Q: Can you use wireless printers in the wireless solutions we discussed during the show?
A: This was an interesting question I got and can a wireless printer do PEAP. I have not been able to find a definitive answer one way or the other on this one. Although of the documentation I did find eluded to some printers can do this. Like this article here: http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/wifisoho.mspx. I wish I had a better answer, but my official answer, is “depends” on the printer.
Q: What are the commands I used in the “forensics” part of the session?
A: I used several tools to help you detect, so I will list them out for you with links to more sites:
- One of the important tools to learn how to use is a packet sniffer. I used Ethereal during my session: http://ethereal.planetmirror.com/ It is a good utility to help find some good information on packets
- Event viewer holds a wealth of information but sometimes is hard to find the information you want. I recommend use EventCombMT. EventCombMT is a free download here: http://www.microsoft.com/downloads/details.aspx?familyid=7AF2E69C-91F3-4E63-8629-B999ADDE0B9E&displaylang=en .
- Finding new files created at the system root. I used good old DIR with a few switches from the system root to see what’s been added anywhere in that root. The command that I used during the show was: Dir /q /-c /o:d /t:a /s >recentfile.txt
/q – display owner
/-c – disable the “thousands” separator in file sizes
/o:d – sort by date/time (oldest first)
/t:a – last access
/s – displays files in directory and all sub-directories
I piped the results out to a recentfile.TXT file.
For a complete list for the DIR command: http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/dir.mspx?mfr=true
- I also used Netstat -an to find active connections to the server. For more details on Netstat take a look here: http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/ntcmds.mspx?mfr=true
- Lastly a couple of free tools for you.
First please download and use the MBSA tool. It is a fantastic tool for helping you make sure your servers are “buttoned up”. It is on the event DVD here: Security Tools\Downloads\MBSA2.0 or you can download it here: http://www.microsoft.com/technet/security/tools/mbsahome.mspx
Also if you have Windows 2003 SP1, take a look at the Security Configuration Wizard (SCW). Learn more about the SCW here: http://www.microsoft.com/windowsserver2003/technologies/security/configwiz/default.mspx
Q: What are some uses for nmap?
A: While I cannot post the details of nmap here. This is a good website to learn more: http://www.secguru.com/nmap_cheatsheet
this is also another great website to learn more about intrusion detection: http://www.microsoft.com/technet/security/topics/networksecurity/intel.mspx
Q: Is there a way to show the hidden files or folders hidden that are “Hidden from Windows API”? Does the “net share” command show the folders thus hidden?
A: To clarify, there is no API that is called Hidden From Windows. This question refers to what happens when something is on the system at it is hidden from windows. Yes there is a way to show those files, you can use the free tool from sysinternals called RootKit Revealer: http://www.sysinternals.com/Utilities/RootkitRevealer.html I highly recommend that you all take a look at this tool, it is a great tool to have in your toolbelt. As for the Shares, I am still researching it, but technically RootKit Revealer will find all those files but may not necessarily show it as a share. When I find more information I will post a comment to this entry.
Q: Where can I find the wireless tools that were demonstrated during the show?
A: Actually in two places. If you still have the DVD we gave out at the show, go to to this directory on the DVD: Security Tools\Whitepapers\Securing Wireless LANs with PEAP and Passwords. Extract the zip file and you will have all the information that I demoed. Second you can download the file from the web located here: http://www.microsoft.com/downloads/details.aspx?FamilyID=60c5d0a1-9820-480e-aa38-63485eca8b9b&displaylang=en
The written guide is located here: http://www.microsoft.com/technet/security/topics/cryptographyetc/peap_0.mspx
Q: Where is the CERT website for the free training?
A: Carnegie Mellon offers some great FREE security training, check them out here: https://www.vte.cert.org/vtelibrary.html This is some fantastic training and I highly encourage to check it out, it is a very good resource for everyone!
Q: Where can I watch that great TV show Matt showed us a portion of?
A: Check out my blog entry on Interface TV: Matt’s Blog Entry on the Red Cross and InterFace. Otherwise you can visit: http://interfacetvshow.com/episode1.asp to watch the full show, it is about 22 minutes long. Please enjoy and comment here on the show.