Outer Heaven - Security

Set users up for /var/www/htdocs access on Slackware

nospam@example.com (Chris) — Wed, 29 Mar 2006 13:58:28 -0600

The school district I work for used to run a webserver off an old Windows NT 4.51 box. The server software itself came from a product called FirstClass, somewhat popular in education IT departments. I hated it, so armed with $1,500 I built a snazzy server based on Slackware linux. I chose linux because I'm familiar with it, and Slackware because I like the philosophy behind it: simplicity.

After installing the packages and performing various modifications to configuration files it was time to setup users for HTTP access (uploading files via FTP, etc.). At first you would think it's as simple as creating a user then logging in [as that user] and editing files however you please. This will not work and you will be greeted with permission denied errors. What you need to do is create a user, add him/her to a group then give that group access to /var/www/htdocs.

To add a new user enter the command adduser as root. Follow the instructions, then once you are done enter the command pico /etc/group. Scroll down until you find the FTP group and add your user to that line:

ftp::50:user1,user2,user3

Once this is done we need to allow the ftp group access to /var/www/htdocs so users can upload files there. This can be done by entering the following:

chgrp -R ftp /var/www/htdocs
chmod -R g+w /var/www/htdocs

Now all the users that belong to the ftp group will have access to /var/www/htdocs in a secure manner.

Another thing I like to do is create a link from a file to the /var/www/htdocs folder so that when the user logs in they will be able to quickly go to /var/www/htdocs instead of having to browse through the directory tree (think of it as a shortcut in Microsoft Windows). Make sure you are in the user's home folder (/home/username) as root and enter the following:

ln -s /var/www/htdocs WWW

Log in as your user from an FTP client and you should see a folder called "WWW" on your screen.

Cutting out the junk with Privoxy

nospam@example.com (Chris) — Thu, 16 Mar 2006 10:11:00 -0600

There are several methods to eliminating spyware threats. Using the Firefox browser in conjunction with several extensions can secure your browsing experience from nearly any threat posed. But what about other browsers? What about wanting further control over the web?

Privoxy

Before we take a closer look at Privoxy it's necessary to take a brief glance at what a proxy is.

Proxy servers are allow users to make indirect connections to other networks (i.e. the internet). For example, in my building when making a web query packets go from my computer to the proxy server then out on the web. Reply packets come back through the proxy server then onto my workstation. What this does is allow you to control everything that comes or goes through your computer (or in my case the entire building).

Privoxy specializes in removing invasive cookies, javascript (popups are a good example here) and advertisements. Privoxy can be modified via "action" and filter files to do further filtering of any website content. Example:

##################################################################
#
# all-popups: Kill all popups in JavaScript and HTML
#
##################################################################
FILTER: all-popups Kill all popups in JavaScript and HTML

s/((\W\s*)(window|this|parent)\.)open\s*\\?\(/$1concat(/ig # JavaScript
s/\starget\s*=\s*(['"]?)_?(blank|new)\1?/ notarget/ig # HTML

This is a powerful feature of Privoxy. Even though the base application hasn't been updated since 2004 users have been editing action and filter files to keep up to date with the latest techniques used by malicious webdesigners.

Go ahead and download Privoxy for Win32. Once it's installed, you will need to point your browser to Privoxy. With Firefox this is done by clicking Tools > Options > General > Connection Settings and setting the proxy to 127.0.0.1 with a port of 8118. Internet Explorer is Tools > Internet Options > Connections > LAN Settings and set the proxy address to 127.0.0.1 and the port set as 8118. Once this is done you can test it by entering "http://config.privoxy.org" into your browser. You should see the message "This is Privoxy 3.0.3 on localhost (127.0.0.1) , port 8118, enabled." If you don't see that message, you will need to double check the proxy settings in your browser or make sure Privoxy installed without any errors.

Editing Privoxy is simple. Right-click the little icon (green circle with a 'P') and under Edit you will find the various action and filter files. They are well documented although I would recommend that you have a little experience with editing configuration files before playing with the settings.

If your home or building already has a proxy server onsite you will need to instruct Privoxy to forward information to it. This is done by editing the Main Configuration file. Find section five as shown below and edit it with the address to the other proxy:

#
# 5.1. forward
# ============
# ...

forward / 10.0.0.1:8080

In this case I'm telling Privoxy to forward ALL data through to the proxy server running at 10.0.0.1 port 8080. You can instruct Privoxy to only forward certain data to certain places (i.e. SSL to 10.0.0.1:8081) but more than likely you won't have to deal with it.

After Privoxy is installed and configured the next step is simply start browsing. You'll notice popups are removed, ads are cut down, and javascript isn't as intrusive. When Privoxy is used in conjuction with Firefox and extensions such as Ad-block surfing the web is an even more secure experience. If you use Internet Explorer Privoxy is heaven-sent, you could not ask for a better way to prevent the spyware that plagues IE users.

I do hope in the near future that Privoxy development resumes at a brisk pace. It's a fantastic piece of software that's easy to use and extremely powerful. It's a shame to see it gathering mothballs in the corner of the open-source community.

Safe XP from Theorica Software

nospam@example.com (Chris) — Wed, 22 Feb 2006 12:46:54 -0600

In my search for useful programs that deserve support I came across a gem from Theorica Software called Safe XP. Basically what this program does is allow you to fine-tune Windows with security in mind simply and efficiently.

Using the default settings plus a few extra tweaks will allow you to quickly harden your XP installation against security threats. It's not fool-proof but for the average user it's a quick way to add security without having to understand the method behind the madness.

If you have problems after applying Safe XP settings, you can always restore settings from a backup (be sure you do so before making any changes just to be on the safe side) or restore original settings before Safe XP was used.

So far no complaints from me. With default settings used everything is transparent to the user. I especially like check boxes for things such as Disable MSN Messenger, which is much easier than mucking through GPEDIT.MSC. It's also nice to see options to disable some unnecessary services, something the average Windows XP install is bogged down with. I would like to see some additional services options, perhaps a complete list of services running on your computer with suggestions as to what needs to run and what doesn't. There are several hacked versions of Windows XP that run on computers with incredibly small processors and RAM due to having a large amount of the services removed or disabled.

All in all I highly recommend any Windows operating system user to download Safe XP and apply the default settings. It will give you a peace of mind that your computer is more secure against threats.

Recovering Windows 2003 domain passwords

nospam@example.com (Chris) — Tue, 21 Feb 2006 14:35:58 -0600

Today I had to get a listing of all my user's logins and passwords to my Windows 2003 domain. You'd think it would be an easy affair with Windows allowing you to print a report with that information; but that's not the case. Windows encrypts all passwords so you are unable to view them without cracking the hashes using dictionary or brute force "attacks."

There are several programs that allow you to crack your domain's passwords although my personal favorite (easy to use and fast) is @stake's l0phtcrack. Recovering passwords is as easy as selecting a remote server, entering the administrator's login and password then letting l0phtcrack do its thing. Once your passwords are recovered for each login you can easily output them as a report with various ways to organize the data for printing.

Until Microsoft decides to give us IT guys a program to output usernames/passwords as a report @stake's l0phtcrack is the next best thing.

Blackworm warning

nospam@example.com (Chris) — Thu, 02 Feb 2006 12:51:31 -0600

If you haven't already heard the news a new worm will begin over-writing and removing data tomorrow (February 3rd). You are adivsed to check with your anti-virus vendor for the latest definitions and run a full system scan, especially if you have opened any suspicious email attachments in the past week.

So far roughly 300,000 systems have been infected by Blackworm (or a variant thereof). The Internet Storm Center has an excellent summary on Blackworm (and all known variants) here.

Just to further state the obvious: NEVER open email attachments from sources you do not know. If you have and you suspect you have been infected immediately update your anti-virus software, disconnect your computer from the internet and run a full system scan. Depending on the infection type I would also recommend changing all of your passwords due to keyloggers.

Only computers with Microsoft Operating Systems installed are affected. MacOS, Linux, and *BSD are unaffected.

Blocking spyware

nospam@example.com (Chris) — Wed, 01 Feb 2006 14:47:52 -0600

If you command an entire network or just a single workstation at home you've no doubt felt the effects of spyware. I've been on the lookout for ways to completely eliminate spyware without having to run expensive third-party applications, and I believe I've found an easy way to go about it. The tools you'll need include:

- Mozilla Firefox
- Adblock extension
- Adblock Filterset.G extension
- NoScript extension

After installing Firefox and all of the above extensions you will be virtually impervious to any spyware that you might normally pick up while browsing the web. This will not protect you against downloading infected applications, you'll need a third-party application such as Webroot SpySweeper in order to remedy those problems.

Another effective method to eliminate various methods of installing spyware through your browser is to run a proxy on your workstation. I've experimented with Privoxy which filters out unwanted content before displaying it. Privoxy in conjunction with Firefox makes for a solid and secure browsing experience on the web.

Hopefully Internet Explorer 7 from Microsoft will remedy many of the spyware issues faced by general computer users today. With a large part of internet users still unaware or unwilling to use anything but Internet Explorer spyware has gotten out of control. Using a third-party browser such as Firefox or Opera can greatly decrease your chances of infection, if not eliminate it completely.