Monday, November 1, 2010

Enforce password history

This policy enables administrators to enhance security by ensuring that old passwords are not reused continually. Here administrators can configure the number of unique new passwords that have to be associated with a user account before an old password is reused. To maintain the effectiveness of the password history, administrators should not allow passwords to be changed immediately when you configure the Minimum password age.
For higher level of security this should be configured to value greater than 10 (Maximum value is 24)

Maximum password age
Administrators can set the period of time (in days) that a password should be used before the system requires the user to change it. Administrators can set passwords to expire after a number of days between 1 and 999.
For higher level of security this should be configured to 42.

Minimum password age
Administrators can set the period of time (in days) that a password must be used before the user can change it. Administrators can set a value between 1 and 999 days.
The minimum password age must be less than the Maximum password age.
Configure the minimum password age to be more than 0 if Administrators want Enforce password history to be effective. Without a minimum password age, users can cycle through passwords repeatedly until they get to an old favorite. The default setting does not follow this recommendation, so that an administrator can specify a password for a user and then require the user to change the administrator-defined password when the user logs on.
For higher level of security this value should be configured to a value greater than 2 (Should be less than maximum password age)

Minimum password length
Administrators can set the least number of characters that a password for a user account should contain. Administrators can set a value of between 1 and 14 characters.
For higher level of security this value should be configured to a value greater than or equal to 8.

Password must meet complexity requirements
By enabling this policy administrators can enforce that passwords must meet the following minimum requirements:
  1. Not contain all or part of the user’s account name
  2. Be at least six characters in length
  3. Contain characters from three of the following four categories:
  • English uppercase characters (A through Z)
  • English lowercase characters (a through z)
  • Base 10 digits (0 through 9)
  • Nonalphanumeric characters (e.g., !, $, #, %)
For higher level of security this policy should be enabled

Null session attacks

Null session attack is an exploit that uses unauthenticated NetBIOS connections to enumerate a target host.

Usually Microsoft Windows Servers run many services and programs. Some of these services then communicate with other windows servers to complete some specific tasks. For such communications and tasks to complete successfully, windows servers also logs into a remote windows server using a blank username and password. This is referred as a “Null Session”.

However, its not only always the genuine servers that can login to the remote server but also hackers who have enough skills can do so and its not that tough either. They can use this to obtain NetBios information from this machine, and to perform various other exploits against this machine. This is referred to as a “Null Session Attack”.

To carry out a Null Session attack, in most of the occasions hackers try to get a command promt (cmd.exe).

Protect your computer from a Null Session Attacks
Null Session Attacks are mostly carried out on ports 139 and 445 on a Windows PC. Therefore the best option is to is to simply block SMB communications by limiting traffic on TCP ports 139 and 445 (excluding NT which doesn’t use 445) to trusted networks. If you use Windows XP, install service pack 3 without any delays. SP3 has an improved firewall which prevents null session attacks, so that at least if someone tries to login to your computer over the internet, it is blocked.

How to stay safe on Facebook!

Facebook is the most popular social networking website in the world. Social networking websites are specialized websites where people meet other people online and interact. They interact mostly in terms of sharing photos, videos and information about their day to day activities. The current Facebook statistics shows that the service has been used by more than 300 million users around the globe and 6 billion minutes are spent on Facebook each day!

Recent survey results indicated that the popularity of Facebook usage is mainly because of the following reasons:

  • Users can upload an unlimited amount of photos, videos and share them with friends
  • Users can get to know what their friends are up to almost every minute of the day
  • Users can compete with friends using web-based games
  • Users can send electronic gifts to friends

However, as every technology has its weaknesses, Facebook suffers from aspects related to personal privacy. For the past 3-4 years we have seen a rise in numerous attacks targeting people on Facebook, where people’s privacy was lost. Social networking sites let other people know more about you, the things you do, where you are and the people you associate with. This information could even be life threatening!

  1. There are several ways for you to stay safe in social networking sites such as Facebook. Below is a list of ways in which you can protect yourself when you are online.
  2. Securely log into facebook.com using https://www.facebook.com. This will prevent people who eavesdrop on your network from seeing your password.
  3. Limit the amount of personal information given to Facebook (Especially your location, date of birth, contact details). You can adjust the information shown to your friends by adjusting the privacy settings
  4. Make limited profile lists where you can initially add suspicious friends to that list and after close inspection you may add them to the appropriate lists where more information about you is available.
  5. Configure Facebook privacy settings to control the information shown to people and search engines.
  6. Beware of phishing e-mail and suspicious links designated as from Facebook. Think twice before you click on a link. A phishing e-mail is a particular e-mail message, which is specially crafted for users to click. Once the link is clicked it may download a virus and the virus can get installed on your machine without your knowledge. Some links may lead to Facebook-like login interfaces which are designed to capture your log-in details. Therefore pay close attention on the web address as there can be fake login sites with addresses like www.faecbook.com(note the typo!) or any other address which looks like facebook.com. You can check the authenticity of the Facebook site by looking at its digital certificate which is available when you access Facebook using https://www.facebook.com. Similar incidents can happen if you click on links which are on Facebook walls, feeds and mail messages.
  7. Think twice before you add a person as a Friend. If possible, E-mail or call him/her to check if he/she has actually sent you a friend request, prior to adding him/her.
  8. Facebook has an inbuilt chatting application. Never chat with people you do not know or send information that could identify you. Use a strong password that no one can guess and make sure that you change it regularly.
  9. Log into Facebook using only trusted computers. There may be software such as Keyloggers, which will record every keystroke you perform in a computer system.
  10. Becareful with whom you share the password with. If the password is used in a weak manner it can get compromised.
The experience you get with social networking sites can be amazing. However, people sometimes forget about their own security which will put them and their friends in danger. Therefore, we highly recommend you to configure & use Facebook by using the advice TechCERT has described above so that the threats can be minimized.