Skip to content

Introduction to Penetration Testing Using Metasploit

Pluralsight logoAfter many months of effort, my first Pluralsight course, Introduction to Penetration Testing Using Metasploit is now available. Here is the official course description:

Metasploit is one of the most widely used tools for penetration testing, providing powerful attack simulations, security assessment management, and more. In this course, Introduction to Penetration Testing Using Metasploit, you’ll learn to use Metasploit to enumerate available services, identify potential weaknesses, test vulnerabilities through exploitation, and gather evidence for reporting. First, you’ll see how to install and configure the Metasploit Framework and several supporting tools on Kali Linux. Next, you’ll explore how exploits and payloads work together to gain access to systems. Finally, you’ll look at how Metasploit Framework releases are made available and how to maintain the latest version of the Framework. By the end of this course, you’ll have a better understanding of how to use Metasploit to quickly assess the security posture of systems and networks to reduce risk.

I received terrific support from the Pluralsight team in creating this course. They are very active in communicating, listening, and work with their authors. They have tools and a process for getting courses out the door. I was surprised by this attention to authors and to the details most of all.

Continued…

Categories: training.

Tags: , , ,

ikawnoclast.com, Now with Let’s Encrypt

Let's Encrypt

Let’s Encrypt Logo

I just switched my personal web site (this one) over to HTTPS using Let’s Encrypt. My long-time hosting provider, Dreamhost, added support for it recently (January 20, 2016). Both Let’s Encrypt and Dreamhost’s support for it are still considered Beta, but no issues here so far.

I have always wanted to have encrypted transmissions for my web site but did not want to spend the money to get the certificate and and possibly pay for the static IP. Thanks to Let’s Encrypt and Dreamhost’s support for it, it’s now possible.

Continued…

Categories: security.

Tags: , ,

Network Warrior, Second Edition

Network Warrior, Second Edition book cover

Network Warrior, Second Edition book cover

Network Warrior, Second Edition

Gary A. Donahue

O’Reilly Media

I am an information security guy with a computer science degree. A good portion of my knowledge lies in operating system security and the interactions between systems. In college I took a computer science course in networking in which we delved into network fundamentals (packets, headers, protocols, etc.). However, most of it was focused on building network-enabled applications at the system call library level in the C programming language. We did not get to play with routers and switches, even though we knew how they worked, at least in theory. We assumed those components were there, were properly configured, and worked perfectly.

In my information security work, I have worked with small firewalls, software VPNs, IPS/IDS devices, VLANs and switches, and some other network components. I was able to figure out and configure most of that stuff out based on my fundamental knowledge of networking. However, I still didn’t have any exposure to enterprise-level switching and routing. Now I am a security architect and that is essential knowledge.

I got a free copy of the second edition of Network Warrior by Gary A. Donahue in early January 2016 through my membership to several O’Reilly Media mailing lists. This was a great opportunity to grow my knowledge of an area that I needed. It’s just over 1000 pages and packed full of useful information. It’s mostly about Cisco gear, but there are many chapters that focus on concepts that apply no matter what the vendor.

Here is a mini-review of what I found to be most helpful from an information security perspective.

Continued…

Categories: book review.

Tags: ,

Exploring ZFS Properties

We have options! (CC BY-ND 2.0 licensed image by Bill Ohl, haynseek on Flickr)

We have options! (CC BY-ND 2.0 licensed image by Bill Ohl, haynseek on Flickr)

Properties are an important part of determining and setting the configuration of ZFS storage systems. They can also be used to review the performance and usage of storage resources. Properties can be set at a top-level and inherited by child components when created. Understanding how ZFS properties are utilized is important to operating an efficient storage system.

In this article, we will explore how to properties work and how to get and set properties.

Learning Objectives

  1. Learn how properties and their inheritance are used in ZFS.
  2. Learn how to set properties to change the configuration of a storage system.
  3. Learn how to get information from properties.

This article is one of a series of articles on ZFS. You can start at the beginning by creating a ZFS playground on which you can play.

Continued…

Categories: ZFS.

Tags: ,

Video of My TEDx Talk

Presenting at TEDxLafayette 2014

Presenting at TEDxLafayette 2014

The video of my TEDx talk for TEDxLafayette 2014, “City Full of Unmanned Vehicles” is available on Youtube. Previously, I posted the text of the talk.

In this talk, I lay out my vision for the use of unmanned and autonomous vehicles and their uses within city limits. There are many potential benefits in terms of public safety, disaster response, personal transportation, delivery and logistics. However, a balance is needed between safety and the ability of system developers to experiment and advance the technology in the environments in which these systems will be used. I explore many of these ideas in this TEDx Talk.

What do you think? In light of the proposed FAA regulations regarding unmanned aerial systems (released after my talk), did I present the issue with the right balance? Are unmanned and autonomous systems just too experimental at this point to be used in our cities?

I look forward to your comments.

Categories: community.

Expanding Your ZFS Pool

Now that's a big pool! (CC BY-NC-SA 2.0 licensed image by Trey Ratcliff, Flickr user stuckincustoms)

Now that’s a big pool! (CC BY-NC-SA 2.0 licensed image by Trey Ratcliff, Flickr user stuckincustoms)

In addition to data integrity, device redundancy, and performance features, ZFS Storage Pools can also expanded in usable storage size through deduplication and compression of the data stored. In other words by shrinking raw data and removing duplicated parts of data, ZFS Storage Pools can store more data on disk. While there are some memory trade-offs using deduplication, it can provide significant storage savings for some types of stored data. There are also some significant performance benefits to compression.

In this article, we will explore how to configure deduplication and compression for storage pools.

Learning Objectives

  1. Learn about deduplication and configure it on a storage pool.
  2. Learn about compression and configure it on a storage pool.

Continued…

Categories: ZFS.

Tags: ,

Mac OS X PF Firewall: Protecting SSH from Brute Force Attacks

Apple-like gate (CC BY-SA 2.0 Licensed image by Dennis Jarvis, Flickr user archer10)

Apple-like gate (CC BY-SA 2.0 Licensed image by Dennis Jarvis, archer10)

The OpenBSD‘s PF provides a great many features for packet filtering and network address translation. Mac OS X includes a version of PF that can be used to protect network services. In an article called “Mac OS X pf: Avoiding known bad guys“, I talk about using the Mac OS X PF firewall to protect against known bad sites. In this article, we explore a technique to protect SSH from attackers trying to gain remote access to your Mac by guessing passwords by brute force.

Most of what I learned about PF was used at the office to protect our network. We built redundant firewalls using FreeBSD and PF rules. I started to experiment with the Mac OS X PF implementation once I learned that it was shipped in Lion (Mac OS X 10.7). I am specifically concerned about my Mac laptop systems. The information in this article can also be applied to Mac server and desktop systems too.

Continued…

Categories: firewall.

Tags: , ,

Accessories for Your ZFS Pool

CC BY-NC-SA 2.0 Licensed Photo by Joe Shlabotnik (Flickr user: joeshlabotnik)

Not that kind of pool accessory! (CC BY-NC-SA 2.0 Licensed Photo by Joe Shlabotnik, joeshlabnotnik)

ZFS provides several features for Storage Pools that can improve reliability of the storage system and increase the overall performance of reading and writing data. An additional level of reliability can be attained through the use of spare devices that can replace failed storage devices in a zpool. Data read performance can be increased through the use of cache devices. Data writes can be improved with the use of log devices. This article provides a description of each type of device and the commands through which they are configured.

Learning Objectives

  1. You will learn about hot spare devices and how to configure them.
  2. You will learn about ARC and L2ARC and how to configure cache devices.
  3. You will learn about the ZFS Intent Log and how to configure log devices.

Continued…

Categories: ZFS.

Tags: ,

Playing in the ZFS Pool

A lot of drives for ZFS Storage Pools.  (CC BY 2.0 Licensed Image by Billie Ward, Flickr user wwward0)

A lot of drives for ZFS Storage Pools. (CC BY 2.0 Licensed Image from Billie Ward, wwward0)

Storage Pools are the basic method for consolidation of storage devices, data integrity, and redundancy for ZFS. Using some commands, you can quickly configure simple storage pools. In this article, we will explore the basic types of ZFS Storage Pools (stripes, mirrors, and RAID-Z), the available storage and redundancy trade-offs, and the commands used to create each type. There are several example commands included that can be used to create storage pools for experimentation and testing. Using the ZFS Playground we built in a previous article, we can experiment and test ZFS Storage Pools quickly and easily.

Learning Objectives

  1. You will understand the basic types of ZFS Storage Pools.
  2. You will understand the tradeoffs associated with each pool type.
  3. You will be able to create basic storage pools in a virtual environment.

Continued…

Categories: ZFS.

Tags: ,

Building a ZFS Playground

The logo of Open ZFS

ZFS is one of those technologies that I have always had on my to-learn list. After I left Sun Microsystems in 2002, there was not much reason to go back to Solaris. I still had my Sun hardware for learning and experimentation. Soon after I started at Purdue University, I gave away and sold all of that gear to students that were interested in learning Sun hardware and Solaris.

When ZFS became available in OpenSolaris and Solaris 10 (update 6/06) in 2005 and 2006, respectively, I was no longer using Solaris or administering any Solaris systems. (If anything, I was complaining about the Solaris systems that I had to use.) As ZFS was integrated into FreeBSD, it became more interesting. I did not have any hardware that would be a good place to play and learn though.

Fast forward to the end of 2014, we now have access to a lot of retired server gear with plenty of disks, RAID cards, a lot of CPU and memory in the data center at work. So, I divided up the equipment with my security engineers as systems with which to learn and experiment. One of the first things I thought our group could use was a file server for desktop backups and general storage. Being a FreeBSD guy, my first thought was FreeNAS. After installing FreeNAS 9.3 and discovering that it was all ZFS now, I realized that now was the time to learn how to make ZFS go.

My initial research lead me to a great (but slightly old) presentation by Ben Rockwood called Becoming a ZFS Ninja (videos part 1 and 2). My eye-opening moment was when Ben talked about experimentation using VirtualBox and creating virtual disks to manage under ZFS. Well, of course. That seems obvious now!

I want to learn ZFS and play around in a safe environment. VirtualBox (or any other virtualization toolset) is a great way to do that. Sure, I have hardware now, but a virtualized environment to play with the configuration makes more sense. I expect to do stupid stuff in ZFS (some intentionally). What I need is an environment that is tolerant of mistakes and provides a easy way to go back and try something different. I cannot be driving over to the data center every time I mess up the base OS and have to reinstall again.

So, I built a safe place in which I can run around with scissors, bonk my head on the equipment, and jump off the swing set at the highest point. Nothing can hurt me because I can reset and try again. It is a safe playground for learning.

This post is really for me, but hopefully you can find something useful here as well.

Equipment List

We need to assemble our equipment and tools to build our playground. Here is a list of what my playground has. (You can build yours with similar equipment.)

  • VirtualBox
    • Virtual disks
  • FreeBSD 10.1

That’s a very simple list. Feel free to deviate from it. For example, your playground may work equally well with other virtualization tools. I have access to VMWare Workstation at the office, but I never use it. VirtualBox is free to use and is actively supported. I chose FreeBSD 10.1 because it’s the new shiny FreeBSD release as of this writing. It also has ZFS baked into the OS. The BSD installer can also create a ZFS root partition, which I plan to experiment with as well.

You could use a different virtualization platform. In fact, I would interested in hearing about the use of other tools. Leave a comment.

You could use a different operating system. FreeBSD is something with which I am very familiar. There are ZFS implementations in several other operating systems. Pick your favorite. From what I can tell, most of the management of ZFS is handled using the zfs and zpool commands, which are similar in most implementations.

Caveats

The purpose of the playground is to learn the concepts in ZFS, play with the commands, and learn from mistakes. The playground is small though. We cannot build a large storage service with specific performance targets in the playground. Some features of ZFS cannot be enabled and used effectively given limitations of the playground (disks and memory mostly). We are also not attempting to build a file server with lots of file sharing services, like FreeNAS.

We can, however, build a reasonably good place to blow stuff up, get concussions, destroy data, and wreak havoc without anyone or anything being permanently harmed or any smoking hardware. We simply reset the VM back to a snapshot, and we are back in business.

ZFS Playground Construction

The first thing that we need to do is to assemble our tools. If you don’t have your virtualization tools ready, go ahead and get those downloaded and installed. You can find VirtualBox at the virtualbox.org site, and it is available for Windows, Mac OS X, and Linux.

For the operating system, download the OS installer ISO image. For FreeBSD, download the amd64 (64-bit) ISO image (download). There are now many more options for installing 10.1, but this is all you need.

Creating a New OS Virtual Machine

Configure your virtualization tool to create a new virtual machine (VM) for the ZFS-enabled operating system. Here are the VM specifications that I use:

  • 64-bit operating system
  • four GB memory (ZFS loves memory, but four will get us started.)
  • two or four CPUs (I cap execution at 75% to prevent the VM from affecting the host.)
  • one main OS disk sufficient in size to hold the OS files
  • one CD drive for the OS installation ISO image
  • one network interface for updates (optional)
  • no audio or USB support (We don’t need them.)
FreeBSD VM, 64-bit

FreeBSD VM, 64-bit

While you are configuring the VM, you can also create a series of virtual disks for ZFS to manage. The flexibility of ZFS allows it to work with a variety of disks. For simplicity at this stage, I would recommend creating at least three virtual disks. Here is what I created:

  • a new SAS controller (implemented as a LSI Logic device in VirtualBox)
  • five, two GB fixed-size virtual SAS disks (named “ZFS Disk x”)
ZFS Playground VM with all disks created.

ZFS Playground VM with all disks created.

The fixed size disks have their space allocated at creation, instead of growing the disk as it is used. The small size of the disks is not important and has no impact on ZFS for our purposes.

Assign the OS installation ISO image to the virtual CD drive and start the installation. For FreeBSD 10.1, you have the option to install the operating system on a root file system that is managed by ZFS. That’s great for future experimentation. To avoid confusion at this stage, let’s do the usual UFS installation. We may revisit FreeBSD on a ZFS root later.

The installation of FreeBSD 10.1 is left as an exercise for the reader. If you encounter issues though, let me know.

Check Out the OS

Once you have the OS installed, detach the installation ISO and reboot.

From here, I will be referring to FreeBSD 10.1 specifically.

The first thing we should do is check for updates and apply those. There may be updates that apply to ZFS, so let’s avoid potential issues by having the latest version available. Run the following command to download and install any FreeBSD updates.

FreeBSD out of the box has enough tools installed to make most admins happy. If you need more, fire up pkg and install what you need. (This is also left as an exercise for the reader.) I would not waste too much time making this particular FreeBSD VM the ultimate admin world for you. We are here to learn ZFS, not FreeBSD specifically.

One of the first things you may notice is the FreeBSD kernel warning about ZFS not having enough memory to enable prefetch. That’s OK for now. It will still work for our purposes at this point.

Snapshot It!

Before we start playing, breaking, and doing relatively destructive things, let’s start with a VM snapshot.

Our First ZFS Command

Finally, we are at a point where we can start learning ZFS. Here is your first command:

Wait, what just happened? Well, that simple command created a new pool (“mypool”) containing our five virtual disks in a large stripe and mounted it.

No, really. Look:

Our Second ZFS Command

Time to clean up. Use this command to delete the pool we just created:

Wrap Up

Here’s what we did:

  1. Assembled our virtualization tools.
  2. Created a new VM with a ZFS-enabled OS.
  3. Created virtual disks for experimentation.
  4. Started and updated the OS.
  5. Created a ZFS pool of five disks with a single command and then destroyed it.

Next Time

In a future post, we will use our new playground to run reckless and learn.

[Update January 5, 21:20: Josh Gillam find some grammar issues, which I corrected.]

Categories: systems, ZFS.

Tags: , ,