Wednesday, August 31, 2011

Facebook Security (August 2011)

I only use Facebook casually; I'm not a big user.  I think I've blogged before about Facebook security, but Facebook is continuously changing and updating their policies and security/privacy posture.  However, I saw a link today that I had not seen before:

Facebook Security Guide

Some of the points they make are true common sense.  But, I'm sure there is something for everyone in the guide.  My hope is that the guide gets updated as they introduce new features and policies.

Monday, August 29, 2011

August 2011 Unix updates

I just noticed that DISA has updated the Unix STIGs and SRR.

They can be found at DISA's site.

Auditing with MMC's Security Configuration and Analysis Snap-In

Here's an auditing trick I had never used before.  I'm sure I should be able to script this information from the registry.  But, until I find where this information, here's what we did:

Open MMC
File -> Add/Remove Snap-in...
Chose "Security Configuration and Analysis"
Click Ok
In the main window, right-mouse-click on Security Configuration and Analysis
Choose Open Database
We created a temp database.
When asked for the .inf file, we pointed to the .inf files we grabbed from the DISA benchmarks.
Right-mouse-click on Security Configuration and Analysis, again
Choose Analyze Computer Now
DO NOT CHOOSE Configure....
MMC will analyze the computer against the settings in the DISA .inf file.

When it is doen, I double-clicked the individual policys, and exported them to our results directory.

Retina and Auditing File Versions

I have a quick Retina question for anyone that uses Retina with any regularity.  While testing this past week, I came across an issue with Retina. 

After point Retina at its targets, it would launch and run the scan with no problems; until it reached the Auditing File Versions check.  Then, the scan would crawl almost to a halt.  A couple of times, I had to check Task Manager to make sure that Retina was still running.

Has anyone else run into this?

How to see shared drives when you can not map a share

A weird title, I know.  Here is the situation that transpired.  I was auditing a system at a client site where we were given admin-level credentials.  I was able to log in to the server through RDP, but try as I might, I could not map a drive to the share that was created for us on one of the local file servers.  It mapped fine on the testing laptop.  The system admins assured me that my credentials were good and that all servers had the same permissions on the subnet.  And, all servers were on the same domain.  My co-worker gave me this tip:

First, map the drive on the local test laptop.
Next, start an RDP session to the server you are auditing.
Enter the address of the server.  But, before clicking connect, click the options button.
On the Local Resources tab, click the drive that you mapped to the share.
Then, you can click connect. 
When you connect, the server you are auditing will be able to see the share through your laptop.  It is sort of like a proxy.

The trick is pretty cool, and worked like a champ for the rest of our testing.

Tuesday, August 16, 2011

August 2011 STIG releases

I happened to be checking DISA for something unrelated, and I saw the following STIG releases:

Windows IAVM Benchmarks (HBSS only) - Updated August 15, 2011
Windows 7 STIG Benchmark Version 1, Release 5 - Updated August 15, 2011
Windows 7 STIG - Version 1, Release 5 - Updated August 15, 2011
Windows 7 STIG - Version 1, Release 5 (*PKI) - Updated August 15, 2011
Draft Solaris 9 SPARC STIG - Version 1, Release 0 - Updated August 3, 2011
Draft Solaris 9 x86 STIG - Version 1, Release 0 - Updated August 3, 2011
Draft Solaris 10 SPARC STIG - Version 1, Release 0 - Updated August 3, 2011
Draft Solaris 10 x86 STIG - Version 1, Release 0 - Updated August 3, 2011
Microsoft Office 2007 STIG - Version 4, Release 5 - Updated August 2, 2011
Windows 2008 DC STIG Benchmark Version 6, Release 1.15 - Updated August 2, 2011
Windows 2008 MS STIG Benchmark Version 6, Release 1.15 - Updated August 2, 2011
Windows 2003 DC STIG Benchmark Version 6, Release 1.22 - Updated August 2, 2011
Windows 2003 MS STIG Benchmark Version 6, Release 1.22 - Updated August 2, 2011
Windows Vista STIG Benchmark Version 6, Release 1.22 - Updated August 2, 2011
Windows XP STIG Benchmark Version 6, Release 1.22 - Updated August 2, 2011

I think this is the last of the releases until the next quarter.

Thursday, August 4, 2011

Fixing CAC access to a website when certificates seem to be the problem

A co-worker lost CAC access to ONE of the DoD websites we routinely access.  One, of the four or five we use on a regular basis.  We tried switching browsers.  We tried removing certificates.  We tried re-installing (from our install file.)

In the end, it seems like following the instructions in this PDF did the trick.

Ultimately, I think the install-root file for the root certificate was newer than our file, and so I believe newer certificates were added.  Also, the PDF mentioned some specific certificates that had to be removed.

Monday, August 1, 2011

July 2011 STIG updates, part 3

This looks to be the last of the updated STIGs:

RAS Remote Access Server STIG Version 2, Release 5 - Updated July 29, 2011
Remote Access Policy STIG Version 2, Release 5 - Updated July 29, 2011
Remote Access VPN STIG Version 2, Release 5 - Updated July 29, 2011
Remote Endpoint STIG Version 2, Release 5 - Updated July 29, 2011
Remote XenApp ICA Thin Client STIG Version 2, Release 5 - Updated July 29, 2011

I will update if there are any more updates.