Some Resources and tools

I was asked to do a training for a group the other day.  At the end of the training they asked me to give a list of the tools i recommend.. I figured this might be a good place to also see that list.  So here it is.  If you have other recommendations let me know as well.


iPad Security additional info

I have had some time with the iPad device and love it. That being said there is an old style hack that lends itself to this device. It is one of the oldest and simplest methods, shoulder surfing. This is when someone looks lover your shoulder to gain information or passwords. This onscreen keyboard size really lends itself to this style of attack. The simplest way to avoid this is through attentive behavior. Pay attention to your surroundings. Also keep in mind that when you type someone could be watching on video (remote possibility but still present).

Safe Surfing!


iPad security

I have recently started to work with an iPad from apple. I find myself using the device quite a bit (even writing this blog entry on it). I find the machine to be quite fast and simple to use, but this post is not about the iPad itself. This blog post is to keep people safe while using the device.

I have come to the conclusion the best method to keep your iPad secure is to follow the same methods used to secure your other smart devices such as iPhone, and blackberry.

Wireless protection methods:
Be aware of who is on your networks (possibly my next blog post).
Use VPN services (also a future blog post).
Do not check email unless you know your email is secure (SSL).

The methods above are a start, but the best defense is to be smart on your surfing habits.

The other is element of security is physical security of the device. Please turn on your passcode locks, turn on the require password immediately, and the ever important wipe data after 10 failed attempts. I am not going to go into these steps because on the iPad they are almost exactly identical to the steps on the iPhone.

I have truly enjoyed the use of this device. I hope you have similar success as mine and continue to be safe as well!


Education Workshop – “Everyday Security – A Non-Geek Approach”

On Wed June 9th at 1P.M. I (Anthony Gartner) will be doing a presentation entitled “Everyday Security – A Non-Geek Approach”

I will be presenting it at the Keller Williams in Virginia Beach.  Everyone is welcome to attend please reserve your spot on Facebook so we know who will be there.

Everyday Security – A Non-Geek Approach

Type:     Education – Workshop
Date:     Wednesday, June 9, 2010
Time:     1:00pm – 2:00pm
Location:     Keller Williams Virginia Beach
Street:     1709 Laskin Rd
City/Town:     Virginia Beach, VA
Link:        http://www.facebook.com/?ref=logo#!/event.php?eid=124586864234469&index=1

Grassroots Security : What every small business owner and individual needs to know to protect their organization and what every individual needs to know to protect their laptops.

This will be an interactive discussion on how your data may be vulnerable and what you can do.

Things covered to include :

Using Care when reading and opening email attachments
Making backups of important files and folders
Using strong passwords
Using and installing and hardware firewall
Things you need to know before connecting to that “FREE” wifi
When to hire an IT professional

Have questions on privacy, intrustion, identity theft, virus, spam, worm, trojan horse, malware, spyware, etc… We will discuss and help answer these questions to avoid cyber crimes and security risks.


Some simple ways to protect your cell phone information

I was at the apple store today because i had to replace my iPhone.  It had a bad switch on it that would not let me put it in vibrate any more.  Apple resolved the problem problem my giving me a new phone.  This was a good answer for me as I have a phone that works for vibrate.

So why am I writing about this then.  Simple, I just gave someone I do not know a fully functioning, fully loaded cell phone with all my data and information on it.  Now I realize, that neither apple, or it’s employees are likely to want or care about my cell phone but what if…

What if my phone had been stolen instead, or what if I had purchased the phone from a kiosk, or a private vendor.  This vendor honors the warranty for the phone and replaces it.  I have now given the vendor all the private information on my phone. At the very least they can look though any pictures that may reside on the phone, or look though my phone book for numbers of people I may know.

There are a couple more what if’s I would like to point out:
What if I happen to know someone famous and their private number is in my phone?
What if I have attached pictures / text messages of a person that should not be in public?
What if I have stored my password or critical information in the notes section of a contact?

This now leaves my data very vulnerable to whoever might not be quite as nice as I am.  I have now lost control of some very personal information.

So what can you do to prevent this from being a problem. I believe there are a couple ways to help mitigate the exposure of your data.  Most smart phones have a method to lock your phone.  This will require you to put in a password to unlock your phone for use.  The second is not on all phones but i believe it is still available on many including my iPhone.  The second method is a followup to the first.  The second method is a phone wipe.

You set the first and second by going to the following:

Settings on the phone

General iPhone Screen

Picture of the iphone screen for settings


General on the iphone screen

This is the General Tab on the iphone screen

Passcode Lock

Passcode Lock screen on the iphone

Passcode Lock screen on the IPhone

Enter your 4 digit code

Passcode Screen

Passcode screen for the Iphone

Re-enter your 4 digit code

Erase Phone screen

Erase Phone screen of the Iphone

I want to point out above the erase data is now set to 10 failed attempts

This combination of security measures will do the best to help you in your fight to keep your data private.  The final option is the remote wipe.  This option is not always available but in the case of an iPhone it can be done if you have Mobile Me from apple.  This is also something many blackberries have full access to as well when running on an exchange server.

Happy safe computing!!!


Have you Googled yourself lately?

I know, you are think why would I want to Google myself.  How could this possibly be security related?  Am not so vain I have to see what is listed about me?

Answer: YES, yes it is!

Here is my thought process on this.  Social Engineering, it is a clear and present danger to you, your business, your family.  I have spoke of passwords on several occasions, well when you tie in a Google search to yourself, you find a LOT of data out there that can arm a bad guy with a place to start gaining control of your identity.

Anthony Gartner - Google Search

I spoke in earlier posts that human nature is to use a password that is something you will remember.  Anniversary dates, kids names, pets are all fair game to user for passwords.  While this is a bad idea it is very common.  So based on the Google search you will find my web site.  This gives you both my name, my wife’s name, and my sons name. (cats name is Kitty) Don’t worry none of my passwords match any of these so don’t try :).

Image of AnthonyGartner.com Web site

So armed with the above information, if you have a password that is family related for ease, please stop reading this and go change it.

Another reason to do a search is to simply know what kind of things really are being said about you.  This is important if you ever go to apply for a job, security clearance, or even dating now.  If there are things being shown that you are unaware of you can research why they are there and ask the owner to withdraw it or adjust it.  Knowledge is the key!!!

So go do an Existential search on yourself!!!


Grass Roots Security will be presenting on 4-29-2010

Anthony Gartner will be doing a presentation on Thursday April 29, on the topic of “What is Cyber Security?”  It is part of a local meet up group for technology.

The presentation will be done at:

575 Lynnhaven Pkwy #101
Virginia Beach, VA 23452

Topics that will be discussed include:

  • Using Care when reading and opening email attachments
  • Making backups of important files and folders
  • Using strong passwords
  • Using and installing and hardware firewall
  • Things you need to know before connecting to that “FREE” WiFi
  • When to hire an IT professional

Have questions on piracy, intrusion, identity theft, virus, spam, worm, Trojan horse, malware, spyware, etc…We will discuss and help answer these questions to avoid cyber crimes and security risks.

More information can be found at the meetup site.

So please come out and look for me on Thursday Night!!!!


Turning on a Software Firewall on Ubuntu (Linux): Prep Step(s)

This post is meant to be a follow up to Anthony’s earlier entries regarding Firewall preparation.  Anthony had covered preparing your Windows XP/Vista/Win7 & Mac OS X software firewalls.

What about Linux though?  For those of you that just shook your head and asked “What the hell is Linux?”, it is an Open Source Operating System that has been around since 1991 and is worked on by thousands of developers.  It is probably the most configurable OS out there, but the heavy use of command line tends to scare many average users away.  There are many different distributions of Linux, with one of them being Ubuntu.  With the development of Ubuntu, Linux is now not only for the technically savvy (read: command line junkies).  Ubuntu has become a very popular version of Debian-Linux, which is a fairly stable Distro, that is excellent for average computer users and is focused on usability & ease of installation (read: lots of GUI).

With that said, I am going to focus on Ubuntu here.  The firewall that is used by Linux distributions is called iptables.  It is a command line utility that would make the average user faint.  In Ubuntu, the UFW or Uncomplicated Firewall was created, but is still another command line utility.  So, eventually, Gufw or Graphical Uncomplicated Firewall was born.  It is the GUI frontend for the UFW firewall utility.

The prep for the Ubuntu firewall is not as simple as with Mac OS X or Windows XP/Vista/7, but it is a very easy application to work with.  Let’s get started….

First off, Gufw is not installed by default.  Let’s get that taken care of.  Open a terminal and type apt-get install gufw:

Or, you can use the GUI, Synaptic Package Manger by going to System->Administration->Synaptic Package Manager, go to the search box and type in gufw and mark it for installation & click Apply:

Once that is done, open up Gufw by going to System->Administration->Firewall configuration:

Gufw will now open and you will see this when it first starts:

When you first enable the firewall, it will be set to Allow both Incoming & Outgoing traffic.  You will want to change the Outgoing traffic from Allow to Deny to start off:

Also, if you check in Edit->Preferences you will notice that both logging options are turned on by default and that you can set the log detail level you want.  You will need to play with this to get your desired results:

From there you can Add rules for your firewall:

Let’s start at the Preconfigured tab.  For example, let us say you have no intentions to use FTP (File Transfer Protocol) to remotely push files to your computer, you can use the options under the Preconfigured tab to set it up like so:

You can also go to the Simple tab and choose to either Allow, Deny, Reject or Limit incoming or outgoing communications over a specific port.  In the next example, I chose to reject incoming TCP connections to Port 23 (TELNET):

Finally, you can go to the Advanced tab and set rules that will Allow, Deny, Reject or Limit incoming or outgoing communications (TCP, UDP or both) from a range of IP Addresses and Ports:

Well, I hope this post sets you in the right direction.  For more information, check out the following resources:

The Gufw Project homepage: http://gufw.tuxfamily.org/wp/

The Ubuntu Community Help page: https://help.ubuntu.com/community/Gufw

Joe Garcia

Host- Cyber Crime 101



Simple ideas to avoid being compromised!!!

I have been spending a little bit of time on some message boards.  These are areas where you basically follow conversations that happen on a specific topics.  While perusing these boards I have seen an increase in people saying to ignore links that have been sent by a person or that the accounts they have had were compromised, and to ignore what might have been sent by the person.

This is a very common problem that people deal with.  What i find funny is how some simple adjustments to their behavior would have prevented this from happening.  The question this invites is “How to I keep from becoming a Victim?”

There are some common sense techniques that will help here.

- Email Links: Do not click a link in an email and expect it to be legitimate.  Bad guys do a GREAT job of duplicating a legitimate web sites look and feel. Especially for bank sites

- Passwords: I know I have gone into passwords before but it is worth repeating.  Change your passwords if nothing else when you reset your clocks for Daylight Savings Times.  Do not use forms of your passwords on sites.  This means you have given someone who manages to get your password a very great advantage to learning more.

- Limited User: Windows computers since Windows 2000 have had a concept of Administrator Users and Limited Users.  If you set up a second account on your computer as a Limited User, you will be expected to put a password in to allow your computer to function for many things like installing software.  This is a minor inconvenience, but a major life saver in the event you have a program trying to install that you did not know about.  It means you have to give it permission to work, and if you did not want it installed the installation will stop when you hit cancel.

Image of the Standard User Selection

Choose Standard User

- Updates: Update your Windows Operating System, your Anti-virus, Spy-ware, Mal-ware, and Programs in general.  Many times patches and updates are released because of a security or program flaw.

These are simple ideas that add up to a fairly robust prevention scheme.  There is nothing that is rocket science on these ideas and nothing difficult to implement.

Fixing the problem, “after the fact” is always more difficult than a few minutes of prevention.

Happy Surfing (and hopefully safer too)!!!


Hear all about it!!! – Anthony Gartner from Grass Roots Security is interviewed by Joe Garcia of Cybercrime101

The other day, I was asked to come on to a friend’s podcast.  This was a treat because, I was asked to specifically talk about this blog.  It was a good question an answer session between me and Joe Garcia.  Joe does the Cybercrime101 Podcast.  It is a podcast about Staying safe as well.  I would encourage you to take a look at it.  It is a great cast to listen to for higher tech and for those that are not.

We talked on a variety of topics, including what I have done with the blog so far, as well as upcoming topics.  Guess you will have to go listen to it to see what the next set of topics will be.

I have set it up so that you can listen to the show at the bottom of this post, or you can go to Itunes to listen to it, or even go to Joe’s site to listen or download the show.  I think it will be informative and give you a chance to hear me speak on the topic of my passion.

Thank you for looking at this new endeavor

Anthony Gartner