Tips in Facebook Security and Privacy

Hello readers! Once again your friendly neighborhood has come back and I'm going to teach you on how to use your Facebook account safely. We're going to tackle about "privacy on Facebook" since this application is very popular and has vast amount of users around the world. This article is very useful for less tech-savvy people who had a little knowledge on the impact of "Identity Theft".

Below are facts that could happen if someone wants to hurt you indirectly using your facebook profile:

1. This is the best tool for hackers in "Fingerprinting" or should I say "information gathering" for their specific target/victim.

2. Malicious strangers can use your full profile to fool others, thus hurting your reputation.

3. Displaying your full profile to public including your email address will be the first step for a hacker to make a brute force attack on your password and if successful, you'll soon staring your ceiling and crying for your applications such as Restaurant City, Farmville, Cafe world etc.

4. Assuming that your account has been compromised. If your Facebook account email address and password are associated with your other online accounts such as bank account, personal email address etc. then you need to act fast and try to inform your bank and recover it as soon as possible.

Of course, you don't want to experience what I have written above so now it's time to learn! I've provided easy tips below on how to enjoy Facebook while securing your identity/account.

1. Know who you will accept as your friend. Don't be so excited when a stranger added you as a friend, they might give you something special. :((

2. Be aware and sensitive on your friend's post. Don't assume a link (URL) is safe just because it's from your friend. Instantly clicking posts that contain internet URL is a big risk. Are you familiar with malware "KoobFace"? It is a worm that targets social networking sites. Once your computer is infected, it hijacks the Facebook account and sends messages to other friends of the poor victim, encouraging them to click on a link (URL).

3. Configure settings who can see your profile. At the upper right portion of Facebook, Go to "Settings" -> and click "Privacy Settings" from the list that will appears. On the next page, click "Profile." This will take you to a web page where you can configure who can see certain bits of your profile such as personal info, status, education and work etc. On the drop-down list, I would recommend to use the setting "Only Friends" so that only your friends can see your profile.

4. Hide your Facebook account on search engines such as Yahoo!, Google and etc. Go to "Settings" -> "Privacy Settings" -> then click "Search". On "Public search results" field uncheck the checkbox "Allow".

I found useful links and references below which discuss Facebook security and practices, read them and I'm sure it will help.

Using Facebook and Twitter safely --
http://news.cnet.com/8301-27080_3-10420861-245.html
How to use facebook 5 tips for better social networking --
http://www.readwriteweb.com/archives/how_to_use_facebook_5_tips_for_better_social_networking.php
How to Avoid Malware on Facebook and Twitter: 8 Best Practices --
http://www.readwriteweb.com/archives/how_to_avoid_malware_on_facebook_and_twitter_8_best_practices.php


We reached the end of my article and I hope you enjoyed every detail of it. Always remember, human brain gets more complex every day and hackers are evolving. Enjoy Facebooking!


Cheers,

Engr. Ralph Christian Payumo CCNA, CCSP, Security+
Security Analyst

Packet Forensics Part One: The Packet Anatomy

Introduction.

Computer attacks have grown to be overwhelmingly sophisticated. I don't mean it in a way that it's because current attacks are carried by ready-made programs, but rather because of the technique itself that is used to launch a successful attack today is quite extra-ordinary. As security measures evolve, new and smarter techniques are born. With most attacks, they are usually done remotely (unless the hacker is great with social engineering and gets a pass into the organization's system). When we approach a computer network breach, we most definitely need to know exactly what has happened --trying to find out what are the steps taken and tools used by the attacker. Moreover, it's to find out what is indeed lacking on the target's security.

I'm writing this article in order to arm you with the basic knowledge to perform packet forensics which will allow you to understand what is really going on on your network. This will also be one of the indicators if there's a breach on your network. Consider this as "part one" of an entire write-up about packet forensics wherein the scope of this article would only be on how to dissect packets and understanding the packet structure. The analysis of the application layer data would be on a separate document--part 2. And a simple installation and usage of Snort to monitor your network on part 3. Again, this article would focus on the basics --the knowledge that you require in order to conduct packet forensics.

What is packet forensics? (What is the purpose of packet forensics? Why do we do such?)

Packet forensics is the process of analyzing packet captures (and binary log files), even live packets, to find out the nature of the attacks that occurred on the network. It includes building up the details of how the attack was conducted, technique and tools used, and any factors that would have an effect towards the success of the attack. Packet forensics is somehow deriving the whole picture with just the use of the packet captures you have.

Well, it's not always the case wherein you get your analysis right all the time (like those in crime investigations). You can only come as close as what you have unearthed with the packet capture data you have with you. Moreover, different analysts will have their own idea on how the attack came about. That is why it's always good to ask for consults with your peers as it might help you connect the dots and see the bigger picture.

What are the information or "evidences" we analyze?

As said, packet forensics would deal with packet capture files or binary log files from different devices (depending if the devices are capable of producing one). The terms packet capture files or binary logs files can be used interchangeably, and for this article I will use the term packet capture files to refer to such. Packet capture files are snapshots of the network traffic taken by an interface (in promiscuous mode) at a specific location on the network. It enables us to "rewind" back to see what conspired on your network at a given location. The packet capture file format that we'll be using is the libpcap file format (which if not most, all packet capturing device and software use) and they can be read by well-known packet sniffers like Wireshark, Ethereal, Tcpdump, and Windump. Having a standard log file format and function library allows us to use many different tools to analyze a single log capture.

What are the cases wherein packet forensics can be conducted?

Any attacks that involves network traversal can be analyzed by packet forensics. Then again, you're analysis and conclusion can only go as much as what your data provides you. So one simple piece of advice, place your sniffers/sensors (you are not limited to just using one sniffer) on strategic locations wherein it can sniff all the packets coming in and out of your network.

What are the tools needed?

No proprietary software or hardware will be needed in order for you to conduct packet forensics. You just need some tools that will aid you in getting the necessary answers you need. The set of tools that we will be using are as follows:

* tcpdump/windump - sniffer [tcpdump and windump website]
* Wireshark/Ethereal - sniffer and protocol analyzer (we won't be using Wireshark/Ethereal for this article, but you are free to use it to look how a packet looks like) [Wireshark and Ethereal website]
* Snort - IDS [www.snort.org] With this article, we won't be covering all the features of each tool that we will be using, but just the essential features that will aid us in accomplish our task. For more information about each of the tools here, check out their respective website.

The Packet Anatomy.

To fully understand packets, one must have basic understanding of how the IP and TCP protocols work. These include understanding IP addresses, TCP flags (states), sequence and acknowledgment numbers, and the TCP three-way handshake. Generally, its knowing how IP addressing works, communication between hosts, etc. Let's get down to business. Below are Figure 1.1 and Figure 1.2 that shows how a packet looks like logically.

FIGURE 1.1. Packet Logical Structure (IP)

FIGURE 1.2. Packet Logical Structure (TCP)

For more details about the logical structures (field values, etc), you can review it here.

Using TCPDUMP.

So how does a packet look like on the wire? What we will do next is to open a packet capture file using tcpdump with the appropriate switches to see how a packet looks like. Like I said, for this article, I won't be using Wireshark or Ethereal to show you how a packet looks like. Wireshark and Ethereal will provide you a better way of presenting you the structure of a packet. I just choose to use tcpdump because I prefer working on a shell (don't let my preference hinder yours, it's up to you if you want to use Wireshark or Ethereal).

tcpdump can be used to read packet capture files and sniff on a given interface. To enable tcpdump to read a packet capture file, we use the -r switch followed by the packet capture file. Here is an example.

ice@thesecuredbox ~$ tcpdump -r samplecapture.pcap

To enable tcpdump to sniff on an interface, we use the -i switch followed by the name of the interface (for Linux, it will be the name of the interface. For Windows, it will be the number). Here is an example.

ice@thesecuredbox ~$ tcpdump -i eth0 (Linux)
or
C:\> tcpdump -i 1 (Windows)

Here is the simple explanation of the switches that I'll be using to get an output below.
* -n : Don't resolve IP to hostnames.
* -X : Show the packet's contents in both hex and ASCII.
* -vvv : Increase the amount of packet information you get back.
* -c : Only get x number of packets and then stop.
* -S : Print absolute sequence numbers.

ice@thesecuredbox ~$ tcpdump -nvvvXS -r samplecapture.pcap

tcpdump provides simple ways of decoding what they have captured on the wire or in the capture file. In Figure 2. The lines that are highlighted in orange are the decode hex values of the packet done by tcpdump. The lines that are highlighted in yellow are the source and destination IP addresses, and the lines that are highlighted in red are the source and destination ports respectively. With the proper labels, you can easily determine what the field is and its value. What we will be concerned with are the lines that are in hex values. The hex values are the raw values of the packet.

FIGURE 2 TCPDUMP output

So okay, what does this output of ours mean? Okay, let's take this byte per byte. This output of ours is 48 bytes long. A packet is divided into chunks of 32 bits (8 bytes) as shown in Figure 1. If you would notice the way the packet is addressed, if it were in memory, are in increments of 16 bytes. 0x0000 to 0x0010 translates to byte 0 to byte 16 when converted to decimal numbers. tcpdump shows us the raw packet in chunks of 64 bits (16 bytes).

Now, Figure 3 will match the logical structure of the packet, to how it really looks like, raw.

FIGURE 3. Packet Structure

Conclusion.

This article mainly discussed the structure of a TCP/IP packet and how it looks like on the wire. What we will discuss in the Part Two of Packet Forensics series is the different factors that affect packet forensics. This will entail us in looking at the SEQ and ACK numbers, ports, IP addresses, activity duration, and packet payload. Finally, after performing all of these steps to gather vital information, we will finally perform analysis to determine what application or tool was used and what malicious payload are seen.

If you have any questions, inquiries, or suggestions, feel free to leave a comment and we'll be happy to respond.

IT Security Basics: Protecting a PC against computer virus injection from USB drive

Preface

I wrote this article to educate computer users on how to stop computer viruses spreading from their USB flash drive to their PC in simplest ways.

Introduction

What is a USB? It is a set of connectivity specifications developed by Intel in collaboration with industry leaders. USB allows high-speed, easy connection of peripherals to a PC. When plugged in, everything configures automatically. USB is the most successful interconnect in the history of personal computing and has migrated into consumer electronics (CE) and mobile products. With this technology, USB flash drives was developed and it allowed consumers to one can transfer and store large files from one PC to another. Honestly, I really love my 16GB USB pen drive because it's really handy and it can store my favorite songs, pictures and PC applications. Done with my story, let's go to our main topic which is the basic tips yet effective on how to protect your PC from virus infection when using USB flash drive.

Security Tips:

• First of all, always have updated antivirus software. If you want free antivirus software, go to websites below:

http://www.avira.com - Avira
http://www.grisoft.com - AVG

• Disable the feature "AutoRun". To avoid viruses automatically injecting themselves to your PC (Windows XP), just follow the simple steps below:

1. Click the Start button, then Run and enter "gpedit.msc" without the quotes
2. Go to Computer Configuration -> Administrative Templates -> System
3. Scroll down to "Turn off Autoplay" and double click on it
4. Click on the "Enabled" radio button, then for "Turn off Autoplay on" select "All drives"

• In case you don't want to perform the second tip above, just keep holding the "Shift" key when you insert a USB flash drive, this will cancel the "autorun" feature. Nice isn't it?

• Remember the rule of thumb "Always scan all removable storage when inserted".

• If you want to permanently disable USB feature on your PC, follow the steps below:
1. Open Registry Editor. Go to Start->Run then type “regedit”
2. In Registry Editor, navigate to the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBSTOR
3. Locate the following value (DWORD): "Start" and give it a value of "4".
4. Close the Registry Editor. No need to reboot the PC for the changes to apply.
5. If you want to enable the USB feature again, just locate the value (DWORD) "Start" and put back the original value "3".

– This is very helpful in situation wherein your brother/sister sneaks to your computer to install unwanted software when you're not around. It happened to me thrice, trust me...

Once again, thank you for your time and I hope this article widened your IT security knowledge. Please pass it to your friends!


Cheers,

Engr. Ralph Payumo, CCNA CCSP Security+
Security Analyst


References:
http://www.intel.com/technology/usb/
http://www.petri.co.il/disable_usb_disks.htm

IT Security Basics: Tips in Safekeeping and Protecting your Password

Preface

The main reason I wrote this article is to educate computer users to protect their username or password or simply “identity” in digital world against the eyes of malicious minds. Education and awareness are the best tools that you’ll ever have in this modern world.

Introduction

To start the new year, let us have a short discussion with something basic in IT field and it's about "Safekeeping and Protecting Your Password". Passwords are strings of characters used to authenticate/authorize a user to gain access to computer networks and services. This password could be your personal/corporate accounts, online bank accounts, email accounts, desktop accounts and etc. A poorly created password gives a false sense of security. You might already know this stuff and you might say these thoughts "This is BASIC”,” I know this stuff since I was in grade school". I admit this is too redundant but not all people out there are taking this seriously (trust me). In this article, I'll share some of my basic tips yet effective in safekeeping and protecting your password.

TIPS:

• Golden Rule “Don’t share your username and password to anyone”.

• Use a strong password. Passwords should be 8-16 or more characters mixed with alphanumeric (A-Z, 0-9) and special characters such as (! #,@,%,&,*) to make it hard for the hackers to crack by any means ex. Brute force attack. In hacking term, brute force attacks are done using automated software specifically to try every possible code, combination, or password until you find the match one. Try to check the software applications “Brutus” and “Rainbow Crack”. No password is guaranteed secure but having a long password will take millions of years for a hacker to crack, thus increasing your password security.

• You can use the technique “passphrase” in creating a cool password that you can remember. I’ll cite an example -- “Il0p1&sp” which was derived from “I l0ve p1zza & sPaggeti. You can actually create cool sentences then apply the “passphrase”.

• Never use a password based on yourself or family such as birth date, age, parent’s name, home address and other personal information. By simple guess based on your personal information and if successful, one can access your account. Social Engineering is the best way to gather this information, usually used by attackers.

• Never use a password formed out of dictionary such as money, love, food, sex, glory and etc.

• Never write your password anywhere. Writing your username and password at the back of your keyboard, mouse, and monitor on your home/workplace is a big "NO". To conclude, always remember your password in your head.

• Regularly change your password. Always make it a routine to change your password once a month or every quarter of the year. Losing your personal email is a shame.

• Don’t use your previous passwords. Changing your password regularly and using the past passwords is useless.

• Based on my personal experiences, it would still be advisable to use your own computer than renting in a computer rental shop. Why I said this? Simply, you don’t know if the computer shop manager is well versed with IT security or a computer Trojan virus might be residing within the network. Moreover, a potential hacker can install a keylogger application to steal usernames and passwords without the awareness of people renting in the computer rental shop. Of course, you don’t want to wake up early in the morning staring at your ceiling because your personal email address was hacked. This is only my point of view and I’m not against with computer shop owners. I admit that computer rental is unavoidable especially to students who can’t afford to buy a computer but this is the reality.

Thank you for giving your time in reading my article and I hope you learned something. Please share it with your friends and let us make IT fun and better.

Cheers,

Engr. Ralph Christian Payumo, CCNA CCSP Security+
Security Analyst