Microsoft wants to add Billions of Clients to your Network

That’s the news from Microsoft last week during the Embedded Systems Conference in San José, California. Windows 7 Embedded Standard 7 is now in the RTM stage. This means a whole lot more devices will be available for network connectivity. According to an article on The Register, IT professionals will be ‘blessed’ with the ‘opportunity’ to connect and mannage these devices.

“For an IT professional, it’s now becoming critical that you think through how to be able to manage, provision, monitor, and provide security to [embedded] devices just like you do today with a laptop or a PC,” says Kevin Dallas, GM of Microsft’s embedded unit. “That’s the radical change that is starting to happen, and that’s the future that we’re building to.”

Dallas’ suggestion that you add embedded devices to your worry list is due to the fact that Windows Embedded Standard 7 is in essence a “componentized” version of Windows 7 that can provide all the internet connectivity of that operating system. And when your share of billions of internet-capable embedded devices start to communicate with your company’s servers, you’ll be the one who’ll be told to manage them.

Estimates are that their will be around 15 billion embedded devices by 2015 and 40 billion by the year 2020. Windows 7 Embedded is actually Windows 7 broken down into a couple hundred components that vendors can pick and choose from to create custom solutions. This includes network and SQL connectivity.

“All the benefits of Windows 7 in the PC, laptop, netbook, and server arena can now be extended into the specialized devices space, into the embedded space.”

The good news, from Dallas’ point of view, is that since Windows Embedded Standard 7 is at heart Windows 7, all of the Microsoft back-end services that IT pros now use will be available to manage embedded devices.

“These devices need to connect seamlessly to back-end services. These services can range from management, to System Center, be able to participate in an Active Directory so you can set policies, you can push out software updates,” Dallas said.

I hope Microsoft really focuses on security with Windows Embedded 7. Some nefarious groups may be salivating at the chance of multiple new targets on your network running a componentized version of an operating system. Especially with the fact that Internet Explorer was recently hacked in two minutes at a security conference. I am curious too how the units will get Windows updates and security patches….

But if they do it right, Windows 7 Embedded clients will have a much smaller attack surface and be more secure than a standard pc. Time will tell. For more information see The Register.

Network Log Forensics

SANS offered an excellent webinar last week, “Catching Hackers through Network Log Forensics”. It was presented by Jonathan Ham, who co-leads the Lake Missoula Group and is a Certified SANS instructor.  

In the Webinar, Jonathan showed that the best way to catch malicious activity on your network is through network log analysis and correlation. Hackers will most likely attempt to clear the server event log when they penetrate a system. But there are other ways to follow their tracks. Most network devices come with the ability to log traffic and the best practice is to save these logs along with the server event logs to a remote system for analysis. 

Wireless Access Points, DHCP servers, IDS/IPS Systems, Firewalls, Operating System logs and most importantly Web Proxy logs can be saved, correlated and analyzed to catch malicious attackers. Jonathan stressed the importance of using Web Proxies on your network (like Squid) so you can have an enterprise wide browser history and cache log. These systems will not only capture normal port 80/443 traffic, such as user web browsing, e-mail and instant messenger traffic, but it will also capture command and control communication from advanced bots if your system is infected.  

The webinar is available in the SANS webcast archive. Check it out, it is very good. 

Social Engineering: Tips to Defend against Shoulder Surfing

Shoulder surfing is a technique that is commonly used by hackers. Their thinking is why spend hours, days or weeks trying to hack into a system from outside when many times they can get information by just being observant.

Shoulder surfing is watching someone use their computer from “over their shoulder”. Many times you can catch sensitive information and passwords by watching a computer user. You don’t need to sneak into a building to do this either, people are very careless at Wi-Fi hot spots, libraries, airplanes, air port lounges, etc. Johnny Long covers many of these topics in his “No Tech Hacking” book.

In his book he shows pages of pictures that he was able to take of people using their computers. He was also able to take videos of people using their PCs, all without them noticing. Johnny did red team penetration tests on government systems. Many of these pictures he took of government type workers were at public locations.

When I did network field support you would not believe the things that I saw. Many times people would write their password on a piece of paper and tape it to the monitor or under their keyboard. Or worse yet, they would just walk away from their computer and leave it logged in. If the person wasn’t at their keyboard, or out sick, and I needed to work on their system, co-workers knew the password of the missing person.

Many times doing support at large companies, as an outside contractor, you need to go to users pc to check settings. When walking into their office and saying I needed to use their computer and needed their password, only twice in 15 years did people challenge me to see who I was, what company I was from and who internally I was working with. Usually the response was, “no problem, have at it, I’ll go get some coffee”.

One time this was at a bank (once!) and one time was just a random salesman in a manufacturing company. I was actually stunned about the salesman, no one else at that company ever did that, I was very impressed.

So, how do you defend against these types of attacks? Don’t use corporate laptops in public places. If you need to, makes sure it is not plastered with company logos, your business card or your password. Sit with your back against a wall to hinder shoulder surfers. Also, make sure YOU are not wearing your company badge or a company shirt, hat etc. Just a heads up, hackers can usually get your company name, and your name from your badge. By going to your company website and looking at contact e-mail addresses, they can deduce your login name.

Don’t leave your password out for all to see. Also, companies may want to think twice about ID stickers that tell the world the IP address and name of company equipment. If you need to walk away from your PC for any reason, hit the Windows key and “L”, this will lock your workstation and require a password to unlock it. It will resume where you left off after putting in your password.

If you do not know the person, do not give them your password. Do not give your password out over the phone or e-mail. Yes, the IT person may be a little flustered waiting while you call the IT department to verify their ID, but it is much safer than just accepting by blind faith that they are who they claim to be.

In the recent Air Force phishing test, users were more than willing to hand over their personal credentials to an unknown website. Companies need to be active in preaching computer security safety. We are all responsible for securing our part of this country’s digital borders.

Hakin9 Magazine now Available Online

Just a reminder that the excellent bi-monthly “Hakin9” IT Security Magazine is now available FREE for download. If you haven’t checked it out yet, it is probably the best IT magazine devoted to network security tools, penetration testing and forensics. This months article includes (from Newsletter):


  • Writing WIN32 shellcode with a C-compiler
  • Flash memory mobile forensic
  • Threat Modeling Basics
  • Pwning Embedded ADSL Routers
  • Firewalls for Beginners


  • ID Fraud Expert Says by Julian Evans: Identity Theft Protection Services – a new industry is born
  • Interview with:

Victor Julien, lead coder for the Open Information Security Foundation. Ferruh Mavituna, web application penetration tester and security tool developer

Tool reviews: NTFS Mechanic, Active@ Undelete Professional, KonBoot v1.1

So check it out, all they ask is that you sign up for their newsletter.