Hacking Air gaped computers using IR security cameras

Air-gapped computers that are isolated from the Internet and physically separated from local networks are believed to be the most secure computers. which are difficult to infiltrate.

Researchers have developed a new attack scenario, dubbed aIR-Jumper, which includes an infected air-gapped computer (from which data needs to be stolen) and an infected CCTV network (that has at least one CCTV installed inside the premises facing the infected computer and one outside the premises), assuming that both networks are isolated from each other, and none of them is Internet-connected.

Ignoring the fact that how an air-gapped computer and CCTV network got infected with malware in the first place, the new research focused on, once infected, how the malware would be able to transfer the stolen data back to the attackers (waiting outside the premises).

To read and send data, the aIR-Jumper malware installed on air-gapped computer and CCTV network blink IR LEDs in morse-code-like patterns to transmit files into the binary data, i.e. 0 and 1.

The data from a video camera can be transmitted at 20 bits per second to an attacker at a distance of tens of meters away and from an attacker to a video camera at 100 bits per second, even in total darkness.

Since the attack is meant to steal files in binary data, attackers wouldn’t be able to steal any large files but could get their hands on passwords, cryptographic keys, PIN codes and other small bits of sensitive data stored on the targeted computer.

"In an infiltration scenario, an attacker standing in a public area (e.g., in the street) uses IR LEDs to transmit hidden signals to the surveillance camera(s)," the researchers say. "Binary data such as command and control (C&C) and beacon messages are encoded on top of the IR signals."

The researchers also published two videos demonstration, showing two attack scenarios.

In the first video, the researchers demonstrated how the malware installed on the air-gap computer collected data, converted it into binary and then blinked LED accordingly. At the same time, the infected camera captured this pattern and the malware installed on the camera converted the morse-code back into the binary data.

In the second video, another internally-connected camera installed outside the premises (in the parking area) transmitted the stolen binary data to the attackers sitting in the car using IR LED in morse-code-like patterns.

Here the infected CCTV camera is working as a bridge between the air-gapped computer and the remote attackers, offering a bi-directional covert channel.

It's not the first time Ben-Gurion researchers came up with the technique to target air-gapped computers. Their previous research of hacking air-gap computers include:

• USBee attack that can be used steal data from air-gapped computers using radio frequency transmissions from USB connectors.
• DiskFiltration attack that can steal data using sound signals emitted from the hard disk drive (HDD) of the targeted air-gapped computer;
• BitWhisper that relies on heat exchange between two computer systems to stealthily siphon passwords or security keys;
• AirHopper that turns a computer's video card into an FM transmitter to capture keystrokes;
• Fansmitter technique that uses noise emitted by a computer fan to transmit data; and
• GSMem attack that relies on cellular frequencies.

For more details on the latest aIR-Jumper attack, you can head onto the paper [PDF] titled, 'aIR-Jumper: Covert Air-Gap Exfiltration/Infiltration via Security Cameras & Infrared (IR).'

Source: The Hacker News 

Windows Server Interview Questions & Answers -001

Microsoft Windows Server Interview Questions & Answers 01

1)      Explain what is Windows Server?

Window server is a series of server operating system developed by Microsoft Corporation.

2)      Explain in windows DNS server what is Primary, Secondary and Stub zone?

In windows DNS server,Primary Zone: In this, the file is saved as normal text file with filename (.dns).Secondary Zone: It maintains a read-only copy of zone database on another DNS server.  Also, it acts as a back-up server to the primary server by providing fault tolerance and load balancingStub Zone: It consists of a copy of name server and SOA records which is used for reducing the DNS search orders.

3)      Explain what does IntelliMirror do?

IntelliMirror helps to reconcile desktop settings, applications and stored files for users especially for those users who move between workstations or those who works offline

4)      In the case when MSI file is not available, how you can install an app?

To add the application using the Software Installer.ZAP text file can be used rather than the windows installer

5)      Explain how you can set up a remote installation procedure without giving access to a user?

To do that, you have to go to,

Gponame >  User Configuration > Windows Settings > Remote Installation Services > Choice Options

6)      What does it mean by “tattooing” the Registry?

“ Tattooing” the registry means user can modify and view user preference that are not stored in the maintained portions of the Registry.  Even if the group policy is changed or removed, the user preference will still persist in the registry.

7)      Mention how many types of queries DNS does?

The types of queries DNS does areIterative QueryRecursive Query

8)      Explain what is the primary function of the domain controller?

Primary function of the domain controller is to validate users to the networks, it also provide a catalog of Active Directory Objects.

9)      What information is required when TCP/IP is configured on Window Server?

To configure a TCP/PI client for an IPv4 client, you have to provide the IP address and the subnet mask.

10)   Explain what does it mean caching-only server in terms of DNS?

The caching only DNS server provides information related to queries based on the data it contains in its DNS cache.

11)   Explain what is the way to configure the DHCP server such that it allocates the same IP address to certain devices each time the address is removed?

To configure the DHCP server, you can create a reservation for the device.  To create a reservation, you must know the MAC hardware address of the device.  To determine the MAC address for a network device you can use the ipconfig or nbs tat command line utilities.

12)     Explain what is LDAP?

To look up for the information from the server, e-mail and another program follows or uses the internet protocol. This protocol is referred as LDAP or Lightweight Directory Access Protocol.

13)   Explain what is SYSVOL folder?

It is a set of files and folders that is stored on the local hard disk of each domain controller in a domain and are replicated by the FRS ( File Replication Service).  These files contain group or user policy information.

14)   Explain what is the difference between a thread and a computer process?

Computer Process: In computing, a process is an instance of a computer program that is executed sequentially by a computer system which can run several computer programs concurrently.Thread: A thread is a several executable programs that work together as a single process.  For instance, one thread might send an error message to the user; another might handle error signals while the third thread might be executing the original action.

15)   Explain what is INODE?

INODE holds the metadata of files; INODE is a pointer to a block on the disk, and it is unique.In simple words, it is a unique number allocated to a file in UNIX-like OS.

16)   Explain what is RAID in Windows Server?

For storing same data at a different place RAID or Redundant Array of Independent Disks strategy is used. It is a strategy for building fault tolerance and increase the storage capacity. On separate drives it allows you to combine one or more volumes so that they are accessed by a single drive letter

17)   Explain what is the purpose of deploying local DNS servers?

A local DNS server provides the local mapping of fully qualified domain names to IP addresses.  To resolve remote requests related to the domains names on your network, local DNS servers can provide record information to remote DNS servers.

18)   To check TCP/IP configurations and IP connectivity, what are the two command line utilities that can be used?

Ipconfig: To check the computer’s IP configuration, command ipconfig can be used and also it can be used to renew the client’s IP address if it is provided by a DHCP server.Ping: To check the connection between the local computer and any of the other computer device on the network Ping command is used

19)   Explain if it is possible to connect Active Directory to other 3rd party Directory services?

Yes, you can connect other vendors directory services with Microsoft version.  By using dirXML or LDAP to connect to other directories.

20)   Explain where is the AD database is held?

AD database is saved in %systemroot%/ntds.  Files that controls the AD structure are• ntds.dit• edb.log• res1.log• res2.log• edn.chk

21)   Explain what is the major difference between NTFS ( New Technology File System) or FAT (File Allocation Table) on a local server?

For local users FAT (File Allocation Table) and FAT32 provides security, while NTFS ( New Technology File System) provides security for domain users as well as local users.  NTFS provides file level security which is not possible through FAT32.

22)   Mention what windows server 2008 service is used to install client operating system over the network?

WDE ( Windows Deployment Services ) allows you to install client and server operating systems over the network to any computer with a PXE enabled network interface

Exam info RHCSA & RHCE

RHCSA- Redhat Certified System Administrator

RHCSA is an entry-level certification that focuses on actual competencies at system administration, including installation and configuration of a Red Hat Enterprise Linux system and attach it to a live network running network services.

Prerequisites/Candidate profile

• IT support technician with a minimum of 1-year experience.
• Hardware and networking (A+/N+) or equivalent knowledge
• Windows OS basic knowledge is required
• Exposure to Windows Server Administration will be an added advantage

Exam Pattern&Papers:

Few of the Publications you can make use of for this course as well as certification

See the best books for Redhat in Amazon:

Click on this to visit books page

                          

 

Red Hat Certified System Administrator

 
An IT professional who has earned the Red Hat Certified System Administrator (RHCSA®) is able to perform the core system administration skills required in Red Hat Enterprise Linux environments. The credential is earned after successfully passing the Red Hat Certified System Administrator (RHCSA) Exam (EX200).

Prove your skills and knowledge

A Red Hat® Certified System Administrator (RHCSA) is able to perform the following tasks:

• Understand and use essential tools for handling files, directories, command-line environments, and documentation
• Operate running systems, including booting into different run levels, identifying processes, starting and stopping virtual machines, and controlling services
• Configure local storage using partitions and logical volumes
• Create and configure file systems and file system attributes, such as permissions, encryption, access control lists, and network file systems
• Deploy, configure, and maintain systems, including software installation, update, and core services
• Manage users and groups, including use of a centralized directory for authentication
• Manage security, including basic firewall and SELinux configuration

The best way to learn is to do

In preparation to earn the Red Hat Certified System Administrator (RHCSA), Red Hat recommends the following:

-For Windows system administrators

1. Red Hat System Administration I (RH124)
2. Red Hat System Administration II (RH134)

-For Linux or UNIX administrators

• RHCSA Rapid Track Course (RH199)

See the best books for Redhat in Amazon:

Click on this to visit books page

You can view other posts in this blog to download e-books and material related to Redhat v7 Certification