Patch Patch Patch!! – TC2027 Fall 2016

--Originally published at El Machetero Blog´s

As you may know or if you don´t, well, let me tell you there´s no thing as PERFECT SECURITY, there´s a lot different ways to get access to a system either it is a personal one or it belongs to a company and believe it or not many of this don´t even require the attacker to use a computer, they only need distracted, neglected, fearful or even helpful PEOPLE, yes people are a vast source of information and they can be easy to trick so I would say people is one of the most dangerous breach in security and you can´t patch them

Password Cracking

There are different methods to obtain information from an user, some can be done with no computers or special devices for example social engineering, dumpster diving, shoulder surfing and some more use programs like NetBios Auditing Tool, Chknull or LC4 which can be used to attack the network from the outside of wherever the system is located.

We can also do things from the inside either it is just for testing or with malicious intentions, one well know program to crack passwords is John the Ripper, but it takes some time. But you may ask, how the hell does bad people managed to get into the company D:, well you may have some pretty bad physical security, or bad guys are pretty good at what they do.

Physical Security

With all the information of the many cyber attacks that occur you may focus only on increasing your system security, but may tend to forget about physical security and this may lead to very serious problems.

There are some very hardcore ways to increase the physical security, like having systems in a specially located room with no cristal windows, secure doors and many other things, but I

go deep into that, so, some basic things to do are having systems locked and giving access only to authorized personal, also, a security guard at the entrance of the building to check and verify the authenticity and intentions of external people that want to go in, also you should´t let them free around the building.

Basic Software Security

As I said at the beginning, there´s no perfect security and people with malicious intentions will search anything they can take advantage of to break in, but we can prevent this as much as we can. As with the physical security we can go very hardcore and do a lot of complicated things, but let´s go easy and talk about basic things, the most important one in my opinion is to keep everything updated, this help´s to avoid like most of the problems, we can also limit access of services and ports only to those that we use, avoiding attacks from other places that we don´t pay much attention to, and as I said, there´s a lot more things we can do.

Passwords

Another important thing are the user´s passwords, you can teach and have users to have secure passwords, have them change it every certain time, tell them not to write it down and if they do, at least have it physically locked.

Finally all you can do is your best at physical and software security, teach your employees what to do and hope they don´t do anything weird, also, don´t hate all those Windows updates, those are meant for something or if you are a linux user well use “sudo apt-get update” and “sudo apt-get upgrade” constantly.