security Archives

Home » security » Page 25

Why hiding your SSID makes your security worse

Dave Farquhar security January 6, 2016May 10, 2017AES, antenna, SSID, SSL, TLS

I got a couple of questions about my recommended DD-WRT settings, but I’m going to start with the question about why not to hide the SSID. It actually turns out that hiding your SSID is bad for you, and makes your security worse. I’ll explain.

Dave Farquhar

David Farquhar is a computer security professional, entrepreneur, and author. He has written professionally about computers since 1991, so he was writing about retro computers when they were still new. He has been working in IT professionally since 1994 and has specialized in vulnerability management since 2013. He holds Security+ and CISSP certifications. Today he blogs five times a week, mostly about retro computers and retro gaming covering the time period from 1975 to 2000.

dfarq.homeip.net

Splunk truncating timecharts is fixable

Dave Farquhar security January 5, 2016September 23, 2023

I’ve been building some dashboards in Splunk to make it easier to compare some things. I needed to find a way to deal with Splunk truncating timecharts inconsistently.

Splunk’s timechart option is useful for baselining. Before you can spot the abnormal, you need to recognize the normal. I sometimes monitor things using the timechart option, but sometimes Splunk will truncate the timecharts seemingly at random, so I’m not necessarily comparing the same timeframes. Read more

Dave Farquhar

dfarq.homeip.net

Recommended DD-WRT settings

Dave Farquhar DD-WRT, security December 24, 2015January 26, 2022AES, AP, chrome, DDWRT, firefox, firewall, lowercase letters, malware, nintendo, SSID, vulnerability, WAN, WEP, wi-fi

I’ve been asked a few times now for my recommended DD-WRT settings, or at least my good-enough settings. I think that’s a great idea, so I’ll walk through how I configure a DD-WRT router. Follow these steps and I can almost guarantee you’ll have the most secure network on your block.

For the purposes of this tutorial, I am going to assume you are configuring DD-WRT as your primary router.

Dave Farquhar

dfarq.homeip.net

Whitelist Java to provide better security and a better user experience

Dave Farquhar security, Windows December 9, 2015September 15, 2016JRE, oracle, Proxy server, Whitelist

One of the best things you can do to improve your security in a corporate environment is to limit the use of Java, or whitelist Java. Undoubtedly there will be one or more legacy web applications your company uses that require Java, and it’s almost inevitable that at least two of them will be certified for one and only one version of the JRE, and it won’t be the same one.

Believe it or not there’s a solution to the problem of conflicting JREs, but it took me years to find it, because I had no idea that Oracle called it “Deployment Rule Set.” The secret’s out now. If you run Java, and you want security, you need Deployment Rule Set.

Dave Farquhar

dfarq.homeip.net

Easier application whitelisting in Windows with App Locker

Dave Farquhar security, Windows November 26, 2015December 5, 2015malware, Whitelist, Windows 10, windows 7

Application whitelisting is the holy grail of security, but it’s always at the top of the list of things people should do but haven’t yet. The reason is because it breaks stuff and it’s almost as impossible to anticipate ahead of time what it’s going to break as it is to fix whatever breaks.

I know. I wanted to do application whitelisting way back in 1997 and failed miserably.

I found a good-enough approach recently, though.

Dave Farquhar

dfarq.homeip.net

Using Splunk to find bad guys in your network

Dave Farquhar security November 16, 2015April 23, 2017computer security, Log Logic, malware, splunk

I’ve covered event logging before, but the excellent site Malware Archaelogy has some cheat sheets that include Splunk queries you can use to find incidents or malware operating in your network, or even use to create dashboards so you can keep an eye on things. Malware Archaelogy’s list of events to log is a bit different from what I covered before, but there’s a considerable amount of overlap. You probably want what they recommend and what anyone else is recommending.

The key to corporate computer security is situational awareness, and I don’t think anyone sells a blinky box that provides enough of that. But you can build it with Splunk.

And, for what it’s worth, I do recommend Splunk. I’ve used Log Logic in the past, and its searches often take days to finish, which means Log Logic is so slow that by the time you find anything in it, it’s likely to be too late. Splunk isn’t quite real-time, but you can find stuff in a few minutes.

Dave Farquhar

dfarq.homeip.net

I got hacked. I did it to teach you a lesson, and I’m sure you believe it.

Dave Farquhar security November 9, 2015November 8, 2015apache, PHP, vulnerability

The other day, this showed up in my e-mail:

A file change was detected on your system for site URL https://dfarq.homeip.net. Scan was generated on Tuesday, November 3rd, 2015 at 5:25 am

A summary of the scan results is shown below:

The following files were removed from your host:

/var/www/wp-content/cache/supercache/dfarq.homeip.net/wordpress/index.html (modified on: 2015-11-03 03:23:52)
======================================

The following files were changed on your host:

/var/www/wp-content/themes/twentyfourteen/functions.php (modified on: 2015-08-19 22:24:04)
/var/www/wp-content/themes/twentyfourteen/header.php (modified on: 2015-08-19 22:24:04)
======================================

Login to your site to view the scan details.

I didn’t make those changes. Fortunately fixing it when changes appear in functions.php and header.php that you didn’t make is pretty easy.

Dave Farquhar

dfarq.homeip.net

Another reason to block fonts at the proxy

Dave Farquhar security October 29, 2015December 5, 2015apple, CIO, macintosh, os x, vulnerability

Last week Apple released a bunch of patches up and down its product line. One of the vulnerabilities it fixed in OS X was a vulnerability in its font parser.

In the past you could mitigate vulnerabilities like this by only installing fonts from trusted sources, but since it’s now possible for web pages to transmit fonts along with other content, there’s a limitless number of untrusted fonts out there in the world.

Since it may take a while for all of the major operating systems to shake out all of the problems in their font subsystems, that’s the reason I’ve recommended filtering fonts at the proxy.

Dave Farquhar

dfarq.homeip.net

The problem with ditching Flash and Java

Dave Farquhar security October 28, 2015October 27, 2015apple, Brian Krebs, JRE, Whitelist

Last week Adobe issued an out-of-band Flash patch, and once again Brian Krebs urged people to ditch Flash, noting that he’s done so and hasn’t missed it.

We decided to try ditching Flash at work a few months ago, but it didn’t go quite so smoothly for us. I thought I’d share my experience.

Dave Farquhar

dfarq.homeip.net

Pogue’s attitude is unfortunately far too common

Dave Farquhar security October 27, 2015October 26, 2015Charlie Miller, David Pogue, demonstration, prison

According to David Pogue, since hacking a car is “nearly impossible,” we shouldn’t talk about it anymore.

That, my friends, is precisely what’s wrong with security and security awareness today. Flying to the moon is nearly impossible, after all, and you could easily kill yourself trying. David Pogue has never done it. But Neil Armstrong and Buzz Aldrin did.

Dave Farquhar

dfarq.homeip.net