Security+ Topic - Wireless Antennas and Power

I’m not sure I know of anyone who doesn’t use wifi.  It has become part of our everyday lives and without it I am not sure some people would know to cook.  When it comes to our homes, most of us will simply plug in an access point and we are good with the setup as long as we can get a signal in our living room.  In business, most IT departments will setup a distribution of access points to cover the entire area as seemless as possible.  Both of these are great strategies but there is another scenario that I would like to bring up as the normal setup provides an easy gateway for any attacker to monitor your wireless network.

I worked with a gentlemen that setup wireless communications between buildings for companies.  Now this sounds like a task that almost any IT person could accomplish but the reason he was contracted for it was that this connection needed to be secure.  Some of you may be saying at this point that they could just setup WPA2 and be done.  The little  bit of information here that is missing is the antenna used for the communication.  Generally, antennas will be omni-directional which means that the signal goes in every direction.  This is good for most setups but not for the ultra-secure setups needed by this company.  Antenna design is something that can go very in depth and I have experimented with designs as an amature radio operator so I will not be going into the details here except to give you an overview.

The antenna that needs to be used for this scenario is a yagi antenna that points the signal as much as possible in one direction.  This is not to say that the signal will be one hundred percent in one direction.  Signals will still propagate in every direction but the yagi antenna does a great job of focusing the signals in one direction.  Generally there will be a little bit of back-black of signal but it is not that big of radiation in the direction opposite of where you are pointing.  There are two benefits to this.  One being that signals can be pin-pointed to the target.  The second is that a yagi antenna can help extend the distance of the signal.  I encourage you to take a look into the yagi radiation pattern if this is something that sounds interesting to you.

Now comes the part of actually verifying that your antenna is doing what you want it to do by performing a site survey.  I personally use software called Heatmapper where I can import my own image (or floorplan) for where the signal is the strongest.  Basically you walk around the office clicking on where you are and the software creates a heat map of how strong the wireless signal is.  In the original application, it is good to see if every square inch of the office is able to get its wireless signal.  In the second part of this top, talking about a yagi, it can work wonders on if your antenna is working correctly by only giving signal in one direction.  Basically we are looking for an oblong shape of a signal and the heat map software will show strong signal in one direction away from the access point antenna.

Security+ Topic - End to End Security

As we move data from one computer to the next we can do it by transferring file in the clear text or be securing that data.  One of the big questions is how to secure that data for transfer.  We can use our browsers, a file transfer tool, or text shells to move this data and every one of them has some type of encryption that they can utilize.  The days of making excuses for why we do not encrypt our data over the wire are over.

When it comes to utilizing our browser, it comes pre-set for taking advantage of SSL and TLS. Secure Sockets Layer is a widely used security standard for establishing an encrypted link between a web server and a browser. It creates a behind the scenes connection for passing data between server and client in a secure manner.  Only a few years ago you could generate a self-signed certificate for a person web server and could rest a little easier about people seeing the private data transferred.  Recently the major browser developers said that if a certificate is self-signed, or not matching the URL, that it would give an error about being insecure.  This is due to man-in-the-middle attacks.  They would spoof the connection that you thought was secure and then forward the requests to the true web server so you wouldn’t know they were decrypting and re-encrypting all of the data on its way.

Now we have more secure protocols such as TLS which came out to address certain limitations of  the Secure Sockets Layer protocol. TLS gives additional security to the transfer of data over wide area network connections.  While the older SSL 3.0 is still in use today, there are minor upgrades made to TLS 1.0 which make it much more secure.  Where possible each one of your servers should be setup to force TLS encryption if the client is able to do so.

Now we have the matter of whole network connection encryption instead of just one protocol.  VPN connections are made which force the network to go across a virtual private network.  Most of the time these connections are then routed out the destination network and the public ip of the remote machine will be the ip of the vpn server network.  These connections are made using IPSec which is ideal for authentication, integrity, and confidentiality.  Each of these are a core item for this process to work because if any part is skipped or not authorized, then the connection could be compromised.

One final item I want to touch on is the use of SSH.  This is the default tool used for almost every linux server and is a required item for server deployments.  The secure shell created has a high level of encryption so anything sent over is sure to be safe.  I am actually a little surprised that windows hasn’t embraced the use of SSH to connect to windows servers in order to provide quicker remote session to their servers.  Even with windows core you need to make a remote desktop connection to use the command prompt…. weird.  SSH is able to do some really cool stuff such as tunneling.  Similar in behavior to the VPN connection, SSH is able to move more than just remote commands on the connection.  SCP and SFTP are built off SSH and are able to move files securely.  Even your browser can make a local proxy connection to the SSH connection to transfer all browser traffic over SSH.

Security+ Topic - Data Wiping, Retention, Storage

What happens to your devices when you are through with them?  Do you put them in a closet and call it a day?  When it comes to the expiration date of your hardware there are a few thing that need done to ensure that your data is safe after you are done with it.  Even after you hit the delete key, there are methods and tools available to recover data from your system even though it was deleted.  So what does it mean for you as an IT admin?  It means that you need to securely wipe your devices of all old data.

Just like a lot of things in the IT industry, there is more than one way to skin a cat.  The first option is a full format of a hard drive.  This will overwrite the drive to being blank and will make it much harder to recover data.  Still that data exists on the drive if someone were very motivated to get the data.  After it has been wiped, one option here would be to overwrite the data with new dummy data.  For most consumer tools, this basically guarantees that the most basic of tools will be unable to recover the data.  I’ll jump ahead at this point to the wiping standards of the military.  The tools used for this, such as the dukes boot and nuke live CD, make many passes over the entire hard drive to the point that it becomes nearly impossible to recover the data.  I say nearly impossible because without physically destroying it, there is a one in a gazillion chance that one sector may be recoverable.

The flip side of this whole situation is the retention of the data.  When it comes to how log you are to hold the data it boils down to company or industry standards.  For some companies they will only require that seven days of backup data be held while others such as monetary institutions will require the data to be held for years.  While this does touch into the realm of backups a bit more than security, the security aspect of the requirements must be addressed.  It is not enough to simply install a server somewhere, encrypted the transmission via SSL, and then call your backups good.  Take for example a remote datacenter that shuts down.  They let you pull your data off and then shut everything off.  All that hardware gets re-sold to salvage companies and the hard drives are scanned by curious people who are able to recover your secret files.  That data held in the long term retention must be encrypted the same or higher level than your local data because you may not have physical access to it.

One consideration here is that you may not be able to remotely wipe the data without the physical access.  That remote storage is way out of your control so it may be worth an investment in remote wiping capability.  In this area there are a lot of options from failed access attempts triggering a data wipe to  a timeout wipe.  In the first scenario, the remote server is setup to automatically wipe the data with a certain number of failed login attempts (similar to cell phones these days).  The other option is a data wipe that happens after a certain amount of time.  It tries to heartbeat with a certain user or group and if it doesn’t hear anything after awhile, it will automatically the data.