of Dog” as a security monitoring system that will stop an intruder. There are too large a number of people who are just casually trying to make their lives better by taking advantage of what you have or what you know. This is what CompTIA Security+ is about.

I look forward to seeing you in the classroom, or online!

Steven Fullmer
Interface Technical Training Staff Instructor

Steve teaches PMP: Project Management Fundamentals and Professional Certification, Windows 10, and CompTIA classes in Phoenix, Arizona.

The post CompTIA Security+ What Motivates People to Take Your Intellectual Property? appeared first on Interface Technical Training.

]]>
https://www.interfacett.com/blogs/comptia-security-what-motivates-people-to-take-your-intellectual-property/feed/ 0
Installing Synaptic Package Manager in Kali Linux https://www.interfacett.com/blogs/installing-synaptic-package-manager-in-kali-linux/ https://www.interfacett.com/blogs/installing-synaptic-package-manager-in-kali-linux/#comments Tue, 08 Nov 2016 20:06:24 +0000 http://www.interfacett.com/blogs/?p=?p=22953 Kali Linux is a fantastic operating system for penetration testing and security evaluation. It comes with virtually all security tools built in, it’s lightweight by default, and it has a huge ecosystem that is constantly helping with the project. A great benefit of using Kali comes from the larger Linux community. Open source repositories are … Continue reading Installing Synaptic Package Manager in Kali Linux

The post Installing Synaptic Package Manager in Kali Linux appeared first on Interface Technical Training.

]]>
Kali Linux is a fantastic operating system for penetration testing and security evaluation. It comes with virtually all security tools built in, it’s lightweight by default, and it has a huge ecosystem that is constantly helping with the project.

A great benefit of using Kali comes from the larger Linux community. Open source repositories are common and can deliver virtually any kind of software you might want. You just need to know where to look, and hopefully the name of the package that you want.

One package that I install on every Kali installation is Synaptic Package Manager. It is a GUI-based utility that lets me search for packages across a variety of repositories and install them with two clicks. Synaptic is a mainstay of many Linux distributions because it is simple to use and provides a usable front-end while leveraging the existing Linux package framework. A less recognized benefit is that Synaptic automatically filters out packages that will not run on the current system due to architecture differences, system requirements, and so on. What’s not to love about that?

To install Synaptic Package Manager on Kali Linux, first open a Terminal window.

If you’re not logged in as root type su to become root. You can also preface the next statement with sudo for the same effect.

Next run apt-get update to update the package list.

Then the important bit, run apt-get install synaptic.

001-Installing-Synaptic-Package-Manager-in-Kali-Linux

Press Y and the installation begins. Once the installation is complete you’ll see the terminal prompt.

002-Installing-Synaptic-Package-Manager-in-Kali-Linux

Once installation is complete you can find LibreOffice on the Applications menu or on the quick launch bar.

003-quick-launch-Synaptic-Package-Manager-in-Kali-Linux

When you fire up Synaptic it will take a moment to scan the repositories and packages. Finally, the main Synaptic window appears.

004-quick-launch-Synaptic-Package-Manager-in-Kali-Linux

Notice that there are more than 48000 available packages in the list. That’s why I have rarely been unable to locate a package that meets my needs. I recommend that you click the Search button on the toolbar instead of navigating the menus. It will save you a lot of scrolling time and let you get back to hacking faster.

Enjoy!

Mike Danseglio – CISSP, MCSE, and CEH

Mike Danseglio teaches IT Security Training, Windows, System Center and Windows Server 2012 classes at Interface Technical Training. His classes are available in Phoenix, AZ and online with RemoteLive™.

The post Installing Synaptic Package Manager in Kali Linux appeared first on Interface Technical Training.

]]>
https://www.interfacett.com/blogs/installing-synaptic-package-manager-in-kali-linux/feed/ 5
CompTIA Security+ An Approach Toward Physical Security https://www.interfacett.com/blogs/comptia-security-an-approach-toward-physical-security/ https://www.interfacett.com/blogs/comptia-security-an-approach-toward-physical-security/#respond Mon, 29 Aug 2016 20:29:58 +0000 http://www.interfacett.com/blogs/?p=?p=23279 For many IT professionals, Security+ is their first exposure to planning facility security.   Comprehensive, layered security is always the best solution. With unlimited resources you can place cameras everywhere, key or card access systems at every door, signage throughout a facility, frequent training and user education, security guards, secured guest and public meeting areas, or … Continue reading CompTIA Security+ An Approach Toward Physical Security

The post CompTIA Security+ An Approach Toward Physical Security appeared first on Interface Technical Training.

]]>
For many IT professionals, Security+ is their first exposure to planning facility security.   Comprehensive, layered security is always the best solution. With unlimited resources you can place cameras everywhere, key or card access systems at every door, signage throughout a facility, frequent training and user education, security guards, secured guest and public meeting areas, or even remodel a building with the latest security features.  Given limited resources, the placement of security features can be a challenge.

For instructor-led learning classes, see our complete CompTIA training schedule.

The defense in depth model (shown below), identifies physical security as the secondary layer of security. Physical security includes all of the elements necessary to secure a business site.

01-Security+An-approach-toward-physical-security

The CompTIA SY0-401 objectives provide the following list of physical security controls.

  • Hardware locks
  • Mantraps
  • Video surveillance
  • Fencing
  • Proximity readers
  • Access list
  • Proper lighting
  • Signs
  • Guards
  • Barricades
  • Biometrics
  • Protected distribution
  • Alarms
  • Motion Detection

When making decisions regarding the selection and placement of physical controls, four control types should be considered in succession from the outermost to inner most locations of the business facility.

  1. Deterrent controls are designed to dissuade an attacker from attempting the attack and should be placed at the outermost perimeter(s) of the business facility.
  2. Detective controls are intended to identify an attack or incident in progress (including incidents eventually identified as false alarms). Detective systems typically record violations, sound alarms, and/or notify security personnel though do not commonly result in automated responses or actions. Controls within the detective category may include logs files that are manually audited after an incident rather than detecting the incident during the attack. Detective systems are typically placed on the exterior of the building, or target the entry and exit points throughout the building. Entry and exit points may include transitions between building zones.
  3. Preventive controls are intended to prevent an incident from doing harm to or creating a loss of business assets. Remember that employees are a critical asset rather than focusing solely on information technology systems and data storage. Preventive systems typically include a detective element that results in automated reaction of a preventive nature.  Doors with fail safe, fail open, or fail closed mechanisms would be included in the preventive controls list.
  4. Compensating and corrective controls limit the damage that occur as a result of an incident, though do not directly prevent the incident from happening.

The real world seldom mimics the ideal. Test candidates that rely on their experience or exposure to physical security controls may struggle to place physical controls in the ideal location when prompted on the exam.

Although real world scenarios do not always accommodate the perfect layout of a facility, Security+ exam scenarios are designed to afford ideal implementations. For instance, the data center or server room should always be placed in the centermost portion of the facility, with solid walls, floors, and ceilings other than HVAC access. Central placement of the data center protects the most important data components (the core of the defense in depth model).  In the real world, placement of the data center or server racks is often an afterthought that follows the placement of office spaces. Although glass windows and doors make for an excellent promotional display of a company’s technology, they are considered to weaken security rather than a control that allows attack detection.  When you are asked about facility layouts on the Security+ exam, always place the datacenter within the core of the building. Consider employee safety and security over employee comfort and convenience.

Deterrent controls include fencing, barriers, video surveillance, proper lighting, on premise security officers, and signage. Place as many of these as possible exterior to the building.

Detective controls include alarm inducing systems (smoke, fire, door sensors, motion detection, glass breakage, pressure plates and door magnets), access lists and sign-in sheets, and potentially a guard monitored sign-in desk. Video surveillance systems may be used for detection, though are slightly weighted toward deterrent use on the exam.  Door access controls that include identification or authentication systems, including keyed access and proximity card readers are considered detection systems. The use of door access controls commonly separate public areas from employee accessible areas of the facility.

Prevention controls include hardware locks, mantraps, and biometric systems. These solutions effectively dramatically reduce the opportunity for attackers to acquire business assets. Specialized server racks are also considered a prevention control. Examples of the latter include seismically braced racks, enclosed power and data distribution runs, and locking cabinets.  Vaults and safes are also considered prevention controls.

Remembering that incidents include natural and accidental system or business disruption, compensating and corrective controls are more commonly associated with response to related outages. Examples include UPS, component redundancy, and generators.

In addition to controls listed within the SY0-401 objectives, you also need to consider placement and configuration of wireless access points to prevent war-driving, access to Wi-Fi Protected Setup (WPS) pins, and unauthorized connection by authorized visitors.

There are several specialized physical controls whose placement is predicated upon their purpose rather than classification:

  • Protected distribution. The use of casing, acoustic, electrical, or electromagnetic controls used with wire or fiber-optic lines and connection points that prevent disruption or unencrypted transmission. Physical placement is dependent upon location at which communication lines enter/exit the building.
  • A plenum is a space designed to facilitate pathways for HVAC and other building systems that also prevent the spread of fire.
  • Server operations monitoring. Monitoring equipment would be placed within the operations center, with the alarm components either centralized or distributed depending on the nature of the condition being monitored.
  • Heating and ventilation control system placement are often predicated upon the geographic region in which operations are conducted (which affect ambient temperature, humidity, and airflow requirements), the square footage of the facility, the specific needs of the operation center, and related building codes.

When you encounter a question about the placement of physical security controls, start either from the perimeter and work your way inside, or the core of the building and work your way to the outside. Place your specialized controls based upon building layout.

This approach will serve you well on the exam and in the real world.

I look forward to seeing you in the classroom, or online!

Steven Fullmer
Interface Technical Training Staff Instructor

Steve teaches PMP: Project Management Fundamentals and Professional Certification, Windows 10, and CompTIA classes in Phoenix, Arizona.

 

The post CompTIA Security+ An Approach Toward Physical Security appeared first on Interface Technical Training.

]]>
https://www.interfacett.com/blogs/comptia-security-an-approach-toward-physical-security/feed/ 0
Installing Every Possible Penetration Testing Tool in Kali Linux https://www.interfacett.com/blogs/installing-every-possible-penetration-testing-tool-in-kali-linux/ https://www.interfacett.com/blogs/installing-every-possible-penetration-testing-tool-in-kali-linux/#respond Tue, 17 May 2016 21:00:46 +0000 http://www.interfacett.com/blogs/?p=?p=22909 Kali Linux is a fantastic operating system for penetration testing and security evaluation. It comes with virtually all security tools built in, it’s lightweight by default, and it has a huge ecosystem that is constantly helping with the project. Kali recently began moving towards a rolling distribution. This allows both the core Debian operating system … Continue reading Installing Every Possible Penetration Testing Tool in Kali Linux

The post Installing Every Possible Penetration Testing Tool in Kali Linux appeared first on Interface Technical Training.

]]>
Kali Linux is a fantastic operating system for penetration testing and security evaluation. It comes with virtually all security tools built in, it’s lightweight by default, and it has a huge ecosystem that is constantly helping with the project.

Kali recently began moving towards a rolling distribution. This allows both the core Debian operating system components and the applications to update much more frequently with fewer dependency breaks. This is big deal, both because all future development will be on the rolling distribution and because the current distribution will not be supported after April 15th 2016.

This nearly-constant update rhythm is great for penetration testers. Kali will now have the very latest builds of essential tools like Metasploit, Kismet, and aircrack-ng. It will also get Debian Linux updates more frequently to support newer hardware and integrate bugfixes.

A frequently overlooked detail when installing Kali is that the installation ISO comes with only some of the available penetration testing tools. Kali’s developers and distribution owners make an effort to strike a balance between including all tools by default and the ever-increasing size of the ISO. There are also some tools that won’t work on some systems, like the GPU brute-force cracking tools that only work with specific video cards. In that light, it makes sense to leave some tools out.

What’s great is that installing the full set of tools is very simple. First, open a Terminal window.

If you’re not logged in as root type su to become root. You can also preface the next statement with sudo for the same effect.

Next run apt-get update to update the package list.

001-Possible-Penetration-Testing-Tool-in-Kali-Linux

Now run apt-get install kali-linux-all.

002-Possible-Penetration-Testing-Tool-in-Kali-Linux

This command installs all possible penetration testing tools from the Kali repository. You can see that on my fully updated installation, Kali has 435 extra tools that it can install.

There’s always a downside though. Here, the downside is that much more space will be used. As a reference, my Kali Linux installation now takes up 15.1 GB of space, compared to about 10 GB from a fresh installation. In my opinion this is a worthwhile trade-off, and I always install all tools on my Kali systems.

Enjoy!

Mike Danseglio – CISSP, MCSE, and CEH

Mike Danseglio teaches IT Security Training, Windows, System Center and Windows Server 2012 classes at Interface Technical Training. His classes are available in Phoenix, AZ and online with RemoteLive™.

The post Installing Every Possible Penetration Testing Tool in Kali Linux appeared first on Interface Technical Training.

]]>
https://www.interfacett.com/blogs/installing-every-possible-penetration-testing-tool-in-kali-linux/feed/ 0
The Importance of Updating Kali Linux Rolling Distribution https://www.interfacett.com/blogs/the-importance-of-updating-kali-linux-rolling-distribution/ https://www.interfacett.com/blogs/the-importance-of-updating-kali-linux-rolling-distribution/#comments Wed, 27 Apr 2016 16:15:24 +0000 http://www.interfacett.com/blogs/?p=?p=22852 Kali Linux is a fantastic operating system for penetration testing and security evaluation. It comes with virtually all security tools built in, it’s lightweight by default, and it has a huge ecosystem that is constantly helping with the project. Kali recently began moving towards a rolling distribution. This allows both the core Debian operating system … Continue reading The Importance of Updating Kali Linux Rolling Distribution

The post The Importance of Updating Kali Linux Rolling Distribution appeared first on Interface Technical Training.

]]>
Kali Linux is a fantastic operating system for penetration testing and security evaluation. It comes with virtually all security tools built in, it’s lightweight by default, and it has a huge ecosystem that is constantly helping with the project.

Kali recently began moving towards a rolling distribution. This allows both the core Debian operating system components and the applications to update much more frequently with fewer dependency breaks. This is big deal, both because all future development will be on the rolling distribution and because the current distribution will not be supported after April 15th 2016.

This nearly-constant update rhythm is great for penetration testers. Kali will now have the very latest builds of essential tools like Metasploit, Kismet, and aircrack-ng. It will also get Debian Linux updates more frequently to support newer hardware and integrate bugfixes.

There’s always a downside though. Here, the downside is that you need to update Kali more often. As an example, I installed Kali yesterday and immediately ran apt-get update and apt-get dist-upgrade to update the installed components. That’s to be expected, the installation ISO was built weeks ago. What I did not expect was that this morning I also checked for updates. After only one day, here’s what I see:

001-Kali-Linux-Rolling-Distribution

So in less than 24 hours with the default Kali Linux installation I went from fully up-to-date to needing 32 packages.

The benefits of frequent updates outweigh the drawbacks. But you need to ensure that you regularly update Kali. Otherwise you’re missing out on this amazing benefit.

Enjoy!

Mike Danseglio – CISSP, MCSE, and CEH

Mike Danseglio teaches IT Security Training, Windows, System Center and Windows Server 2012 classes at Interface Technical Training. His classes are available in Phoenix, AZ and online with RemoteLive™.

The post The Importance of Updating Kali Linux Rolling Distribution appeared first on Interface Technical Training.

]]>
https://www.interfacett.com/blogs/the-importance-of-updating-kali-linux-rolling-distribution/feed/ 1
CEHv9 Certified Ethical Hacking – White Hat vs. Black Hat – Why Ethical Hacking is important https://www.interfacett.com/blogs/cehv9-certified-ethical-hacking-white-hat-vs-black-hat-why-ethical-hacking-is-important/ https://www.interfacett.com/blogs/cehv9-certified-ethical-hacking-white-hat-vs-black-hat-why-ethical-hacking-is-important/#respond Wed, 16 Mar 2016 19:48:21 +0000 http://www.interfacett.com/blogs/?p=?p=22741   Transcription I’m Mike Danseglio, and I’m an instructor here at Interface Technical Training. One of the classes I teach here at Interface is Certified Ethical Hacking CEHv9. I Ethical hacking is a critical skill-set for anybody to have that’s in IT Security. Ethical Hacking is all about learning how hackers attack systems, how they … Continue reading CEHv9 Certified Ethical Hacking – White Hat vs. Black Hat – Why Ethical Hacking is important

The post CEHv9 Certified Ethical Hacking – White Hat vs. Black Hat – Why Ethical Hacking is important appeared first on Interface Technical Training.

]]>

 


Transcription

I’m Mike Danseglio, and I’m an instructor here at Interface Technical Training. One of the classes I teach here at Interface is Certified Ethical Hacking CEHv9. I Ethical hacking is a critical skill-set for anybody to have that’s in IT Security.

Ethical Hacking is all about learning how hackers attack systems, how they look for vulnerabilities, how they examine systems, how they check security, how they use IT techniques and tools that typical IT users would use but in a negative way, in a very bad way, to try to find compromises and vulnerabilities to destroy businesses, extort money, steal, loot, and to do all kinds of very negative, nasty things.

White Hat vs. Black Hat

There’s a differences in the skill-sets here between the IT Professionals that usually Defend systems (White Hat).

They typically understand these are good practices. It’s good to have a firewall in place. It’s good to have a malware scanner in place. It’s good to isolate networks.

That’s not a bad skill-set to have, but a different skill-set is what an Attacker brings to the equation.

The attacker, or (Black Hat), typically brings to the table more of a skill-set of, “I know what the defenders are usually going to do”. They’re usually going to have a firewall. They’re usually going to have malware scanners. What kind of ways can I work around the malware scanners? What different kind of exploits or vulnerabilities can I find in the firewall so that I don’t have to worry about those firewalls stopping my attack? How do I work, how do I get my nefarious negative job, with all of those defenses in place?”

Learning those techniques of the attacker, understanding the “other-side” of IT Security helps enormously to protect a network. Because when you think as an attacker, you think, “I’m setting up this firewall, and it’s this, and it’s that, and the other.” But I wonder how an attacker would look at the firewall. An attacker might use this tool, might use this technique, might probe this way.

While I should have defenses against that, let me find out by banging on the thing, by throwing scanners, Nmap throwing Metasploit at it and other different kinds of spectrum tools, both very focus and very broad at this defense and see, “Does it hold up?” Because this is what an Attacker is going to do.

Not, in theory, theoretically, yes, that firewall should protect against this but in practice, how many times do you try to hack your own firewall to see if you can? That’s what we learned in CEHv9 Certified Ethical Hacking, being able to actually test the defenses with real tools and real techniques that attackers use. That’s the difference between just learning how to protect, and learning how to check the protection, and find the vulnerabilities before an attacker finds them.

Mike Danseglio – CISSP, MCSE, and CEH

Mike Danseglio teaches IT Security Training, Windows, System Center and Windows Server 2012 classes at Interface Technical Training. His classes are available in Phoenix, AZ and online with RemoteLive™.

The post CEHv9 Certified Ethical Hacking – White Hat vs. Black Hat – Why Ethical Hacking is important appeared first on Interface Technical Training.

]]>
https://www.interfacett.com/blogs/cehv9-certified-ethical-hacking-white-hat-vs-black-hat-why-ethical-hacking-is-important/feed/ 0
Performing Root Tasks as a Non-Root User in Kali Linux https://www.interfacett.com/blogs/performing-root-tasks-as-a-non-root-user-in-kali-linux/ https://www.interfacett.com/blogs/performing-root-tasks-as-a-non-root-user-in-kali-linux/#respond Mon, 14 Mar 2016 16:07:26 +0000 http://www.interfacett.com/blogs/?p=?p=22725 Kali Linux is a fantastic operating system for penetration testing and security evaluation. It comes with virtually all security tools built in, it’s lightweight by default, and it has a huge ecosystem that is constantly helping with the project. For instructor-led Security training see our course schedule.  I created a new installation of Kali Linux … Continue reading Performing Root Tasks as a Non-Root User in Kali Linux

The post Performing Root Tasks as a Non-Root User in Kali Linux appeared first on Interface Technical Training.

]]>
Kali Linux is a fantastic operating system for penetration testing and security evaluation. It comes with virtually all security tools built in, it’s lightweight by default, and it has a huge ecosystem that is constantly helping with the project.

For instructor-led Security training see our course schedule

I created a new installation of Kali Linux recently. One of the first post-installation tasks I did was to create a new user for daily use. Running as root all the time is a horrible security practice, so I recommend that you create a new user as soon as possible after installation.

However, root privileges are required for many tasks in Kali. For example, running apt-get to update software fails as a non-root user:

001-running-apt-get-in-Kali-Linux

A little trick is helpful here. The su command is a Linux command that temporarily switches the context of Terminal commands into the root user. This means that new commands issued after typing su (and providing the password for root) are executed as root.

To do this, just type in su and press enter. You’ll be prompted for the password.

002-Root-Tasks-as-a-Non-Root-User-in-Kali-Linux

Notice the prompt has changed from user@machine to root@machine. That’s the reminder that you’re now executing commands as root. This allows me to complete the earlier operation successfully, as shown here.

003-successfully-running-Root-Tasks-as-a-Non-Root-User-in-Kali-Linux

Now you can execute multiple root commands while remaining logged in as a non-root user.

Enjoy!

More Kali Linux Blogs:
How to Create a Bootable USB Installation for Kali Linux

Here’s how you can make your own bootable Kali Linux installer on USB

Adding a New Non-Root User in Kali Linux

 

Mike Danseglio – CISSP, MCSE, and CEH

Mike Danseglio teaches IT Security Training, Windows, System Center and Windows Server 2012 classes at Interface Technical Training. His classes are available in Phoenix, AZ and online with RemoteLive™.

The post Performing Root Tasks as a Non-Root User in Kali Linux appeared first on Interface Technical Training.

]]>
https://www.interfacett.com/blogs/performing-root-tasks-as-a-non-root-user-in-kali-linux/feed/ 0
The Importance of Maintaining Apple iPhone Security Engineering – Technology – People – Process https://www.interfacett.com/blogs/the-importance-of-maintaining-apple-iphone-security-engineering-technology-people-process/ https://www.interfacett.com/blogs/the-importance-of-maintaining-apple-iphone-security-engineering-technology-people-process/#respond Mon, 22 Feb 2016 18:03:38 +0000 http://www.interfacett.com/blogs/?p=?p=22498   Video Transcription: I’m Mike Danseglio, and I’m an instructor here at Interface Technical Training. I teach IT Security courses, so I’m plugged-into a lot of what goes on in the security field. I keep abreast of situation. I tend to write a lot of blogs around what’s going on in security and how to … Continue reading The Importance of Maintaining Apple iPhone Security Engineering – Technology – People – Process

The post The Importance of Maintaining Apple iPhone Security Engineering – Technology – People – Process appeared first on Interface Technical Training.

]]>

 


Video Transcription:

I’m Mike Danseglio, and I’m an instructor here at Interface Technical Training. I teach IT Security courses, so I’m plugged-into a lot of what goes on in the security field. I keep abreast of situation. I tend to write a lot of blogs around what’s going on in security and how to do different things.

This is a bit of a tangent for me. I don’t usually comment on current events. I consider that usually a taboo space, but I wanted to talk a little bit about what’s going on at the moment with Apple Computing, and US Government, and data privacy.

This week, Tim Cook released an open letter on his website, Apple.com, regarding a request from a court for Apple to assist them in compromising the data security of an iPhone. I’ve been getting a lot of questions around it, a lot of comments, a lot of people asking for opinions. To be very clear, it’s separated into a few different spaces Technology / People / Process.

Technology:

From a technology perspective, it’s a nonissue. Technology wise, yes, absolutely. Apple could do what they’re being asked to do. It’s not a question of “If.” It’s more a question of “Should.”

Apple is, in the way they implement security in their iPhones and their iOS devices, they’re doing a fairly good job of adhering to what we call “Best-Practices.” They do not have escrow keys. They do not have backup keys on their servers. The keys for the encryption of these devices resides entirely on the device.

That key, optionally, will self‑destruct after X amount of bad attempts. In this case, 10 bad attempts to open up that key or to access that key means that the device itself will destroy the key, rendering the data unusable. It doesn’t render the device unusable. It renders the key unusable.

That’s good practice. Generally speaking, in cryptography, we’d rather destroy the keys than have unauthorized access to those keys. That’s a great thing. However, that’s not very great when you don’t have access to the keys and you want to have access to that data.

What Apple’s being asked to do is to help circumvent part of the security scheme. They’re not being asked to rewrite cryptography. They’re not being asked to change the bit‑ness, or the strength, or the cypher. They’re not being asked for key escrow. What they’re being asked for is indefinite attempts at group brute-forcing a key, which is trying every possible key until one works.

On a typical iPhone, you either have a four‑digit PIN which could be up to 10,000 combinations, or you have a six‑digit PIN, which could be up to a million combinations.

On a modern computer, how fast could we type those?

If we have an automated device that types these in, for example, if you go to IKEA and you see the mechanical arm pressing down on the mattress, and you do that kind of thing – like a Rube Goldberg pressing on an iPhone. 1,2,3,4 that didn’t work…. 1,2,3,5 that didn’t work…etc…. That’s a fair attempt. Can it be automated? Absolutely.

If Tim Cook allows the engineering to happen that makes it possible to brute force keys by trying an infinite number of combinations on a device until one works, without the device forgetting the keys and locking itself, what that means is that eventually, anyone that wants to attack that device will be able to be successful.

Is that a good thing or a bad thing? From a technology perspective, it’s just another thing. It doesn’t matter. The tech really doesn’t matter here. What matters is the request and to some degree, the insight behind the request.

To give you a bit of perspective, I go to a lot of security conferences. Some of them, I watch presenters that are defenders and protectors and security designers. Other times, I go to conferences and I see hackers, and attackers, and people that literally teach or present sessions while they’re wearing a ski mask or an Anonymous mask, because they don’t want their identity to be known.

The folks at those conferences where we have bad people ‑‑ the attackers ‑‑ once they know that it is possible to circumvent a security element like this, they’ll absolutely find a way.

I can assure you that if Apple engineers a way around the device locking ‑‑ the forgetting of the keys ‑‑ what’s going to happen is attackers will find a way to make that happen on any device they want. It won’t be a matter of “If,” it will be a matter of “When.” Will it take a month? Will it take three months? Will it take six months?

That’s not based on conjecture and hearsay. That’s based on years and years of me seeing technology show up and attackers spend 24 hours a day, seven days a week, hip‑deep in assembly code, and debugging code, and devices attached to oscilloscopes, until they figure out, “This is how I can make it happen.”

Today the iPhone doesn’t have that capability. An attacker simply cannot engineer that kind of attack. There’s no capability.

People:

I don’t say this lightly or often. The engineers in Apple did a great job on security by making sure attackers cannot circumvent that 10 attempts and then the key gets forgotten. They did a fantastic job.

If they intentionally introduce a flaw into that, whether it’s a standalone tool, or part of a Core iOS, or anything like that, attackers will find that vulnerability and be able to exploit it to unencrypt and access any iOS device. It’ll be a question of time, and to some degree, money.

You might think, “Attackers? That’s Matthew Broderick in ‘WarGames.’ That’s some kid in the basement. That’s Sandra Bullock clicking on a pie symbol at the bottom of a Web page. That’s not real. That’s not really a big threat.”

First of all, that’s wrong perception. Today, attackers are usually part of large conglomerates, large organizations, crime organizations, crime syndicates worldwide, that are well‑funded, that send their attackers to training that get them practice so they can do what they’re doing, because there’s profit to be made.

Let’s say I happen to work at Yahoo, and I’m competing with Google, and I happen to be at a Starbucks that’s in between the two campuses, and I find a Google executive’s phone. Wouldn’t I want to be able to give that to some “Contractor” who’s also an attacker, and say, “Here’s $10,000 give me the contents of that phone.”

Right now, if it’s an iOS device like an iPhone and the person says “Here’s some money. Crack that phone.” The answer is, “I can only try it 10 times and then I’m locked out. I don’t really have access to it.” However, if this order is complied with, the answer will be more like, “Yeah. It’ll take a little bit of extra time. It’ll be a little extra money, but I can do it.”

Industrial espionage is very real. State espionage is very real. Foreign countries often do information warfare ‑‑ cyber warfare. Happens constantly, we just don’t hear about it very much. In mainstream, we don’t hear about it very much. It’s not that big of a deal until it is ‑‑ until this kind of thing happens in the real world, and a real device with real important secrets gets compromised.

As a security practitioner,  I try desperately hard over, and over, and over again, to make sure there are no design flaws introduced in security systems.

However, this Federal Order to Apple is indicating to me that this organization that’s done a really good job with security is being asked to design a flaw into their system ‑‑ not temporarily, because it’s very clear they can’t temporarily do anything.

Once they design this kind of vulnerability, even if they’re assured that this vulnerability will only be used one time, that’s NOT TRUE. That’s complete and utter nonsense. It will never only be done once.

Once a prosecutor says, “Look! This other prosecutor got this data off an iPhone because they went to Apple and said, ‘You need to give it to us,’ and Apple said, ‘OK, here you go.'”

Do you think other prosecutors aren’t going to do that? Do you think other governments aren’t going to go to Apple and say, “You did it for the US Government. You want to sell product here, you treat us equally.”

The European Union, I assure you, will say ‑‑ and rightfully so ‑‑ “If you’re going to do it for one, you got to do it for the other. You sell your products here and there, you’ve got to treat us equally.” It’s very much a Pandora’s Box, once you open it, there’s going to be no closing it.

Process:

The other aspect of this is the Process aspect of it. I talk usually about People Process, and Technology. The technology I’ve already described is moot. It doesn’t matter. The technology is there. People: I think we’ve talked about little bit already, the Tim Cook versus others.

The Process side of how this gets handled is another important bit.

Apple very clearly says ‑‑ and I believe it, having worked at Microsoft long enough and seen it on that side ‑‑ that they comply with court orders. They comply with warrants. They comply with subpoenas. They do, I’m quite certain that they do. I’m quite certain they worked with law enforcement extensively before this letter showed up ‑‑ before this warrant got served.

I have no doubt of that at all because no one wants terrorists to go free. No one wants pedophiles to be free. We want these people in jail. I’m sure Apple did everything they could. The problem is, once this happens, once Apple is compelled to produce this tool, or this technology, and they do, what’s the process for making sure it doesn’t show up again?

What’s the process for making sure if this Federal Government Agency requested it and it happened, that a state agency can’t request it, or a local agency, or a mom and pop, or a private investigator?

Anyone ‑‑ a spouse that opens a civil lawsuit against their spouse says, “I got a judge to sign off on Apple decrypting my spouse’s iPhone. I’m going to steal it from my spouse. I’m going to put it in a box. I’m going to send to Apple with the judge’s warrant,” and there you go.

Now it escalates, it escalates, it escalates and we don’t have a real clear process because we don’t have any process at all for this. We’re making this up as we go along.

I know this is a bit of a rant, however, I think it’s an important rant. With this particular scenario, at this time, whatever decision is made ‑‑ whatever happens here ‑‑ is almost certainly going to go at least in this country, up to a Supreme Court decision.

The Supreme Court’s going to have to figure out, “What do we do with data on phones? Do we tell companies that are making products to intentionally design flaws such that terrorists, and pedophiles, and other criminals, can be caught at the risk of other folks’ data being at risk from these hackers, or these crime syndicates?”

It’s going to be an interesting probably year to two years while this is sorted out, while folks figure out what to do, while Apple, as they’ve clearly said they will fight this warrant and fight this legal proceeding while certainly law enforcement will push very hard for this to happen because they want evidence.

To be very clear, I believe in law enforcement. I believe in the process. I believe that law enforcement wants to do the right thing here.

In fact, I believe Tim Cook very clearly conveys in his letter that he knows they’re just asking for data that they believe is important to protect us ‑‑ to put bad people in jail. I get that. Of course that’s noble.”

I want to support that, but at the cost of the potential privacy of all data, I think it’s too high of a price to pay. I think that we should have absolute data security and that’s just how it is, unfortunately.

On the Microsoft side, we have Bit Locker, an encrypting file system. You lose the keys to those, if you don’t have a backup, you’re OUT-OF-LUCK, because that’s the way we designed it at Microsoft. We have other technologies. You lose the key, TO BAD – out of luck, because that’s how it’s designed.

The newer iPhones ‑‑ in fact, iPhones 6 and later ‑‑ use a processor that has a little security chip on it where it keeps the keys. When it believes that the phone itself is tampered with, it erases itself and you are out of luck. That’s kind of a good thing in data security. If it means we lose data, then we lose data. We have to make a call somewhere.

I unfortunately, having seen this too many times, know that you can’t do this once. The Pandora’s Box is too dangerous to open. We need to leave it closed. We need to not ever design a security flaw into an already secure product.

Mike Danseglio – CISSP, MCSE, and CEH

Mike Danseglio teaches IT Security Training, Windows, System Center and Windows Server 2012 classes at Interface Technical Training. His classes are available in Phoenix, AZ and online with RemoteLive™.

The post The Importance of Maintaining Apple iPhone Security Engineering – Technology – People – Process appeared first on Interface Technical Training.

]]>
https://www.interfacett.com/blogs/the-importance-of-maintaining-apple-iphone-security-engineering-technology-people-process/feed/ 0
Adding a New Non-Root User in Kali Linux https://www.interfacett.com/blogs/adding-a-new-non-root-user-in-kali-linux/ https://www.interfacett.com/blogs/adding-a-new-non-root-user-in-kali-linux/#respond Wed, 17 Feb 2016 22:59:50 +0000 http://www.interfacett.com/blogs/?p=?p=22478 Kali Linux is a fantastic operating system for penetration testing and security evaluation. It comes with virtually all security tools built in, it’s lightweight by default, and it has a huge ecosystem that is constantly helping with the project. For instructor-led Security training see our course schedule.  I created a new installation of Kali Linux … Continue reading Adding a New Non-Root User in Kali Linux

The post Adding a New Non-Root User in Kali Linux appeared first on Interface Technical Training.

]]>
Kali Linux is a fantastic operating system for penetration testing and security evaluation. It comes with virtually all security tools built in, it’s lightweight by default, and it has a huge ecosystem that is constantly helping with the project.

For instructor-led Security training see our course schedule

I created a new installation of Kali Linux recently. One of the first post-installation tasks I did was to create a new user for daily use. Sadly, Kali only creates a default root user during setup. Running as root all the time is a horrible security practice, so I recommend that you create a new user as soon as possible after installation.

To create a new user in Kali Linux, first pop open a Terminal window.

001-Kali-Linux-terminal-server

Then use the adduser command. In this example I’m creating a user named mikedan with a home directory of /mikedan so the command is adduser –home /mikedan mikedan.

002-adduser-command-Kali-Linux

Adduser prompts for the rest of the information, which is optional.

The user account is created. Now I test it by logging out from root and logging in as mikedan. To be sure I open a new Terminal window and type whoami.

003-whoami-adduser-command-Kali-Linux

Finished! The user account took only a few seconds to create and works as expected.

Enjoy!

Mike Danseglio – CISSP, MCSE, and CEH

Mike Danseglio teaches IT Security Training, Windows, System Center and Windows Server 2012 classes at Interface Technical Training. His classes are available in Phoenix, AZ and online with RemoteLive™.

The post Adding a New Non-Root User in Kali Linux appeared first on Interface Technical Training.

]]>
https://www.interfacett.com/blogs/adding-a-new-non-root-user-in-kali-linux/feed/ 0