Category Archives: Security

Security clearance in UK

Types of national security clearance

There are four main types of Security Clearance – Baseline, Counter Terrorist, Security Check and Developed Vetting. Below is an outline of each type of Security Clearance, along with information on the process, how long it takes, and the types of IT jobs it applies to.

The important thing to remember is that Security Clearance checks are conducted in line with a specific IT job role, and need to be requested by a company not an individual. So while Security Clearance may require some time and paperwork, if successful it will lead to a new IT job – as well as career rewards such as a good salary, role security and plenty of opportunity.

Baseline Security Clearance

There are two types of check in this category: Baseline Personnel Security Standard (BPSS) (Formally Basic Check) and Enhanced Baseline Standard (EBS) (formerly Enhanced Basic Check or Basic Check +). A BPSS or EBS aims to provide an appropriate level of assurance as to the trustworthiness, integrity, and probable reliability of prospective employees.

What is BPSS?
BPSS is an entry level security check, and will take one or two days to complete. Not technically a security clearance, it uses the Police National Computer (PNC) to make sure a candidate has no convictions. The check returns evidence of any current criminal record and un-spent convictions under the Rehabilitation of Offenders Act 1974.

A BPSS acts as a pre-employment check, signaling good recruitment and employment practice in general. The check is carried out by screening identity documents and references. Continue reading Security clearance in UK

Intel AMT

Intel Active Management Technology (AMT) is hardware and firmware technology for remote out-of-band management of personal computers. Almost all AMT features are available even if PC power is off, the OS is crashed, the software agent is missing, or hardware (such as a hard drive or memory) has failed.

A Ring -3 rootkit was demonstrated by Invisible Things Lab for the Q35 chipset; it does not work for the later Q45 chipset as Intel implemented additional protections.[38] The exploit worked by remapping the normally protected memory region (top 16 MB of RAM) reserved for the ME. The ME rootkit could be installed regardless of whether the AMT is present or enabled on the system, as the chipset always contains the ARC ME coprocessor. (The “-3” designation was chosen because the ME coprocessor works even when the system is in the S3 state, thus it was considered a layer below the System Management Mode rootkits.) For the vulnerable Q35 chipset, a keystroke logger ME-based rootkit was demonstrated by Patrick Stewin.

Another security evaluation by Vassilios Ververis showed serious weaknesses in the GM45 chipset implementation. In particular, it criticized AMT for transmitting unencrypted passwords in the SMB (small business) provisioning mode when the IDE redirection and Serial over LAN features are used. It also found that the “zero touch” provisioning mode (ZTC) is still enabled even when the AMT appears to be disabled in BIOS. For about 60 euros, Ververis purchased from Go Daddy a certificate that is accepted by the ME firmware and allows remote “zero touch” provisioning of (possibly unsuspecting) machines, which broadcast their HELLO packets to would-be configuration servers. Source: Wikipedia

CryptoLocker is back!

Unfortunately this dangerous ransomware has reappeared on the network and managed to inflict heavy damages to business across the Europe especially Spain and then UK.
Bad guys have figured out how to effectively penetrate antispam and antivirus scanning gateways including Symantec.cloud.
Someone has bought the source code and released upgraded malware collecting ransom from desperate businesses.

Strengthening SSH

Ideally you should allow access to you router from outside only to trusted IPs and/or using key-based authentication where the key is also password protected.
However if you don’t want to do this you should definitely add these 3 things to your configuration. At least it will reduce the number of password brute forcing attempts on the default SSH password.

services {
ssh {
root-login deny;
protocol-version v2;
rate-limit 3;
}
}

Such a shame, but I haven’t found any instructions how to effectively shift SSH away from the default port 22. As far as I know it is not possible and the only way is to “If you want to block connections to port 22, we can use firewall filter or if you want to use some other ports to do SSH, we can use destination NAT rule to redirect requests coming to any other ports to port 22.”

Continue reading Strengthening SSH

Google reveals Windows 8 vulnerability

Microsoft has not patched it yet even knowing it from September 2014.
Original thread HERE.
Microsoft’s response was:

We are working to release a security update to address an Elevation of Privilege issue. It is important to note that for a would-be attacker to potentially exploit a system, they would first need to have valid logon credentials and be able to log on locally to a targeted machine. We encourage customers to keep their anti-virus software up to date, install all available Security Updates and enable the firewall on their computer.

Shellshock bash bug

Test your vulnerability by executing this in your terminal
env x='() { :;}; echo vulnerable' bash -c 'echo hello'
and this
env X='() { (a)=>\' bash -c "echo echo vuln"; [[ "$(cat echo)" == "vuln" ]] && echo "still vulnerable :("
If you can see word “vulnerable” it means your system is vulnerable to this bug and you should update your system asap.

Long time ago I was encouraged by my friends to use ZSH instead. This shell is not affected by this bug, but still you will have a lot of scripts in your system that by default call for bash, so you should still update your system.

Directly plenty of webservers and DHCP servers were affected. Whatever was exposed to the Internet is potentially compromised, so please check your firewall logs and system logs.

Hah. When I turned on my Raspbmc I have noticed a notification “Patching bash vulnerability”. Auto update is enabled on it. :)

Top dogs

Company directors are paranoid about verbal, written information confidentiality, trust and employee’s obedience.
On the other hand they are not fully aware of the data security, user access and levels of security. And because more often IT is not their subject they keep wondering about these things that is why IT people have to explain it well to them and take appropriate measures.