Security Relearn Procedure Steps for Vehicles with Vehicle Theft Deterrent (VTD)

1. Attempt to start the car by turning the key to the Start/Run Position.
2. Observe that the vehicle fails to start and that the security light is illuminated.
3. Release key to the ‘On/Accessory’ Position. (Do NOT turn the key to the ‘off’ position.)
4. Allow the vehicle to sit in the ‘On/Accessory’ Position for NO LESS then 15 minutes.
5. Turn key to off position and allow the vehicle to remain in the ‘OFF’ position for NO LESS then 30 seconds.
6. Repeat #1 through #5 for 3 cycles.
7. On 4th attempt, car should start.

Properly executed, this procedure should take approximately 45 minutes to complete.

After you’ve acquired the smartcard readers and installed them on each computer, you need to prepare the smartcards. Each smartcard requires a certificate. To get that certificate on each smartcard, you need a certification authority (CA). To issue smartcard certificates, you need an Enterprise CA server. Most of the particulars for the installation of the CA aren’t significant when it comes to simply issuing the smartcard logon certificates. However, they may be important if you have other things planned for your CA.

If you don’t already have a CA and you have no real preference on how to install it, you can follow these steps:

1. Log on as a member of the Enterprise Admins group.
2. Open the Windows Control Panel, open Add/Remove Programs, and click Add/Remove Windows Components.
3. The Certificate Services option is in the list of Windows components. Select that option and follow the wizard to install. The first thing you’ll see is a warning message telling you that you cannot change your machine name or domain membership. Keep that in mind, click OK, and then click Next.
4. When the CA Type selection box appears, make sure that you’re installing an Enterprise CA and then click Next.
5. In the CA Identifying Information box, enter a name for your CA and then click Next.
6. In the Certificate Database Settings dialog box, leave the default settings (unless you know that you want to change them) and click Next. You’ll need the CD-ROM or installation files in a couple of seconds.
7. If you don’t have Internet Information Services (IIS) installed, you’ll be prompted to install IIS to get web enrollment working. If you don’t plan to do any web enrollment, you can just click OK and don’t worry about it. Click Finish when it’s all over.

Next, you need a smartcard logon certificate template.

Creating the Template

After you have the CA installed, you need to manage it a bit. Create an MMC with the following snap-ins:

• Active Directory Users and Computers
• Certification Authority
• Certificate Templates

Now that you have the console configured, click Certificate Templates and look for the Smartcard Logon certificate in the right-hand pane. Right-click the Smartcard Logon template and select Duplicate Template.

At this point, you get a Properties of New Template dialog box, as shown in Figure 2. (Name your template whatever you want.) Be sure to select Publish Certificate in Active Directory if the box isn’t already checked.

Click the Request Handling tab and then select Signature and Smartcard Logon in the Purpose drop-down list. You want the user to be prompted to insert a smart card during logon, so select the option Prompt the User During Enrollment (see Figure 3).

Before you leave this dialog box, click the CSPs button near the bottom to open the CSP Selection dialog box, where you can select the appropriate cryptographic service provider (CSP). For example, I use a smartcard produced by Schlumberger, so I chose the Schlumberger CSP, as shown in Figure 4.

Caution

I have seen lots of sites around the internet that tell people that it is possible to run Airsnort in a Windows environment. If you don’t know, Airsnort is a wireless network sniffer. It can sniff wireless traffic, and if the signal is using WEP, Airsnort can take a shot at cracking the WEP key and showing you the key.

This is not easy of course, and it will take a VERY long time. The time is more dependent on how much wireless traffic that network is creating, making more packets, and thus making cracking the WEP keys chances more possible.

First, you will need a supported wireless card, so before we begin, if your card is NOT on this list, give up now, or go out and find a card on the list. I cannot guarantee that any will work for you. The card that I use is an Orinoco Classic Gold PC Card from Agere Systems. It is an B ‘11MBPS’ only card, so I use it mainly for snooping around.

[ List: http://www.wildpackets.com/support/product_support/airopeek/hardware ]

The product page displays AiroPeek from WildPackets. If your card IS on this list, go ahead and grab a copy of the driver listed in that table, and a demo of AiroPeek NX from WildPackets.

[ Download: http://www.wildpackets.com/products/demos/apwnx ]

Download that demo, because we need 3 files from the installation, you can remove the program once we are done.

You are going to need to force your wireless card to use the new driver you downloaded from the website.

You are now going to need to download some files from Archaic Binary here that I have gathered for you in a nice zip file. Included in this zip file are…

1. AirSnort (Sources and Binary)
2. atk
3. glib
4. gtk
5. pango

Nothing needs to be installed, just unzip the files in a location of your choice. I choose to unzip directly in C:\Program Files and it will create the folder Airsnort for you. Now you will need to browse to the folder where you installed AiroPeek NX and copy Peek.dll, Peek4, and Peek5 files into your Airsnort/bin directory.

You will now need to modify your Environment Variables to include the folders above in your path, so Airsnort can find them.

Right click on ‘My Computer’ and choose Properties OR
Hold the Windows Button and click Pause/Break OR
Click on the Start Button and right click ‘My Computer’ and choose Properties.

At the top choose the Advanced Tab, then click on the Environment Variables button at the bottom.

In the System Variables area, choose Path and click ‘Edit’. At the end of the Variable Value copy and paste this line in, or type it in. Make sure you change it to something different if you put the Airsnort files in a different area then C:Program FilesAirsnort.

[ Path: C:\Program Files\Airsnort\atk\bin;C:\Program Files\Airsnort\glib\bin;C:\Program Files\Airsnort\gtk\bin;C:\Program Files\Airsnort\pango\bin;C:\Program Files\Airsnort\bin ]

Click OK, then OK again, and last OK again.

You should be completely out of the System Management Dialogs.

Go to the folder where airsnort resides and run the airsnort.exe file in the bin directory.

Good Luck!

Edit: Here is a link to the file download on my site. It was in another post, but I will link it here as well.

  Wireless Pack (4.5 MiB, 1,597 Downloads)

So you want to download files from sites that are using Bittorrent? But have no idea how to start? No problem, I am going to walk you through downloading files using a Bittorrent client.

First, you are going to need a piece of software called a Bittorrent client. There are quite a few programs that will do this task, but I like using uTorrent, and thats what I’m going to walk you through.

Get uTorrent by clicking here [Link: http://www.utorrent.com/download.php ]. I recommend that you download the Installation Program version, as you can easily remove it later on, if you don’t have a use for it.

When the file is done downloading, double click to open it. Choose your language from the list and click OK.

Click Next on the Welcome Screen. The default Destination Folder is best in most cases, click Next at the bottom. The installer will now ask you what to call the start menu folder, click Install at the bottom, as the default is fine.

When it is done, click Finish at the bottom. Lets configure the client now.

You can delete the file that you downloaded if you wish, then go to Start -> Programs -> uTorrent and run uTorrent.

The welcome message will display, you can click on No, because we already have a shortcut on the start menu. uTorrent will now ask if you wish for it to be the default application for .torrent files. Go ahead and click Yes, this will make your life much easier.

The next screen is where things get a little confusing. For uTorrent to download files more efficiently you have to forward a port in your router, it can be any number you choose at the bottom. Default is 32459. I will have to let you refer to your routers manual if you have a router.

Click Run speed test at button and choose the best speed for what the site returns to you. Then, click Use Selected Settings at the bottom of the dialog.

Now you have completed the install of uTorrent.

Now the easiest way to download files, is to find a tracker website, and follow their way to download the .torrent files, when your browser goes to download the file, uTorrent will open the file and begin.

Althrough there is no proven way to completely protect yourself from the money hungry bastards that want to limit and control the P2P networks, there are some ways that you can protect yourself.

First of all, don’t share your entire hard drives. I have seen people sharing their entire C: drive. (Windows users of course)

Second, use some sort of program that will block connections to and from servers and clients that are known as fake, bad, corrupt, or just some unknown that seem suspicious. Two programs I know of are… Protowall and PeerGuardian.

After you have an IP Blocking Program, you have to keep it updated. There are probably many more, but I use Blocklist Manager which can update block lists for eMule, PeerGuardian, Protowall and many more.

Third, if you are sharing lots of files, DON’T leave your P2P program running 24/7 if your not downloading anything!

In this walk through (although not very long) we will have an already up and running pfSense firewall system, and that your internet connection is working properly. On the other end, you have a Linksys BEFVP41 with a working internet connection.

1. On the pfSense router login to the web interface and choose from the menu, VPN then IPsec.

2. Check the box Enable IPsec if it is not already, and click Save.

3. Click on the + (plus) sign near the bottom of the table to add a new tunnel.

4. In the ‘Remote Subnet’ box put in the network segment on the Linksys BEFVP41’s side. If you use the default 192.168.1.1 then enter that and choose / 24 in the drop down.

5. In the ‘Remote Gateway’ box put the WAN IP Address of the Linksys BEFVP41.

6. For a description, enter anything you like, I will use Main Linksys BEFVP41.

7. Negotiation Mode = Aggressive

8. My Identifier = My IP Address (Blank text box)

9. Encryption Algorithum = 3DES

10. Hash Algorithum = SHA1

11. DH Key Group = 2 (2 is 1024bit)

12. Lifetime, I use 3600.

13. Authentication Method, use Pre-Shared Key

Scroll down the page…

14. For Protocol choose ESP

15. Encryption Algorithms = 3DES (Uncheck the rest)

16. Hask Algorithms = SHA1 (uncheck MD5)

17. PFS Key Group, choose 2 (for 1024 bit)

18. Choose 3600 for lifetime seconds.

Click save, and you will be returned to the IPsec page. Click Apply Changes for this part to be complete.

19. Login to your Linksys BEFVP41 and choose the VPN tab at the top.

20. Click enable this tunnel, and give it a name.

21. The local secure group should be the subnet for the Linksys BEFVP41 side of the network.

22. On the Remote Secure Group choose Subnet, and type in the subnet on the pfSense side of the network…

Example:

pfSense Network: 192.168.100.0
255.255.255.0

Linksys Network: 192.168.200.0
255.255.255.0

23. In Remote Security Gateway type in the WAN address of the pfSense router.

24. For Encryption, choose 3DES and for Authentication choose SHA1.

25. In Key Management use, Auto (IKE)

26. Check the box for PFS.

27. Use the same pre-shared key you used in the pfSense router, and make the lifetime 3600.

Click on the Apply button. When the page reloads click on the Orange Advanced button.

Phase One
—————-

28. Operation Mode = Aggressive Mode

29. Encryption: 3DES; Authentication: SHA; Group: 1024-bit; Lifetime: 3600 seconds.

Phase Two
—————-

30. Group: 1024-bit; Lifetime: 3600 seconds

31. Check the Anti-Replay and Keep Alive box to keep the connection active.

Apply, then Close This Window.

From a computer on the Linksys side, ping a computer on the pfSense side, it may take a second, then data should flow through.

In this tutorial we will setup Certificate Services on a Windows 2003 server. I am going to use the same server as I did with the Active Directory; Windows 2003 walkthrough, so my installation will be with an already completed Active Directory Domain. If you do not have Active Directory, I recommend you do before using Certificate Services, as they do like working hand-in-hand.

First, let’s load up our server and login as the Administrator. When we are at the desktop, let’s to go Start -> Settings -> Control Panel then open ‘Add / Remove Programs’. On you’re left click on ‘Add / Remove Windows Components’. When it is fully loaded, find ‘Certificate Services’ in the list and check the checkbox next to it. A pop-up dialog will come up informing you that you cannot change the name of the machine and such when you have become an Certificate Authority, so click ‘Yes’ then click ‘Next’.

Now we are given the opportunity to choose what type of CA (Certificate Authority) we want to setup. Since this is a clean install of Windows 2003 and we don’t have any certificate servers I am going to choose the default, ‘Enterprise root CA’ and click ‘Next’.

We now have to enter Identifying Information for this CA. In the Common Name box, put a short name to describe your network or a company name, for my purposes in this document I will use Testing Walkthrough as the ‘Common name for this CA’, and click ‘Next’.

The next area you will have to configure is the Certificate Database Settings, since these are just places to store files; the defaults are good for us. Let’s continue, click ‘Next’.

Windows should start copying files, and you will probably need your Windows 2003 CD in the drive to continue.

During the copy, you may come to a popup stating that Internet Information Services is not installed on this computer, and that we will need it for Web Enrollment Support. Since I think this is usually a good system to use (Web Enrollment) lets do just that.

Click ‘Ok’ on this dialog and let Windows finish the install of Certificate Services, when it is complete you will be able to click ‘Finish’ to close the Windows Components Wizard.

You should now be back at the Add / Remove Programs window and you can once again click on ‘Add / Remove Windows Components’. In the list select Application Server (do not click the checkbox next to it) and click ‘Details’. In this second box choose ‘Internet Information Services (IIS) and it will choose ‘Enable network COM+ access’ for you. Click ‘Ok’ then click ‘Next’ on the Windows Component Wizard. Windows will now copy files from the CD and finish that installation.

Once the Window that is installing the components disappears you can close any other windows that are open, and return to the Desktop.

Let’s check our settings now…

Open; Start -> Programs -> Administrative Tools

You should have some new items! Internet Information Services and Certification Authority.

Open Certification Authority. On the left you will have the normal tree view, click on the item you named your CA when setting up the CA. Mine was ‘Testing Walkthrough’ under here you should have a ‘folder’ called ‘Issued Certificates’, click on it and on the right you should have at least one issued to the CA itself.

Most of what the Certificate Server does it automated through IIS and Active Directory. So, your job is done. Close all Windows and logout.

Enjoy.