Archive for August, 2007

Windows Server 2003 Administration Tips

0

Want to build an enterprise network? which can accomodate multiple user? n offcourse we can’t forget the security factor.

I have some hints to build a network like that using windows server 2003 with several software installed to perform much reliable, secure network.

First i’ll explain about the feature of windows server 2003, Microsoft Windows Server 2003 Family have 3 version, Standar Edition, Enterprise Edition and Data Senter Edition. each version have same ability but have a few different on hardware support.for small use the standar edition may be the best choice, but if you have large type or enterprise server you can use the enterprise or Data center edition to support much more cpu, RAM and storage.

The Next, the main feature use often @ a network with multiple user :

  • Active Directory
  • DNS (Domain Name System)
  • DHCP (Dynamic Host Configuration Protocol)
  • File Sharing
  • Terminal Server
  • Windows Service Update Server

With 3rd party software from Symantec we can deliver an integrated anti-virus management system @ the network, @this hints i will use Symantec AntiVirus Corporate Edition for easier update n install.

(more…)

Found anotherthing interesting.. “The Dark Game”

0

long time not play this “game”… after several month not update my collection, last week some boy ask me about my collection and my suggestion ’bout this “game”.. after digging my burried stuff, reading and googling  i found this site :
http://www.darknet.org.uk   and bring me back to my lost site http://sectools.org/  .

after i read that blog and searching2 on thus site, i found that all my collection listed there, i didn’t notice that coz in long2 time ago i never read thus site.

after updating my collection, i re-write  all my step for playing this kind of game:

  1. First Step : Discovering
    • Overview :
    • doing this step, u will try to finding the whole network, to map the network, to know the routing map, to know what behind the router machine, to know how clever the network administrator
    • this step to  uncover how  large is the internal network, and the network map
  2. Tools:
    • FoundStone Superscan4 (win32)
    • IP Angry Scanner            (win32)
    • Nmap                             (nux+win32)
    • GFI Languard                  (win32)
    • Cheops NG                     (linux)
    • SNMP-utils
  3. Second Step : Identifiying n Gathering Information
    • Overview :
    • after you know how large the network, the network map and the routing table, next thing to do is identifying and gathering information.
    • this step needed to know the network more details,  about the router information and firewall behind the router.
    • also to let you choose your potensial target
  4. Tools:
    • Nmap                              (nux+win32)
    • Nessus                            (nux+win32)
    • GFI Languard                   (win32)
    • Cheops NG                      (linux)
  5. Third Step : Check The Target Vulneralbility
    • Overview:
    • after you know your target, u need to know more details about your target.
    • the difference from previous step is this step is more to individual target rather to a whole network.
  6. Tools:
    • Nmap                              (nux+win32)
    • Nessus                            (nux+win32)
    • GFI Languard                   (win32)
    • Cheops NG                      (linux)
    • Nikto
  7. Fourth Step : Execute the Stuff
    • Overview:
    • after gathering information about the target and it’s vulnerability, now is your turn to play the game
    • choose your powerfull exploits (choose The Framework or Individual Exploit)
    • remember, don’t use your own node to do this. find another node to jump to your target.
  8. Tools:
    • Metasploit Framework
    • Canvas
    • Core Impact
    • or Individual Exploits
  9. Fifth Step : Securing the Action
    • Overview:
    • after successfully break into the target, remember always choose a action which not leave an evidance can be use to track you down.
    • suggestion: just bind a shell and create a listening port on target
    • remember, don’t use your own node to do this. find another node to jump to your target.
  10. Tools:
    • use TFTP protocol (tftp server + client) most OS support this protocol
  11. Sixth Step : Plant  the stuff
    • Overview:
    • After Successfully get into your target, do what u want there, but always remember not do this on your node, find another jumper place to do this.
  12. Tools:
    • Windows Registry => play fun with this stuff, just doing right thing with that , or u will crashing the target on next restart.
    • Windows Registry + Windows Service => choose an usual name or general name to covering your track
    • Root Kit for Linux, for this stuff i can’t tell much ’bout it, u can try to find it on the net
  13. Seventh Step :Covering the Action
    • Overview:
    • After Successfully get into your target, do what u want there, but always remember not do this on your node, find another jumper place to do this.
    • remember, don’t use your own node to do this. find another node to jump to your target.
    • don’t learn to hack, but hack to learn

i think this step is enough to play with this kind of “GAME”, do it for your own responsibility, i can’t guarantee for this stuff and this action.

_____
with loves, with efforts, with knowledges
knowing the best for ur best
__illuminator__

Securing your Network and Track down The Intruder

0

After i write down all my knowledges bout the “Dark Game”, this time i’ll explain how to break down and tracking the Intruder who play this Game.

This knowledges, i discover by my self, coz a long time ago i didn’t know about a blog or resource which covering this action.

in this action we will cover a few point to break down and track down the intruder, such as:

  1. IDS or Intrussion Detection System (sniffing the net)
    • Overview :
    • IDS or known as Intrussion Detection System, used by system or network administrator to check all anomaly usage on the network, to a server or the whole network
    • The main action of an IDS is sniffing all packet through the network, and auditing all the packet, is there something strange or unusual or matching with intrussion pattern
    • Give a complete report to system/network administrator ’bout the anomaly and the intruder
  2. Tools:
    • SNORT, the most known IDS application is Snort => http://www.snort.org , snort will cover all u need for this purpose
    • Symantect Client Security, for third party which need some extra money to get is Symantect Client Security, but this packet software is intregated with the firewall and i can say this is the perfect one for an individual computer on the net, not covering all the network but perfect on single workstation
    • HoneyNet, this tools has basic purpose to sniff the net but don’t have ability to report an intruder.
    • WireShark a.k.a Ethereal same function with HoneyNet with much interesting GUI and much more Function to auditing packet
  3. Network Traffic
    • Overview:
    • from the network traffic we will know is there an anomaly usage @ our network or not, coz with the normal traffic, i think there is a small possibilities there will be an intruder @ our network, but if there is an intruder @ our network the network traffic will fluctuated.
    • an anomaly behaviour will be there if intruder want to know more about our network or our resource
  4. Tools:
    • NetLoad
    • NetStat
    • Iptraff
    • most the tools is designed for nix system, but i’ll try to find the tools for win32 environment
  5. Log Forensics
    • Overview:
    • from log you’ll know everything more detail bout your box and your network
  6. Tools
    • log reader or something like that
    • i don’t have any experience bout tools which can make me happy with a bunch of log file, coz i love to read it manually
  7. IPS
    • Overview :
    • Intrussion Prevention System, the extended system of IDS, which make your jobs more lighter, more simple, this system will help you securing the network and the machine automatically. coz this system have the ability of an IDS + Tough Firewall system and some script to configure it.
  8. Tools :
    • i recommend u symantec client security for individual box on the network.
    • for the network u can use the Snort master and an snortsam + iptables
  9. Firewall
    • Overview:
    • this system ability is to protect ur network from intruders, securing your network and your  machine, keep your network safe from DoS (Denial of Service)
    • filtering user for accessing your resource
    • and make sure all packet flow on your network is harmless
  10. Tools :
    • Netfilter
    • Iptables
    • Ipchains
    • et

I think this few overview is enough for you to get prepare from the intruder, next post i’ll try to explain how to break this secure system and armed the network from intruders.

_____
with loves, with efforts, with knowledges
knowing the best for ur best
__illuminator__

Go to Top