EMET to Help Mitigate Threats on Your Windows Systems

emetEMET or Enhanced Mitigation Experience Toolkit (someone in marketing needs fired) is an MS tool that adds some protections against attacks. It provides some advanced functionality.

There are some nice defaults to protect the usual suspects (Like Internet Explorer, Java, and Adobe), but some more advanced options to protect other applications as well.

You can use this on your servers and WIndows 7 and 8 desktops (and the poor folks who still run Vista) also. I strongly suggest you read up on this and deploy it to systems you care about.  I would take a lower risk system first to get the hang of how it works and behaves to prevent breakage of production systems.

Its free, and it reduces risks, so why not?

TrustedSec has written up a great article, so I am linking to them, and directly to the MS web site for EMET……Enjoy

TrustedSec-EMET Install and deployment guide

MS Home page on EMET

MS EMET Mitigations Guidelines

Another Vulnerability to Watch

Another vulnerability has sprung up you should pay attention to as you need to make some changes to your web browser of choice likely.

Read the link below

Health Infosec web site

Basically you should disable support for SSLv3 and the specifics for most browsers are below.

Additionally if you run a web server or services, you should take a look also. There are
links at the bottom to test both your browser and server.

It really requires a MITM (Man in the middle) type attack, so you are more at risk than others
if you are someone who uses guest wireless networks that are not encrypted. (like some free
wifi hotspots, etc). My suggestion would be to simply mitigate the risk and disable it and then
make adjustments if you find it breaks something you need.

Firefox specific info
Mozilla Posting of info

Fix Firefox (click on images to see larger example)

Open the browser then type “About:config” (without the quotes) in address bar – it will warn you about breaking things,

ff-about

then search for

Security.tls.version.min

Change setting from 0 to 1

firefox-fix

 

Mozilla says they are fixing this permanently in Version 34 being releaed in November.

The test below may show you are not vulnerable, but you likely are and should change this setting unless you don’t feel the need. I have seen a false positive (meaning I am safe) but I clearly was not.

Fix Google Chrome specific info
Google Blog Info

Disable SSLv3 by putting the command below at the end of your chrome launch command (Windows example below – typically right click the icon and go to properties then shortcut)

–ssl-version-min=tls1

chrome-fix

Fix Internet Explorer specific info

Go to Internet Options / Advanced after you start the browser and uncheck use SSLv3 if checked.

IE-fix

Microsoft technet link discussing various options and steps including server admin info

Microsoft Technet info

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Browser Poodle test

https://www.poodletest.com/

Server test
https://www.ssllabs.com/ssltest/analyze.html

Shellshock and some information

I have had trouble emailing this information to some folks I work with, so I am posting here for reference and benefit for others.

I am sending this out far and wide since I work with many places…so please stop and read for a moment if you have not been alerted.

I am sure some of you are aware of this already, but if not I would take stock of this quickly and get a handle on what you need to do.There is a new bug being exploited in the wild going by the name of “shellshock” or “shellshocked”

Many *nix web servers running or external devices that rely on bash shell should be looked at (Linux, MacOS, etc). The obvious threat are web servers and other server utilities externally accessible, but you also need to think about your embedded devices that could be vulnerable.

Feel free to pass this along to whoever, but I suggest not waiting and being proactive in engaging your vendors to find out your risks.

Apple computers are addressable also, but likely lower risk (link below) unless being used for advanced things. I would pay more attention to your infrastructure, firewalls, VPN devices, and web servers, then work on the “inside” of your network .

All of you that work with me know I suggest the M&M security strategy of keeping a hard outer shell while you work on the “soft” middle 🙂

Links and info below…Feel free to contact me directly to discuss if you feel the need.

WSJ – overview
http://blogs.wsj.com/digits/2014/09/25/google-and-amazon-respond-to-shellshock-security-flaw/

National Vulnerability Database (NVD)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7169

ISC has moved to infocon:yellow with some background info

https://isc.sans.edu/

Below are some vendor links related to this that you should review if relevant to the technology you are using.

Apple
http://www.imore.com/about-bash-shellshock-vulnerability-and-what-it-means-os-x

EMC
https://support.emc.com/kb/192608

VMware
http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2090740

Cisco
http://tools.cisco.com/security/center/viewAlert.x?alertId=35816

Juniper
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648&actp=RSS

F5
https://f5.com/solutions/mitigation/mitigating-the-bash-shellshock-cve-2014-6271-and-cve-2014-7169-vulnerabilities

Watchguard
http://watchguardsecuritycenter.com/2014/09/25/bash-or-shellshock-vulnerability/

HP
http://h30499.www3.hp.com/t5/Fortify-Application-Security/3-Things-to-Know-About-the-Shellshock-Vulnerability/ba-p/6630504#.VCXYV1OVthE

Barracuda
https://blog.barracuda.com/2014/09/25/shellshock-vulnerability-update/

Checkpoint
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk102673&src=securityAlerts

Rackspace
https://status.rackspace.com/

Webserver checking tool
https://shellshocker.net/

Dont fear getting under the hood

The more I use computers and specifically Linux, the more I enjoy the terminal. I can quickly get what I want and where I want. Additionally it allows me to see what is really happening under the shiny gloss of a UI and more effectively troubleshoot. I started in a terminal 35 years ago, and here I am now back at a terminal…ha

I tell friends I am not sure if I am evolving or turning into a curmudgeon as I continue to use the terminal more and more in my daily life. To that end, below is a non-comprehensive list of some good terminal programs I use.

If you are not a Linux user, then I guess this means nothing to you except that maybe you should go find a copy to try out…If not, go back to the comfort of your start button.

htop – for processes
cmus – music goodness (and streaming)
links2 – terminal browser (use -g for graphics)
iptraf – good for monitoring network traffic on interfaces
netstat – of course you know this
openvpn – very good VPN and you can config and use with many commercial VPN products with a little effort.
weechat – terminal IRC (some prefer IRSSI) but weechat is nice and easy also
ctorrent – terminal bittorrent
mutt – email – takes a little work to setup and understand – but really cool and flexible
netcat – good networking file/copy utility – also has some other nice tricks 🙂
nmap – network mapper – scan subnets/hosts, all kinds of other goodies…very powerful. (terminal or you can get zenmap for UI also)
mtr – traceroute (terminal or can open a window)
pv – nice utility that shows throughput and progress of copying a file, etc
taskwarrior – terminal task management – very comprehensive
cmatrix – because who does not want a matrix style window open
ranger – nice terminal file manager – tree like navigation
tilda – cool drop down terminal (quake style)
wavemon – good wireless signal monitoring from terminal

Barely scratches the surface, but will keep you busy and stimulated for a while. 🙂

Technology and Humans

A personal blog by a technologist and his observations.

This site will have technical and non-technical information, and thoughts and information that I find helpful. Also need a place to put things I want to find later.

If you happen to find it, I hope it helps you or amuses. If not, then you might save yourself a little time by moving on.

Some of this may seem like a stream of consciousness or even personal notes…..That is exactly what it is.

My thoughts and information here are my own and not reflective of anyone I happen to work with…so do not connect those dots.

enjoy