Friday, April 1, 2011

How to secured your laptop for free-download software for free here!

LapSec (Laptop Securer)  
                          
Lapsec pretends to become a solution able to harden a Windows operating system in a very easy way, automating tasks that in other way could become complex and difficult for an administrator or an user worried about computer security.

Objective
Every time a Windows system is installed in a laptop the same changes should be done (specially useful for laptops) to try to keep the system a bit more secure. The idea is from Sergio de los Santos, the scripting is from Marcin "Icewall" Noga and the design is form Alberto García.

It is not a complex program but we believe it is very useful. We are grateful to receive bugs and suggestions at lapsec@hispasec.com. The main idea is to check if the system is hardened or needs to be hardened. You have to tick what it has to be hardened and at the same time what is hardened will be ticked.
To harden a laptop, probably the most efficient way is using TrueCrypt on a system partition. This program tries to help where using TrueCrypt is not possible.

DOWNLOAD LAPSEC FOR FREE (full version )
Quickstart
The program tries to be as simple as possible. There is only one screen and two options to choose. "Am I secure?" allows checking which of the options that the program checks are active in the running system. It will tick the running ones. "Secure me" applies the checked changes to the system.

The user can freely choose which of the listed options wants to apply on the system and which ones does not, just checking and unchecking the desired ones. Once having chosen the wanted ones, the user can press "Secure me!" button to apply the changes. Be aware that the unchecked ones will be rolled back. As an example, if the option "Remove LM cipher for passwords" has not been checked and we press "Secure me!", this option will be rolled back so instead of been disabled it will be enabled.

To know about the options that the system has enabled, press the "am I secure?" button that will display the options enabled in the system.
It is important to run the program with system adminitrator privileges or an account belonging to administrators group.

How to check security on the system (Am I secure?)
Pressing this option, the modifications that are already applied on the system will be ticked.
This is a query only option.
 If pressing this button, and the "Deactivate hibernation" feature is checked, it will mean that hibernate option is already deactivated in the system.
 If this option is pressed, and "Cipher My documents" is ticked, It will mean that "my documents" is already ciphered.


How to harden the operative system (Secure me!)
Pressing this option, the ticked options will be applied and the ones that are not will be rolled back.

  • If you tick "Remove LM cipher for passwords" and you uncheck "Check password complexity", when clicking "Secure me!" the system will disable LM cypher on password storing and will stop checking password complexity.
  • If "Install / Uninstall context menu wiper" is checked and "Cypher My Documents" is unchecked, when clicking "Secure me!" the system will uninstall secdel, safe removing form context menu and also will decrypt "My documents" folder.

Folder ciphering and certificate backup
Not only "My Documents" but LapSec also allows ciphering with EFS any folder chosen by the user in an easy way. It is important to be aware that because of EFS limitations system files or windows folder can not be ciphered. WE RECOMMEND CIPHERING ONLY USER DATA FOLDERS.
If, by any reason, after ciphering a folder the user is removed from the system ,DATA WILL BE UNACCESIBLE even creating an user with the same username. It is mandatory a backup of the data that is going to be cyphered.
To avoid this situation, it is mandatory as well exporting the certificate and storing in a safe place.
Certificate can only be saved once a folder has been ciphered.

Secure delete
Secure delete system may be installed or uninstalled through this option. To use it, you will only need to right click over the file you want to remove and select "secdel" option. The file will be removed in a permanent way.

Warnings
We recommend reading carefully the following instructions before doing any action that is potentially dangerous.

System malfunction
The program allows erasing files in a permanent way. If it is not used correctly it may cause a system malfunction.

Not fully hardning the system
Lapsec is not designed to fully harden a system. It tries to add another layer more over the continius hardering task. For example, as an additional measures besides LapSec, it is a requisite to use an account not belonging to administrators group, keep the system and the software on it up to date, etc

Losing data
An user could lose system information when using LapSec due to chyper techniques used and strong file erasing. If an user misuses of this software and does not follow the directions given, could lose sensitive information.


Options
The program allows automatically and with only one mouse click:

Remove LM cypher
When login in into a Windows system, the given password must be stored into somewhere to be know by the system and access be granted or denied. Storing the password in plain text is a bad security policy because anyone with access to the drive could steal it. What is stored in fact is a hash, a password signature created by an algorithm that is applied when the password is passed. This creates an unique hash that only matches with that password. In Windows systems this hash is stored into the SAM (Security Account Manager) file for local passwords and in the ntds.dit file at the domain controller for users that validate their account against domain controllers. LM cypher that is still enabled by default in Windows XP systems is a high risk security problem.

Remove pagefile.sys when computer is shut down
Pagefile.sys is the file used by Windows to store information about RAM swaping. It is possible that sensitive information is stored in pagefile.sys during the usage of the OS and programs. This option makes this file been overwritten before the system shut down, making this information unavailable.

Remove username display when you are going to login
This could allow an attacker to obtain sensitive information that could be used to login easier.

Activate screensaver password
This option enables the password protection when screensaver is enabled. When the operating system goes to inactivity a password protected screensaver will be activated so an attacker could not log in to an inactive session.

Removes autorun in usb, cd, etc...
This option disables autorun feature when plugging in an external hardware so an attacker can not execute code against the system when an external drive is plugged via USB ports or optical units (cd-rom, DVD,...)

User's password is present
The program checks if a password for the user exists. This option is read-only in LapSec.


Check password complexity
Windows comes with a policy to check password complexity. When this policy is enabled it does not allow using passwords containing only letters and numbers. The policy will ask for a password of more than 6 characters and characters belonging to at least three of the following groups: numbers, especial characters, uppercase and lowercase characters. Besides, password can not contain part of the username.


Install / Uninstall context menu wiper
When checked, the availability for secure deleting is added, overwriting data under DOD 5220.20-M security standard.

Password in recovery console
The policy "Recovery console policy: allowing administrative session autologin" is a security issue and should not be activated. It allows access to recovery console without providing local administration password.
Disable password caching in Internet Explorer
Passwords will never be stored at the browser by default.

Disable hibernation (hibernation.sys)
Hibernation.sys is a physical copy of RAM. This file could hold sensitive information stored during program and system use. Checking this deactivates this feature.

Disable administrator and guest user accounts
The OS allows using many accounts that belong to administrators group, all of them with the same privileges. However, an administrator and guests account always exists on the system by default. This could allow an attacker to obtain sensitive information. Checking this deactivates this accounts.
Cipher "my documents" folder

EFS is a transparent cypher system for Windows that can only be used under NTFS. In XP and Vista, through file or folder properties, you can gain access to a menu where you can specify which folder or disk will be used to host ciphered files (everything that is stored on it will be cyphered) or you can specify to cypher only one file (not recommended). It is also possible to use cipher.exe for this task. Once selected a drive or folder as ciphered, everything stored on it will be cyphered but NOT what was previously stored. The user will not have to worry about anything from now on. Every time the user logs in data will be there able to be manipulated but once he logs out or if other user logs in, data will be presented as unable to be accessed even if the files are explored from any other operative system. EFS is based in a public and private criptography mixing. It creates digital certificates for the user that are used to encrypt and decrypt using public and private keys. It also uses symmetric keys to make the process faster.


 In fact, EFS uses one unique key per file to encrypt and decrypt. This key (FEK or File Encryption Key) is generated when a file is cyphered and is stored with it. This FEK is at the same time ciphered with the users's public key. Both public and private keys are generated transparently for the user the first time a file is ciphered. They are stored as a certificate in the certificate repository accessible from certmgr.msc or "content" menu inside "options" from internet explorer. The program will cipher all "My documents" folder with one click.

Automatic certificate export
It is mandatory exporting and creating a backup of this certificates if they are used for file encrypting. This certificates are linked with the user SID so if the user is removed form the system or the system brokes down data will be lost. It does not matter if a new user with the same username is created, the SID will not be the same. To prevent this, best option is exporting and creating a backup of the certificates (private key included) With this files, even if the user is removed or the system is broken down, certificates could be imported as data recovery agents in another windows system and from there, decrypt lost data. In a domain infraestructure, domain administrators will be data recovery agents. The program allow to exports the certificates so data ciphered with EFS should not be lost.

No comments:

Post a Comment