Secure Your Smartphone

 

Secure Your Smartphone

1)Lock your phone

Sure, it's a lot easier to keep your phone unlocked all the time because you can get to your email, camera, texts and other features more quickly.

But simply assume however you'd feel if a interloper or stranger found your phone tap on your email or contacts or banking app or photos.

To prevent that from happening, always engage the four- or six-digit passcode – or set up a longer alphanumeric code – so that if you ever lose track of your phone, it won't open your entire business to a stranger.

Touch ID or Face ID (depending on your handset) can get you into your Phone without entering the password. Android users have a choice of setting up a PIN or a pattern screen lock.

Also, make sure to watchword defend all mobile apps that contain personal knowledge, like banking, email and your Amazon account.

2)Lock your apps

A few smartphone brands now offer this feature. You can individually lock installed apps with a passcode or with fingerprint scan.

This adds an additional layer of security for your knowledge and content, particularly if you've got bimanual over your phone to somebody to point out one thing.

In case your phone doesn't have it, you'll be able to get this feature by putting in third party apps like AppLock or Norton AppLock.

3)Only use trusted apps

Google includes a department dedicated to review of apps being supplementary to the play store for users.

This removes majority of harmful apps before they reach the users.

However, there are various other sources from where you can download apps for Android and there are no checks if the apps are safe or malicious.

So, to air the safer facet, it's suggested to disable installation of apps from unknown sources.

Go to settings > security on your android smartphone and you'll see an choice of ‘Install apps from Unknown Sources’, make sure that is switched off.

4)Update your OS and apps promptly

Did your phone provide you with a warning that there's an OS or app update – and you unnoticed that notification?

Software updates will typically appear troubled, but they are critical in protecting your phone's security.

Many hackers exploit vulnerabilities that companies strive to fix before the disaster of stolen information or fraud takes place. The longer you wait to update, the more vulnerable your system becomes.

5)Plan ahead for emergencies

Even if your phone gets lost or taken, you can contain the damage by making sure none of your precious secrets can be accessed by thieves or strangers.

Both Apple and Google provide notice Device services like notice My iPhone and android Device Manager that may find your phone on a map and mechanically disable it.

These services may also create your phone ring, either alarming the thief or just locating a phone you have temporarily lost track of.

You can even arrange for the phone to delete all information after five to 10 false passcode tries.

6)Strengthen permissions

Check the apps on your phone to determine whether they have more privileges than they need to get the job done.

You can grant permissions to applications like access to the camera, the microphone, your contacts and your location.

Keep track of which permissions you've given to which apps, and revoke permissions that are not needed.

For iPhones, go to Settings and tap on Privacy, where you'll see a list of all permissions and the apps you've granted them to.

Android users will notice app permissions within the Application Manager underneath Device > Application in some android versions.

7)Use two-factor authentication wherever possible

Two-factor authentication (2FA) is one of the least favorite security options around because you need to receive and type in an additional code beyond your password to get into your apps.

However, it offers another solid barrier to access your personal info.

If you use an iPhone, be sure to also enable 2FA on your Apple ID because your Apple ID hooks into all your devices and can access your iCloud account. That means entering a password plus a six-digit authorization code when logging in to a device from a new machine.

8)Back up your data

Bad stuff happens, but don't compound the problem by not being prepared. Always back up your data.

This is general sensible apply and protects your necessary documents and pictures just in case of any smartphone loss.

For an Android phone,, make sure "Back up my data" and "Automatic restore" are enabled in the settings and then sync your data with Google.

Network Security VAPT Checklist

 

Network Security VAPT Checklist

Single machine can have 65535 ports open. Any single port can deploy any service software from the world.

·         Identify live hosts

o   Ping

o   Hping

o   Nmap

·         Identify OS type

o   Nmap

o   Xprobe2

o   Banner grabbing using telnet, nc (netcat)

·         Port scan

o   Nmap full SYN scan with verbose mode and service detection and disabling ping scan. Export normal and greppable output for future use.

§  nmap -Pn -p- -sV X.X.X.X -v -sS -oG nmap_grepable_SYN -oN nmap_normal_SYN

o   Nmap top 1000 UDP scan with verbose mode and service detection and disabling ping scan. Export normal and greppable output for future use.

§  nmap -Pn -top-ports=1000 -sV X.X.X.X -v -sS -oG nmap_grepable_UDP -oN nmap_normal_UDP

·         VA (Vulnerability Assessment)

o   Use nessus with below profile

§  DoS disabled

§  Web scan enabled

§  SSL scan on every ports instead of known ports

§  Enable TCP and UDP scan

§  Only give open ports’ list in the configuration that were found by nmap including TCP and UDP rather than full ports in order to save time particularly number of IPs are more and less time for audit and report.

o   Use Nexpose

o   Use OpenVAS

o   Use nmap scanner on specific open ports using below command.

§  For example port 22 (SSH) is open and you want to run all scripts pertaining to SSH then use below command:

Nmap -Pn -sS -p22 --script ssh* -v

In case if you are not sure about exact script name you can use * in order to run all scripts that starts with the ‘ssh’ keyword.

·         Audit SSL

o   Use openssl, sslyze tools to find below issues within SSL.

§  Self-signed certificate

§  SSL version 2 and 3 detection

§  Weak hashing algorithm

§  Use of RC4 and CBC ciphers

§  Logjam issue

§  Sweet32 issue

§  Certificate expiry

§  Openssl ChangeCipherSec issue

§  POODLE vulnerability

§  Openssl heartbleed issue

·         Check for default passwords in server/device/service documentation

o   Lets say during your port scan or VA you found some services running on the server for example: cisco, brocad fabric OS, sonicwall firewall, apache tomcat manager. Then for these services Google what are the default configuration administrative username and password. Try those in your login and check your luck.

·         Hunting some common ports

o   DNS (53) UDP

§  Examine domain name system (DNS) using dnsenum, nslookup, dig and fierce tool

§  Check for zone transfer

§  Bruteforce subdomain using fierce tool

§  Run all nmap scripts using following command: nmap -Pn -sU -p53 --script dns* -v

§  Banner grabbing and finding publicly known exploits

§  Check for DNS amplification attack

o   SMTP (25) TCP

§  Check for SMTP open relay

§  Check for email spoofing

§  Check for username enumeration using VRFY command

§  Banner grabbing and finding publicly known exploits

§  Send modified cryptors and check if SMTP gateway is enable to detect and block it?

§  Run all nmap script using following command: nmap -Pn -sS -p25 --script smtp* -v

o   SNMP (161) UDP

§  Check for default community strings ‘public’ & ‘private’ using snmpwalk and snmpenum.pl script.

§  Banner grabbing and finding publicly known exploits

§  Perform MIG enumeration.

·         .1.3.6.1.2.1.1.5 Hostnames

·         .1.3.6.1.4.1.77.1.4.2 Domain Name

·         .1.3.6.1.4.1.77.1.2.25 Usernames

·         .1.3.6.1.4.1.77.1.2.3.1.1 Running Services

·         .1.3.6.1.4.1.77.1.2.27 Share Information

o   SSH (22) TCP

§  Banner grabbing and finding publicly known exploits

§  Check if that supports sshv1 or not.

§  Bruteforce password using hydra and medusa

§  Check if it supports weak CBC ciphers and hmac algorithms using ssh2-enum-algos.nse nmap script.

§  Run all nmap scripts using following command: nmap -Pn -sS -p22 --script ssh* -v

o   Cisco VPN (500) UDP

§  Check for aggressive and main mode enable using ikescan tool.

§  Enumeration using ikeprobe tool

§  Check for VPN group and try to crack PSK in order to get credentials to login into the VPN service through web panel.

o   SMB (445,137,139) TCP

§  Check SAMBA service using metasploit use auxiliary/scanner/smb/smb_version

§  Get reverse shell using meterpreter reverse tcp module.

§  Check for SMB related vulnerability using ‘smb-check-vulns’ nmap script.

§  Reference: https://myexploit.wordpress.com/control-smb-445-137-139/

o   FTP (21) TCP

§  Run all nmap script using following command: nmap -Pn -sS -p21 --script ftp* -v

§  Check for cleartext password submission for ftp login

§  Check for anonymous access using username and password as anonymous:anonymous

§  Banner grabbing and finding publicly known exploits

§  Bruteforce FTP password using hydra and medusa

o   Telnet (23) TCP

§  Banner grabbing and finding publicly known exploits

§  Bruteforce telnet password

§  Run following nmap scripts

·         telnet-brute.nse

·         telnet-encryption.nse

·         telnet-ntlm-info.nse

o   TFTP (69) UDP

§  TFTP Enumeration

·         tftp ip_address PUT local_file

·         tftp ip_address GET conf.txt (or other files)

·         tftp – i GET /etc/passwd (old Solaris)

§  Bruteforce TFTP using TFTP bruteforcer tool

§  Run tftp-enum.nse nmap script

§  Banner grabbing and finding publicly known exploits

o   RPC (111) TCP/UDP

§  Banner grabbing and finding publicly known exploits

§  Run following nmap scripts

·         bitcoinrpc-info.nse

·         metasploit-msgrpc-brute.nse

·         metasploit-xmlrpc-brute.nse

·         msrpc-enum.nse

·         nessus-xmlrpc-brute.nse

·         rpcap-brute.nse

·         rpcap-info.nse

·         rpc-grind.nse

·         rpcinfo.nse

·         xmlrpc-methods.nse

§  Perform RPC enumeration using rcpinfo tool

§  Check for the NFS folders so that data could be exported using showmount -e command.

o   NTP (123) UDP

§  Perform NTP enumeration using below commands:

·         ntpdc -c monlist IP_ADDRESS

·         ntpdc -c sysinfo IP_ADDRESS

§  Run all nmap scripts using nmap -Pn -sS -p21 --script ntp* -v

o   HTTP/HTTPs (443,80,8080,8443) TCP

§  Banner grabbing using burp response

§  Run Nikto and dirb

§  Run all nmap scripts using following command nmap -Pn -sS -p21 --script http* -v

§  Banner grabbing and finding publicly known exploits

o   SQL Server (1433,1434, 3306) TCP

§  Banner grabbing and finding publicly known exploits

§  Bruteforce and perform other operation using following tools:

·         Piggy

·         SQLping

·         SQLpoke

·         SQLrecon

·         SQLver

§  Run following nmap scripts:

·         ms-sql-brute.nse

·         ms-sql-config.nse

·         ms-sql-dac.nse

·         ms-sql-dump-hashes.nse

·         ms-sql-empty-password.nse

·         ms-sql-hasdbaccess.nse

·         ms-sql-info.nse

·         ms-sql-ntlm-info.nse

·         ms-sql-query.nse

·         ms-sql-tables.nse

·         ms-sql-xp-cmdshell.nse

·         pgsql-brute.nse

§  For MYSQL default username is root and password is

o   Oracle (1521) TCP

§  Enumeration using following tools

·         Tnsver [host] [port]

·         Tnscmd

o   perl tnscmd.pl -h ip_address

o   perl tnscmd.pl version -h ip_address

o   perl tnscmd.pl status -h ip_address

§  Enumeration & Bruteforce using below nmap scripts:

·         oracle-brute.nse

·         oracle-brute-stealth.nse

·         oracle-enum-users.nse

·         oracle-sid-brute.nse

·         oracle-tns-version.nse

o   RDP (3389) TCP

§  Perform enumeration via connecting and checking login screen. Gather all active user’s name and domain/group name.

§  Perform RDP cryptography check using RDP-sec-check.pl script.

§  Run following nmap script:

·         rdp-enum-encryption.nse

·         rdp-vuln-ms12-020.nse

o   SIP (5060)

§  Enumeration through following commands:

·         Sipflanker - python sipflanker.py 192.168.1-254

·         Sipscan - Smap - smap -l IP_Address