Post on 20-Jul-2020
HAM SHACK FU!
Protecting Your Ham
Shack’s Computing
Resources
Chris Miltenberger
W5CMM
May 25, 2017
IDENTIFYING THE RISKS
• Self-inflicted harm
• Security Breaches
• Data Leaks
• Phishing
• Malware
• Support scams
• Wireless networks
• Internet of Things (IoT)
• Hardware failure
• Weather and
Infrastructure
SELF-INFLICTED HARM
• File sharing / Warez
• Poor security practices
• Poor equipment maintenance
• Lack of situational awareness
SECURITY BREACHES
• Yahoo
• Target
• Home Depot
• TJ Maxx
DATA LEAKS
•Chelsea Manning
•Edward Snowden
•Wikileaks
•Shadow Brokers
PHISHING
Email that appears to come from an acquaintance, coworker, customer,
delivery company, etc. but actually comes from an impersonator.
• Your mailbox is full.
• You need to verify your account.
• You have a package waiting from UPS, FedEx, DHL, etc.
• Please authorize a financial transaction.
MALWARE
• Viruses – Must be executed by the user.
• Worms – Can spread without any user intervention.
• Trojans – Provide attacker with remote control of your system.
• Bots – Use your computer for DDoS attacks (distributed denial of
service) attacks.
• Scareware – Threatens the user with a phony notification from FBI,
DHS, etc.
• Ransomware – Encrypts your data and holds it for ransom.
WANNACRY?
• Launched 5/12/2017
• Spreads through Server Messenger
Block version 1 (SMB v1) using the
ETERNALBLUE exploit.
• Installs the DOUBLEPULSAR
remote access Trojan and Tor to
facilitate communications with the
ransomware author.
WANNACRY?
• Attempts to infect all connected
drives, mapped network shares,
and remote desktop sessions.
• This is a worm so it can spread
by itself to vulnerable computers
across your network.
WANNACRY?
• ETERNALBLUE and
DOUBLEPULSAR were part of the
Shadow Brokers release of the NSA
Equations Group hacking tools
earlier this year.
• MS17-010 patch released in March.
• Windows Vista, 7, 8.1, and 10
systems without MS17-010 are
vulnerable.
WANNACRY?
• Microsoft released a patch for older
unsupported systems (XP, 8, Server
2003) the afternoon of 5/12/2017.
• Windows 10 is mostly invulnerable
due to forced updates.
• Keep your computers behind a
router that blocks SMB v1.
• Uninstall SMBv1.
WANNACRY?
• Originally thought to be the work
of a nation-state, but now
thought to be the work of the
Lazarus Group.
• The same group is responsible
for the 2014 Sony Pictures hack
and the 2016 siphoning of $81M
from Central Bangladesh Bank.
SUPPORT SCAMS
• Typically a call from Microsoft or some other respected company.
• Typical social engineering claims are “you are infected” or “your neighbors are
using your internet connection”.
• Attacker tries to social engineer access to victim’s computer
• Convinces victim to download and install a remote access tool to gain and retain
access to your computer.
• Shows victim large list of network connections or errors in event logs.
• Offers to fix the problems, install a product, etc., often as a monthly service.
WIRELESS NETWORKS
• Insecure home wireless network.
• Using an public, insecure,
untrusted, or open wireless
network.
• Not updating or patching
wireless drivers with known
vulnerabilities.
INTERNET OF THINGS
• Smart TVs
Samsung and Visio have both had
issues with insecure or out-of-date
applications, or with spying on
customers.
• Smart Appliances
PornHub was found running on a
smart refrigerator in Home Depot.
HARDWARE FAILURE
• Hardware can fail at any time.
• Power surges can destroy multiple computer components.
• Failing power supplies can cause other components to fail.
• Hard drives crash. Data recovery is sometimes possible, but requires
an expert. Recovery of SSDs (solid state drives) are much more
difficult, if not impossible.
• Data recovery services are expensive ($300 and up).
WEATHER
• Hurricanes – We live in Louisiana…no big surprise here.
• Tornados – More in recent memory.
• Floods – Again…we live in Louisiana.
• Lightning – A major threat to amateur radio equipment.
INFRASTRUCTURE
• Aging power distribution
infrastructure can cause voltage
spikes and outages.
• Older homes have
poor/substandard wiring.
• Squirrels and other varmints can
destroy wires.
WHAT CAN WE DO?
• Improve our security
awareness.
• Improve our security posture.
• Improve our security
practices.
• Prepare and follow a plan.
SECURE YOUR WIRELESS NETWORK
FACT: Wireless networks can be breached. Understand and accept this, but
do everything you can to make it as difficult as possible for attackers.
• Upgrade your router’s firmware or replace it with a new router.
• Disable WPS (Wi-Fi Protected Setup). An attacker can exploit WPS to get
on your wireless network in a matter of minutes.
• Don't bother hiding your SSID or using MAC address filtering. An attacker
can sniff the wireless traffic to find the SSID and the MAC addresses of
authorized clients as they reauthenticate, and then clone the MAC address
to gain access.
SECURE YOUR WIRELESS NETWORK
• Use WPA2-PSK with AES encryption. If you use anything weaker, like WEP
or WPA1-PSK with TKIP, your wireless network is much easier to breach.
• Use a long and complex passphrase. Include upper and lower case letters,
numbers, and special characters. Shorter passphrases can be attacked
quickly with rainbow tables (tables of precomputed hashes).
• Change the default SSID and passphrase. There are rainbow tables for
default SSID/passphrase combinations.
SECURE YOUR WIRELESS NETWORK
• Most newer wireless routers have guest networks separate from the main
network. Make use of that feature especially if you have kids/grandkids!
• Some wireless routers have personal VLANs (where wireless clients can't
talk to each other). This is sometimes called wireless client isolation.
Leveraging this feature can prevent malware from spreading.
• Remember…if you give someone the passphrase to your main wireless
network they have access until you change the passphrase. If you type it in
for them the passphrase can be easily recovered.
PUBLIC WI-FI
• Avoid using public Wi-Fi.
• Some public hotspots are unencrypted and can be sniffed for
usernames and passwords.
• Rogue access points that broadcast a “trusted” SSID use man-in-
the-middle attacks to steal your credentials.
• Use the cellular data or a personal hotspot on your device.
• If you must use public Wi-Fi consider using a trusted VPN.
USE DEDICATED COMPUTERS IN YOUR SHACK.
• Restrict your shack computer to rig control, logging, QRZ
lookups, connections to clusters, etc.
• Avoid casual web surfing, emails, videos, etc.
• Use Linux or MacOS – less prone to infections than
Windows.
• Advanced – Put your shack systems on an isolated VLAN.
PATCH YOUR OPERATING SYSTEM
• Use a supported operating system.
• Fully patched versions of Windows 7, 8, and 10, and Server 2008 R2, 2012,
2012 R2, and 2016 are supported.
• Earlier versions of Windows are not supported and usually do not get security
patches. The WannaCry patch released 5/12/2017 was an exception.
• Most machines that came with Windows XP can run Windows 7 or Linux.
• Patch Tuesday – 2nd (and possibly the 4th) Tuesday each month.
• Allow the operating system to automatically check for and install
patches.
PATCH YOUR APPLICATIONS
• Go for the low hanging fruit first. Java, Flash, and Acrobat are the
most often exploited attack vectors by malware/ransomware.
• Java will notify you when there's an update available. Unless there's an
extremely good reason for not updating Java (some programs need a specific
version of Java to run) you should update it ASAP. If you don’t need Java then
uninstall it.
• Flash will ask about installing new updates after a reboot. Install the update
ASAP. If you don’t need Flash uninstall it (or disable the plug-in in Chrome).
• Acrobat can check for updates (under Help > Check for Updates…). Consider
using a different PDF reader like Foxit Reader or CutePDF.
PATCH YOUR APPLICATIONS
• Uninstall software you don't need or use with an uninstall tool like
Revo Uninstaller. It uninstalls the software and removes all remaining
files and registry entries.
• Use an application like Personal Software Inspector to check for, and
apply, application updates.
• Allow trusted applications to automatically update themselves.
• Use a utility like Snappy Driver Installer to update your drivers.
USE A GOOD ANTIMALWARE UTILITY (OR TWO)
• Primary - Malwarebytes (free/paid), Microsoft Defender
(free), Avira (free/paid), BitDefender (free/paid), Avast
(free/paid), ESET (paid), Norton (paid), ZoneAlarm
(free/paid), etc.
• Secondary – RansomFree, CryptoPrevent,
SUPERAntiSpyware, SpyBot Anti Beacon, etc.
DON'T RUN AS AN ADMINISTRATOR (OR ROOT)
• Using a regular user account will block over 90% of all current
Windows vulnerabilities.
• Create unprivileged guest accounts for anyone* that uses your
computer.
*Your kids or grandkids will infect your system!
FILE SHARING
• Are you sure what you're up/downloading isn't copyrighted,
illegal, or contains child pornography or malware?
• File sharing uses a large amount of data.
• Sharing copyrighted material can result in your ISP
terminating your Internet account and leave you open to
legal action by the copyright holder.
• Sharing child pornography will send you to prison.
WAREZ
• Almost 100% of hacked or cracked software contain
malware.
• Almost 100% of keygens (registration key generators)
contain malware.
• If the program is worth stealing it's probably worth buying.
• Most commercial (for pay) amateur radio programs have
equivalent low cost, free, or open source alternatives.
• Don't open attachments unless you are certain they are safe.
• Download all attachments and scan with an up-to-date malware
scanner (or upload to VirusTotal for analysis).
• What about emails from mom/dad/friend/UPS/FedEx/USPS?
• Are you 100% sure about the identity of the sender?
• Are you 100% sure they aren't infected themselves?
• Configure Windows to display all file extensions.
AVOID USING MICROSOFT OFFICE
Online office suites are resistant (so
far) to malware in office documents.
• Microsoft Office Online
(https://www.office.com/) – Free to
individuals!
• Google – Free to individuals!
• Docs (https://docs.google.com)
• Sheets (https://sheets.google.com)
• Slides (https://slides.google.com)
Use a non-Microsoft office suite
• LibreOffice
• OpenOffice
• Apple
• Pages
• Numbers
• Keynote
SECURE YOUR BROWSER
• Dump that insecure or out-of-date browser.
• Upgrade to the latest version of Firefox or Chrome.
• Stop using Internet Explorer!!!
• Use browser extensions to enhance your online security
and privacy.
• Using AdBlock, Privacy Badger, Ghostery, and NoScript is a good
start.
• Avoid questionable websites.
ENABLE MULTI-FACTOR AUTHENTICATION (MFA)
• A second factor will protect you even if your password is
compromised.
• Many online services offer MFA.
• Soft tokens and authenticator apps are easy to install and use.
• The use of SMS messaging as a second factor was recently
deprecated by NIST (and was recently exploited).
USE A PASSWORD MANAGEMENT TOOL
• LastPass, KeePass, RoboForm, etc.
• Prevents password reuse.
• Remember a single master password.
• Some support MFA (multi-factor, or two-factor
authentication).
BACKUP YOUR DATA
• Image Backups - Can be restored to new media to
revive a failed hard drive or recover from a disaster
or ransomware incident.
•File Backups - Individual files or folders can be
restored to recover from a malware incident or
accidental deletion.
LOCAL BACKUPS
• Local backups are stored on USB device, CD/DVD/Blu-ray, Tape, Network
Share, etc.
• Encrypt your backups. They probably contain passwords, protected data
(SSNs, credit card numbers), registration keys, etc. that you don't want
leaked.
• Backups on connected devices (anything with a drive letter) can be rendered
useless by ransomware. Always detach the backup device from your
computer after completing your backups and store it in a secure location.
• Consider making multiple backups and storing them at different locations.
CLOUD BACKUPS
• Cloud backup providers- Carbonite, Crash Plan, BackBlaze, etc.
• Cloud backups are generally more resistant to ransomware.
• Some cloud backup vendors keep multiple generations or versions of
files to allow users to restore from a specific point in time.
• Some vendors have restore options for disasters or critical situations.
They will overnight your backups on an encrypted drive for quicker
restoration.
PROTECT YOUR EQUIPMENT
• Always use a surge suppressor or UPS.
• Insure your cables aren’t frayed or pinched, and are fully
inserted.
• Periodically vacuum the interior of your computer case, or
carefully use a leaf blower (do it outside, and avoid blowing
directly on fans…they aren’t built to handle 120 mph gusts).
• Use ferrite clip-ons to reduce RF interference.
SANITIZE YOUR HARD DRIVES
• Use a secure wipe utility
before you sell, dispose of,
or gift an old computer or
hard drive.
• .223, .308, .357, .44, .45,
and .50 diameter holes are
also extremely effective.
DON’T FALL FOR SUPPORT SCAMS
• Microsoft will never call you
(unless you pay for a
support incident).
• Microsoft has no way to
know your computer is
infected (but your ISP
might).
• Event log errors and multiple
network connections are
normal and expected.
• Giving a stranger access to
your computer is placing your
life in their hands. JUST
DON’T DO IT!!!
ONLINE RESOURCES
• Securing The Human – Ouch! -
https://securingthehuman.sans.org/resources/newsletters/ouch/2016
• ASD Strategies to Mitigate Cyber Security Incidents -
https://www.asd.gov.au/infosec/mitigationstrategies.htm
• ASD Top 4 - https://www.asd.gov.au/infosec/top-mitigations/top-4-
strategies-explained.htm
• BBB Scam Tracker - https://www.bbb.org/scamtracker/us
ONLINE RESOURCES
• Free phishing training - https://phishme.com/resources/cbfree-
computer-based-training
• Uninstall SMBv1 - https://support.microsoft.com/en-
us/help/2696547/how-to-enable-and-disable-smbv1,-smbv2,-and-
smbv3-in-windows-vista,-windows-server-2008,-windows-7,-windows-
server-2008-r2,-windows-8,-and-windows-server-2012
ONLINE RESOURCES
• Protect your computer from Ransomware
• http://www.computerworld.com/article/3187889/security/how-to-
rescue-your-pc-from-ransomware.html
• https://www.bleepingcomputer.com/news/security/how-to-protect-
and-harden-a-computer-against-ransomware/
• https://krebsonsecurity.com/2016/12/before-you-pay-that-
ransomware-demand/
ONLINE RESOURCES
• Ransomware in action - https://youtu.be/Z-htleMYq5E?t=50
• ETERNALBLUE in 2 - https://t.co/I9aUF530fU
• Ransomware Prevention-
https://www.helpnetsecurity.com/2017/05/15/prevent-ransomware-
guide/
• Ransomware Simulator Tool - https://info.knowbe4.com/ransomware-
simulator-tool-1chn
• VirusTotal - https://www.virustotal.com/
ONLINE RESOURCES
• Personal Software Inspector -
https://www.flexerasoftware.com/enterprise/products/software-
vulnerability-management/personal-software-inspector/
• Snappy Driver Installer - https://sdi-tool.org/
• RansomFree - https://ransomfree.cybereason.com/
• CryptoPrevent -https://www.foolishit.com/cryptoprevent-malware-
prevention/
ONLINE RESOURCES
• Removing Admin Rights
• https://www.helpnetsecurity.com/2017/02/23/removing-admin-
rights/
• http://www.cso.com.au/article/604516/block-100-ransomware-by-
managing-admin-rights-applications-researchers/
• Password management applications -
http://www.pcmag.com/article2/0,2817,2407168,00.asp
• Enable MFA on your online applications -
http://www.pcmag.com/article2/0,2817,2456400,00.asp
ONLINE RESOURCES
• Cloud backup providers -
http://www.pcmag.com/article2/0,2817,2288745,00.asp
• Support scams - https://www.onthewire.io/inside-the-tech-support-
scam-ecosystem/
• Highlights of the Verizon 2017 Data Breach Investigations Report-
http://ridethelightning.senseient.com/2017/05/highlights-verizon-2017-
data-breach-investigations-report.html