Security Scoring your Bank

Most of us use some form of online banking. Whether it be simply viewing a monthly statement, or, paying a bill online. We entrust the banks with financial transactions and personal data. But, how do we know secure is secure? Continue reading “Security Scoring your Bank”

Advertisements

BIOS Problems

BIOS gremlins

After fifteen years in the IT industry I find I’m always learning.  A year ago I was asked by a friend to look at his laptop as it would no longer power on.  Our course I accepted and I started to investigate.  The laptop was only three weeks out of warranty and as described did not work.  On powering the unit on the power LED lit, an internal fan spun and then nothing!  No beeps, nothing on the screen, and no clue to what could be the cause of the problem.  Screw driver at the ready I swung into action.  I removed the memory, wireless card, DVD-drive, battery and anything else that moved.  The laptop still would not function.  Thus, I assume the problem must be with the motherboard.  So, I told my friend the bad news and reassembled the laptop and place it in a draw.

Last week, I opened the draw for the first time in ages and spotted the laptop.  The demon’s in me could not resist giving it another go.  To my surprise the the laptop booted!  A week or two before this, I had fixed a PC with a similar problem by popping the CMOS battery.  And, before that I’d had to re-flash the BIOS on my own PC after it became corrupted.  Therefore, I can only assume the gremlins in my friends laptop were related to the BIOS, as when I powered it on I received a message from the BIOS that the factory defaults would be loaded and the time needed setting.  I can only conclude the problem was BIOS related.

Whenever I attempt to diagnose a computer fault in the future I’m always going to remove the BIOS battery: you never know it might just work!

Tips for securing SSH

SSH is the preferred method for providing remote shell services such as command execution.   Designed as a replacement for the old-school insecure Telnet protocol SSH provides an encrypted secure connection between client and server.  Although, far more secure than its for-farther, there are some extra steps you can take to increase out-of-the-box setting to increase the level of security.

The following assumes a fresh installation of CentOS 6.  By default the SSH service is not enabled.  To enabled the service you need to start the service.  To do this run the following command as the root user within a terminal:

service sshd start

To configure the system to start the SSH service at start-up you can run the following:

chkconfig sshd on

The service will now accept connections from clients. The configuration of the service is controlled by the contents of a configuration file called ‘sshd_config’ located within the folder ‘/etc/sshd/’. Open this file using the editor of your choice. Read more

Security Now – Security, education and coffee

Security_now_podcastSecurity now is a weekly pod-cast fronted by the duo Steve Gibson and Leo Laporte. The pod-cast’s primary topic is security within the IT sector. Each show normally focus’ on a given topic which is chosen by Steve Gibson – the Commander and Chief of all things security. The main subject fits around several regular slots which includes discussions about the latest security events. The pod-cast lasts around 60-90 minutes and is pitched at listeners with a medium to high knowledge within the security area. However, anyone who wants to learn about security will truly benefit from the show as Steve and Leo explain complex subjects in a manner that is very easy to digest.  Although the show is driven by Steve Gibson’s labyrinthian brain, Leo Laporte’s broader knowledge of everything IT brings a fresh edge to Steve’s in-depth crypo-speak.  The two compliment each other and occasionally digress into other areas of interest to the super geek; like books, coffee, nutrition and sci-fi.

The history of the show goes back to 2005 and they have recorded over three-hundred and fifty shows, each of these shows are available at GRC (Gibson Research Company) website.  The latest shows are also published on Leporte’s Twit network  The archive is well worth reviewing, some of the best pod-casts I’d recommend are Episode #325, 323 and 317 which delves into the bowels of how the TCP protocol – the backbone of the Internet.

For more information please visit Twit’s site!  You can even tune into the show as it is broadcast live.

Monitor the health of your Hard Drive – Part 3

If you’ve ever lost personal information due to a hard-disk drive failure?  Either way, I advice you to get SMART.

Self-Monitoring, Analysis, and Reporting Technology – Part 3

This is part three of my series about SMART .  In part one of this series I introduced the SMART  monitoring and reporting system.  I outlined the goals of SMART and explained how to determine whether your hard-disk supports this feature.  Part two covered the basics of using the SMART system, I explained how to scan your hard-drive for errors and how to interpret the disk’s internal thresholds. In this post I intend on explaining how to automate the SMARTmonitoring and scanning options.

The default SMART set-up

Let’s refresh our minds about what files are included when we installed SMART in step one, this will help us understand the default behaviour of SMART.  Using the RPM tools we can query the RPM database to list the files which make up the SMART package (note this post is CentOS based – other distributions may not provided the RPM tools and you may have to substitute this command for one that suites your distribution) e.g.

rpm -ql smartmontools

Content of smartmontools
Contents on smartmontools listed.

Continue reading “Monitor the health of your Hard Drive – Part 3”

Monitor the health of your Hard Drive – Part 2

If you’ve ever lost personal information due to a hard-disk drive failure?  Either way, I advice you to get SMART.

Self-Monitoring, Analysis, and Reporting Technology – Part 2

In part one of this series one introduced the SMART  monitoring and reporting system.  I outlined the goals of SMART and explained how to determine whether your hard-disk supports this feature.  In this part, one intends showing the basics of using the SMARTsystem to scan your hard-drive for errors and how to interpret the disk’s internal SMART thresholds.

The self test options!

SMART offers different levels of self-tests; these are, short, long, conveyance and selective.  The most commonly of these four are the short and long tests; but, for completeness let’s look at the official definition of each as taken from the Linux man page for smartctl:

Short -runs SMART short self-test (usually under ten minutes). [Note: in the case of SCSI devices, this command option runs the “Background short” self-test.] This command can be given during normal system operation.  This is a test in a different category than the immediate or automatic offline tests. The “Self” tests check the electrical and mechanical performance as well as the read performance of the disk. Their results are reported in the Self Test Error Log, readable with the ‘-l selftest’ option. Note that on some disks the progress of the self-test can be monitored by watching this log during the self-test.

Long / Extended – SMART Extended self-test (tens of minutes). [Note: in the case of SCSI devices, this command option runs the “Background long” self-test.] This is a longer and more thorough version of the short self-test described above. Note that this command can be given during normal system operation.

Conveyance – [ATA only] runs a SMART Conveyance self-test (minutes). This self-test routine is intended to identify damage incurred during transporting of the device. This self-test routine should take on the order of minutes to complete. Note that this test can be run during normal system operation.

Selective – [ATA only] runs a SMART Selective self-test, to test a range of disk Logical Block Addresses (LBAs), rather than the entire disk. Each range of LBAs that is checked is called a “span” and is specified by a starting LBA (N) and an ending LBA (M) with N less than or equal to M. The range can also be specified as N+SIZE. A span at the end of a disk can be specified by N-max.

Running a scan SMART?

Using smartctl you can ask the target disk to perform a self-test e.g.

smartctl -t short /dev/sda

smartctl -t short /dev/sda
The screenshot shows the command required to start a short scan.

As you can see from the output the command simply passes the request for the self-test to the requested disk and prints an estimate of the execution time, followed by the estimated completion date and time-stamp.  The duration may differ for each disk and does have a correlation to disk size and speed.

Checking the self-test scan results?

After waiting the advised time, or, if you are impatient a few seconds before, one can use the SMART utility to query the results of the test e.g.

smartctl –log=selftest /dev/sda

 smartctl --log=selftest /dev/sda
The screenshot shows how to query the SMART capable device for self-test results.

Continue reading “Monitor the health of your Hard Drive – Part 2”

Monitor the health of your Hard Drive – Part 1

If you’ve ever lost personal information due to a hard-disk drive failure?  Either way, I advice you to get SMART.

Self-Monitoring, Analysis, and Reporting Technology – Part 1

SMART is a monitoring and reporting system for computer hard disks to detect and report on various indicators of reliability, in the hope of anticipating failures.  In simple terms SMART allows a hard disk to monitor its own health.  To make a comparison,  take the average car, how often have you spotted a red light on your dashboard.  The red light indicates that something is not right e.g. your oil is low!  SMART is your hard drive’s equivalent of a red light on your dashboard.

How does SMART work?

SMART maintains values against a pre-defined set of attributes.  Attributes are available for things such as; “Powered on Hours”, “Uncorrectable Sectors” and “Temperature”; plus lots more.  These attributes can differ from vendor to vendor.  Against each attribute the  values for “Current”, “Worst” and “Threshold” are retained.  These values are used to predict and detect failures.

How does one get SMART?

Most modern hard drives should be SMART enabled.  And there are several software packages that offer SMART monitor tools – Windows user sorry this is Linux only.  In most of the major Linux distribution  this should be as simple as searching your package manager.  I prefer the command line; and thus, use the yum package manager.  On CentOS you would run the command:

yum install smartmontools -y

Right, how can I used SMART?

Before diving in let’s see what  has been installed with the command “rpm -ql smartmontools” e.g.

Content of smartmontools
Contents of smartmontools RPM.

As you can see , the bulk is documentation, man files and examples.  The main command line utility of interest is “/usr/sbin/smartctl”.  This utility allows you to control and monitor SMART attributes.

Let’s get stuck in!  First we’ll ask smartctl to scan for devices and print each device name.  Type “smartctl –scan” e.g.

smartctl scan results
smartctl --scan

The details of each drive can be listed by running the following command:

smartctl -i /dev/sda

The “-i” option informs smartctl to list the information of the device /dev/sda.  If the drive is detected and you have the required privileges to access  the drive the utility should print the drive model, serial, capacity, and smart capability and status e.g. sample output follows.

samrtctl HDD information

The information listed is quite useful, attributes of relevance are the last two.  These settings allow us to determine whether the device is SMART capable.  And, if capable, it also states whether support is currently enabled or disabled.  In this case, the sample output shows the interrogated drive is both SMART capable and SMART enabled.

Part two here.