Monday, February 29, 2016

"Eradicating Zero Day Malware?" / A Discussion of Terminology and Some Best Practices

Hey everyone - Someone asked me an interesting question, and I thought it was worth a little bit of discussion in a post.  The question was "Once you discover zero day malware, how do you get rid of it?"  Let's talk about it after the jump.

Monday, February 22, 2016

On The Topic Of Incorrect Filesystem Permissions

Hey everyone - We had fun with containers, and now I want to shift to a slightly different topic.  I came across this article about privilege escalation due to a vulnerability caused by incorrect file system permissions.  The article talks about the issue in Windows, but it can happen with any file system and operating system.  We will take some time today to get familiar with file system permission in Windows, specifically NTFS.  We will also take a look at ways you can help prevent the issue referred to in the article.

Monday, February 15, 2016

Adventures in Containerization - Part 2: Unprivileged LXC Containers in Fedora 23 (And Probably Some Other Distros Too)

Hey everyone - Last week, we talked about what containers are and why you might want to learn about them.  Today, we will take a look at getting LXC installed and a container spun up.  When I started writing this entry, I tried to get things running on a fully updated CentOS 7 VM.  Unfortunately, to get unprivileged containers working, we needed a few things that CentOS 7 does not have, including a new enough version of shadow-utils.  Because we need to map user IDs and group IDs in the container to user and group IDs on the system, we need a version of shadow-utils that can let us add subuids to our user.  The version of shadow-utils that is available for CentOS 7 as of this writing (4.1.5.1-18.el7) does not support subuids (we need 4.2.1).  There are a number of other dependencies (including a newer kernel version - at least 3.13), and unfortunately, as of this writing not too many distributions have everything that we need. We could build all of the necessary dependencies from source, but I wanted to keep that to a minimum, and there are other packages we will need to build from source later (see below).

One of the rolling release distros like Arch, OpenSuSE Tumbleweed, or Fedora Rawhide might do the trick.  Today, I am going to explore unprivileged LXC containers with Fedora 23.  There are a few tutorials on how to get this working in Ubuntu (like this one), which we will draw from.  Most of the tutorials I have seen say to use Ubuntu because that is ready to go, but I wanted to try something different.  Maybe this will help someone who is used to RedHat / Fedora.

Most of these steps should work on any Linux distro with new enough packages:
  • LXC >= 1.0 (we are running 1.1.5)
  • Linux Kernel >= 3.13 (we are running 4.3.3)
  • Shadow-Utils >= 4.2.1 (we are running 4.2.1)
After getting everything installed, the lxc commands should be the same on any Linux you decide to run this on.  More after the jump...

Monday, February 8, 2016

Adventures in Containerization - Part 1: What are Containers?

Hey everyone - We have been talking about databases and data security for the past few weeks.  I thought it would be nice to switch gears a little bit and talk about another aspect of information security: containerization.  Containerization is the process of deploying applications and services in isolated environments.  It is similar to virtualization, but does not require installing a new instance of the operating system (and all of the overhead that comes along with that).  Containers in Linux are similar to jails in BSD and zones in Solaris.  I have not worked with containers and containerization extensively, so this will be a learning experience for me as well.  Time to get started.

Monday, February 1, 2016

On the Subject of Database Encryption, Part 2

Hey everyone - We had some fun last week working on encryption in MariaDB.  This week, we will do something similar for another popular database platform: PostgreSQL.  This time, we will do things a bit differently.  Last time, we worked through examples of symmetric cryptography.  This week, we will take a look at using asymmetric (public key) cryptography to encrypt fields in the database.