Pagine

Hacker -- SSL 3.0 Poodle vulnterability and how disable SSL 3.0 on Windows Server

POODLE vulnerability is an attack in SSL 3.0 and it is a defect of the protocol, not an implementation issue. For more information read the article released by Google.

Each implementation SSL 3.0 has this problem. Security experts recommend system administrators to disable SSL 3.0 and Use TLS 1.1 servers or 1.2.


To test whether the network server using SSL v3, go to Toolbox GeoTrust SSL and type the URL of the server to monitor and click on Check.

https://ssltools.geotrust.com/checker/views/certCheck.jsp 

If SSLv3 is enabled your server is at risk 

  1. In this case, to disable SSLv3 you need to execute as Administrator regedit. 
  2. HKEY_LOCAL_MACHINE\SYSTEM\
    CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\
    
  3. Right click button on the Protocols item and select New> Key --> SSL 3.0 folder.
  4. Right click button on the item SSL 3.0 folder and create a new key named Client.
  5. Again, make a click with the right mouse button on the item SSL 3.0 and create the strong name key Server.
  6. Make click with the right mouse button on the client and select New> DWORD (32-bit) Value.
  7. Give the name of the DWORD DisabledByDefault. Make a double click on DWORD and enter 1 as Value data and click OK to confirm.
     
  8. Repeat the same procedure for the Server entry and assign Enabled as the name of the DWORD. Leave Value Date with the default value set to 0.
  9. Restart Server 
Alternatively you can create a .reg file coping and paste following text and add it to your system register.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client]
"DisabledByDefault"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server]
"Enabled"=dword:00000000
 

For the moment, there are no available patch as the problem is a defect and not due to the implementation of the Protocol.

More details:

https://technet.microsoft.com/en-us/library/security/3009008 

http://www.achab.it/blog/index.cfm/2015/1/microsoft-iis-disabilitare-il-protocollo-sslv3-per-poodle.htm 

USB - FREE super-strong 256-bit encryption PORTABLE software for any hard drive or USB Flash memory stick

During these days I was looking to a Truecrypt alternative (end of support) so I found a freeware software that you can copy on your USB and permit to decrypt your usb.

Download:

http://www.portableapps4u.com/download/safehouseexplorer_3.01.zip

Vendor:

http://www.safehousesoftware.com/

Here you can find more technical details.


SafeHouse Explorer – 3.01 Portable

SafeHouse Explorer is FREE super-strong 256-bit encryption software for any hard drive or USB Flash memory stick. Total privacy with a familiar Windows Explorer-like interface. SafeHouse Explorer makes your secret files invisible and hides them from snoopers, intruders and anyone else who doesn’t have your permission to view them. SafeHouse Explorer uses passwords and maximum-strength 256-bit advanced encryption to completely hide and defend your sensitive files, including photos, videos, spreadsheets, databases and just about any other kind of file that you might have. SafeHouse Explorer can protect files residing on any drive, including memory sticks, external USB drives, network servers, CD/DVDs and even iPods. SafeHouse Explorer creates hidden private storage areas on your local hard drive or external media to hold your confidential files. Your files are completely invisible until you enter your password. After you enter your secret password, you access your files using SafeHouse Explorer’s familiar drag-and-drop Explorer-like interface. SafeHouse Explorer is an application created to help you hide and protect your private documents and files, keeping them safe from intruders and anyone else who doesn’t have your permission to view them.
 

SafeHouse Explorer Features:

Uses strong 256-bit Twofish encryption
Compatible with all popular Windows applications.
Protects documents, spreadsheets, photos, videos, data and more.
Lightning fast. Does not degrade performance.
Fully-integrated with Windows and Explorer.
Private storage volumes as large as 2,000GB each.
Unlimited number of private storage volumes.
Protects files on both local and external hard drives.
Protects files on CD and DVD (secure archives).
Protects files on USB Flash drives and memory sticks.
Can be used to email protected files.
Backup private volumes to external storage devices.
Private files can be located on shared network servers.
Password strength meter helps you choose strong passwords.
Make self-extracting EXE encrypted vaults.

OS:

Windows XP, Vista, Windows 7, Windows 8


[update 2016.12.31]

You should be aware that TrueCrypt development was no longer maintained/updated  since 2014.

http://www.alessandromazzanti.com/2013/08/usb-create-usb-encrypted-with-truecrypt.html

Hacker - Truecrypt alternatives

Several security bugs have been not resolved.

You fan review this article about some alternatives that I summarize them in this article too.

https://www.comparitech.com/blog/information-security/truecrypt-is-discoutinued-try-these-free-alternatives/,.


Here they are Truecrypt alternatives (from my side I use, normally, 2. and 7. options):
  1. VeraCrypt You can find a full list of improvements and corrections that VeraCrypt made on TrueCrypt here. It is open source and free.
  2. Bitlocker no encrypted containers ability and not open source.
  3. DiskCryptor supports encryption of external devices including hard drives, USB drives, CDs, and DVDs
  4. CipherShed
  5. FileVault 2 Apple’s answer to Bitlocker, no encrypted containers ability and not open source.
  6. LUKS
  7. SafeHouse Explorer – 3.01 Portable

Program - How to backup exact copies of USB flash drives




Use ImageUSB to write an image to multiple USB Flash Drives! Designed for use with OSForensics.

ImageUSB is a free utility which lets you write an image concurrently to multiple USB Flash Drives. Capable of creating exact bit-level copies of USB Flash Drive (UFDs), ImageUSB is an extremely effective tool for the mass duplication of UFDs. ImageUSB also supports writing of an ISO file byte by byte directly to an USB drive (*). ImageUSB can also be used to install OSFClone to a USB Drive for use with PassMark OSForensics™.

With ImageUSB from PassMark Software, you can easily create exact image copies of any USB flash drives and store them on your PC.

Plug in the USB drive you want to back up and click on ‘Refresh Drives’. You should see your USB flash drive, referred to as a UFD by the program, at the top of the application window. Select it and then ‘Create from UFD’ below. For security, you can also select Post Image Verification to ensure that your backup matches the original UFD. This will create an image file of your UFD with the extension .bin.
You can now copy this image on to another UFD, or multiple UFDs simultaneously by selecting them all before clicking the Write to UFD button. In our example, we have plugged in four UFDs at the same time for duplication.

Unlike other USB duplication tools, ImageUSB can preserve all unused and slack space during the cloning process, including the Master Boot Record (MBR). ImageUSB can perform flawless mass duplications of all UFD images, including bootable UFDs.

DOWNLOAD:

http://www.osforensics.com/tools/write-usb-images.html 

For usage you can read following article:

http://www.pcadvisor.co.uk/how-to/storage/3509099/create-image-backup-of-usb-drive/ 

Programs - Some LAN inventory tools

Here are some useful lan inventory tools:

1. I used this tool: http://ondemand.manageengine.com/service-desk/

It was flexible and offered both a helpdesk trouble ticket solution as well as the hardware/software inventory and is hosted, so, it didn't require any on-site installation except for one agent to funnel the inventory results through. 


2. We use LanSweeper. Highly customizable to the point of adding nearly any tool to the CMD bar for devices. Fast and efficient. You can use the FREE version or buy as the cost is low. No agents to install. After initial run, you'll want to start telling LanSweeper what certain devices are. I really like the grouping options and the ability to add any tools you can possibly run on a device remotely.  

3.  Spiceworks http://www.spiceworks.com/.

Server - AD user account lock out problem

If you have more than an account that usually lockout to better investigate this kind of problem you can have this information from the Security Log of your Domain Controller. If you have more than 1 DC, you can check each of your DC for Event ID 4740 (it's an information). In this Event Log, you will have the computer name of the logon request.

If you have a lot of DC, there is tool (Account Lockout and Management Tools) you can use --> http://www.microsoft.com/en-ca/download/details.aspx?id=18465

Then, locally on the computer, look for aomething that could run under under user account
* Service

* Scheduled task

Program - Different Wipe tool Live CD, USB live and Windows program

Hera are some utility to wipe disk:

1. Use Hardwipe to permanently erase data on disk and portable storage media, thus ensuring that discarded, but sensitive, information can never be recovered by someone else.

Hardwipe can not only wipe drives and USB media, but can also sanitize the Windows Recycle Bin, overwrite selected files and folders, and clean unused drive space of unwanted remnant data. Furthermore, you can run Hardwipe as a standard-alone application, or use its convenient "right-click" context menus from within the Windows File Explorer.

Hardwipe is free for individual use. A professional upgrade is also available.

This is a Windows utility.

2. Instead, if you like to create a LIVE CD or USB Live you can download this utility DBAN:

http://www.dban.org/download (inside blog you can find a lot of utility that give you the ability to create USB live from .iso files.



3. Otherwise you can download:

Hiren's BootCD 15.2

http://www.hiren.info/pages/bootcd

Create relative ISO/USB live and search for utility and search for this utility:


Veeam - Veeam Endpoint Backup Free

Today at VeeamOn conference in Las Vegas Veeam has announced a new FREE tool: Veeam Endpoint Backup Free. With this new free tool you can finally backup your physical Windows hosts. Desktops laptops and servers starting from Windows 7 and Windows...

Original announcement from VEEAM

We've been very clear about our vision for the Modern Data Center recently: it has key attributes such as being highly virtualized, having modern storage and is ready for a cloud strategy. But what about systems that have data on them that aren't part of the data center? What about endpoints?  Most companies use PCs or laptops for their end users and those devices have data on it that may need to be protected.

To help address this need, we just announced a new product via a press release at VeeamON 2014 today. We are happy to introduce Veeam Endpoint Backup FREE!

Veeam Endpoint Backup FREE is Veeam's new backup solution for Windows-based computers (desktops & laptops) running Windows 7 and higher as well as Windows Server 2008 and higher. It is a standalone product and is not part of Veeam Backup & Replication nor the Veeam Availability Suite. This is clearly big news, and you may have a number of questions on what this new product is. Here are some FAQ on this announcement:

What is it?

Veeam Endpoint Backup FREE is a product that allows you to backup your Windows-based computers to an internal or external hard drive, a NAS share or a Veeam Backup Repository. It writes the backups in VBK format, which is the same format as Veeam Backup & Replication. With this product, you will be able to protect files, volumes or your entire computer based on your own schedule or at logon or logoff. The figure below shows the backup job control panel and it's activity:

Windows-based computers' backup job control panel and it's activity
The possibilities to recover range from simple files (overwrite or keep the original files), volume restore or a bare metal recovery.

Backup Browser and its possibilities to recover range from simple files, volume restore or bare metal recovery.
Additionally, Veeam Endpoint Backup FREE will have great features such as pausing the backup when the system is busy (automatically, with the optional Backup I/O Control selected), automatic update notifications, auto-recognition of the external hard drive that has your backups stored and much more.
When creating recovery boot media, you will also automatically receive additional tools such as checking the system memory, fix startup sequences and a unique administrator password reset.
And all of this, as the name states, will be available for free!

When will it be available?

The first beta of Veeam Endpoint Backup FREE will be released in November and the GA (generally available) date is targeted early 2015. You can sign up for the beta here: http://go.veeam.com/endpoint.

Does free mean no support?

Veeam Endpoint Backup FREE will be supported through Veeam's free product support policy. This means that Veeam will attempt to provide support for users of Veeam Endpoint Backup FREE but does not provide response goals or response guarantees for this service.

Welcome Veeam Endpoint Backup FREE!

Veeam Endpoint Backup FREE will solve the IT Pro's challenges to protect their endpoints at NO cost. And because of this, they will lower their risk of data loss. What do you think of this news? Share your comments below.

2012 Server - Wbadmin System state backup

There is a very easily way to backup system state Windows 2012 Server and it's the following (using windows server backup)
  1. Execute cmd with administrative rights
  2. wbadmin start systemstatebackup -backuptarget:externalhd
  3. I recommend instead you use wbadmin start backup -allCritical for AD restore See link)
 In this way you would have relative backup on external drive