IS 432 Lecture Review: More TCP Packet Hell

So this evening’s class was a continuation of last week’s: starting to dig into manually inspecting packet headers- TCP, UDP, ICMP, etc. Tonight was mainly on TCP. As an example, we’re looking at things like:

4500 003c 1c46 4000 4006 b1e6 ac10 0a63 ac10 0a0c

And figuring out what all the parts mean and if the traffic is ‘normal’ or malicious. (This header example, by the way, was pulled from thegeekstuff.com found here.)

I’ll admit I was hung up on bits, bytes, and how one character is a nibble. I guess my mind wasn’t in hex mode. As an above example, the first character in the sequence- a 4- represents the IP version. However, look at any IP header cheat sheets (this one, for example) and the IP Version field is 4 bits long. But it’s one character. One character = 1 bit!!! Oh… but it’s hex. So yes, actually one character does equal 4 bits in terms of hex.

Now that my first hangup is settled, I need to work on the speed of which I map characters to their respective header fields. I found lots of cheat sheets but I’m actually making my own, a paper ‘form’ I can fill out when the professor hands us a 20 byte header and wants answers quick. I know this method isn’t practical when dealing with streams of data but at least it’ll help during lectures when we’re only given one or two headers at a time to deconstruct.

So Andrew, what have I learned today?

  1. Apparently my mind is stuck in binary mode
  2. When talking hex, one hex character equals 4 bits- also known as a nibble
  3. TCP headers must be a minimum of 20 bytes. Otherwise something is terribly wrong
  4. I need to review how to manually calculate the checksum
  5. With ICMP packets I only need to worry about the set and code
  6. Set and code? are converted into binary to determine?

Hardening Windows 10: A Personal Project

It’s that time again: I need to blow away my old computer, reconfigure its RAID, and start with a fresh install of Windows. Since I’m coming from Windows 7, I wanted to move to 10 in the “right” way. Given its controversies, the “right” way involves a heavy dose of security.

My goal is to create a reasonably secure version of Windows 10 using the CIA triad as the basis for its configuration. The target audience for this series are fellow power users (read: geeks) like me- gamers, sysadmins, etc. The scope is being kept to Windows 10 Professional. Even though I live and die by Microsoft AppLocker (found only in Windows 10 Enterprise), I want this project to apply to as many users possible.

So, the CIA triad, huh? It stands for Confidentiality, Integrity, and Availability. And computer security is always a balancing act, moving between these three pillars vs. maintaining usability.

My focus is Confidentiality. “Confidentiality prevents the unauthorized disclosure of data” (Gibson, 2014).  As this is a home system I choose to be less concerned with integrity or availability. It’s really for gaming, casual web browsing, and experimenting with tools inside VMs. Plus I plan on being the only user. So I’m not worried about multiple users mistakenly/maliciously changing files (example of Integrity) and I’m not installing a generator or setting up a cold site for a gaming rig (that’d be availability).

The best thing about the CIA triad is that you can choose what to emphasize- where you spend your resources. Again, since this is for personal use I’m focusing on Confidentiality. If this system needed to stand up in the court of law or was part of an enterprise environment then I’d place way more emphasis on integrity and availability than how I handle it here.

There’s several ways one can go about hardening. And there’s some great resources already out there (huge fan of DISA’s STIGS- Windows OS STIGs found here). But my first step is fact-finding. I’m going to install Windows 10 Professional with no Internet connection and see what a default install looks like: its services, its firewall config, etc.

My next post (hopefully next week) will be a report/analysis of said default install. What we find will shape how I approach hardening.

Source(s):

Gibson, D. (2014). CompTIA Security get certified get ahead SYO-401 study guide. North Charleston, SC: CreateSpace.