Computer Security - Schonhans Style 2010-2011 October
Free Anti Virus Protection
AVG Anti-Virus Free Edition is the most trusted antivirus as well as antispyware protection for Windows is now been offered to download for free. In accumulation, the new integrated LinkScanner Active Surf-Shield also verifies with the web pages for threats at the only time that subjects – when you're about to click that link.
AVG Anti-Virus Free has these following features integrated in it:
• Award-winning antivirus and antispyware
• Real-time safe internet surfing and searching
• Quality proven by 80 million of users
• Easy to download, install and use
• Protection against viruses and spyware
• Well-suited with Windows 7, Windows Vista and Windows XP
AVG Anti-Virus Free Edition is only offered for single computer use for home and non commercial use.
Every Windows Computer should have this installed, it is the beginning to learning how to secure yourself in 2011
http://www.avg.com/
Next - you need a good firewall.
ZONE ALARM
About ZoneAlarmProtect your PC from viruses, spyware, phishing and other attacks with our advancedcomputer security software products. ZoneAlarm provides industry leading computer andInternet security software for home and small business computers and networks. Our products include Antivirus protection, Spyware removal, Internet Firewall, Internet browser security, ID theft prevention, email virus scan and much more. Download our free trial anti-virus or free firewall software, which includes the free ZoneAlarm Security Toolbar. We support the latest operating system software, including Windows 7, Windows Vista, Windows XP, Internet Explorer, and FireFox.
http://zonealarm.com/
That Starts you with Protection. Next, you will need a scanner to make sure you have closed all the doors your computer may have left open. Windows provides monthly security updates to ensure these doors stay closed. Update your Windows Security Bi-Weekly.
Windows Security Tool
The Microsoft Windows Malicious Software Removal Tool checks computers running Windows 7, Windows Vista, Windows XP, Windows 2000, and Windows Server 2003 for infections by specific, prevalent malicious software—including Blaster, Sasser, and Mydoom—and helps remove any infection found.When the detection and removal process is complete, the tool displays a report describing the outcome, including which, if any, malicious software was detected and removed.
Microsoft releases an updated version of this tool on the second Tuesday of each month, and as needed to respond to security incidents. The tool is available from Microsoft Update, Windows Update and the Microsoft Download Center.
Note The version of the tool delivered by Microsoft Update and Windows Update runs in the background and then reports if an infection is found. To run this tool more than once a month, use the version on this Web page or install the version that is available in the Download Center.
Because computers can appear to function normally when infected, it's a good idea to run this tool regularly even if your computer seems to be fine. You should also use up-to-date antivirus software to help protect your computer from other malicious software.
To download the latest version of this tool, visit the Microsoft Download Center.
You can also perform an online scan of your computer using the Windows Live safety scanner
http://www.microsoft.com/security/malwareremove/default.aspx
This is the beginning to understand how Windows Computers can protect themselves with the available software, Free from the Internet. You can now scan you machine, and make sure you are secure. Next I recommend some more scanning tools, to ensure you can 'lock down' your computer and if someone attacks you, scan them back and see who they were.
NMAP
Introduction
Nmap ("Network Mapper") is a free and open source (license) utility for network exploration or security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. It was designed to rapidly scan large networks, but works fine against single hosts. Nmap runs on all major computer operating systems, and official binary packages are avalable for Linux, Windows, and Mac OS X. In addition to the classic command-line Nmap executable, the Nmap suite includes an advanced GUI and results viewer (Zenmap), a flexible data transfer, redirection, and debugging tool (Ncat), and a utility for comparing scan results (Ndiff).
Nmap was named “Security Product of the Year” by Linux Journal, Info World, LinuxQuestions.Org, and Codetalker Digest. It was even featured in eight movies, including The Matrix Reloaded, Die Hard 4, and The Bourne Ultimatum.
Nmap is ...
http://nmap.com/
Now that you have all that going - You will want to see your programs running in real time, and make sure nothing that shouldnt be running, is running.Process Explorer v12.04By Mark Russinovich
Published: June 8, 2010
Download Process Explorer (1.64 MB)
Rate: IntroductionEver wondered which program has a particular file or directory open? Now you can find out. Process Explorer shows you information about which handles and DLLs processes have opened or loaded.
The Process Explorer display consists of two sub-windows. The top window always shows a list of the currently active processes, including the names of their owning accounts, whereas the information displayed in the bottom window depends on the mode that Process Explorer is in: if it is in handle mode you'll see the handles that the process selected in the top window has opened; if Process Explorer is in DLL mode you'll see the DLLs and memory-mapped files that the process has loaded.Process Explorer also has a powerful search capability that will quickly show you which processes have particular handles opened or DLLs loaded.
The unique capabilities of Process Explorer make it useful for tracking down DLL-version problems or handle leaks, and provide insight into the way Windows and applications work.
http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
Now that you can run programs and watch them in real time, lets move onto something everyone should learn how to do. Close Net Bios.
Net Bios - Port 135http://www.youtube.com/watch?v=1CxXeiSrGPQ
Now that you have a firewall up, and can scan and see you dont have any ports open, or rouge programs running, lets take a look at who has done what on your computer.
You will need to run the Event Viewer and see who has logged on and done what to your computer when.
Windows Vista - Event Viewer ImprovementsWindows Vista Event - Viewer ImprovementsI urge you to give the Vista Event Viewer a chance to impress. Make a resolution to visit the interface at least once a week. Then should disaster strike, your experience will give you a baseline of what a healthy machine looks like. Moreover, any exceptions will stand out and you will know how to drill down and find the crucial troubleshooting information.
Windows Vista - Event Viewer Topics
Microsoft has improved the Event Viewer, as a result in Vista there is now a console with three resizable window panes. The benefit of the new design makes it is easier to:
Launching the Vista Event Viewer
To get started, click on the Vista Start button, then in the 'Start Search' box type just three letters: eve. Observe how the larger dialog box displays: 'Programs' and underneath: 'Event Viewer'. Click on 'Event Viewer'.
Alternatively, you could type the full word 'event viewer in the Start Search dialog box and then press enter. In Vista there are still two or even three ways of performing most tasks.
As with so many Vista features, Microsoft have improved the Event Viewer compared with its XP predecessor. What particularly impressed me was the slick organization of the vast amount of troubleshooting data. Everywhere you look, from the 3 pane layout, to the categories in Applications and Services Logs, it's obvious that Microsoft have invested considerable effort in researching what people want and then delivering the information to troubleshoot specific Vista events.
New Event Logs in VistaVista has added two new logs to the Event Viewer: Setup and Forwarded Events. To find these menu items, look in the left hand pane underneath 'Windows logs', in amongst the familiar: Application, Security and System logs are the two new logs, Setup and Forwarded Events.
When you add new programs, the Setup log records events relating to the installation of each new application. The Forward Events log contains event ids from other computers. You can specify which events to collect via the Event Subscription menu (see above screen shot at the bottom of the menu in the left pane)
Application and Service Logs
There are also yet more logs, in fact there is a whole new world under 'Application and Service Logs'.
In this section each application or service can have up to four sub-categories of logs.
Admin: Printers give more than their share of problems, make sure you look in the corresponding Admin log if your printer is not working properly.
Operational: Like the Admin logs, the operational logs are also useful for discovering what happened to faulty print devices, for example, why has a printer disappeared from the network.
Analytical: To turn on the Analytical (and the Debug) log, focus on the right hand pane, Actions menu, from there click on the word 'View' and a tick the box: Show Analytical and Debug Logs. (See screen shots to the right.)
Debug: This log is designed for experienced troubleshooters and developers who are trying to debug a particular problem. Logging in itself causes a load on the processor consequently these intensive logs are disabled by default. Another reason is that ordinary users maybe confused rather than helped by their output.
Guy Recommends: SolarWinds LANSurveyorLANSurveyor will produce a neat diagram of your network topology. But that's just the start; LANSurveyor can create an inventory of the hardware and software of your machines and network devices. Other neat features include dynamic update for when you add new devices to your network. I also love the ability to export the diagrams to Microsoft Visio.
Finally, Guy bets that if you take a free trial of LANSurveyor then you will find a device on your network that you had forgotten about, or someone else installed without you realizing!
Download a Free Trial of LANSurveyor
Specific New Event Viewer TasksMy aim in this section is to give you specific examples of what you can achieve with the new Vista Event Viewer.
1) Save crucial event filters as custom views that you can reuse
I recommend that you create views of events across multiple logs, for example create a Custom View of all events containing 'Event Sources: Disk' in either the System or the Application log.
Incidentally, custom views for events reinforces techniques you may have learnt in the new Vista Explorer Searches, both create virtual folders of just the filtered information that you need. Also both use XML to organize their data.
2) Schedule a task to run in response to an event - Integration with Scheduler
a) In the console tree, navigate to the log that contains the event you want to associate with a task.
b) Right-click the event and select Attach Task to This Event.
c) Perform each step presented by the Create Basic Task Wizard.
3) Create and manage event Subscriptions
The top level tasks are:
a) Configure the computers to collect and forward events. (See WecUtil and WinRm below)
b) Create a new Subscription and specify the query to collect the events. (Event Viewer, left window pane, last item.)
WecUtil and WinRm
Our mission is to enable event Subscription on at least two machines. On both Vista computers launch a cmd prompt, remember to request elevated, Administrator privileges. Therefore, before you start, right-click cmd and select, Run as Administrator from the short-cut menu. At the command prompt type:
WinRm quickconfig
y (Enable the WinRm firewall exception)
Note: if you get an Access denied message, see elevated privileges above.
On the computer which is collecting the events also type at the command prompt:
wecutil qc
y (Yes you want it to start)
Get into good habitsIn my opinion, the biggest problem with previous Windows event viewers is that when the computer did not do what they want, people, including me, forgot to search the logs for clues. The bottom line was that XP's event viewer was not sufficiently eye-catching, interesting or useful to hold a troubleshooter's attention. Vista rectifies this fault by developing the event viewer into a console, where it's easy and enjoyable to discover what is, or is not, going on under the covers of your Vista machine.
As a bonus, by regularly visiting the Event View, you will be alert to problems before they become critical. For example; disk bad sectors may start in harmless areas, with vigilance, you could take action before critical boot sectors are affected.
You should now want to be able to scan the network around you. Scanning for other computers in your IP range can educate you on how networks work.Angry IP Scanner - Scan the network around you
Angry IP scanner is a very fast IP address and port scanner.
It can scan IP addresses in any range as well as any their ports. It is cross-platform and lightweight. Not requiring any installations, it can be freely copied and used anywhere.
Angry IP scanner simply pings each IP address to check if it's alive, then optionally it is resolving its hostname, determines the MAC address, scans ports, etc. The amount of gathered data about each host can be extended with plugins.
It also has additional features, like NetBIOS information (computer name, workgroup name, and currently logged in Windows user), favorite IP address ranges, web server detection, customizable openers, etc.
Scanning results can be saved to CSV, TXT, XML or IP-Port list files. With help of plugins, Angry IP Scanner can gather any information about scanned IPs. Anybody who can write Java code is able to write plugins and extend functionality of Angry IP Scanner.
In order to increase scanning speed, it uses multithreaded approach: a separate scanning thread is created for each scanned IP address. The full source code is available, see Download page.
Next, you will need to have this program around, its good to learn and understand what network admins go thru.
Cain and Abel
This utility helps you decrypt or recover your lost or forgotten passwords.Cain & Abel is a password recovery utility that allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols.
It covers some security aspects/weakness present in protocol's standards, authentication methods and caching mechanisms; its main purpose is the simplified recovery of passwords and credentials from various sources, however it also ships some "non standard" utilities for Microsoft Windows users.
Cain & Abel has been developed in the hope that it will be useful for network administrators, teachers, security consultants/professionals,forensic staff, security software vendors, professional penetration tester and everyone else that plans to use it for ethical reasons.
The author will not help or support any illegal activity done with this program. Be warned that there is the possibility that you will cause damages and/or loss of data using this software and that in no events shall the author be liable for such damages or loss of data. Please carefully read the License Agreement included in the program before using it.
The latest version is faster and contains a lot of new features like APR (Arp Poison Routing) which enables sniffing on switched LANs and Man-in-the-Middle attacks. The sniffer in this version can also analyze encrypted protocols such as SSH-1 and HTTPS, and contains filters to capture credentials from a wide range of authentication mechanisms.
The new version also ships routing protocols authentication monitors and routes extractors, dictionary and brute-force crackers for all common hashing algorithms and for several specific authentications, password/hash calculators, cryptanalysis attacks, password decoders and some not so common utilities related to network and system security.
Note: Some antivirus and antispyware programs flag Cain & Abel as being infected/malware, although the application is perfectly safe and does not pose a threat to your system. This is called a 'false positive'. The term false positive is used when antivirus software wrongly classifies an innocuous (inoffensive) file as a virus. The incorrect detection may be due to heuristics or to an incorrect virus signature in a database. [Similar problems can occur with antitrojan or antispyware software.]
What's New in This Release: [ read full changelog ]
· Added MP3 audio file generation in VoIP sniffer.
· Fixed Abel DLL crashes on 64-bit operating systems.
· Modified Export function to Users, Groups, Services and Shares lists with TAB separators.
· Fixed a bug in Wireless Password Decoder concerning Microsoft Virtual WiFi Miniport Adapter.
· Fixed a bug in NTLMv2 Cracker within the "Test Password" function.
· Removed "WindowsFirewallInitialize failed" startup error message if Windows Firewall service is stopped.
http://www.softpedia.com/get/Security/Decrypting-Decoding/Cain-and-Abel.shtml
METASPLOIT - OCT 2010 THE MOTHER OF ALL HACKER PROGRAMS
Metasploit - Penetration Testing ResourcesMetasploit provides useful information and tools for penetration testers, security researchers, and IDS signature developers. This project was created to provide information on exploit techniques and to create a functional knowledgebase for exploit developers and security professionals. The tools and information on this site are provided for legal security research and testing purposes only. Metasploit is an open source project managed by Rapid7.
http://www.rapid7.com/products/metasploit-framework.jsp
Here is a YouTube video on how to use METASPLOIT
http://www.youtube.com/watch?v=9but2Io1qcc
As you can see from this video, to get shell on another computer isnt that hard now a days.
Its making sure all the doors are closed is the trick.
Free Anti Virus Protection
AVG Anti-Virus Free Edition is the most trusted antivirus as well as antispyware protection for Windows is now been offered to download for free. In accumulation, the new integrated LinkScanner Active Surf-Shield also verifies with the web pages for threats at the only time that subjects – when you're about to click that link.
AVG Anti-Virus Free has these following features integrated in it:
• Award-winning antivirus and antispyware
• Real-time safe internet surfing and searching
• Quality proven by 80 million of users
• Easy to download, install and use
• Protection against viruses and spyware
• Well-suited with Windows 7, Windows Vista and Windows XP
AVG Anti-Virus Free Edition is only offered for single computer use for home and non commercial use.
Every Windows Computer should have this installed, it is the beginning to learning how to secure yourself in 2011
http://www.avg.com/
Next - you need a good firewall.
ZONE ALARM
About ZoneAlarmProtect your PC from viruses, spyware, phishing and other attacks with our advancedcomputer security software products. ZoneAlarm provides industry leading computer andInternet security software for home and small business computers and networks. Our products include Antivirus protection, Spyware removal, Internet Firewall, Internet browser security, ID theft prevention, email virus scan and much more. Download our free trial anti-virus or free firewall software, which includes the free ZoneAlarm Security Toolbar. We support the latest operating system software, including Windows 7, Windows Vista, Windows XP, Internet Explorer, and FireFox.
http://zonealarm.com/
That Starts you with Protection. Next, you will need a scanner to make sure you have closed all the doors your computer may have left open. Windows provides monthly security updates to ensure these doors stay closed. Update your Windows Security Bi-Weekly.
Windows Security Tool
The Microsoft Windows Malicious Software Removal Tool checks computers running Windows 7, Windows Vista, Windows XP, Windows 2000, and Windows Server 2003 for infections by specific, prevalent malicious software—including Blaster, Sasser, and Mydoom—and helps remove any infection found.When the detection and removal process is complete, the tool displays a report describing the outcome, including which, if any, malicious software was detected and removed.
Microsoft releases an updated version of this tool on the second Tuesday of each month, and as needed to respond to security incidents. The tool is available from Microsoft Update, Windows Update and the Microsoft Download Center.
Note The version of the tool delivered by Microsoft Update and Windows Update runs in the background and then reports if an infection is found. To run this tool more than once a month, use the version on this Web page or install the version that is available in the Download Center.
Because computers can appear to function normally when infected, it's a good idea to run this tool regularly even if your computer seems to be fine. You should also use up-to-date antivirus software to help protect your computer from other malicious software.
To download the latest version of this tool, visit the Microsoft Download Center.
You can also perform an online scan of your computer using the Windows Live safety scanner
http://www.microsoft.com/security/malwareremove/default.aspx
This is the beginning to understand how Windows Computers can protect themselves with the available software, Free from the Internet. You can now scan you machine, and make sure you are secure. Next I recommend some more scanning tools, to ensure you can 'lock down' your computer and if someone attacks you, scan them back and see who they were.
NMAP
Introduction
Nmap ("Network Mapper") is a free and open source (license) utility for network exploration or security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. It was designed to rapidly scan large networks, but works fine against single hosts. Nmap runs on all major computer operating systems, and official binary packages are avalable for Linux, Windows, and Mac OS X. In addition to the classic command-line Nmap executable, the Nmap suite includes an advanced GUI and results viewer (Zenmap), a flexible data transfer, redirection, and debugging tool (Ncat), and a utility for comparing scan results (Ndiff).
Nmap was named “Security Product of the Year” by Linux Journal, Info World, LinuxQuestions.Org, and Codetalker Digest. It was even featured in eight movies, including The Matrix Reloaded, Die Hard 4, and The Bourne Ultimatum.
Nmap is ...
- Flexible: Supports dozens of advanced techniques for mapping out networks filled with IP filters, firewalls, routers, and other obstacles. This includes many port scanningmechanisms (both TCP & UDP), OS detection, version detection, ping sweeps, and more. See the documentation page.
- Powerful: Nmap has been used to scan huge networks of literally hundreds of thousands of machines.
- Portable: Most operating systems are supported, including Linux, Microsoft Windows, FreeBSD, OpenBSD, Solaris, IRIX, Mac OS X, HP-UX, NetBSD, Sun OS, Amiga, and more.
- Easy: While Nmap offers a rich set of advanced features for power users, you can start out as simply as "nmap -v -A targethost". Both traditional command line and graphical (GUI) versions are available to suit your preference. Binaries are available for those who do not wish to compile Nmap from source.
- Free: The primary goals of the Nmap Project is to help make the Internet a little more secure and to provide administrators/auditors/hackers with an advanced tool for exploring their networks. Nmap is available for free download, and also comes with full source code that you may modify and redistribute under the terms of the license.
- Well Documented: Significant effort has been put into comprehensive and up-to-date man pages, whitepapers, tutorials, and even a whole book! Find them in multiple languages here.
- Supported: While Nmap comes with no warranty, it is well supported by a vibrant community of developers and users. Most of this interaction occurs on the Nmap mailing lists. Most bug reports and questions should be sent to the nmap-dev list, but only after you read the guidelines. We recommend that all users subscribe to the low-trafficnmap-hackers announcement list. You can also find Nmap on Facebook and Twitter. For real-time chat, join the #nmap channel on Freenode or EFNet.
- Acclaimed: Nmap has won numerous awards, including "Information Security Product of the Year" by Linux Journal, Info World and Codetalker Digest. It has been featured in hundreds of magazine articles, several movies, dozens of books, and one comic book series. Visit the press page for further details.
- Popular: Thousands of people download Nmap every day, and it is included with many operating systems (Redhat Linux, Debian Linux, Gentoo, FreeBSD, OpenBSD, etc). It is among the top ten (out of 30,000) programs at the Freshmeat.Net repository. This is important because it lends Nmap its vibrant development and user support communities.
http://nmap.com/
Now that you have all that going - You will want to see your programs running in real time, and make sure nothing that shouldnt be running, is running.Process Explorer v12.04By Mark Russinovich
Published: June 8, 2010
Download Process Explorer (1.64 MB)
Rate: IntroductionEver wondered which program has a particular file or directory open? Now you can find out. Process Explorer shows you information about which handles and DLLs processes have opened or loaded.
The Process Explorer display consists of two sub-windows. The top window always shows a list of the currently active processes, including the names of their owning accounts, whereas the information displayed in the bottom window depends on the mode that Process Explorer is in: if it is in handle mode you'll see the handles that the process selected in the top window has opened; if Process Explorer is in DLL mode you'll see the DLLs and memory-mapped files that the process has loaded.Process Explorer also has a powerful search capability that will quickly show you which processes have particular handles opened or DLLs loaded.
The unique capabilities of Process Explorer make it useful for tracking down DLL-version problems or handle leaks, and provide insight into the way Windows and applications work.
http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
Now that you can run programs and watch them in real time, lets move onto something everyone should learn how to do. Close Net Bios.
Net Bios - Port 135http://www.youtube.com/watch?v=1CxXeiSrGPQ
Now that you have a firewall up, and can scan and see you dont have any ports open, or rouge programs running, lets take a look at who has done what on your computer.
You will need to run the Event Viewer and see who has logged on and done what to your computer when.
Windows Vista - Event Viewer ImprovementsWindows Vista Event - Viewer ImprovementsI urge you to give the Vista Event Viewer a chance to impress. Make a resolution to visit the interface at least once a week. Then should disaster strike, your experience will give you a baseline of what a healthy machine looks like. Moreover, any exceptions will stand out and you will know how to drill down and find the crucial troubleshooting information.
Windows Vista - Event Viewer Topics
- Reasons to Master the Event Viewer
- Launching the Vista Event Viewer
- New Event Logs in Vista
- Specific Tasks for New Event Viewer
- Get Into Good Habits
Microsoft has improved the Event Viewer, as a result in Vista there is now a console with three resizable window panes. The benefit of the new design makes it is easier to:
- To solve a specific Vista problem
- To discover why a machine is performing slowly
- To prevent nuisances developing into disasters
Launching the Vista Event Viewer
To get started, click on the Vista Start button, then in the 'Start Search' box type just three letters: eve. Observe how the larger dialog box displays: 'Programs' and underneath: 'Event Viewer'. Click on 'Event Viewer'.
Alternatively, you could type the full word 'event viewer in the Start Search dialog box and then press enter. In Vista there are still two or even three ways of performing most tasks.
As with so many Vista features, Microsoft have improved the Event Viewer compared with its XP predecessor. What particularly impressed me was the slick organization of the vast amount of troubleshooting data. Everywhere you look, from the 3 pane layout, to the categories in Applications and Services Logs, it's obvious that Microsoft have invested considerable effort in researching what people want and then delivering the information to troubleshoot specific Vista events.
New Event Logs in VistaVista has added two new logs to the Event Viewer: Setup and Forwarded Events. To find these menu items, look in the left hand pane underneath 'Windows logs', in amongst the familiar: Application, Security and System logs are the two new logs, Setup and Forwarded Events.
When you add new programs, the Setup log records events relating to the installation of each new application. The Forward Events log contains event ids from other computers. You can specify which events to collect via the Event Subscription menu (see above screen shot at the bottom of the menu in the left pane)
Application and Service Logs
There are also yet more logs, in fact there is a whole new world under 'Application and Service Logs'.
In this section each application or service can have up to four sub-categories of logs.
Admin: Printers give more than their share of problems, make sure you look in the corresponding Admin log if your printer is not working properly.
Operational: Like the Admin logs, the operational logs are also useful for discovering what happened to faulty print devices, for example, why has a printer disappeared from the network.
Analytical: To turn on the Analytical (and the Debug) log, focus on the right hand pane, Actions menu, from there click on the word 'View' and a tick the box: Show Analytical and Debug Logs. (See screen shots to the right.)
Debug: This log is designed for experienced troubleshooters and developers who are trying to debug a particular problem. Logging in itself causes a load on the processor consequently these intensive logs are disabled by default. Another reason is that ordinary users maybe confused rather than helped by their output.
Guy Recommends: SolarWinds LANSurveyorLANSurveyor will produce a neat diagram of your network topology. But that's just the start; LANSurveyor can create an inventory of the hardware and software of your machines and network devices. Other neat features include dynamic update for when you add new devices to your network. I also love the ability to export the diagrams to Microsoft Visio.
Finally, Guy bets that if you take a free trial of LANSurveyor then you will find a device on your network that you had forgotten about, or someone else installed without you realizing!
Download a Free Trial of LANSurveyor
Specific New Event Viewer TasksMy aim in this section is to give you specific examples of what you can achieve with the new Vista Event Viewer.
1) Save crucial event filters as custom views that you can reuse
I recommend that you create views of events across multiple logs, for example create a Custom View of all events containing 'Event Sources: Disk' in either the System or the Application log.
Incidentally, custom views for events reinforces techniques you may have learnt in the new Vista Explorer Searches, both create virtual folders of just the filtered information that you need. Also both use XML to organize their data.
2) Schedule a task to run in response to an event - Integration with Scheduler
a) In the console tree, navigate to the log that contains the event you want to associate with a task.
b) Right-click the event and select Attach Task to This Event.
c) Perform each step presented by the Create Basic Task Wizard.
3) Create and manage event Subscriptions
The top level tasks are:
a) Configure the computers to collect and forward events. (See WecUtil and WinRm below)
b) Create a new Subscription and specify the query to collect the events. (Event Viewer, left window pane, last item.)
WecUtil and WinRm
Our mission is to enable event Subscription on at least two machines. On both Vista computers launch a cmd prompt, remember to request elevated, Administrator privileges. Therefore, before you start, right-click cmd and select, Run as Administrator from the short-cut menu. At the command prompt type:
WinRm quickconfig
y (Enable the WinRm firewall exception)
Note: if you get an Access denied message, see elevated privileges above.
On the computer which is collecting the events also type at the command prompt:
wecutil qc
y (Yes you want it to start)
Get into good habitsIn my opinion, the biggest problem with previous Windows event viewers is that when the computer did not do what they want, people, including me, forgot to search the logs for clues. The bottom line was that XP's event viewer was not sufficiently eye-catching, interesting or useful to hold a troubleshooter's attention. Vista rectifies this fault by developing the event viewer into a console, where it's easy and enjoyable to discover what is, or is not, going on under the covers of your Vista machine.
As a bonus, by regularly visiting the Event View, you will be alert to problems before they become critical. For example; disk bad sectors may start in harmless areas, with vigilance, you could take action before critical boot sectors are affected.
You should now want to be able to scan the network around you. Scanning for other computers in your IP range can educate you on how networks work.Angry IP Scanner - Scan the network around you
Angry IP scanner is a very fast IP address and port scanner.
It can scan IP addresses in any range as well as any their ports. It is cross-platform and lightweight. Not requiring any installations, it can be freely copied and used anywhere.
Angry IP scanner simply pings each IP address to check if it's alive, then optionally it is resolving its hostname, determines the MAC address, scans ports, etc. The amount of gathered data about each host can be extended with plugins.
It also has additional features, like NetBIOS information (computer name, workgroup name, and currently logged in Windows user), favorite IP address ranges, web server detection, customizable openers, etc.
Scanning results can be saved to CSV, TXT, XML or IP-Port list files. With help of plugins, Angry IP Scanner can gather any information about scanned IPs. Anybody who can write Java code is able to write plugins and extend functionality of Angry IP Scanner.
In order to increase scanning speed, it uses multithreaded approach: a separate scanning thread is created for each scanned IP address. The full source code is available, see Download page.
Next, you will need to have this program around, its good to learn and understand what network admins go thru.
Cain and Abel
This utility helps you decrypt or recover your lost or forgotten passwords.Cain & Abel is a password recovery utility that allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols.
It covers some security aspects/weakness present in protocol's standards, authentication methods and caching mechanisms; its main purpose is the simplified recovery of passwords and credentials from various sources, however it also ships some "non standard" utilities for Microsoft Windows users.
Cain & Abel has been developed in the hope that it will be useful for network administrators, teachers, security consultants/professionals,forensic staff, security software vendors, professional penetration tester and everyone else that plans to use it for ethical reasons.
The author will not help or support any illegal activity done with this program. Be warned that there is the possibility that you will cause damages and/or loss of data using this software and that in no events shall the author be liable for such damages or loss of data. Please carefully read the License Agreement included in the program before using it.
The latest version is faster and contains a lot of new features like APR (Arp Poison Routing) which enables sniffing on switched LANs and Man-in-the-Middle attacks. The sniffer in this version can also analyze encrypted protocols such as SSH-1 and HTTPS, and contains filters to capture credentials from a wide range of authentication mechanisms.
The new version also ships routing protocols authentication monitors and routes extractors, dictionary and brute-force crackers for all common hashing algorithms and for several specific authentications, password/hash calculators, cryptanalysis attacks, password decoders and some not so common utilities related to network and system security.
Note: Some antivirus and antispyware programs flag Cain & Abel as being infected/malware, although the application is perfectly safe and does not pose a threat to your system. This is called a 'false positive'. The term false positive is used when antivirus software wrongly classifies an innocuous (inoffensive) file as a virus. The incorrect detection may be due to heuristics or to an incorrect virus signature in a database. [Similar problems can occur with antitrojan or antispyware software.]
What's New in This Release: [ read full changelog ]
· Added MP3 audio file generation in VoIP sniffer.
· Fixed Abel DLL crashes on 64-bit operating systems.
· Modified Export function to Users, Groups, Services and Shares lists with TAB separators.
· Fixed a bug in Wireless Password Decoder concerning Microsoft Virtual WiFi Miniport Adapter.
· Fixed a bug in NTLMv2 Cracker within the "Test Password" function.
· Removed "WindowsFirewallInitialize failed" startup error message if Windows Firewall service is stopped.
http://www.softpedia.com/get/Security/Decrypting-Decoding/Cain-and-Abel.shtml
METASPLOIT - OCT 2010 THE MOTHER OF ALL HACKER PROGRAMS
Metasploit - Penetration Testing ResourcesMetasploit provides useful information and tools for penetration testers, security researchers, and IDS signature developers. This project was created to provide information on exploit techniques and to create a functional knowledgebase for exploit developers and security professionals. The tools and information on this site are provided for legal security research and testing purposes only. Metasploit is an open source project managed by Rapid7.
http://www.rapid7.com/products/metasploit-framework.jsp
Here is a YouTube video on how to use METASPLOIT
http://www.youtube.com/watch?v=9but2Io1qcc
As you can see from this video, to get shell on another computer isnt that hard now a days.
Its making sure all the doors are closed is the trick.
