ACouch

7th September 201523rd November 2016

Linux Firewall

Check out the Linux Firewall mini setup guide which demonstrates the use of iptables in Linux. Here I demonstrate a few basic commands and rules and explained how we can allow and deny specific traffic on your Linux server. The scenario is for typical web server allowing only HTTP, HTTPS and SSH. Host based firewalls are often overlooked relying solely on perimeter defenses however are an important aspect of protecting your endpoint whether that is on a server or workstation. Iptables in built into Linux is a pretty capable command line based stateful firewall. Once you have the hang on the syntax it is fairly straightforward to implement and customize to your own requirements.

Click to check out the full Linux Firewall iptables mini guide here.

4th September 201523rd November 2016

Labs and Virtualization

Anybody that works in IT that really wants to progress will know and will have experienced the value of labs and virtualization. Being able to test an idea or for learning in a virtual lab, its essential whether it be in Linux or Windows. Being able to through up a webserver to test a setting or a domain controller to test a group policy. Whether its on a full blown ESXi deployment or just virtual box. The aim of this page is to go through some of the virtualization options that are available to the home user, and dig into the software and hardware that’s required. Check out the following page for some hint and tips: https://www.adamcouch.co.uk/labs-projects/labs-and-virtualization/

2nd September 201523rd November 2016

Advanced Persistent Threats

Advanced Persistent Threats are becoming an increasingly prevalent threat to organisations and the information they hold. Advanced Persistent Threats are a type of attack that are defined by the National Institute of Standards and Technology (2011) as being a highly sophisticated attack, well-orchestrated, well-funded and are targeted at specific organisations or people. These type of attacks seek to gain a foothold inside an organisation, remain undetected and over a specific time frame from Advanced Persistent Threats
hours to months laterally move across the network and exfiltrate data, the specific information assets they desire undetected, often more than once. This is as opposed to the more conventional opportunist attacker who isn’t interested in any particular target or any specific data. If the attacker doesn’t succeed the first time they will simply move onto the next weakest victim, these types of attack have often in the passed been used only to heighten the profile of a hacker. Attack vectors include Spear fishing attempts with either email content or attachments carrying the payload through to malware and more commonly malvertising.

Evidence of high profile targeted Advanced Persistent Threats are being reported in the press more than ever. Some examples of such being Target’s 2013 breach, Sony 2014 breach and more recently Ashley Madison 2015 this list goes on. Upholding the confidentiality, availability and integrity of information that these sites and companies hold is possible through the use of good IT Governance. With an effective and current Information Security Management System in place and utilizing good strong controls organisations can better protect themselves from Advanced Persistent Threats.

Ensuring user awareness training is provided. Ensuring the desktop is appropriately secured. Keeping software up to date. Ensuring strong Authentication mechanisms are in place. Ensuring Antivirus, Firewalls and Host Intrusion Detection/Prevention systems are appropriately configured and kept up to date are all only some of the controls that should be in place as a standard to help mitigate the risk.

All too often perimeter defenses are in place and appropriately secured from the outside, however from inside out, the desktop and the actual user are all attack vectors that are left open to threats. The threat landscape is constantly evolving, we need to stay on top in order to try and evade APTs.

31st August 201523rd November 2016

Blocking Advertisements and Malvertising

This is an interesting topic, blocking advertisements for me is a must. I not only feel much safer, I know I am safer browsing pages on the net with an Ad Blocker, I personally use Ad Block Plus for Firefox. There has been lots of press regarding malvertising of late, Huffington Post and FHM being victim. IT governance are seen to be quoting RiskIQ figures from this years Blackhat conference of malvertising being up 80% from last year. The Malvertising that we are seeing across the net coming from bad ad companies are particularly dangerous not requiring interaction from users, simply visiting the site being enough to become infected with malware. IT Security folk often have very clean surfing habits, however average users that aren’t as aware browsing the net will be susceptible to downloading malware without them even knowing. The malvertising needs a vessel in order to carry itself over to the victims computer in order for it to be exploited, that usually being a vulnerability in flash or Java. Keep it up to date – better still if you can live without it, do so, or block it with a add-on like ‘no script‘ for Firefox.

I do however sympathise with sites that rely on advertising to stay on the net, I realise I’m not supporting my favorite sites by blocking their ads as they are not receiving revenue from the ad companies however I’m not willing to compromise my own security either.

One interesting idea being the Google Contributor Service where people pay to not see advertising on sites that use google ads, instead they see a banner thanking them for contributing. One idea that will remain in play is paying our favorite sites for their content on a subscription basis. It will be interesting to see how this problem unfolds itself, one thing is for sure the problem is increasing and as malvertising increases, so will the use of Ad blockers which will only concatenate the problem of content providers not getting paid!

What are your thoughts…

31st August 201523rd November 2016

Installing VirtualBox Guest Additions in Kali Linux v1.x

A brief summary of the commands needed to install VirtualBox Guest Additions in Kali Linux v1.x. Having the Guest Additions installed is very useful, being able to copy and paste text like bash lines like the below is extremely useful. There is also the extra screen options such as the transparency mode. Being able to copy files in and out of the system into the host is also very useful.

Linux headers need to be updated.

#apt-get update && apt-get install -y linux-headers-$(uname -r)

Copy the VBoxLinuxAdditions.run file to the Desktop.

Restart.

#cp /media/cdrom/VBoxLinuxAdditions.run /root/Desktop/
#cd /root/Desktop/

Make it executable:

#chmod 755 VBoxLinuxAdditions.run

Install it:

#./VBoxLinuxAdditions.run

kali Virtualbox — Installing VirtualBox Guest Additions on Kali Linux version 1.x

Reboot for a final time.

After it has successfully installed you will now be able to go full screen, add in file sharing options, copy and paste and clipboard functionality. Enjoy.

31st August 20155th January 2017

Cisco ASA in GNS3

Having spent many hours over several days trying to get to a point were I could run a Cisco ASA in GNS3 in stable condition has proven to to be harder than first thought. However I now have a set of configuration options specific to the Cisco ASA to keep it running in a stable manner in GNS3. Check it out under my Labs and Projects menu here, let me know your thoughts or any other better ways to achieve this.

Follow the link here to creating a Cisco ASA in GNS3 here : https://www.adamcouch.co.uk/labs-projects/cisco-asa-firewall-in-gns3/

29th August 20152nd January 2017

Quick SSL Scan

OK so with a my new website up my first thought was ‘right lets secure it!’. Now if only more people thought this way surely we wouldn’t see half the info sec issues we see today. So I’m probably slightly biased on the subject being a Pentester. Not sure if biased or paranoid is better word.

I’m supposed to be on holiday in wales for the bank holiday however 8 hours into the site build and can’t help but think, security. A few tasks later and I navigate to Qualys, lets see where we currently stand, 10 minuets later and I’m building a Kali 2.0 virtual machine in Virtual Box on my laptop in the hopes of pentesting it over 3G!

So a Grade B on ssllabs.com . A little work needed I think.

Qualys.com is a great resource for scanning URL’s to see what SSL/TLS cipher suites are in use. Check it out!

Disabling SSL v2, v3 and also RC4 in Apache2.

By the time I had finished typing this post I was up to a A- having disabled RC4 in the SSL.conf file in mods-enabled folder be appending the ‘SSLCipherSuite’ with :!RC4. Disabling SSL v2 and v3 is also a simple step by appending the ‘SSLProtocol’ line with ‘-SSLv3 -SSLv2’ in the same file.

This is very much only a small step towards securing a site, although a good start!

29th August 201523rd November 2016

Greetings!

Greetings! Welcome to my InfoSec Site!

Here I will be mostly be talking to myself about Information Security Topics, News, and mini guides. Feel free to join in and comment!

I am also going to be sharing some of the latest Labs and Projects that I am currently working on, short tutorials that I have been through and had to learn along the way. This will be both Windows and Linux based. I will also be sharing some Security techniques, not only in an effort to raise awareness for Information Security, but also to use as my own quick lookup when I need to remember something!

I was inspired to create this site after listening to Defensive Security Podcast and subsequently reading an article titled How to build a successful information security career on their site.