Category: Security

Security Articles

Posted on

Blocking Bit Torrent with IPTABLES

To block Bit Torrent traffic with IPTABLES you can edit /etc/sysconfig/iptables (CentOS) and include the following:

# Torrent ALGO Strings using Boyer-Moore
-A RH-Firewall-1-INPUT -m string --algo bm --string "BitTorrent" -j DROP
-A RH-Firewall-1-INPUT -m string --algo bm --string "BitTorrent protocol" -j DROP
-A RH-Firewall-1-INPUT -m string --algo bm --string "peer_id=" -j DROP
-A RH-Firewall-1-INPUT -m string --algo bm --string ".torrent" -j DROP
-A RH-Firewall-1-INPUT -m string --algo bm --string "announce.php?passkey=" -j DROP
-A RH-Firewall-1-INPUT -m string --algo bm --string "torrent" -j DROP
-A RH-Firewall-1-INPUT -m string --algo bm --string "announce" -j DROP
-A RH-Firewall-1-INPUT -m string --algo bm --string "info_hash" -j DROP
-A RH-Firewall-1-INPUT -m string --algo bm --string "/default.ida?" -j DROP
-A RH-Firewall-1-INPUT -m string --algo bm --string ".exe?/c+dir" -j DROP
-A RH-Firewall-1-INPUT -m string --algo bm --string ".exe?/c_tftp" -j DROP

# Torrent Keys
-A RH-Firewall-1-INPUT -m string --string "peer_id" --algo kmp -j DROP
-A RH-Firewall-1-INPUT -m string --string "BitTorrent" --algo kmp -j DROP
-A RH-Firewall-1-INPUT -m string --string "BitTorrent protocol" --algo kmp -j DROP
-A RH-Firewall-1-INPUT -m string --string "bittorrent-announce" --algo kmp -j DROP
-A RH-Firewall-1-INPUT -m string --string "announce.php?passkey=" --algo kmp -j DROP

# Distributed Hash Table (DHT) Keywords
-A RH-Firewall-1-INPUT -m string --string "find_node" --algo kmp -j DROP
-A RH-Firewall-1-INPUT -m string --string "info_hash" --algo kmp -j DROP
-A RH-Firewall-1-INPUT -m string --string "get_peers" --algo kmp -j DROP
-A RH-Firewall-1-INPUT -m string --string "announce" --algo kmp -j DROP
-A RH-Firewall-1-INPUT -m string --string "announce_peers" --algo kmp -j DROP

For more information regarding IPTABLES options visit http://linux.die.net/man/8/iptables.

Posted on

Web Browser Security

Modern web browsers represent a major source of and platform for vulnerabilities within companies and organizations (think plug-ins). They also offer an additional layer of protection on the endpoint, with malware and phishing reputation services becoming standard.

Several companies are now offering free, web based browser security checks including:

– Qualys Browser Check, http://browsercheck.qualys.com
– Symantec, http://security.symantec.com/sscv6/home.asp
– BrowserScope, http://www.browserscope.org

Its important that you take the time to test your web browsers security and these tools can do just that!

Posted on

Roundcube Virtual Keyboard

Roundcube Webmail is a is a browser-based multilingual IMAP client with an application-like user interface. It provides the full functionality you would expect from an e-mail client, including MIME support, address book, folder manipulation, message searching, calendar, notes and spell checking.

There are an array of plugins available for Roundcube but to date, there is no “Virtual Keyboard” plugin. A virtual keyboard is a software application which allows a user to enter characters via an onscreen keyboard. Unlike typing a password using a hardware keyboard, a virtual keyboard cannot be logged using a keystroke logger. This provides an additional layer of security and is particularly useful when using web mail from an Internet Cafe or other untrusted location.

I’ve compiled a package which includes a virtual keyboard interface and is available for download here. Installation instructions are included in the ZIP file.

You can view a demo of the virtual keyboard on Aorta’s Secure Email website at www.aorta.me.

Posted on

Plesk PCI Compliance

To reduce the risk of compromising sensitive data hosted on your server, you might want to implement special security measures that comply with the Payment Card Industry Data Security Standard (PCI DSS). The standard is intended to help organizations protect customer account data and enhance system security.

Parallels has released a comprehensive PCI Compliance guide for the Plesk hosting panel for both Windows and Linux. A full PDF copy is available here and an online version is available here.

I recommend using Parallels guide as it is maintained inline with industry standards.

Posted on

Thai Cyber Law Compliance

I often receive question from customers and partners regarding Thai Cyber Law Compliance.

Thailand’s Computer Crime Act of 2007 requires any company or organization that provides Internet access to their employees, customers or visitors (that includes hotels providing broadband to their guests and staff) to retain certain header information for various types of internet activity (email, web surfing, instant messenger chat, FTP downloads) for 90 days as well as maintain a log of the users’ identities. Thailand’s full Computer Crimes Act (B.E. 2550 / 2007) is available in English here.

Thailand has a history of media censorship including printed news, TV, videos (DVD, VHS), satellite TV and has taken a number of steps to address Internet censorship in the past five years. The Thai Computer Crime Act is a component of this in providing Internet access history, records and tracking capabilities at end user sites.

There are a number of open source based Internet firewall solutions which include authentication and logging capabilities such as Untangle, IP Cop and Smoothwall.

A number of school’s and organizations in Bangkok and Chiang Mai which have been investigated by the Thai Police (Section 5) for failing to meet the compliance requirements so Thai based organizations should take the laws seriously.