Skip to content

Fixvirus Security Show Jan2

On News of Day I discuss http://www.darkreading.com/operations/5-pitfalls-to-avoid-when-running-your-soc-/a/d-id/1318218

Specifically:

"Our goal is to protect our critical assets, quickly know when they have been compromised and respond with immediate action to contain and eradicate the threat. If anyone believes they are going to create the perfect secure environment, let me save you some pain in discovery: It does not exist. However, if you can narrow your attack surface area through smart security operations that fully integrate the right people, the right processes, and good technology, then you drive up the skill required by an attacker to the point where most threat actors will give up and go after easier, softer targets."

In Tip of Day I discuss how Netcat can help you do some "banner grabbing"

Which will help you view applications as they send information in the first review

from the Netcat Power Tools pdf Chapter 4:  http://dl.acm.org/citation.cfm?id=2155689

The Web server will take this request, locate the file requested, and send it back to
the client. When given a file of “/”, Linux and UNIX servers will return index.html,
while Windows Internet Information Server (IIS) will find and return default.htm.

I recommend to obfuscate your web and other applications banners:

"For many different reasons, usually security-related, many Web sites do not wish to
show the version software that they’re running. They can alter this information by
editing their Web server configuration to use a new ServerTokens value, or by using
third-party software."

 

You can actually test your webserver to see what it responds with:

For protocols like HTTP that require user interaction, it is still possible to
automate the process. All you need to do is pipe the echo of your input to
Netcat. Simple enough, no? The trick that catches many people is how to
transmit that extra carriage return after the command. This can easily be
done with the following Linux command:
echo –e “GET / HTTP/1.0\n” | nc <host> <port>
In the example above, echo uses the \n string to signify a new line.

 

 

Let me know if you need help with this.

Contact Us.

Leave a Reply