Skip navigation

Tag Archives: Security

Chief Security Officer’s Tool Kit (Small to Large Jobs)

This article will be the first of my old routine in blogging. I will be talking about a “Chief Security Officer’s Tool Kit (Small to Large Jobs) ”. This will entail what a Chief Security Officer should do for what condition kind of a do’s and don’t idea. Some of it may be to lamens terms in the “Home User” section.

Home user

Home users usually need less security tools like a UTM (Unified Threat Management) Tool but you can give them many tools on the market to keep them safe and a few basic precautions and things to look out for when being online.

Recommended Tool’s to Fix or Help User

Anti-virus – (recommended) Avira Anti-Virus Suite great free tool and they offer tools with more features for a small amount. They offer many products ranging from mail, web, Sharepoint, Anti-Spam, 3 types of web proxy’s, Exchange, they offer many server solutions and even for your mobile, and bundles and free stand alone tools as well. They offer products for windows and linux but I could not find the linux one. Downsides of the free product is you get a pop-up every time you boot to advertise their products. –

This tool is one of the best FREE anti-virus tools out there. They also offer many products for Linux, AntiSpam, AntiVir Exchange, Portalserver, Proxy’s and more.

Spybot Search & Destroy Anti-Spyware tool with great host file update tool called “Immunize”. For more on your host file or more tools check my article at Your Host-File Can be your Best Friend if in Use!!!

SUPERAntiSpyware Anti-Spyware tool that has great memory features. –

Secunia – This tool is for finding any application in its database and will find if that application has a flaw know to the public and if a fix is available. This will also work on the operating system also. –

Ccleaner – This tool is a tool will help you to remove temp files. This tool makes it very easy to find and remove many locations in the OS. This tool has many ways to remove files. They have algorithms like simple (one wipe), DOD 5220.22-M (3 pass), NSA (7 pass) and Gutmann (35 pass). They also have a reg cleaner. –

TrueCrypt – This tool is a great encryption tool that has many tools and features with in the application. –

PC Tools Firewall Plus – (recommended) –


Combodo – This tool did not give me a good experience but it was annoying. It is rated among the world as one of the best firewalls and it did do that. Has a great sandbox feature but if anything in the sandbox can’t be saved on the OS that I found and not that user friendly. –

Sandboxie – This tool is one of the best tools I ever found. This tool helps you run any application, any except it self in a sandbox. It will let you know if you are in a sandbox by putting a # on the top of the application. This tool will not save you from exploits I don’t think did not test yet. It will stop all files from the OS. This will tell you if a file wants to access the OS and make it a little to easy to bring it to the OS. –


Avast! – I found out about Avast! Process Visualization (avast! Sandbox) it seems like a good technology and threat detection. I did not use it. I would not recommend it as a first try. I found that Avast! Signatures are not as advanced and up-to-date. (my tests don’t give me hate mail) –

For more tools you can see my older article at The Guide to Locking Down a PC

or my article to test your computers security at Test Your Computers Security!. I also have an article to add entry’s to your Host File at

Your Host-File Can be your Best Friend if in Use!!!.


1. Log on web sites and trust the site (If you don’t trust the site do research on the site see if they are a legit site from what they offer), look again (URL is it the site or has been changed, look letters can be changed E can be a 3 or a 8 can be a B or a 5 can be an S, letters or numbers or special characters can be added to your site name), and SSL (TLS).

2.Passwords on websites turn to long pass phrases. You can use a tool witch is my favourite like “Last Pass”. This tool organizes all your passwords in a web style interface in your browser with many security features to keep your information safe. It also encourages long pass phrases like I said will allow you to store long gibberish strings of information that will not be susceptible to dictionary attacks and to brute force a long set of characters, numbers and special characters together will take hours with a cluster of machines all trying to guess it online and will put up many red flags on the account on the website, and still will take many days or years, and if you change the pass phrase when they finish they have to start all over. So lesson here lone pass phrases not in an easy location, only you can access. That encrypts your data so no one can see it like “Last Pass”. Don’t use same passwords for sites, keep your passwords at least 5-10 characters long.

3.If you find a machine is compromised by a virus or unauthorized access to the machine, format (new install of the operating system) but first backup all your important data to a media like a read only media, CD or DVD will work. I don’t care if you can remove any infection, if I created a virus I would always have a backup plan, i.e. Backdoor to the machine (exploit not patched, backup of virus, different strain of virus in different location,registry key, fuzzed application, persistent backdoor like a process etc…). I always say “Any infection is still an infection”. This still goes for if someone gains your credentials to a website change it as soon as you can.

First limited user always. Unless needed for maintenance for that session. Don’t click links, copy URL also don’t open e-mail that looks odd and also never open attachments from people unless you have contacted the person conforming that they did send it to you.

To tell customer what to look for

    1. Look for the https:// in front the sites name if the http:// has no s, put one there and refresh the page. This will make sure that the site you trust will establish a secure connection to the site if not don’t trust the site (sorry but if any one in between the connection can see the traffic I don’t trust the site). Check for a certificate for the site. Usually a lock in the URL, bottom of page in bottom left of the screen. If you can establish a https:// connection and can’t see the certificate. You might have a mixed connection or the connection is forward to a http:// connection on the server side. But still I think if you really need to get on the site and does not have a certificate use a tool like “Wireshark” and it is located at . It can monitor your connection to see if the certificate is established.
    2. Tell the customer about tools like “Last Pass” and tell them how convenient, secure like the features about the service and it can be found at I also found a talk about the product in great detail on how it works, and the features, security found at “Steve Gibson’s” Podcast called “Security Now” located at Episode # 256 Called “Last Pass” or a transcript of the show at

    3. Tell the customer if their machine is compromised what happened that how they passed the defences like an exploit in easy terms like a link, program, email, web exploit, etc… Describe what can happen if not removed like they will have full control of their computer and any activity and passwords can be monitored. Even If you can remove an automated tool like a virus I still say the machine is not 100% secure there was still an exploit that they used to gain control of their machine and if you were a malicious person that wants control of a person’s machine would you add a backdoor if someone found your tool? I would so the only way to be 100% is to format their machine and re-flash their BIOS. New rootkits will look at what version of your motherboard, BIOS and will fuzz it to add a backdoor. This is very uncommon but still in the wild.

Extra Information

You can also add a frozen state of the machine like Windows Steady State found at

This may have many tech Support Calls because it takes a snapshot of a system and freazes it so any changes made after the change will not be saved. You can set locations to allow saves and also easy account lock downs.


You can also tell them to receive a router that has Network Address Translation (NAT) even if they have only one computer. Also with a Demilitarized Zone (DMZ)This will prevent direct attack if targeted by an attacker on the outer layer of the network. Also have static IP addresses assigned and have a white list to only allow the present computers on the network that are trusted and block all others.

Talking about routers, you have to see if your router may be vulnerable to attack. Remember that it is still an embedded device and the firmware may be at fault or the user name or password may be to easy to brute force or may be defaulted. Also check if UPnP may be enabled and do not allow it to be allowed. If so a UPnP software/hardware on the network may ask the router to allow ports and services to enable without any credentials used or logged.


Next change the default DNS settings to a trusted DNS service like OpenDNS found at and set it up in the router. This will give you a performance and security gain by using a powerful DNS service with many filters to stop bad sites on your network or for parental control. Also OpenDNS offers a great filter service and has a great blacklist of bad sites. It also has a prevention tool to prevent DNS Rebinding attacks.

Small Business

Most information I said in the Home user will be relevant here.

A small business should have a UTM (Unified Threat Management) solution like the Astaro Security Gateway. They should also look at a type of patch management solution. They also should be PCI Compliant. Like the home user they should have end-point security like a anti-virus solution like some of the tools I said in the “Home User” section. They should have a software firewall and look into a hardware firewall/UTM/ Content Filter. Check if any servers are active and up-to-date.

If they have a web server that is web facing they should move it to a separate network within their network. They should do the 3-way network, 2 routers minimum needed and a switch, the switch will be public facing out side the routers connecting to it will be one router will be the network and one will be the web server. They will isolate the server so if any server attack to the web server will not allow the infection out of that part of the network. Only if their is some communication to the other network that is persistent on that network to the other. This might still be obtained but will be harder to jump onto the other range.

If a domain controller, you should put stringent policy’s. First limited user always. Unless needed for maintenance for that session. Next, you should look for a way to look at logs in an easy fashion. You should also allow an ip filter tool like PeerBlock (Windows only) found at . This tool will allow you to monitor ip addresses and ranges that are malicious or you don’t want on your network.

Lock down your shares (SMB) and make sure you have no anonymous access is allowed. Also make sure the access of the shares only are allowed to what hey need. Try to insure no execution off applications on the share. Make sure your logs are being monitored.

Also check if if you have any FTP servers are used if so make sure they don’t have a bad password that can be brute forced. Also if you do use FTP at all make sure you have a SSH tunnel you traffic through so your credentials are not seen in clear text. Also make sure your SSH server does not have the same credentials and good password not to be brute forced. Lastly on the SSH Server make sure you give it an encrypted key that is known to the user and make the SSH user a non admin to minimize risk. To make it easy for the user to use this implementation you can use tools like WinSCP found at . For more information look at and also If you want to find a SSH client on windows you can use Putty found at they also have a key generator called PuTTYgen and a key storage application called Pageant.

Medium Business

Lack of information! Will do more research.

Large Enterprise

Lack of information! Will do more research.


This will be made when the article is done.

Dear World!!!

Hi again. I know I did not update the blog in over 8 months ago but I was busy. I had family issues and still but I still enjoy security. I will give more information on my blog if people give back!!! I need help with a few of my ideas and none have been done…well my big ones that me and my friend have. Him and I are enthusiasts and bad coders. I have a few batch scripts that link here and no download…My bad. All are on

sorry for the loop back if you came from

already well me and my friend have an idea that needs help with a back-end MySQL server with many parts and or Ruby On Rails with a nice GUI. Also a OS hack idea and lastly a game me and a few friends want to create (first person shooter (campaign and online)) We need all back grounds have the ideas but stuck with the creative aspect of coding.

I will release a semi chart I don’t know yet but I will put some fundamentals of how people get in your system / server/ network. Also some tools to stop it and see if your  system / server/ network is or can be venerable to these kind of exploits.

Well talk to you all soon and if you want to contact me leave it in the coments/

Keep safe in the battle field of the web.

Many people want to know if their security can be compromised so they wait to see if their method of security works. People need tools to test it not just wait to see if you get a virus and your virus scanner will detect it. Remember, rootkits are getting more and more clever they latch on to the OS in many different parts (Kernel, system folders, etc…)  and many virus scanners will not detect them. You have to use tools such as “Gmer” Found on or other tools. One day I found an article where it shows links to sites that will test certain aspects of security. I can’t find the link to the page so sorry to the creator of the article .


Test Your Computers Security!

I thought I’d put together a few ways of testing your systems security setup. These are not virus or malware scanners but various ways of testing your current security software.

Virus Test

The Eicar Virus is a harmless virus that contains a string of characters that will be recognised by all Anti-Virus or Anti-Malware vendors. By downloading it your a/v should detect it and attempt to quarantine it. It can be downloaded in various formats (.txt, .zip) and is available here:

The file will test that your antivirus is functioning properly.

Trojan simulator is similar but installs a process and a registry autostart entry that your av package should detect:

Trojan Simulator

Firewall Testing


A firewall should be able to block incoming attacks from trojans or hackers. To test this ability it is good to see which ports are hidden on your computer or “stealthed”.

A good website to test your stealthed ports is GRC Shields Up! Follow the link below then click on shields up and follow the simple instructions.

GRC Shields UP!

For a firewall to be effective it needs to stop malware from contacting the internet. Malware may connect to upload stolen info, download more malicious software or serve you adverts.


To test whether your firewall will allow leaks in different ways you can use the software from Comodo on this page:

Firewall leak testing tools from Comodo

This software when run will try and communicate with the internet in various sneaky ways to try and bypass your firewall. A good firewall should stop these methods. Don’t let your A/V block the file, as it may be detected as a potentially unwanted program but isn’t a virus.

Popups, as well as being really annoying can serve you malware. To test your Browsers Popup stopping ability then try these links:

Popup Stopper Test

Online Popup Blocker Tests

Online Phishing Sites Testing

PhishTank has a list of recently submitted phishes (website forgeries designed to scam in some way).  The confidently brave or secure can check out these by surfing to these links…  But be wary of clicking on these sites as they can often serve viruses. If a phish is detected then your security software’s phishing protection should warn you. Firefox and Internet Explorer in built phishing filters should also provide protection or warnings.

Conficker Test

To test whether you have the conficker worm, this website will load an image from some of the websites that the conficker worm attempts to block. The site explains itself better than I can but essentially if you are missing the images you could be infected.

Conficker Eye Chart

Browser Security Testing

Browsers have various security issues and to test your browser then surf here:

Browser Security Test

You may only have vulnerabilities if you are not running the latest version of your browser.

Test Your Email Spam Filter

This website will send you a number of emails designed to test your email software’s spam filtering abilities in a variety of ways:

Your Host-File Can be your Best Friend if in Use!!!

Many tools can be used to update your host-file such as “Spybot Search & Destroy” with its “Immunize” feature. This tool in “Spybot Search & Destroy” will add rouge sites any will put them in your host file so you will not be able to go to them. Many tools try to keep them up-to-date but spybot is not a filter system but it helps. I made a list of some tools to update your Host-file and where to get them.

Most links came from the link below!!!


The HOSTS File installer for Windows








The HOSTS File for Windows/Linux.








The HOSTS File for Windows/Linux (please only use this if you experience problems with the above 2 packages).







The HOSTS File for Windows/Linux, optimized by HostsMan 4 for those that need or want, to keep the DNS Client enabled and running.







The HOSTS File for the MAC OS








This file contains ad/tracking servers in the hpHosts database. This should ONLY be downloaded by those wanting to block ad/tracking servers and nothing else, and requires manual merging.


This file contains a list of site’s that have been added AFTER the last full release of hpHosts. This should ONLY be downloaded by those currently using hpHosts, and requires manual merging.


This file contains a list of hostnames removed from hpHosts since 04/02/2009 for whatever reason (usually because they failed the resolution process).


Optional addition containing the Yahoo servers for those that wish to block them.



Restore Windows default HOSTS file


Batch files to enable/disable Windows DNS Client


Append to Hosts VBS Script v1.7 for appending your entries to the HOSTS File.

This script is UNSUPPORTED.


hpGuru’s HOSTS Diagnostic Utility.


Hosts Bypass is a Proxomitron filter which allows users to visit sites blocked by their hosts file without the need to remove them after each and every hosts update.


A small and useful utility for managing the HOSTS file, with automatic updates and a built in server to enhance HOSTS file usage.

HostsMan support forums can be found here

Download via website


A small and useful utility for managing the HOSTS file, with automatic updates.

Funkytoad also provide a server (crippled or paid versions) to be used in conjunction with HostsXpert, called Homer.

Download via website


These are small tweaks for Homer, by, that improve the usage and experience of Homer.

Download via website (phttpd)

I want everyone to have security easier on their lives so I am adding a few more tools in one post so watch out for it and let everyone know. Also tell me in the comments if you want a tool added to I have the wrong term in any of my posts. P.S. This will be separate from my post called “The Guide to Locking Down a PC” because it has many tools already and two I had my local source of the file had been corrupted and tryed many recovery options so its gone, sorry about the boarder problem remember I used Microsoft Office Word at the time not Open Office. Joke 🙂

P.S.S Fallow me on twitter @tysonmax or go to for random links, storys, security news, and stuff in my life.

People are always caring about their privacy and security but I see people taking convince over security all the time. If more workout it then forget about it right…WRONG!!! If you go to They are starting a potition to “gathering petition signatures with the request to patch the privacy vulnerabilities of web different web browsers. This petition will be sent to the four major development companies – Mozilla Corp., Apple inc., Microsoft Corp. and Opera Software ASA. Join us for a safe and secure Internet!”.

The big thing I agree with on the site is for vendors of products that everyone uses should talk to the owners of the product and say like on the site. “WE ASK YOU TO RELEASE AN UPDATE OR PATCH FOR YOUR BROWSER THAT WILL REMOVE THE OPPORTUNITY TO OBTAIN THE INFORMATION ABOUT RECENTLY VISITED WEBSITES.” Also to add to stop security holes in the products of other kinds also. That is why I enjoy security!! 🙂

Hi, Everyone  my friend has a tech site that everyone should check out. It is security and also general tech and might be some more that I will not say. Check it out at

Site is ofline due to lack of readers and support. 😦

I do want you to know that it is April 4, 2009 and the only thing that changed that is that the worm Conficker.C code base has changed. Also the servers that the worm connects to are open and not sending data yet so now it will be a waiting game now of what will it do next! This was said on “Security Now” a show hosted by Steve Gibson at This worm is a very crafty viris that is out there now. If you want more info about this virus or how to remove it go to my post at

Conficker Worm PANIC on April 1, 2009.

Remember any computer that is comprimized by a virus, spyware, worm, or any type of mallisious code/program. If you remove it you can never say it is safe again because it was comprimized and remember if you were a hacker would you put a backdoor?

We hear all this talk about the worm called Conficker, also known as ZLOB, Downup, Downadup and Kido in the news latly. The worm is occuping approximately six percent of computers scanned by Panda Security are currently infected by the worm. In the news people are scared and it is like the blaster worm all over again. Well people found out their is a date ingrained in the worm that it is set to receve a set of instructions from the new programmer of the virus. This worm is exploiting the auto run feature in windows (all of it, Network shares, Pen drives, CD Drives, etc…). Also It has a warnning on Microsofts site at about the worm. Also I found a link that talks about it at and also on wikipedia at This worm finds a port that is open on your pc and gets in and or it uses vanribilities in programs to gain access. To advoid it is to turn auto run COMPLETLY OFF and keep programs upto date like Adobe readder, Windows etc… Windows has a security patch that semi fixes auto run but not really. It is only available in Vista and Server 2008. But I seen one for XP But I forget what it is called something like auto run patch, or something like that. Well I hope you scann your PC’s on April 1 2009, I know I will on my windows baced PC’s and friends/Family PC’s. Keep upto date and scan with everything you got. I give everyone the best of luck and keep safe online and off. Talk to you all next time!

More info and tools to try to remove it from Microsoft go to:

Or try this removal method

To Remove it try this (found at )

NOT RECOMMENDED TO USE:  SpyHunter* Spyware Detection Utility. Like They say on the site use my method in my post called

The Guide to Locking Down a PC

Stop Zlob Processes:
(Learn how to stop a process)

Unregister Zlob DLL Files:
(Learn how to do this)
iesplg.dll (new)
iesbpl.dll (new)
vzfhprk.dll (new)
hymww.dll (new)

Remove Zlob Registry Values:
(Learn how to delete a registry value)
Software\Microsoft\Windows \CurrentVersion \Explorer\SharedTaskScheduler\{aed6f6a3-183c-488d-9f90-23db99f56e7f}
Software\Microsoft\Windows \CurrentVersion \Explorer\SharedTaskScheduler\{634be415-da12-496b-b89e-329b73c4807f}
Software\Microsoft\Windows \CurrentVersion \Explorer\SharedTaskScheduler\{8329660f-e248-4872-98cc-fb9c4fec7ba8}
SOFTWARE\MICROSOFT\Windows \CURRENTVersion \POLICIES\EXPLORER\RUN\C:\Windows \System32\issrch.exe
SOFTWARE\Microsoft\Windows \CurrentVersion \Explorer\SharedTaskScheduler\{2016a466-91a2-43c6-97d8-2fd380f065ef}

Find and Delete these Zlob Files:
(Learn how to do this)
iesplg.dll (new)
iesbpl.dll (new)
vzfhprk.dll (new)
hymww.dll (new)

In a recently aired episode of Security Now, episode # 163 GoogleUpdate & DNS Security. He talks about, in great detail about a type on DNS in some parts of the world ow being offered now. The DNS is more secure and every site is signed with keys. Only problem is that low performance and uses up to much bandwidth. Also this way is easyer to do an DDOS (Denial-of-service attack) This attack suts down a server or in this case a DNS.

“A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users. Although the means to carry out, motives for, and targets of a DoS attack may vary, it generally consists of the concerted, malevolent efforts of a person or persons to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely. Perpetrators of DoS attacks typically target sites or services hosted on high-profile web servers such as banks, credit card payment gateways, and even DNS root servers.”

another quote from wikipedia for someone who wants mor detail on DNSSEC is ”

The Domain Name System Security Extensions (DNSSEC) are a suite of IETF specifications for securing certain kinds of information provided by the Domain Name System (DNS) as used on Internet Protocol (IP) networks. It is a set of extensions to DNS which provide to DNS clients (resolvers):

  • Origin authentication of DNS data
  • Data integrity
  • Authenticated denial of existence

It is widely believed that deploying DNSSEC is critically important for securing the Internet as a whole, but deployment has been hampered by the difficulty of:

  1. Devising a backward-compatible standard that can scale to the size of the Internet
  2. Preventing “zone enumeration” (see below) where desired
  3. Deploying DNSSEC implementations across a wide variety of DNS servers and resolvers (clients)
  4. Disagreement among key players over who should own the .com (etc) root keys
  5. Overcoming the perceived complexity of DNSSEC and DNSSEC deployment”

Steve talked about that the main domains have to all agree on this and implement it for it to work so they can be a party to sign a key, to confirm that site you are on is the site you want to be on not a fake site that has changed the url or infected you PC or even the DNS. So if all the party’s agree it will be confirmed that the site you are on is the one you want.

For more info on DNS if you don’t even know what a DNS is go to:

or read a small part of the site that might solve your answer.

“The Domain Name System (DNS) is a hierarchical naming system for computers, services, or any resource participating in the Internet. It associates various information with domain names assigned to such participants. Most importantly, it translates humanly meaningful domain names to the numerical (binary) identifiers associated with networking equipment for the purpose of locating and addressing these devices world-wide.

An often used analogy to explain the Domain Name System is that it serves as the “phone book” for the Internet by translating human-friendly computer hostnames into IP addresses. For example, translates to”

Like I said the fallowing in “quotes” is from the site

For more info on DNSSEC go to the links I provided or go to:

Be safe, and secure on the web, with out it we wont have “E-bay” ( “Amazon” ( LOL :).