Strong unique passwords

Strategies for creating strong, unique passwords and properly managing them:

As more and more of our daily activities and personal information are being conducted and stored online, it's crucial to have strong, unique passwords for all of your online accounts. Not only do strong passwords protect your personal information from potential hackers, but they can also prevent unauthorized access to your accounts and protect your privacy.

But with so many different online accounts and passwords to remember, it can be tempting to use the same password for multiple accounts or to create passwords that are easy to remember but not very secure. This is a dangerous practice, as it puts all of your accounts at risk if one password is compromised.

Here are some tips for creating strong, unique passwords and properly managing them:

1. Use a mix of letters, numbers, and special characters in your passwords. Avoid using dictionary words or common phrases, as these can be easily guessed or cracked by hackers using specialized software.

2. Don't use the same password for multiple accounts. If a hacker gains access to one of your accounts, they will then have the ability to access all of your accounts if you use the same password.

3. Consider using a password manager to help you generate and store unique, strong passwords for all of your online accounts. This can take the hassle out of remembering multiple complex passwords and help ensure that your passwords are secure.

4. Regularly update your passwords. It's a good idea to change your passwords every few months to ensure that they remain secure.

5. Be careful when sharing your password with others. Only share your password with trusted individuals and avoid writing it down or sharing it over unsecured channels.

By following these tips, you can help protect your personal information and online accounts from potential hackers and unauthorized access. Strong, unique passwords are an essential part of good cyber hygiene, and taking the time to create and manage them properly can help keep your online accounts and personal information secure.

How to manage passwords ? With a password manager !

Some examples of popular password managers include LastPass, Dashlane, 1Password, and Keeper. Each of these password managers offers a range of features and pricing options, so it's worth doing some research to find the one that best meets your needs. Additionally, many web browsers, such as Google Chrome and Mozilla Firefox, also offer built-in password manager features.

How to secure your Linux

How to secure your linux? (easily)

Now days computer security is on the top trending topics for several reasons, the pandemic confiment also boosted the search for this topic. So you have a linux, is it secure? Most likely yes, is it vulnerable, even if daily updated (also see how to speed up apt-update ) due to default values of some configurations.

An easy way to enhance Linux security or hardening Linux? Using lynis (also works on OSX)

What's hardening?  Basically is just tunning and configuring some features that by default might allow someone to exploit or use that as a vulnerability. (not just one feature per se, but some combined might create something exploitable)

How to install lynis on Linux?

There are two instalation methods, easy and easiest. The main difference is  the version you download from the Lynis site is always the latest one where the apt-get version might take sometime to get to the lastest. 

An example is allowing access to compilers, an intruder can pass a bunch of string and in the end compile them and there you go, someone uploaded some string and created an executable on your machine. Another example is not enforcing secure password, 1234, Joe, and Password aren't exactly secure passwords, but if the system won't allow anything rather than ex: JustATinny123Pass**Again is virtual impossible to guess or crack.

 

In ubuntu/mint lynis installation (easiest):

• sudo apt install lynis

In ubuntu/mint lynis installation (easy):

1. Go to Lynis webpage and download the rar
2. Unrar-It
3. Done  

How to run Lynis on your Linux machine?

Previous Note: You should always run it as root user 

• If the installation was done via apt-get the just type "lynis audit system" else, just go to the directory where you extracted Lynis and run "./lynis audit system".

This might take a while depending on our system ( 40sec plus). 

What do you get? Whell for start you get a score! 0-100points... if you use a default ubuntu 20 LTS from scratch you'll get around 65points depending on installed packages.

There's a list of issues to be solved, their solution (if possible in your system), solve one by one and in the end run it again. In the end you improve your score and harden your system.

Examples which I focus a LOT, since some of my machines are only accessible by network: sshd connections hardening.

Python Static Code Analysis

Python static code analysis with Prospector and Bandit

Not going to talk about the "why should one use code analysis tools", if you read it up to the end you'll get it!

Which code analysis tools?

Let's talk about Code Analysis in Python, what to use, why to use, experience on using it.

Currently I use only 2, and for me it's the limit of code analysis tools to use at the same time without much overhead.  Prospector & Bandit. Why two?

Well one, Bandit,  focus specifically on security on your Python code, the other has a wider range focusing on potential errors, complexity and convention violations . Both overlap in some way, with Prospector replacing Pylint, pep8 and McCabe complexity, endoing: you'll get more than enough code analysis, sometime more than you can handle. (I'll get to that latter on)

 

How to Install Bandit and Prospector?

Installation is very strait forward on both of them.

Installing Bandit is as simple as:

pip install bandit

or 

pip3 install bandit 

Installing Prospector isn't much harder:

pip install prospector[with_everything]

or 

pip3 install prospector[with_everything]

 

Running of Bandit and Prospector?

First you need your python file. In this case I've used an example one just for the sake of example, let's call it tst.py

It's a very simple program with one function, user input and screen output. Let's run first Bandit, how? Simple:

    bandit tst.py

Here's the result:

Looks like we've got a potential issue with the "input" , since we're using python3 won't be a problem but lets assume that it is. Go to the link and read the explanation, so if we're on Python2 let's swap input() with raw_input() else it's all alright.

Now running prospector, the -s flag points the profiles used, from veryhigh to verylow, in here you can opt to choose, if you don't use the flag medium shall be used, for sake of example let's go for the veryhigh :

    prospector -s veryhigh tst.py

 

 

As you can see LOTS of warnings are issued in the veryhigh (30 vs 6 on the medium profile) so use the veryhigh and high with come caution because most of the warnings in veryhigh are related to syntax and indentation aspects (pep8).

So if you apply most of the changes/fix all the warnings how will the code look like? ( DO keep in mind that sometimes you can't actually apply all the changes due to legacy code/ code dependencies, and sometimes your editor my leave some spaces/tabs between the lines which will conflict with the "veryhigh" settings)

Now your code is a bit safer and cleaner. This was a simple and silly example, try to run it on your own scripts/programs and see the differences, again in prospector don't rush into the "veryhigh" profile.

 

Honeypot deployment on Linux - OpenCanary

What’s a honeypot what what it’s purpose ?

It’s basically a computer or Virtual Machine emulating some services (ex: ssh, ftp, telnet, netbios, https, samba server etc) and accepting, logging and sending warnings of all incoming connections. You can use it as intrusion detection or early warning system but it also might go a little further and allow one to get inside the intruders ”head” since you get to log every interaction.

How and where should it be placed?

Let’s start with “where”. I usually place them in specific areas to get an idea how/or if the network is tested from outside or inside. So I have about three major areas; behind firewalls, in “sensible zones” where only pre-defined machines should have access and in the “public zone” such as administrative/general network.

Placing a honeypot behind firewalls/”sensible zones” will ensure that the firewall is doing it’s and if you get a hit that means you have a miss-configurations or a serious intrusion. Honeypots placed in the “public zone” will give you a glimpse if you have some outsider skimming your network, an inside threat or just a very network-enthusiastic co-worker… to put it mildly.

How to place it? This answer can be split in two parts, hardware and timeline.

• Since the minimum hardware requirements are very low Virtual Machines are the best option. 1 vCPU and 512 RAM will be enough for each instance.
• Timeline; If you have the resources (basically mature security team with proper tools) then all of them at the same time. If not, deploying the honeypots from the most to the least secure zones in the network is recommended. In the most secure zone you should have no events at all where as in the least you might get a couple, his approach will give some time to understand eventual breaches and mature responses. (opposite to having lots of hits all across the network and spreading resources in order to understand what’s happening)

Which software and how to install it?

A very simple honeypot is opencanary. It’s freeware, it emulates windows/linux server, as well as mysqlServer, ftp, ssh, I can generate events to syslog files, log file and via email. Usually I ran it on an Ubuntu Server with 1vCpu and 512ram.

• Install Ubuntu server version and make all the security updates
• Install necessary libs and the honeypot

$ sudo apt-get install python-dev python-pip python-virtualenv
$ virtualenv env/
$ . env/bin/activate
$ pip install opencanary
$ sudo apt-get install -y build-essential libssl-dev libffi-dev python-dev
$ pip install rdpy

• Finally run it for the first time (default configuration)

. env/bin/activate
$ opencanaryd --copyconfig
$ opencanaryd --start

Edit the file /.opencanary.confand set the this line "http.enabled":true and restart the service with the command: opencanaryd --restart This will enable the http server. Now point your browser to http://your-ip-addr and check your brand new Synology RackStation!

Try your luck by logging In with some commonly used user/passwords. Now check some opencanary logs in the file /var/tmp/opencanary.log

Your webserver fake page

OpenCanary Log file

Pretty interesting humm? Timestamp, user/pass tries, ip addresses…

Edit the configuration!

Now let’s create some services so the honeypot gets really sweet. Edit the configuration file /.opencanary.conf

{
"device.node_id": "HoneyPot-ServerName-Good-idea-to-change-it",
"git.enabled": false,
"git.port" : 9418,
"ftp.enabled": true,
"ftp.port": 21,
"ftp.banner": "FTP server ready",
"http.banner": "Apache/2.2.22 (Ubuntu)",
"http.enabled": true,
"http.port": 80,
"http.skin": "nasLogin",
"http.skin.list": [
{
"desc": "Plain HTML Login",
"name": "basicLogin"
},
{
"desc": "Synology NAS Login",
"name": "nasLogin"
}
],
"httpproxy.enabled" : false,
"httpproxy.port": 8080,
"httpproxy.skin": "squid",
"httproxy.skin.list": [
{
"desc": "Squid",
"name": "squid"
},
{
"desc": "Microsoft ISA Server Web Proxy",
"name": "ms-isa"
}
],
"logger": {
"class": "PyLogger",
"kwargs": {
"formatters": {
"plain": {
"format": "%(message)s"
}
},
"handlers": {
"console": {
"class": "logging.StreamHandler",
"stream": "ext://sys.stdout"
},
"file": {
"class": "logging.FileHandler",
"filename": "/var/tmp/opencanary.log"
}
}
}
},
"portscan.enabled": false,
"portscan.logfile":"/var/log/kern.log",
"portscan.synrate": 5,
"portscan.nmaposrate": 5,
"portscan.lorate": 3,
"smb.auditfile": "/var/log/samba-audit.log",
"smb.enabled": false,
"mysql.enabled": false,
"mysql.port": 3306,
"mysql.banner": "5.5.43-0ubuntu0.14.04.1",
"ssh.enabled": true,
"ssh.port": 22,
"ssh.version": "SSH-2.0-OpenSSH_5.1p1 Debian-4",
"redis.enabled": false,
"redis.port": 6379,
"rdp.enabled": false,
"rdp.port": 3389,
"sip.enabled": false,
"sip.port": 5060,
"snmp.enabled": false,
"snmp.port": 161,
"ntp.enabled": false,
"ntp.port": "123",
"tftp.enabled": false,
"tftp.port": 69,
"tcpbanner.maxnum":10,
"tcpbanner.enabled": false,
"tcpbanner_1.enabled": false,
"tcpbanner_1.port": 8001,
"tcpbanner_1.datareceivedbanner": "",
"tcpbanner_1.initbanner": "",
"tcpbanner_1.alertstring.enabled": false,
"tcpbanner_1.alertstring": "",
"tcpbanner_1.keep_alive.enabled": false,
"tcpbanner_1.keep_alive_secret": "",
"tcpbanner_1.keep_alive_probes": 11,
"tcpbanner_1.keep_alive_interval":300,
"tcpbanner_1.keep_alive_idle": 300,
"telnet.enabled": true,
"telnet.port": "23",
"telnet.banner": "",
"telnet.honeycreds": [
{
"username": "admin",
"password": "$pbkdf2-sha512$19000$bG1NaY3xvjdGyBlj7N37Xw$dGrmBqqWa1okTCpN3QEmeo9j5DuV2u1EuVFD8Di0GxNiM64To5O/Y66f7UASvnQr8.LCzqTm6awC8Kj/aGKvwA"
},
{
"username": "admin",
"password": "admin1"
}
],
"mssql.enabled": false,
"mssql.version": "2012",
"mssql.port":1433,
"vnc.enabled": false,
"vnc.port":5000
}