Nilesh Kumar

In Security profession, you always go with your finding to the people who has technical capabilities so that they may understand, what you want to explain to them. But what in a situation if you need to deal with ordinary, non technical users? They don't understand your security jargon, they only care about their business. I have been dealing with these sort people from long back! And when they are sitting in remote location, it's very tough! The best way is to send them mails explaining the issue, its impact and how to fix them. Sometimes, they will co-operate with you some times, you are disappointed. For example, if you need to deal with users running any Insecure Services (suppose FTP) on their machines, the following ways seem working: 1. First send a communication to them about the issue, eg, what the service is all about, how it could be exploited if not closed or secured. 2. If they respond, well, tell them to stop FTP from Services.msc. 3. Sometimes, they are not sure ...

Today, again I came across the same scenario about which my colleague Sam had asked me once. He asked me about best practices for securing the connection strings. Well, for securing the Database connection string file. The general approach will be-irrespective of technology- its’ best practice to move the credentials out of source-code into a configuration file. It needs to be properly protected, using strong ACLs and strong encryption with properly protected keys. I shall give you an example of .NET which I am aware of and you can suggest developers to use the similar thing for Oracle and jsp pages. Again there are different approaches for different technologies- for ASP.Net you can either use Windows authentication instead of using username/password, database (connection string) name in the source code. But that’s not possible, if you have got to mention the username/password, database name, put them in a separate configuration file such as app.config or web.config and encrypt them ...

An open mail relay is an SMTP server configured in such a way that it allows anyone on the Internet to send e-mail through it, not just mail destined to or originating from known users.This used to be the default configuration in many mail servers; indeed, it was the way the Internet was initially set up, but open mail relays have become unpopular due to their exploitation by spammers and worms. Many relays were closed, or were placed on blacklists by other servers.[Wikipedia] How to test your mail server for open relay: 1. At command prompt type: C:/>telnet mailserver.yourdomain.com 25 220 mailserver.yourdomain.com ESMTP MAIL Service Version 6.0.3894 ready at Tue, 22 Aug 2011 05:22:00 -0700 2. helo 250 mailserver.yourdomain.com Hello 3. mail from: sender@otherdomain.com 250 2.1.0 sender@otherdomain.com....Sender OK 4. rcpt to: recepient@someotherdomain.com 250 2.1.5 recepient@someotherdomain.com 5. data 354 Start mail input; end with . This is a test mail. P...

The main problem with Telnet/rsh/rlogin/rcp is that they send the information over the wire unencrypted. So whatever you type, your username/passwords that go in clear text over the wire. Anybody can sniff it and make your life difficult. The remote shell utilities such as, rsh, depend on a pre authenticated IP connection. Anything coming from that IP is reliable for them. IP spoofing is not difficult! So use SSH, Secure way to send information over network.The Secure Shell keeps unauthorized users out of our computers, both by encrypting passwords to protect them from sniffing, and by providing more positive authentication than simple password exchange. Instead of rsh, rcp, and rlogin, simply use the commands ssh, scp, or slogin . How to tunnel Telnet through SSH: 1. Launch Putty and provide the destination host IP address. 2. Go to SSH->Tunnel. Enter the destination server name or address followed by a colon and the port PuTTY will forward to. 3.Click on the Open button. A term...

I have written one article that got published in Hakin9 Magazine's July Issue. This article is about different kind of Access Control mechanisms and issues with them in Web Applications. Access Control, as the name suggests, is the mechanism of determining privileges of different users to access the contents of an application. It can also manage fine-grained read and write permissions on the files owned by a particular user. In other words, access control decides who has the authorization to use files, manipulate their contents, or visit a website. In the case of web applications, access control mechanisms allow different users different levels of access to web pages and functions. Want to read more? It can be found here or clicking on the list of articles in the right side of the blog.

Many times developers ask which Hash is the best to work with currently. As I always suggest using SHA-2 family (SHA-224, SHA-256, SHA-384, SHA-512) as they are still not known to be broken, I found this chart very convincing and useful to compare between them: As you can see only popular SHA-2 are still remain undefeated. Reference: http://valerieaurora.org/hash.html

This article is about different kind of Best Practices that should be followed when using Wireless LAN. A liitle lazy to write it again :) . The article has been published into June 2011 Issue of ClubHack Magazine (Page 20-24). It can be downloaded here .