What do YOU do about Cyber Security?

[CommsNBombs]

Hey yall, a quick preface before I get started...my IT and Network Admin knowledge is rooted in things that are self-taught and that I've done in the Army and for home-network purposes. I am in now way trying to pretend I'm some CCNA, A+, S+, N+ Network Router Switch MallCop Ninja Warlock of Network Doom, I am just a regular Joe that spends way too much nerding out.

 

At our point in human history, the Cyber Domain has become very advanced and transparent. What started off as dial-up connections and sending data over radio waves has transcended to fiber links, Layer 2 routers, easy home networking; we're connected to virtually (no pun intended) everyone, virtually everywhere. Whether it's here on TGO from our iPhones and Android devices, to Skyping a loved one in FOB Lightning to buying Full Automatic AK-47s off of the "Deep Web" from some Chechen terrorists to take down a strip-mall in Kansas, we all leave a trace on the internet.

 

In time's long past, people did their crime well, Analog. Whether it was swooping up your unshredded bills from the trash, carjacking you out of your brand-new Miada or blowing up your mailbox with M-80s, things were simpler. We started using cross-cut shredders from staples. We started to get our CCWs and we upgraded to metal mailboxes and bought German Shepards to maul our neighbor's 7-year-olds (KIDDING).

 

As we dive deeper and deeper into the Cyber Domain, where we can use our phone to remote into our computer to grab office documents or use our wifi-watches to tell our Keurig to make a cup of coffee at 0731 on Friday while we are in Santa Fe, everything is readily available AND wireless.

 

Rather than droning on and on about advanced network security and theorms and tin-foil-sombrero-wearing ideas about Anonymous and the CIA and the NSA and Greasy Grannie's Gigabit Galvanizer, I'd just like to touch on a few points to make your web-browsing safer.

 

1) Situational Awareness: Phising, Spearing, Ferretting...all of these things are common terminology when it comes to cyber crime. We know it as scamming. It can come in the form of some Nigerian Prince who needs your PayPal account to overthrow a coup, some Busty Blonde that will turn your bucks into More Boobs or some guy on Armslist that wants you to PayPal him for his BNIB M1A Springfield (actually happening, watch the Clarksville/Nasvhille Armslist classifeds)...it is every where. The signs are obvious, it's usually poorly written or really strange...your Ebay or PayPal account needs verifciation randomly, or you just won 12343421352508 Pesos in the El Salvador Lottery; just watch out.

- Setup an aggressive spam filtering in your Email - Junk Mail will take care of 80% of these Spear Phishers and Ferrets

- To add to that; set your email to block all messages from that sender, you can go into the HTML header of the Email to maybe block the IP address as well

- I'm guilty of it on one of my accounts, but keep PII (Personal Identifying Info) out of your emails...JonDoe@webmail just let a potential hacker know you're probably a White Male and you like PBR, Corvettes and Boobs

- Always call the actual company in case you're not sure - sometimes Fate is a b!tch and you reset your Ebay Password at the same time as some Vietnamese Black Hat sent your a metasploit email

- Keep your email, and other account information off of Social Media...even if some of it is harmless like Target Marketing, having it passed around to the wrong people leaves you at risk (will touch on it in the next topic)

 

2) Strong Passwords! You've seen it everywhere and heard it everywhere...methods such as Brute Forcing, Cryptanalysis and Dictionary Attacks using Rainbow Tables are pretty involved now, it might take them a few hours but if your password is just "BlueDog1" or "!L1k3$tUff" even though it might satisfy the website's characteristics...it isn't all that strong.

<Insert IT MumboJumbo> the way websites, servers, email accounts, etc store passwords is by HASHING. A hash is a 3 or 4 ASCII symbol combo for every letter, number and sign. For instance Capital "A" might be "e4B1" in Hash. That is another way Hackers attack your password, they get the Hash information from a website or service using a Linux program called HashCat. Some people "salt" the Hashes by adding a random set of characters that don't mean anything..but they can be "de-salted" So here are some tips to counter these things

 

- Easy way to avoid that is using any number of free Password Hasher programs/extensions to Pre-Hash your password...so now ABCD = "e23f jklo 1lol 2f2d" and then THAT get's Hashed...it becomes exponential and the Hacker would probably move onto someone else DONT BE THE WEAK LINK; the downfall to that is you need the same program to autofill or to write them down...now if you lost that postIt or that file on your phone...you might be out of luck

- Other ways to mitigate this is to use a lot of characters in different orders, never the same kind after another, i.e. no numbers after each other, no letters, etc. To further make that work is to NOT form real words with them. "P@$$w0rd" is just as easily cracked as "PaSsWoRD"

- Use differnt passwords for all of your accounts. Even if its your MySpace account from High School or your Wells Fargo account...always have different gibberish

- Change your passwords monthly. Biweekly is preferred.

 

3) WiFi Routers: Even though most new routers provided by ISP's and bought from retail stores are already equipped with the latest security: WPA2/WPS...a lot of people don't know that. You'd be suprised even in Gov't Facilites how many people still use WEP routers, or even worse - no security at all. WPA2/WPS can still be cracked using WiFite or Reaver - so make sure to apply the Passwords Tips to your Wifi Password too.

- MUST have a WPA2/WPS router. I can crack a WEP router in a few minutes even if it has a strong password by intercepting data packets and authencation handshakes...WPA2-PSK encryptions make this much more difficult

- MONITOR your network, using a tool like Wireshark might be a bit out of your level of comfort to sniff network traffic, but setting maximum connections allowed or using the Router's built in software to monitor it can be just as effective

- 5.0GHz is the more modern Wifi frequency band...2.4GHz is still effective, but every wifi capable device has 2.4GHZ wifi antennas and firmware...not everyone has 5.0GHz (though lots of phones and newer high-end computers do) To prevent the "Script Kiddies" from messing with you, keep all your more important business on the 5.0GHz...Dual-Band routers are pretty cheap

- Manually change your Router's broadcast channel monthly - this can boost your speeds especially if all of your neighbors are all on the same type of router/channel ...a good guide is http://www.howtogeek.com/howto/21132/change-your-wi-fi-router-channel-to-optimize-your-wireless-signal/

- If you can: hardwire your computers and devices, it will give prevent attackers from DDoS'ing your unique IP if they do get into your Router...and it frees up wireless channels

 

4) Know Your Enemy:

This last step is definitely optional as we are all grown men and women and have important things to do, but knowing is half the battle as they say. Easy programs and Linux Distributions like Kali Linux, Backtrack, LOIC and Cain And Abel can all be used for cyber forensics and attacks, and exploitation...learning these things yourself can help you know the signs of what an attack looks like and how vulnerable (or protected) you REALLY are.

 

I am usually doing nothing but cleaning weapons and mowing my lawn on weekends. If you would like to learn these things on your own I can offer this:

1) Anyone in Clarksville and Nashville or in between I can get you a copy of Kali Linux on your computer (I promise I wont destory your hard drive) so you can mess with it on your own

2) I can bring my Kali-Computer to your place and show you/stress test your home networks

3) You can send me a hard drive and I can image it with all the tools you will need/use

 

There are plenty of free tutorials on Google on how to use it, and defend against attacks like that.

 

Sorry for the long-winded post; if this belongs offline I'll remove it. Anyone with questions or comments can feel free to PM or Email me!

 

And again, this is just the tip of the iceberg, and general know-how. I didn't intend to offer offense or challenge anyone's intelligence.

 

Also, if I put any jacked up information, feel free to correct me!

[A.J. Holst]

Thanks for the info!

[2.ooohhh]

Missed at least one simple bit that's reasonably easy for users to do that makes it MUCH harder for attackers. Turn on two factor authentication EVERYWHERE it is available.

;)

[CommsNBombs]

I forgot to add a portion on safe web browsing, got too wrapped up in the other technical aspects. So here goes:

 

A lot of the attacks today are starting with Social Engineering. Rather than trying to Brute Force into your webmail password or Side-Jack your web browsing (which still happens), they rely more on human error and trick you into violating security protocols or unsafe habits - In other words: they are relying on you doing some stupid stuff. Whether it's a fake Facebook portal page that requires you to log in, then when you do, it goes through their computer and they are now logged in at the same time as you are. Or sending you a Skype or AIM request disguised as a sultry blonde with massive jugs that is offering you an all-you-can-eat-misogynist-buffet to get your Private IP Address which they use to TelNet (remote access using Putty or HyperTerminal) and steal all of your documents - it relies on YOU.

 

This ties in a lot with situational awareness so I won't beat that horse dead, but there are other things that open you up to a Social Engineering or Side-Jacking/Ferretting/Gopher attack.

- Host names: Your computer name should be something really obscure or generic. Something as childish as CIASpyNetwork or FreeCandyVanServer can be good at deterring folks. You don't want to put something like WorkLaptop or OfficeDesktop as your host/computer name...when I do a NMAP scan of the public wifi I am connected to I (theoretical hacker) would go after you in a heartbeat if I wanted bank statements, FININT (financial intelligence), etc. So that is an easy fix, that is overlooked

- Use a Proxy! There are plenty of free proxy services and websites you can use to mask your traffic and your IP. It can be effective if you're just browsing on a public wi-fi...it'll prevent you from being side-jacked at least since your internet traffic is being bounced off somewhere. However, programs such as WireShark and NCat can defeat this. 

- VPN: Virtual Private Networks are probably the best way to secure yourself while browsing at the airport or the coffee shop. It sets up a private network that is expanded through the public wide area network - pretty much it sets up a secure tunnel to whatever or wherever on the internet you are. Lots of companies use these so when you are doing work at home you can directly connect into them. Think of it as instead of walking straight through your front door into your living room, you instead go through your garage, through the hallway and into the living room. This will also change your private IP address making it that much harder to detect and attack you; You can use a proxy server while in a VPN to further protect your browsing

- DHCP: this is redundant (mostly) but DHCP is Dynamic Host Configuration Protocol, it lets the server/router/switch/hub assign a Dynamic IP to you - this differs from a Static IP in that it will change as you connect to different access points. You want to make sure it is enabled in your internet protocol. Every hour or so you should disconnect and delete the wifi access point information, then reconnect to it, it will change up your IP - or at least your broadcast channel so if someone was collecting your data packets via Aircrack/Airmonitor, you just ruined their hacking attempt

 

I'll update this periodically to provide more information or to correct myself/put things in layman's terms.

 

Again - feel free to PM me anything! 

[Ted S.]

tl;dr

 

I just use linux and pray for the best.

Edited July 9, 2015 by Ted S.

[CommsNBombs]

tl;dr

 

I just use linux and pray for the best.

 

I've switched everything to Linux Distros. Which one are you using?

[Ted S.]

I've switched everything to Linux Distros. Which one are you using?

 

Mint, I used Ubuntu for a year and got tired of how bitchy it was. I know Mint is an Ubuntu shell, but it seems to run a lot better for the most part.

Edited July 9, 2015 by Ted S.

[CommsNBombs]

Its definitely a lot more light weight and responsive. Thats shat they were trying with Xubuntu.

Cant go wrong with Ubuntu 14.04 LTS, Mint or ArchLinux

Sent from my SPH-L720 using Tapatalk

[Sam1]

You can skip all the password mumbo jumbo, most services offer 2FA systems now.  Hell, windows 10 is even set up to start doing retina scans, they're goal is to get people to stop using passwords altogether.

[CommsNBombs]

You can skip all the password mumbo jumbo, most services offer 2FA systems now.  Hell, windows 10 is even set up to start doing retina scans, they're goal is to get people to stop using passwords altogether.

 

True enough, but I'm not sure if Joe Citizen is going to screw around with biometrics and facial recognition. 

 

I have it on my laptop...fingerprint scanner and face recognition but it's frivolous and buggy at most points. My wife was able to unlock it by turning off the light.

[Sam1]

New laptops are being built with ir scanners already. Once Microsoft actually pushes something, the masses follow... and Apple will invent the same thing 5 years after Microsoft got it working.

[2.ooohhh]

New laptops are being built with ir scanners already. Once Microsoft actually pushes something, the masses follow... and Apple will invent the same thing 5 years after Microsoft got it working.

Apple already has fingerprint recognition working and working extremely well in my experience. It really increases security, for example to log into my email you need the username/password, my fingerprint(to unlock the phone) and the RSA style code provided by Google authenticator on my phone. That's dramatically more secure than a simple username/password alone and easy enough to use daily without becoming onerous.


Sent from my iPad using Tapatalk

[NoBanStan]

I'm super secure. I've had the same username and password for 12 years!

 

Stantheman

Karate12345!

 

I've got a capital, letters numbers and an exclamation point. That's the only real way to secure your stuff. In fact, if you use this same combo on every website you visit it's mega secure and you don't have to remember something different! I even use it for my US banking website!

 

Hope this helps!

[Sam1]

I'm super secure. I've had the same username and password for 12 years!

 

Stantheman

Karate12345!

 

I've got a capital, letters numbers and an exclamation point. That's the only real way to secure your stuff. In fact, if you use this same combo on every website you visit it's mega secure and you don't have to remember something different! I even use it for my US banking website!

 

Hope this helps!

 

Speaking of which, it seems there were insufficient funds to steal and pay my cable bill this month due to purchases at www myadultmantoys com.  What in the world were they selling that caused you to blow 3 months' pay in one day???

[NoBanStan]

Speaking of which, it seems there were insufficient funds to steal and pay my cable bill this month due to purchases at www myadultmantoys com.  What in the world were they selling that caused you to blow 3 months' pay in one day???

 

I call her "Wanda"....

[NoBanStan]

Hey yall, a quick preface before I get started...my IT and Network Admin knowledge is rooted in things that are self-taught and that I've done in the Army and for home-network purposes. I am in now way trying to pretend I'm some CCNA, A+, S+, N+ Network Router Switch MallCop Ninja Warlock of Network Doom, I am just a regular Joe that spends way too much nerding out.....

 

 

Short quoting your post due to the size.

 

You've got some very valid information here and those of us who understand it will either agree or have some other complex means of countering your methods, but your average Joe... they're probably looking over this glassy eyed, panicked or just said TL;DR to the whole post. Now, this is presuming you wrote this for everyone, but might I suggest preening this down into something that "Bobbie-Joe Facebook" can follow? I doubt they'll need to know the in's and outs of ASCII or likely ever go read an HTML header.

 

Please be aware, I mean this constructively.

[CommsNBombs]

Short quoting your post due to the size.

You've got some very valid information here and those of us who understand it will either agree or have some other complex means of countering your methods, but your average Joe... they're probably looking over this glassy eyed, panicked or just said TL;DR to the whole post. Now, this is presuming you wrote this for everyone, but might I suggest preening this down into something that "Bobbie-Joe Facebook" can follow? I doubt they'll need to know the in's and outs of ASCII or likely ever go read an HTML header.

Please be aware, I mean this constructively.

Roger that man, I got into the zone when I was typing this out.

I'll get a layman's guide to it when I got time to get into the trenches...Ive been meaning to, had my coworker read it and he almost broke a camshaft.

Nerded out a bit too much lol

Sent from my SPH-L720 using Tapatalk

[NoBanStan]

Roger that man, I got into the zone when I was typing this out.

I'll get a layman's guide to it when I got time to get into the trenches...Ive been meaning to, had my coworker read it and he almost broke a camshaft.

Nerded out a bit too much lol

Sent from my SPH-L720 using Tapatalk

 

I do the same thing at work.....

 

Stan: Please email @all that X will be released this week

Comms: What will the users see?

Stan:  Well if they're doing X, they could see Y. But if Y is already in place, then they may see Z. But If Z doesn't work, it may be because X and Y weren't updated, in which case they'll need to update X and Y

Comms:  So they'll get a popup?

Stan:  Yes.....

 

Later that week

Comms: "To all, this week we are doing X. Just click OK on the popup"

[CommsNBombs]

Lol I know that all too well. It makes the grunts wildly uncomfortable.

...especially when you get creative and tell their battalion commander he is not getting secure SAT because the gravitational pull of the full moon is moving the INMARSAT off track...called it Lunar Polarity Abduction

Sent from my SPH-L720 using Tapatalk

[Sam1]

I do the same thing at work.....

 

Stan: Please email @all that Jesse Pinkman will be released this week

Comms: What will the users see?

Stan:  Well if they're doing Jesse Pinkman, they could see Heisenberg. But if Heisenberg is already in place, then they may see Mike Ehrmantraut. But If Mike Ehrmantraut doesn't work, it may be because Jesse Pinkman and Heisenberg weren't updated, in which case they'll need to update Jesse Pinkman and Heisenberg

Comms:  So they'll get a popup?

Stan:  Yes.....

 

 

Filled in the gaps so 'average Joe' will understand.

[NoBanStan]

Filled in the gaps so 'average Joe' will understand.

 

 

I'm the one who administrates!

[hardknox00001]

Holy crap I'm stupid.  I have no idea what any of that meant other than I'm stupid.

[Jonnin]

I do my best to never give out any info online, to never make real accounts on social media that can be easily connected to me IRL,  I store very little that contains personal info on my home pc.  Basically, my solution is to give them nothing to steal, as best as I can.  If my bank or doctor or insurance get hacked, there isn't much I can do about it.   I don't have a phone or anything wireless.

 

IMHO the bulk of the security measures people are told to do are on par with "throw the stapler at the guy with the machine gun"  strategy of self defense during an office shooting.   They tell you to use the horrid passwords of Let7erz&symbol2! that are stupidly long... and they get hacked because the passwords were easy to steal from a poorly encrypted database.   They tell you to secure your router, so the hacker reads the memory of your printer where you scanned and emailed your personal info.   They tell you to use a variety of credentials at all your favorite sites and the only person that gets confused and locked out is you.   Its all bunk, mostly.  The hackers are not getting in by brute force, haven't in 20 years, but the defenses we are told to use are for that.