EIDAuthenticate, Tool for smart card logon

Posted on 19 October 2012 by Admin

With open source EIDAuthenticate it is possible to use 2-factor authentication, smart card + PIN, to login to Windows. EIDAuthenticate is for Windows Vista & later on stand alone computer (computer not in domain, ie. no Active Directory in use).

eidauthenticate-loginscreen

What is needed

List of supported cards can be found on their web site. A more complete list with details, is also available.

Flow

  • Initialize the card. I used initialization script “small” which basically creates 3 PINs on the card: Basic, Signature and Management (SO). At this point, there is no certificates on the card yet.

eidauthenticate-wizard

  • At the end of the wizard, there is a test to verify if PIN works. After succesfull test, wizard ask if result can be send to online database.

Tips

  • Initialize the smart card with the card vendor’s tools (not with opensc).
  • The self signed Root certificate created by the wizard is visible in the Certificate Manager tool (certmgr.msc) in Windows 7. Look the certificates under tree branch “Trusted Root Certification Authorities\Certificates”.
  • Before logon attempt, one can view certification path via link “Certicate Details” (see first figure in this blog).
  • For troubleshooting, one can use EIDLogManagertool.

EIDlogmanager

  • One can use card vendor’s tool, or opensc, to view the content of the smart card. The figure below shows the card vendor’s tool. The certificate on the card is for user “Lauri”, issued by “Lauri-PC”.

EIDAuthenticate-certificate

  • OpenSC and OpenSSL can be good tools to retrieve information from “common” smart cards. To extract the certificate out from the card, can be done in this case by command

pkcs15-tool –read-certificate 45 –output certificate.pem

  • and to extract issuer and subject out from the certificate, can be done by commad

openssl x509 -in certificate.pem -issuer -subject -noout

  • which is the same as subjectCN and issuerCN in figure above.
Posted in Anvanced Tools, Recommended Free Tools, Tips | Comments Off on EIDAuthenticate, Tool for smart card logon

New set of International Telecommunications Regulations (ITRs), WCIT-12

Posted on 2 October 2012 by Admin

Next World Conference on International Telecommunications (WCIT-12) have ITRs (International Telecommunications Regulations) on their agenda.

Updates can be expected on Human Rights, Security, Privacy, Critical Infrastructure and etc. areas. For more information, see WCIT-12.

WCIT12

From WCIT-12:

This landmark conference will review the current International Telecommunications Regulations (ITRs), which serve as the binding global treaty outlining the principles which govern the way international voice, data and video traffic is handled, and which lay the foundation for ongoing innovation and market growth.

The ITRs were last negotiated in Melbourne, Australia in 1988, and there is broad consensus that the text now needs to be updated to reflect the dramatically different information and communication technology (ICT) landscape of the 21st century.

Last time ITRs were updated on 1988, see figure below.

ITRs

Other links

Figures are taken from ppt.

Posted in Cybersecurity, ICT News, ICT Organizations, ICT Standards, ITU-T, Privacy, Security Standardization and Practises, Telecom Security | Comments Off on New set of International Telecommunications Regulations (ITRs), WCIT-12

Keep Yourself Safe Online, Book from Microsoft

Posted on 1 October 2012 by Admin

Microsoft has published a good book called

Own Your Space, Keep Yourself and Your Stuff Safe Online

The book is aimed for teens, but is good material for anyone. Especially if you are thinking of Security Awareness Training.

microsoft-book-ownyourspace

Posted in Security Terminology, Security Training, Awareness and Reports | Comments Off on Keep Yourself Safe Online, Book from Microsoft

Test: portable VirtualBox with xubuntu linux

Posted on 1 October 2012 by Admin

VirtualBox is well known tool for running guest OS inside host OS. A portable version is called Portable-VirtualBox, and it can be runned without installation (but requires admin rights).

From virtualbox site:

VirtualBox is a powerful x86 and AMD64/Intel64 virtualization product.

VirtualBox runs on

  • Windows
  • Linux
  • Macintosh and
  • Solaris hosts

and supports a large number of guest operating systems including but not limited to

  • Windows (NT 4.0, 2000, XP, Server 2003, Vista, Windows 7)
  • DOS/Windows 3.x
  • Linux (2.4 and 2.6)
  • Solaris and OpenSolaris
  • OS/2 and
  • OpenBSD.

From Portable-VirtualBox site:

Portable-VirtualBox is a free and open source software tool that lets you run any operating system from a usb stick without separate installation.

Installation

Installation went as instructed, portable tool downloaded the virtualbox installation. Then some distributions were downloaded from their images page. Distribution images with “name.vbox” file are ready to use. For distribtions with “.vdi” file one need to create a new virtual machine, and use “.vdi” as disk. The figure below shows the default settings used for xubuntu.

virtualbox-ubuntu

Youtube test

Flash videos tend to be problematic issue with some linux distributions. A test was made to play a youtube video. In order to do that, adobe flash player plugin was installed. Only with xubuntu this was done without problems (see figure below).

portablevirtualbox-xubuntu

Posted in Anvanced Tools, Tests, Tips | Comments Off on Test: portable VirtualBox with xubuntu linux

Katana, collection of portable security tools and bootable distributions

Posted on 1 October 2012 by Admin

Katana is a collection of security tools on USB stick.

Katana is a portable multi-boot security suite which brings together many of today’s best security distributions and portable applications to run off a single Flash Drive.

There are 2 ways of using Katana:

  • Boot into a security distribution
  • Use some tools directly from USB

Boot mode

One can boot directly into a distribution like:

  • Backtrack
  • Caine
  • DBAN
  • Trinity Rescue Kit
  • UBCD
  • Clonezilla

USB mode

Portable tools in the USB mode are available via PortableApps menu. Menu is nicely categorized into:

  • Anti-Virus
  • Encryption
  • FileSystem
  • Forensics
  • Networking
  • Office
  • PasswordRecovery
  • PenTesting
  • Registry
  • Security
  • System
  • Utilities

Katana-USB

Posted in Anvanced Tools, Forensics, Tips | Comments Off on Katana, collection of portable security tools and bootable distributions

WinTaylor, forensics tools on USB stick

Posted on 23 September 2012 by Admin

WinTaylor is a collection of tools for analyzing or troubleshoothing a PC. WinTaylor itself is a GUI launchboard for several other tools.

Positive:

  • No installation needed, just execute from USB
  • In overall, good collection (nirsoft, sysinternals etc.)
  • Source code available

Please note that there are more free (and open source) tools and utilities in the area. WinTaylor provides some nice tools in an easy form (USB).

Wintaylor

From CAINE site:

CAINE (Computer Aided INvestigative Environment) is an Italian GNU/Linux live distribution created as a project of Digital Forensics.

The distro is open source, the Windows side (Wintaylor) is open source.

WinTaylor is the new forensic interface built for Windows and included in CAINE Live CD. It is written in Visual Basic 6 to maximize compatibility with older Windows systems, and provides an internal set of well-known forensic programs.

WinTaylor proposes a simple and complete forensic software integration and inherits the design philosophy of CAINE.

Installation

WinTaylor is included in the NBCAINE image (CAINE for NoteBook). Installation of the image into USB can be done with Win32 Disk Imager tool.

List of Tools

The table below list the tools which can be launched from the GUI.

System Info \Programs\tools\msi.exe
FTK Imager \Programs\imager\ftkimager.exe
Hex Editor \Programs\hexedit.exe
USB Write Blocker \Programs\usbwriteprotect.exe
Hash Calculator \Programs\tools\nirsoft\HashMyFiles.exe
WinAudit \Programs\winaudit.exe
PC On/Off \Programs\pctime\pconofftime.exe
Photorec \Programs\photorec_win.exe
USB Devices \Programs\tools\nirsoft\usbdeview
Take a snapshot \Programs\MWSnap.exe
DriveManager \Programs\tools\Driveman.exe
Whois \Programs\whoistd.exe
RAM Dump \Programs\ram\
File Analyzer \Programs\tools\wfa.exe
NirSoftMegaReport \Programs\tools\nirsoft\nmr.bat
Testdisk \Programs\testdisk_win.exe
Lan Scanner \Programs\als\PortScan.exe
Recuva \Programs\tools\cygwin\recuva.exe
More Tools \Programs\tools

In addition, there are more utilities behind the “More Tools” button. Some of them are listed in the table below.

\Programs\tools\Cygwin: Date, dd, dos2unix, file, hexedit, hostname, less
\Programs\tools\fau: dd, volume_dump, wipe, netcat
\Programs\tools\nirsoft: CurrPorts, DevManView, IECookiesView, IEHistoryView, InstalledCodec,
ProcessActivityView, ProduKey, RecentFilesView, ServiWin
\Programs\tools\sysinternals: Desktops, Process Explorer, Process Monitor, Pstools: pslist, psinfo …,
Ram map, Rootkitrevealer, TCPview, Vmmap
\Programs\tools\unxutils: Bunzip2, grep,Wget

Examples

NirSoftMegaReport creates an HTML output, which is easy to browse, see below:

Wintaylor-nirsoftmegareport

Winaudit screenshot:

Wintaylor-winaudit

Process Monitor screenshot:

Wintaylor-processmonitor

 

Please note, that the functionality of WinTaylor type of launchboard could be made with GUI automation tool as well (AutoIt).

Posted in Anvanced Tools, Forensics | Comments Off on WinTaylor, forensics tools on USB stick

Win32 Disk Imager, Tool to write image into a bootable USB

Posted on 23 September 2012 by Admin

Win32 Disk Imager is basic tool for one purpose: to write disk image into USB. (In their www pages, it is called “Image Writer for Windows”).

In the example below, NBCAINE image is being written into USB memory (drive L:).

Win32DiskImager

Posted in Anvanced Tools, Recommended Free Tools | Comments Off on Win32 Disk Imager, Tool to write image into a bootable USB