Archive for Mayıs, 2010

Iptables'ı resetleme

Merhaba arkadaşlar büyük ihtimalle bir çok iptables kullanıcının başına gelmiştir sistemi kendi kullanımına kilitlemek. Bir çok kez benimde başıma geldi ve Cisco routerlarda gördüğüm bir özellik bana çok basit pratik bir fikri getirdi aklıma. O kodu tam hatırlamıyorum ama yapmış olduğunuz configurasyon dosyasını test etmeniz için bir  komut; Çalışan config dosyasını aktif ediyor ancak startup confige yazmıyor böylelikle sizin belirtiğiniz süre içinde reset atıp eski config dosyanıza geri dönmenizi sağlıyor. Hatırlayan olursa bi zahmet yazıversin bana :) Neyse konumuza geri dönelim kullandığımız script çok basit iptables’ı sıfırlıyor tabi cronjob a bunu atıyoruz çalışamaya başlamadan olurda kendimizi kilitlersek diye :)

#!/bin/bash
# Firewallumuzu olduğu gibi bırakmak için aşağıdaki durum değerini 0 bırakıyoruz.
# Firewallumuzu resetlemek istiyorsak durum degeri 1 olmalı ki döngüye girip firewallu sıfırlasın.

durum=1

# Centos Redhat ve Fedora sistemler dışındaki dağıtımlar için değerimiz "hayir" olucak
# Ben Centos kullandığım için benim değerim evet
sistem=evet

yol=/sbin/iptables

if [ "$durum" == "1" ];
then
if [ "$sistem" == "evet" ];
then
# Firewall'u durdurmak için
/etc/init.d/iptables stop
else
# Diğer linux distroları için aşağıdaki kodları kullanıyor.
$yol -F
$yol -X
$yol -Z
for tablo in $(/proc/net/ip_tables_names)
do
$yol -t $tablo -F
$yol -t $tablo -X
$yol -t $tablo -Z
done
$yol -P INPUT ACCEPT
$yol -P OUTPUT ACCEPT
$yol -P FORWARD ACCEPT

fi
else
:
fi
Çalıştırma izni için
chmod +x /root/sifirla.sh
Bu dosyamızı 5 dk da bir çalıştırmak için /etc/crontab altına
*/5 * * * * root /root/sifirla.sh satırını ekliyoruz.

Önemli nokta: Çalışmaya başlamadan önce yukarıdaki durumu dikkate alınız!!!

2010
05/21
DİZİN
Genel
TAGS


Yorum yazın

Human Factor on the Security System

The Problem with Technology and the Human Factor
Introduction

Some organizations see the solution to information security problems as a technical problem. Several suppliers propose the same idea with technical solutions. The technologies of the security manager are firewalls, antivirus software, PKI systems, and VPN. All of them are valuable and protecting their network. If technology is fallible like humans, the technology is equal to the person who knows how to use it.

Computer Security


Everyone should have security on their computers and networks. There are several shortcomings that view. Even the software can be perfect, it would still have problems from hacker, testers, viruses and software mistakes. They will find unchecked memory, backdoors, and other weaknesses in commercial and in-house developed software. The problem is multiplied by the complication of modern information technology systems. Organizations that use multi-layered security are going the right direction, but it is hard for every layer of protection to be perfect. Protection of the organizing systems needs intelligent users that do not create security bug for their systems.
Many organizations really don’t understand their information security problems. They do not have all the information to make sure that they know exactly the right technical solution to a problem. They recognize the need for standard information security software; however they rarely have basic information of requirements. They buy firewalls for protection only with no care to monitor security alarms, update attack signatures, or respond to new forms of network traffic. They scan emails for viruses but ignore JavaScript. For a good security you need to educate your workers about worms, spam mails viruses etc.

The term “Technical solution” brings high unrealistic expectations because technology requires the human keep it up to date. Custom-made security technology is extremely expensive, while standard cheap software is not as good and offer little advantage to custom-made security technology.  It puts creating the best technology out of the hands of the uneducated people, because the people are stuck with below standard technology when they do not know better. Last but not least, someone has to use this technology. This can bring big problems, because people can make mistakes.
Information Security is not much different from security in general. After all, no one would put heavy security on something not important.  For example, who would put a heavy security lock on a box if it only has something as unimportant as a rock? Also, if a car looks good but has a broken window, then the whole car is not safe, just like the information security. Protection against cyber attacks works on the same idea. All weak points should be secured whether on a desktop computer, an organization’s server, or a corporate network.  Information should also be entered through safe paths.

Human Factor on the Security System

There are a lot of security software in the world, for example there is firewalls, intrusion detection systems, anti viruses etc. All types of software designed are made to do a certain function. This software will help protect a system. However, even the best software cannot guarantee a hundred percent system security. Even with the most advanced technology and passwords cannot be a hundred percent safe. This is because people made the system and they can make mistakes. So, people are the weakest part of technology.

The human factor is the main reason why attacks on many computers and systems are successful. There are many great examples, hackers, virus writers, and dangerous users use the human factor to their advantage. Therefore, they use people to penetrate systems.

Some Examples about Security

Many people do not understand why using software with many weaknesses poses a security risk to their computer or system. The many computer users see their computer as an object. They want to use it as a washer, a microwave, or any other simple device. They don’t want to know how it works. Even if they do, they would not know how it works like other objects they use. They just think that if they install a system that protect against viruses and software without weaknesses, they’ll have nothing to worry about.

Not knowing the problems of threats is only part of the problem. The human factor also comes into play. Many bad code starts to show at the drafting stage, especially when they create security policies and procedures. The security of wireless networks is in a poor state. Many errors were made when wireless protocols were being made. There is much written about them having bad program errors. While programmers and testers continue to find bypass security, new exploits will be found. Even the most developed software will be used, but again the human factor will be there. If you have a poorly trained system administrator and user, the best firewall or other protection systems in the world will not protect your system.

The way users treat confidential information is a careless approach to security. A similar situation can be shown in everyday life. An example is a person leaving their keys on the door. A lot of systems use an empty or weak password. Some systems have the user’s name as the password just to access their system easily. Even when users use a complicated password which no one can think, they write their password on a paper or they forget it, therefore other users can find their passwords.

Another human sense which hackers use is that humans are curious. Many of us find email worms at some time in our life. We know that these worms arrive as attachments to infected messages. Sending the virus out is only having of what the virus writer has to do. The worm has to be activated to multiply through the system and to other computers. It could be activated by opening the attachment. You might think that users might become worried when seeing attachments to unexpected email.  But surprisingly, the hackers know how to use our curiosity.

It is interesting that people open unprotected e-mails even if they are not supposed to. However, the numbers of people who open the e-mails are always the same. This can be explained by the fact that virus writers find new ways to trick people. On the other hand, viruses do not only infect e-mail message, but you can also find them all over the internet.

Conclusion

Computers are becoming more common every day. Hacking is becoming more dangerous day to day. Hacking technologies is becoming more complex. Creating a good security system is not easy. There are many weak points in the system which is a never-ending process to protect. There is always new technology being developed. They are use to solve problems. They have their disadvantages too. Hackers, virus writers, dangerous users invent new ways to exploit the security software being used. The result is a war between cyber criminals and security professionals.  It does not matter if you have the best security product or a professional security engineer, technology is only as good with users that know what they are doing.

Ali Kapucu

2010
05/11
DİZİN
Genel
TAGS

Yorum yazın

Screen Unlock Meterpreter Script

Meterpreter Screensaver unlock script from PaulDotCom on Vimeo.

2010
05/07
DİZİN
System Security
TAGS

Yorum yazın

Cisco Router Şifresi Kırma

Cisco Router Şifresi Kırma Router’ın enable secret şifresini unuttuysanız veya yeni aldığınız ikinci el router’a
birileri şifre vermiş ve siz bunu bilmiyorsanız bu router’da konfigürasyon yapabilmek
için şifresini kırmanız gerekli. Eğer router’ımız içindeki konfigürasyon bizim için önemliyse onu da
kaybetmemeiz gerekir. Aşağıda adım adım varolan konfigürasyonu kaybetmeden bir
router’ın şifresi nasıl kırılır onu öğreneceğiz. İlk yapmamız gereken router açılırken IOS (işletim sistemi)’in yüklenmemesini sağlamak olacaktır bunun için açılıs sırasında CTRL+BREAK (CTRL+C) tuşlarına
basılır. Bu işlem ile cihazımız mini IOS denen sınırlı işlemlerin yapılabileceği işletim
sistemi ile açılır. Şimdi komut satırına yazacağımız o/r 0×2142 komutu ile configuration-register’ı
değiştiririz. Artık router’ımız açılışta NVRAM’den konfigürasyonu yüklemeyecektir.
Router’ı kapatım açalım. Şimdi eski çalışan konfigürasyonumuz yüklenemediği
için IOS bize adım adım yeni bir konfigürasyon oluşturmak isteyip istemeyeceğimizi
soruyor. Bu soruya No cevabı verdikten sonra default komut satırımız olan router>
karşımıza çıkar.
router>enable yazıp enter’a bastığımızda artık şifresiz bir şekilde enable mode’a
geçmiş oluruz. Peki eski konfigürasyonumuz ne olacak?
Eski konfigürasyonumuz hala NVRAM içinde kayıtlıdır. Biz şu anda Runnin-
Config içindeyiz. Eski konfigürasyonumuzu geri almak için yapacağımız işlem çok
basit. Startup-Config içindeki konfigürasyonu Running-Config üzerine
kopyalayacağız. Bunun için aşağıdaki komutu vermeniz yeterlidir.
router#copy startup-config running-config
Tamam eski konfigürasyonu kurtardık. Şimdide yeniden bir enable secret şifresi
verelim. Bunun için global configuration mod’a geçmemiz gerekiyor.
router#configure terminal komutu ile global configuration moda geçilir.
router(config)#enable secret şifreniz komutuyla da yeni enable secret şifenizi
verebilirsiniz.         Bu işlemden sonra tekrar enable mod’a geçip RAM’de çalışan konfigürasyonu
NVRAM’e kaydetmemiz gerekiyor ki router kapanıp açılınca yaptığımız ayarlarla
açılsın.
router(config)#exit
router#copy running-config startup-config
Yukarıdaki işlemle kopyalamayı tamamlamış oluyoruz. Hem eski konfigüraysonu
kurtardık hemde enable secret şifremizi yeniledik. Yapmamız gereken son bir işlem
kaldı. Configuration Register’ı eski haline çevirmek. Bunun için tekrar global
configuration mod’a geçip aşağıdaki satırı yazmamız yeterli olacaktır.

router#configure terminal
router(config)#configuration-register 0×2102
Bu son işlemden sonra router’ımızı kapatıp açarsak yeni enable secret şifresi ve
eski konfigürasyonumuzla çalışmaya devam edebiliriz.
Hepinize kolay gelsin,

2010
05/07
DİZİN
Network Security
TAGS


Yorum yazın