Category: Security+

Chocolatey Package Manager for Windows

Chocolatey is a package manager for Windows (like apt-get or yum but for Windows). It is a single, unified interface designed to easily work with all aspects of managing Windows software (installers, zip archives, runtime binaries, internal and 3rd party software) using a packaging framework that understands software versions as well as dependencies.

Chocolatey packages encapsulate everything required to manage a particular piece of software into one application by wrapping installers, executables, zips, and scripts into a single package.  This makes applications easy to install.  It simplifies the process of checking for updates.  And it makes installing those updates easy.  Installing updates on a regular basis is crucial for maintaining the security of your Windows machine.

Thousands of packages are available through Chocolatey.  Most, if not all, of them are free and open source.

Open a command prompt in Windows under administrator privileges:

Copy and paste the following command into the command prompt:

@”%SystemRoot%\System32\WindowsPowerShell\v1.0\powershell.exe” -NoProfile -InputFormat None -ExecutionPolicy Bypass -Command “iex ((New-Object System.Net.WebClient).DownloadString(‘https://chocolatey.org/install.ps1’))” && SET “PATH=%PATH%;%ALLUSERSPROFILE%\chocolatey\bin”

After the installation finishes, type the following into the command prompt:

choco upgrade chocolatey

Finally, type the following into the command prompt if you want to use the GUI interface:

choco install chocolateygui

The installer will ask if you want to run the script.  The answer is Yes.

Once the installation has completed, close the command prompt.  Chocolatey should now be visible on your Start menu.

 

Professer Messer Security+ Videos

A good video supplement to Mike Meyer’s Videos for Security + is the Professor Messer set of videos:

Professor Messer Security+ Videos and Notes

These videos are 100% free.  And they are transcribed for those who prefer audio or visual learning.  Professor Messer also has detailed notes for a reasonable fee.

APT and RAT

An APT is an Advanced Persistent Threat.

An APT is underway when an attacker targets a particular system over a long period of time.  The goal is to gain information – not to damage or destroy the system.  His attack is perpetrated against well-chosen targets and the attackers have specific objectives.  For example, an enemy government may want to target a nuclear weapons facility.  Or an attacker might want to target a credit reporting company to get access to credit card numbers.

APTs usually target corporations, banks, government entities, and national defense systems for espionage purposes.  The attackers seldom want the target to discover their presence.

The steps to an APT attack are to gain access to a system, create backdoors and tunnels so that attackers can move around unnoticed, crack passwords and use other methods to gain enhanced privileges (like administrator rights), and then transfer targeted data to their own systems.

They often repeat this process until they are detected.

A Remote Access Trojan (RAT) is a program that includes a backdoor for the attacker to access administrative privileges on a target system.  These programs may be part of freeware programs from dubious sources.  Or they may be sent as an attachment to an email that the attacker entices the recipient to open.  One famous RAT is called Back Oriface.

 

Honeypots

The unfortunate reality is that, despite the best attempts at network security, attack attempts will occur.  Sometimes they will be successful. One way to detect an attack in progress is to set up a honeypot.

A honeypot is a system that is set up to attract an attack attempt and direct the attacker to a safe system where his actions can be tracked and assessed without compromising the system that we are really trying to protect. The honeypot could be:

  • A dedicated server
  • A simulated system or state machine
  • A service on a selected host.  An example would be Tiny Honeypot, which listens to ports not in legitimate use.
  • A virtual server
  • A single file with special attributes.  This is sometimes called a honeytoken.

A honeypot is never meant for authorized users to use.  So, any access to it is either accidental or hostile.

Network Protocols Port Numbers for Security+

Here are some of the common network protocols covered by the Security+ exam, along with their port numbers:

File Transfer Protocols

Name Definition TCP UDP Port Number
FTP File Transport Protocol X 20, 21
SSH Secure Shell X 22
SFTP Secure File Transport Protocol (uses SSH) X 22
SCP Secure Copy (uses SSH) X 22
TFTP Trivial File Transport Protocol X 69
FTPS File Transport Protocol Secure (uses SSL) X 443

Email Protocols

Name Definition TCP UDP Port Number
SMTP File Transport Protocol X 20, 21
POP3 Secure Shell X 22
IMAP4 Secure File Transport Protocol (uses SSH) X 22

Remote Access

Name Definition TCP UDP Port Number
Telnet Telnet X 23
TACACS Terminal Access Controller Access-Control System X 49
TACACS+ Terminal Access Controller Access-Control System+ X 49
SSL VPN SSL VPN – Secure Sockets Layer virtual private network X 443
ISAKMP (VPN) Internet Security Association and Key Management Protocol (virtual private network) X 500
L2TP Layer 2 Tunneling Protocol X 1701
PPTP Point-to-Point Tunneling Protocol X X 1723
RDP Remote Desktop Protocol X X 3389

Other Protocols

Name Definition TCP UDP Port Number
DNS Domain Name System X X 53
DHCP Dynamic Host Configuration Protocol X 67, 68
HTTP Hypertext Transfer Protocol X 80
HTTPS Hypertext Transfer Protocol Secure X 443
Kerberos Kerberos X X 88
NNTP Network News Transfer Protocol X 119
SNMP Simple Network Management Protocol X 161
SNMP Trap Simple Network Management Protocol Trap X X 162
LDAP Lightweight Directory Access Protocol X X 389
Syslog Syslog X 514