Last year we released a beta version of our free Attack Surface Analyzer tool. The purpose of this tool is to help software developers, Independent Software Vendors (ISVs) and IT Professionals better understand changes in Windows systems’ attack surface resulting from the installation of new applications. Since the initial launch of Attack Surface Analyzer, we have received quite a bit of positive feedback on the value it has provided to customers. Today we are pleased to announce that the beta period has ended and Attack Surface Analyzer 1.0 is now available for download.
This isn’t merely a new toy to play with, it’s a serious tool for analyzing your Windows systems. I immediately added it to my toolkit and went off to check out our lab PCs at the college where I am Network Administrator.
The tool is meant to be run first on a fresh system with no applications installed in order to establish a baseline. Then, you install your apps one by one and run the tool after each install to see how your attack surface is changing.
I’m going to put my student assistants to work on this next week and I’ll deliver a more comprehensive report on what I discover.]]>
AxCrypt–I’ve written about this one before. Easy and elegant encryption software: Software for Secure Computing: Easy Email & File Security with AxCrypt.
TrueCrypt–Without question, the best Open Source full-drive encryption software going: http://www.truecrypt.org.
Password Meter–Tests passwords with the most complete set of rules I’ve found. When this says they’re Very Strong, they are. Here’s my implementation of the Open Source script: http://askthegeek.us/pwd_meter/index.htm.
RootkitRevealer–Sysinternals has always been at the top of my list for great tools. RootkitRevealer is an advanced rootkit detection utility that detects the presence of a user-mode or kernel-mode rootkit. Get it from http://www.sysinternals.com.
Malwarebytes Anti-Malware–Malwarebytes’ Anti-Malware can detect and remove malware that even the most well known anti-virus and anti-malware applications fail to detect. I’ve used it for several years as my preferred companion to SpyBot S & D. http://www.malwarebytes.org.
What are your top tools?]]>
This is so significant, that I’m not going to elaborate on it. If you’re an IT Security professional, you probably already know about it. If you don’t, then check it out here: SANS Investigative Forensic Toolkit (SIFT) Workstation: Version 2.0.
Faculty Fellow Rob Lee created the SANS Investigative Forensic Toolkit(SIFT) Workstation featured in the Computer Forensic Investigations and Incident Response course (FOR 508) in order to show that advanced investigations and investigating hackers can be accomplished using freely available open-source tools.
The SANS SIFT Workstation is a VMware Appliance that is pre-configured with all the necessary tools to perform a detailed digital forensic examination. It is compatible with Expert Witness Format (E01), Advanced Forensic Format (AFF), and raw (dd) evidence formats. The brand new version has been completely rebuilt on an Ubuntu base with many additional tools and capabilities that can match any modern forensic tool suite.
You know what an Open Source advocate I am and this just proves the value of that even more.]]>
The Question: Hey Geek, As with the other commenters, thank you so much for this guide and utility. It could potentially be a life saver.
I do however have a few questions:
1) I am guessing the networking side of things works via dhcp, i have looked through the files, but am no linux expert so wondered if there is a way of setting a static ip?
2) Where are the virus deffinition updates saved to? I ran the update on my laptop (dhcp) then plugged the usb drive to a machine with no dhcp and it said the deffinitions were out of date, I would have hope it updated them on the usb key?
My answer: 1. Yes, it works via DHCP. Normally, you would be able to set a static ip address by using the procedure below. You’ll want to get into the linux command console. I believe the rescue disk UI has a link for that. You can then assign a static ip address:
ifconfig eth0 <ip address> up netmask 255.255.255.0
route add default gw <gateway router address>
ifconfig eth0 down
ifconfig eth0 up
route add default gw <gateway router address>
You can verify the ip address by typing ifconfig with no parameters. It
should show the address you set for eth0.
2. The updates are saved to memory, so they go bye-bye when you reboot.
It’s better to update every time you use it anyway, so you always have
the current definitions. I’ll investigate the ../etc/conf file and see
if I can resolve this.
Hope this helps anyone here who has had similar questions.]]>
Whether you lose your laptop, misplace a CD or leave your USB drive in the coffee shop, if it’s encrypted you don’t have to worry about
becoming tomorrow’s headline!
Get the FREE Sophos encryption tool now and you can lose your data without losing your mind.
Sophos FREE Encryption:
an easy to use tool that encrypts your files, folders and emails.
I suggest you download this immediately and pass it on to everyone you know. Combine this with the LAlarm software and you have an unbeatable combination.
Here’s the download link: http://www.sophos.com/mk/get?_EC=2LMC0U-c476w3xDfL8K5RQ
Let me know what you think.]]>
There’s another scenario: You take one of your old USB thumb drives (maybe the one you used to make an anti virus bootable scanner) attach a chain to it and secure it to your desk; if someone tries to move your laptop, unplugging the USB thumb drive in the process, the alarm goes off.
This is possible because of an interesting piece of software called “LAlarm.” It’s free for personal use and there’s a nominal fee for commercial use. Download LAlarm from this link: http://www.lalarm.com/en/index.htm.
I tested this software by installing it on my Dell laptop. It works. You simply install the software, configure the options you want and restart your laptop. To set the alarm, you just press Windows key + L to lock the workstation. If anyone pulls the plug or removes the thumb drive, the alarm sounds.
There’s much more to the software than just an alarm. You can set the software to destroy your data in selected folders in the event of a theft. You can also set zones based on IP addresses and cause an alarm to sound if the IP address changes.
The theft alarm is not affected by the system volume control setting–it’s screaming loud no matter how you have your volume set.
It’s a very cool tool.]]>
“http://google.com/safebrowsing/diagnostic?site=[URL of site you want to check]” (Leave off the http://).
For example, this URL produced the report shown in the screen shot (click on the image to view it full size):
Try it out for yourself on your favorite sites. You might be surprised at what you find out.
(Thanks to Steve Gibson and Leo Laporte of Security Now! for presenting a reader comment that brought this to my attention.)
What do you think? Leave a comment!]]>
#1: The best security measures are completely useless if you invite attackers into your PCs or networks.
#2: A first, important step in securing your PC is to install and configure a NAT router.
#3: Always change the default username and password of any configurable device you put on your home network.
#4: Use an un-guessable, or difficult-to-guess password always.
#5: A vital part of PC security is keeping up with software patches for ALL of the software on your system, not just the operating system. Where it is available, use the software’s automatic updates feature.
#6: Always disable any message preview or auto-open features in your e-mail client. View messages as text-only until you know they are safe.
#7: If you store sensitive information on a PC or laptop, even if it’s only personal information, encrypt the
folders or drives where the information is stored and use an un-guessable passphrase as the encryption key.
#8: Physical security is almost as important as data security. Make it as difficult as possible through any
physical means for a thief to steal your hardware. Rules of thumb: Lock it up and lock it down; out of sight, out of mind.
#9: When surfing the web, testing unknown programs, or engaging in other activities with the potential to harm your computer, use a sandbox or virtual machine to protect your base system from harm.
#10: When using external removable media for backups, either encrypt the backup files or make sure the media is taken offline after the backup has been completed.
#11 Never enter sensitive information into any web page unless you have verified that the information is being sent over a secure connection signified by https:// in the address bar and a lock icon in the browser’s status bar.
#12: Once a PC is infected with malware, you can’t trust it. The only way to restore trust is to wipe the hard drive clean and reload the operating system.
#13: When it comes to securing a WiFi network, the only way is WPA.
#14: If your email address will be visible to the public, obfuscate it.
In the book, each one of these rules is explained in detail with links to tools and other information.
I value your comments, so if I’ve left anything out, or you have issues with what I’ve posted here, let me know. I want this to be the best first edition it can be.]]>
The tool works like a charm. I’ve made bootable USB drives with ClamAV Live CD, the Kaspersky Rescue Disk, Dr. Web Antivirus, and a couple of others, just to see how it works. These are invaluable tools for we security wonks and I thought I’d pass it on.
Be sure to check out the UNetbootin site for complete information and tutorials on how to make it work.]]>
This one is very weak: %6*Some*Phrase*6%. Can you see why? Too many repetitions of characters. Change it slightly, %6!Some*Phrase!6%, and it becomes very strong.
The trick is to come up with a pattern that means something to you. By no means should you use the patterns I suggest—use something that will be easy for you to remember.
I’ll leave it to you to analyze the two examples and let you come up with your own. Remember, the bad guys read these blogs, too.
You can mosey over to the Password Meter page at Ask the Geek to check the patterns/passwords you come up with. That’s the best password meter I’ve ever seen, bar none.]]>