dd if=/dev/zero of=zero.filename bs=1024 count=1000

You do the same using /dev/urandom:

dd if=/dev/urandom of=random.filename bs=1024 count=1000

Resulting in a 1MB file:

1000+0 records in
1000+0 records out
1024000 bytes (1.0 MB) copied, 0.0294247 s, 34.8 MB/s

This is transferring random data from the virtual device urandom to the output file. We use /dev/urandom instead of /dev/random because the /dev/random source generates random data very slowly. urandom is much faster at this but remains very random, if not quite a random as /dev/random. This should work with any system with dd and /dev/urandom.

• Don’t allow connections to this computer
• Allow connections from computers running any version of Remote Desktop (less secure)
• Allow connections only from computers running Remote Desktop with Network Level Authentication (more secure)

At first blush, you would probably choose the “more secure” option. Practically, this mainly means that it only allows connections from the latest Remote Desktop software in Windows Vista. It is probably another attempt by Microsoft to force consumers and businesses into upgrading to Windows Vista. But… I digress.

When connecting with an older Terminal Services (TS) client in XP or even Vista, you will get this message:

“Remote computer requires Network Level Authentication, which your computer doesn’t support”

Not all is lost. There are two ways around this. The first and most obvious solution is to select the less secure option and disabled Network Level Authentication (NLA). If you are in an environment that does not allow this change, or there are some other circumstances where you need to keep Network Level Authentication enabled, you can get a Remote Desktop connection from Windows XP.

The first step is to download the latest Remote Desktop Client for Windows XP. As of the writing of this article, the latest version is 6.1.

For XP SP3: here

For XP SP2: here

That is not it. For XP, you need to enable CredSSP – Credential Security Service Provider.

CredSSP is a new Security Service Provider (SSP) that is available in Windows XP SP3 by using the Security Service Provider Interface (SSPI). CredSSP enables a program to use client-side SSP to delegate user credentials from the client computer to the target server.

Directions on how do do this are available at Microsoft here:

http://support.microsoft.com/kb/951608/

The quick and dirty summary:

1. Click Start, click Run, type regedit, and then press ENTER.
2. In the navigation pane, locate and then click the following registry subkey:
   HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
3. In the details pane, right-click Security Packages, and then click Modify.
4. In the Value data box, type tspkg. Leave any data that is specific to other SSPs, and then click OK.
5. In the navigation pane, locate and then click the following registry subkey:
   HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders
6. In the details pane, right-click SecurityProviders, and then click Modify.
7. In the Value data box, type credssp.dll. Leave any data that is specific to other SSPs, and then click OK.
8. Exit Registry Editor.
9. Restart the computer.

For more information on CredSSP including how to deploy this setting using Group Policy, see the CredSSP page here.

Let me know if you have any other tips or a simpler way to connect to the more secure version of Remote Desktop.

Just a note – when installing Ubuntu, do not add a user named “administrator” as I did. This makes it impossible to join the Ubuntu workstation to the domain using the “administrator” active directory user – but you can use a different Domain Administrator username and password.

The steps to follow:

1. sudo apt-get install likewise-open
2. sudo domainjoin-cli join fdqn.yourdomainserver Administrator
3. sudo update-rc.d likewise-open defaults
4. sudo /etc/init.d/likewise-open start

As a side note – you should also consider adding the following code to make it so that users do not have to login with DOMAIN\username on the ubuntu login screen. You can do this by changing /etc/samba/lwiauthd.conf and adding this line:

winbind use default domain = yes

Also, another helpful tidbit of information is getting your Ubuntu machine to resolve netbios domain names. You can do this by adding missing entries to the following lines in /etc/nsswitch.conf:

passwd: compat winbind lwidentity
group: compat winbind lwidentity
shadow: compat winbind
hosts: files dns winbind

If you receive an “ERROR” message when you try to login to Ubuntu, it could be because the likewise-open service isn’t running. Running “update-rc.d likewise-open defaults” should start it but troubleshoot this script to make sure it is indeed running on boot.

For More Information:
Official Likewise-open page on Ubuntu

Luckily, there is a module which enforces secure login on a Drupal install.

Drupal Module: Securepages

Although it is still in development, the 6.x-1.x-dev version worked great with my Drupal 6.4 installation.

The Pros: The image looks great. Hands down it is a clean, crisp image, and with the latest firmware updates (click here) supports most audio configurations.

The Cons: This thing is the slowest media player I have ever laid my hands on.

The instructions warn that the initial setup could take 90 seconds to start and after that, start up would be quicker. I suppose they didn’t lie – start up on an everyday basis takes around 40 seconds or more! After that, you can finally eject the tray to insert your movie, or make your way to the menu.

Forty seconds, when you have an impatient toddler wanting to watch Finding Nemo for the 50th time, is similar to taking a short detour through Dante’s 3rd circle of hell.

In addition to that, woe to the consumer who might get a relatively new, $30 Blu-ray movie to play in it. We put in Dan In Real Life (Ok movie, but slow paced) – it proceeds to play the previews, fine. Then it seemingly locks up for a few minutes on a screen with a progress bar that says “loading”. We power down, start the process again. Briefly before the “loading” screen pops up again, it mentions that on older players it could take several minutes to load the menu. Seriously, 3 to 4 minutes later, the menu loads up.

Again, we received 10,000BC (don’t waste your time) in the mail from Blockbuster. Started to play it and we wanted to stop and start it over. I pressed the stop button, and I guess I overloaded the system as it was totally frozen. I had to press the power button for 10 seconds and start the whole process over.

Are you kidding me? This is the worst consumer experience I’ve had in a long time. Maybe I am just an impatient American, but spending 5 minutes waiting for a movie to load up, after having spent that much money on top of the line technology, is a disgrace. Sony should be ashamed that they let this product go to market.

What is it doing during this loading time? Is the Java OS loading all of its unnecessary libraries? Who allowed this to pass by QA?

So my recommendation to anyone looking to buy one of these systems is keep looking! There are more and more choices out there. The PS3 is only $50-$100 more and it loads movies much faster and has many more advanced media features (like streaming audio and video right to the PS3 from other media servers), not to mention all the games you can play on it.

Sony used to be top notch in my opinion when it came to hardware of any kind. However after this incident, I will really have to think twice before getting another Sony product!

For the uninitiated, two-factor authentication is when two separate methods are used to verify an identity. For example, a thumbprint and a codeword, or a eye scan and a smart card. The most useful in my and many other’s opinion is a One Time password token, like the Paypal/Verisign security key. This device, which is meant to be carried with you at all times (think, belongs on your keychain, and you keep it in your pocket like a key) generates a series of numbers which depend on what time it is. This number, when combined with your password, provides a much more secure way of authenticating that it is really you who is logging into PayPal, and not just some guy from across the world who happens to have guessed, or phished your password.

OpenID is a relatively new technology where you store your personal information at a site called an OpenID Provider, and then other sites authenticate to that site. You then tell the OpenID provider that it is ok to let your target website use your information and itself to authenticate you. After that, when you want to login to this target site, you just need to be logged into your OpenID provider. Maybe this video will clear things up for you.

Some popular OpenID Providers are: MyOpenID, Verisign Labs PIP, and many, many more. I personally use Verisign Labs PIP, simply because I trust Verisign, and established security company, more than many of the other ‘mom and pop’ websites who now all of a sudden are OpenID providers. Call me elitist if you want but that is just how I feel.

So, good idea in theory, but I had a pretty big reservation about it. What if someone was able to get your OpenID username and password? All of a sudden, they have access to ALL of your websites that you use OpenID with, and you are worse off than if you just used seperate usernames and passwords for each one. You do use different passwords for your website logins, right?

So, just today, I thought to myself: wouldn’t it be great to be able to use that Verisign Branded PayPal Security Key with my Verisign Labs PIP account? Lo and behold, a google query later, and I find out that they are one of the only OpenID providers to provide two factor authentication, and that my old PayPal Security key works with it! Bingo!

I didn’t really find too much information online about how to hook the two up, so I thought I would put up an explanation to help others realize the security that this provides them.

1. Get a PayPal Security Key

All you need to do is go to the PayPal Security Key Website, sign in, and place an order for it. A few days later you get a little package with your key, and then you can feel special too.

2. Login or Create an Account at Verisign PIP

The Verisign Labs PIP website has all of the information you need for signing up. Go through all of the steps needed to activate your account before proceeding to the next step.

3. Add your Security Key Credentials to your account.

Go to the “My Account” page, and at the bottom there is a section that says “VIP Credential”.

You will then be asked to enter the credential ID (which are the letters/numbers on the back of your key) and also to push the button to generate a one-time key.

Click add, and you are done!

Next time you log into your OpenID at PIP, you will see the following challenge after you enter your username and password:

At this point, you might be asking what happens if you don’t have your Security Key with you? Well, there is an alternative. They will send you a one-time pin either to your cell phone via text, or to the e-mail account that you have on file with them.

This ensures that even if you don’t have your key with you, access to your websites can still be had. Just make sure your e-mail password is different than your OpenID password!

As an added bonus, they offer a firefox plugin called “Seatbelt” that automatically fills in your OpenID location for you on sites that support OpenID. It’s nice to not have to remember your OpenID URL, which is username.pip.verisignlabs.com. It’s not overly difficult to remember but they definately could use a more catchy URL.

So that is about it – with these two things, you should be sailing along with OpenID using two-factor authentication and minimal effort and money spent!

In his case it sounds like the original owner of the machine may have used a weak root password on his machine, allowing for someone to crack it and break into the box. People, don’t forget to use a hard-to-brute force password, and finally disable root login s. Instead, use normal users and sudo.

Finally, if you are doing this in a legal setting and preparing for a possible future court case, don’t forget to make an image of the drive (using dd or Norton Ghost) before your analysis; otherwise the intruder can get your evidence thrown out.

Some other security resources:

• APF + BFD
• OSSEC
• Sleuthkid
• chkrootkit

For some more technical information on this, check out dmiessler’s post on the subject.

He mentions using bookmarks to make force your browser to use Google’s secure connections – however I’ve noticed that occasionally depending on how you arrive to your Google services that you will switch to an unencrypted session without warning.

For that reason, If you are using Firefox and greasemonkey, I highly recommend installing the “Google Secure Pro” userscript. It automatically switches you from using http:// to https:// to ensure your data is encrypted to Google’s servers. This will increase your security greatly from using the unencrypted connections, which is good if you transfer confidential data over e-mail – like most normal people do!