Title: No name
1?????????? ??????? ??????????????? ???
????????????????????????
???????? ??????? ??????????? ????????????
????????? ??? ???????????? ISS Certified
Security Instructor Check Point Certified
Security Engineer
2?????
????? - ????? ???????? ??? ?????????
?????????????????? ???????? ??????????, ???????
???????? ? ?????????? ?????? ????? ?????????????
??????????? ?????????????? ???????.
3??????? ??????????
????????? ???? ???????????????? ?????????? -
81 ?????? - 77 ?????????? -
44 ??????? ???? ?????? -
85 ??????????????? ? Internet ??????????? -
79 ??? ?? ??????? ??????????? - 71 ????? ?
???????????? - 27 ????? ??????? -
25 ????? ???????????????? ?????????? - 20
???????? 2000 Computer Crime and Security Survey
4??????? ??????????
- ? 2000 ?. ???? ????????????? 1375 ???????????? ?
????? ??????? ??????????, ??? ? 1.6 ????
????????? ?????????? ??????????? ????. - 584 ?????? ?????????????? ??????? ? ????????????
?????????? - 258 ??????? ?????????? ?????????????? ????? ?
??????????? ???????????? ??????? - 172 ?????? ???????? ? ??????????????? ???????
- 210 ??????? ????????????? ? ???????????
???????????? ??????? - 44 ?????? ????????? ?????? ???????????? ???
???????? ?????????? ? ??? ??????
5?????????? ?????????
- 1989 ?. ??????????? ??? ????????? ?????????
- 1991 ?. ?????????????? ????????? ??????
????????????? - 1996 ?. ??????????????????? ????? Chevron
????????? ????????? - 2001 ?. ??? ? ????????? ????????? ??????
?????? ?????????
6??????? ??????????? ?????????? ????????
7???? ?? ?????????
-
- 27 ????? www.xakep.ru
- 14 ????? www.adobe.com
- 10 ??????? www.mcc.rsa.ru
- 21 ?????? www.formula1.ru
- 30 ??????? www.ntv.ru
- 12 ??????? www.tv6.ru, www.vist.ru
- 6 ??????? www.void.ru
- 4 ??????? www.luzhniki.ru
- ? ?.?.
8(No Transcript)
9(No Transcript)
10(No Transcript)
11(No Transcript)
12(No Transcript)
13(No Transcript)
14(No Transcript)
15(No Transcript)
16(No Transcript)
17?????????? ?????????? ???????
18????? ??????????? ??????
Web ??????
???????
???
??????
????
E-Mail ??????
??????? ???????
19????? ??????????? ??????
Web ??????
???????
???
??????
????
E-Mail ??????
??????? ???????
20??????????????
?????????????
Web ??????
???????
???
??????
????
E-Mail ??????
??????? ???????
21???????????? ????????????
?????????????
Web ??????
???????
???
??????
????
E-Mail ??????
??????? ???????
22????? ?? ?????????? ?????
?????????????
Web ??????
???????
???
??????
????
E-Mail ??????
??????? ???????
23??????? ??????
?????????????
Web ??????
???????
???
??????
????
E-Mail ??????
??????? ???????
?????????? ????
24??????? ??????
?????????????
Web ??????
???????
???
??????
????
E-Mail ??????
??????? ???????
?????????? ????
25????????? ??????
?????????????
Web ??????
???????
???
??????
????
E-Mail ??????
??????? ???????
???? ??????
???????????
26????? ?? ?????????? ?????
Web ??????
Web ??????
??????
??????
Virtual Private Network
???
???
E-Mail ??????
E-Mail ??????
27?????????? ?????????? ???????
- 27 ????? Raptor Firewall
- 15 ??????? WatchGuard Firebox II
- 29 ?????? Borderware Firewall
- 29 ?????? WatchGuard Firewall
- 28 ?????? ipfw
- 14 ?????? NetScreen Firewall
- 11 ??????? VPNet
- 10 ??????? WatchGuard SOHO
- 30 ?????? SonicWALL SOHO2 Firewall
28????? ?? ???????????? ??????? ???
???????? US Defense Information Systems Agency
29???????? ??????? ??????
1 ???? ?????????? ?????? (firewalls)
2 ???? ???????? ?????????? VPN
3 ???? ?????????? ???????????? (SVN)
30??????????? ????
31????? ????????????? ?????
???? ??????????
?????????? ?????
?????????? ?????
- ???????? ?????????
- ????????? ????
- ????????????? ?????
- ???????????? ??????
- ????????????? ??
- ????????????? ???? ????
- ????????????? ???????????
- ?????????????
- ???????????? ????????
32??????????? ???? (intrusion detection)
- ??????? ????????????? ? ???????????? ??
?????????????? ????????????, ???????????? ??
?????????????? ???????.
33??????? ??????????? ????
???? ??????????
?????????? ?????
?????????? ?????
???? ??????????
1. ?????? ???????????? (security scanners)
34??????? ??????????? ????
???? ??????????
?????????? ?????
?????????? ?????
???? ??????????
?????????? ?????
1. ?????? ???????????? (security scanners)
1. ??????????? ???? 2. ???????? ???????
(deception systems)
35??????? ??????????? ????
???? ??????????
?????????? ?????
?????????? ?????
???? ??????????
?????????? ?????
?????????? ?????
1. ?????? ???????????? (security scanners)
1. ??????????? ???? 2. ???????? ???????
(deception systems)
1. ???????? ??????????? 2. ?????? ?????
36??? ???? ??????????? ????
1. ??? ?????????????
2. ??? ?????????????
3. ??? ?????????????
37??? ???? ??????????? ????
1. ???????? ????
2. ????????? ?????????? ?? ??????
3. ?????? ??????? ?????????? ?? ??????
38?????? ??????? ??????????
- ?????? ??????
- ?????????????????? ??????
- ????????????? ???????
- ?????????????????? ???????
39?????? ?????? ???????
- ???????????
- ?????????
- ??????????? ??? ?????? ???????, ?????????? ?
???????????? ???????
- ??????????
- ?? ? ???????? ?????? ???????
- ??????? ????? ??????? ????????????
- ??????
40?????????????????? ?????? ???????
?????????????
- ???????????
- ???????????? ?????????
- ???????????? ????????, ?????????? ? ????????????
???????
- ??????????
- ?? ? ???????? ?????? ???????
- ??????? ??????? ????????????
- ?? ????????? ?? ??????????? ????
- ?? ?????????????
41?????????????????? ?????? ???????
?????????????????? ??????????
- ???????????
- ????????? ?? ??????????? ????
- ? ???????? ?????? ???????
- ??????? ??????? ????????????
- ?????????
- ??????????
- ?????????? ??????
- ??????? ???????????? ??????????????? ?????????
42?????????????????? ?????? ???????
?????????????????? ????????????
- ???????????
- ????????? ?? ??????????? ????
- ? ???????? ?????? ???????
- ?? ??????? ??????? ????????????
- ???????? ?????? ? ???????? ?????????
- ????????????????
43???????? ???????
- TCPdump ??? WinDump
- ftp//ftp.ee.lbl.gov/TCPDump.tar.Z (Unix)
- http//netgroup-serv.polito.it/windump (NT)
- Event Viewer, Network Monitor, Sniffer Pro ?
?.?. - Snort, LIDS, arachIDS, DTK ? ?.?.
- http//www.snort.org (Unix)
- http//www.datanerds.net/mike/ (NT)
- RealSecure Network Sensor, OS Sensor, Server
Sensor
44???????? ????
- ?????? ???????????? ???????
- ???????????? ???????
- ????????????? ???????????
- ????????????????? ????????? ???????? ???????
- ?????????????? ????????
- ???????????? ????????
- ?????? ????????
45?????? ???????????? ???????
- ????????? ????????
- ????????? ?????????
- ???????
46?????? ???????????? ???????
????????? ????????
47?????? ???????????? ???????
????????? ?????????
095225.349706 hacker.ru.1797 gt infosec.ru.12
S 095225.375756 hacker.ru.1798 gt infosec.ru.11
S 095226.573678 hacker.ru.1800 gt infosec.ru.10
S 095226.603136 hacker.ru.1802 gt infosec.ru.9
S 095228.639922 hacker.ru.1804 gt infosec.ru.8
S 095228.668172 hacker.ru.1806 gt infosec.ru.7
S 095232.749958 hacker.ru.1808 gt infosec.ru.6
S 095232.772739 hacker.ru.1809 gt infosec.ru.5
S 095232.802331 hacker.ru.1810 gt infosec.ru.4
S 095232.824582 hacker.ru.1812 gt infosec.ru.3
S 095232.850126 hacker.ru.1814 gt infosec.ru.2
S 095232.871856 hacker.ru.1816 gt infosec.ru.1
S
???????????? ?????? (????????)
48?????? ???????????? ???????
????????? ?????????
192957 tcp src 203.77.125.51 dst 192.168.0.44
service 98 s_port 4975 len 60 192957 tcp src
203.77.125.51 dst 192.168.0.46 service 98 s_port
4978 len 60 192957 tcp src 203.77.125.51 dst
192.168.0.49 service 98 s_port 4982 len 60
192957 tcp src 203.77.125.51 dst 192.168.0.60
service 98 s_port 4996 len 60 192957 tcp src
203.77.125.51 dst 192.168.0.73 service 98 s_port
1037 len 60 192957 tcp src 203.77.125.51 dst
192.168.0.75 service 98 s_port 1040 len 60
192957 tcp src 203.77.125.51 dst 192.168.0.77
service 98 s_port 1044 len 60
???????????? ????? (????????)
49?????? ???????????? ???????
???????
141822.516699 130.92.6.97.600 gt server.login S
13827269601382726960(0) win 4096 141822.566069
130.92.6.97.601 gt server.login S
13827269611382726961(0) win 4096 141822.744477
130.92.6.97.602 gt server.login S
13827269621382726962(0) win 4096 141822.830111
130.92.6.97.603 gt server.login S
13827269631382726963(0) win 4096 141822.886128
130.92.6.97.604 gt server.login S
13827269641382726964(0) win 4096 141822.943514
130.92.6.97.605 gt server.login S
13827269651382726965(0) win 4096
SYN Flood (????????)
50????????????? ???????????
Mon Dec 27 014258 1999 error client
172.20.20.1 File does not exist
/web/home/www/www_home/cgi-bin/aglimpse Mon Dec
27 014258 1999 error client 172.20.20.1
File does not exist /web/home/www/www_home/script
s/iisadmin/bdir.htr Mon Dec 27 014258 1999
error client 172.20.20.1 File does not exist
/web/home/www/www_home/cgi-dos/args.bat Mon Dec
27 014258 1999 error client 172.20.20.1
File does not exist /web/home/www/www_home/cgi-bi
n/AnyForm2 Mon Dec 27 014258 1999 error
client 172.20.20.1 File does not exist
/web/home/www/www_home/cgi-bin/campas Mon Dec 27
014258 1999 error client 172.20.20.1 File
does not exist /web/home/www/www_home/cgi-bin/Cou
nt.cgi Mon Dec 27 014258 1999 error client
172.20.20.1 File does not exist
/web/home/www/www_home/carbo.dll Mon Dec 27
014258 1999 error client 172.20.20.1 File
does not exist /web/home/www/www_home/cgi-bin/fin
ger
51????????????? ???????????
220008.951009 128.175.13.74.53552 gt
10.0.0.3.80 P 16771772731677177342(69) ack
2169171174 win 8760 (DF) (ttl 242, id
12223) 220008.951345 128.175.13.74.53546 gt
10.0.0.13.80 P 16769035761676903645(69) ack
300977567 win 8760 (DF) (ttl 242, id
12223) 220008.952175 128.175.13.74.53558 gt
10.0.0.9.80 P 16776213221677621391(69) ack
2335601879 win 8760 (DF) (ttl 242, id
12223) 0000 4500 006d 2fbf 4000 f206 0465 80af
0d4a E..m/._at_....e...J 0010 0a00 0009 d136 0050
63fe 784a 8b36 74d7 .d...6.Pc.xJ.6t. 0020 5018
2238 4af8 0000 504f 5354 202f 6367 P."8J...POST
/cg 0030 692d 6269 6e2f 7465 7374 2d63 6769 2048
i-bin/test-cgi H 0040 5454 502f 312e 300a 436f
6e74 656e 742d TTP/1.0.Content- 0050 7479 7065
3a20 2a0a 436f 6e74 656e 742d type
.Content- 0060 6c65 6e67 7468 3a20 300a 0a00 19
length 0....
52????????????? ???????????
????????? ????
095225.349706 hacker.ru.1797 gt infosec.ru.1243
S
Jan 5 025639 input REJECT eth1 PROTOTCP
152.166.212.2182102 192.168.1.11243 L48 S0x00
I38494 F0x4000 T108 SYN (13)
Sub Seven (????????)
Jun 03 000626 FW1 Jun 03 2000 000800
PIX-2-106001 Inbound TCP connection denied
from 216.58.19.218/3483 to server1/27374 flags
SYN
53????????????? ???????????
????????? ????
BACKDOOR Attempt- Subseven
12/26-230942.219109 09027F22A2 -gt
0405F63451 type0x800 len0x4E 216.192.29.30
3216 -gt 206.18.108.1301243 TCP TTL64 TOS0xD0
ID11841 S Seq 0x4908C6 Ack 0x0 Win
0x2000 TCP Options gt MSS 536 NOP WS 0 NOP NOP
TS 0 0 Opt 9 (40) 0000 0000 0000 0000 0000 0000
0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
0000 0000 0000
Sub Seven (????????)
54????????????? ???????????
55????????????? ???????????
????????????
193301.479625 194.23.54.65.58112 gt
www.infosec.ru.2008 F 00(0) win
2048 193301.479836 194.23.54.65.58112 gt
www.infosec.ru.7007 F 00(0) win 2048
FIN-???????????? (????????)
SCAN-FIN 02/02-044915.135173
0D0584A46D0 -gt 0105A6C9A55 type0x800
len0x104 195.11.50.2042931 -gt my-squid53 TCP
TTL39 TOS0x0 ID2037 F Seq 0x32563E Ack
0x362C0000 Win 0x0
56????????????? ???????????
57????????????????? ????????? ???????? ???????
- ????????? ????????? ???????
- ????????? ?????????? ???????
- ?????????????? ?????? ???????
- ?????????????? ????????? ??????? ???????
- ???????? ???????? ???????
- ?????????????? ?????????????? ???????? ???????
58????????????????? ????????? ???????? ???????
????????? ????????? ???????
?????????? ???? (200.0.0.1)
???????
???
??????
????
????? ??????????? ????????????? ?????????
?????????? ???? (????????, 200.0.0.200)
??????? ???????
59????????????????? ????????? ???????? ???????
????????? ????????? ???????
?????????? ???? (200.0.0.1)
???????
???
??????
????
????? ??????????? ????????????? ????????? ???????
???? (????????, 194.33.67.98)
??????? ???????
60????????????????? ????????? ???????? ???????
?????????????? ?????? ???????
- 10..., 172.16.0.0. - 172.31.255.255,
192.168.. (RFC 1918 Address Allocation for
Private Internets) - ????? ??????????? ????????????? ??????
?????????? (????? Land) - ?????????????? IP- ? MAC-???????
May 10 092033.328 UTC SEC-6-IPACCESSLOGP
list 100 denied tcp 10.1.2.73(0) -gt
192.231.90.254(0), 1 packet May 10 092604.564
UTC SEC-6-IPACCESSLOGP list 100 denied
tcp 10.1.2.73(0) -gt 192.231.90.254(0), 4 packets
61????????????????? ????????? ???????? ???????
?????????????? ????????? ??????? ???????
- Stealth-????????????
- SYN\FIN-, XMAS-, FIN-, NULL-, RESET-????????????
05/28-133051.565335 209.203.5.15853 -gt
192.168.1.25553 TCP TTL22 TOS0x0 ID39426
SF Seq 0x6D3C03A1 Ack 0x69FD6C2F Win
0x404 05/28-041242.329244 24.10.224.10245651
-gt 192.168.2.242838 TCP TTL48 TOS0x0 ID3795
FPU Seq 0x69A5BDE3 Ack 0x0 Win 0x1000
02/02-044915.135173 0D0584A46D0 -gt
0105A6C9A55 type0x800 len0x104
195.11.50.2042931 -gt my-squid53 TCP TTL39
TOS0x0 ID2037 F Seq 0x32563E Ack
0x362C0000 Win 0x0 05/28-210923.686988
194.159.251.19027025 -gt 192.168.1.11186 TCP
TTL44 TOS0x0 ID64660 DF Seq 0xE4714
Ack 0xFFFFFFFF Win 0x0
??????? ???????????? (????????)
62????????????????? ????????? ???????? ???????
?????????????? ????????? ??????? ???????
- ?????????????? ?????????? RFC
- ?????????????? ?????????? ??????
- SYN FIN ? ?.?. (?????????????? ????)
- ???????????? ???? ( ????? FIN)
- TCP-????? ??? ????? ACK (????? ????????????
??????????)
01/23-011522.237103 195.11.212.18030975 -gt
192.0.97.8049708TCP TTL49 TOS0x0 ID12207
DFSFRPAU21 Seq 0x78FFC22C Ack 0x78FFC22C Win
0xC22C
63????????????????? ????????? ???????? ???????
?????????????? ????????? ??????? ???????
- ???? ????????? 0 (??? TCP ? UDP)
- ????????????? ?????? ??????
- ????????????????? ??????
212011.084066 172.20.20.1.0 gt ftpserver.1030 F
13107241310728(4) ack 3642168720 win 20496 urg
1250
64????????????????? ????????? ???????? ???????
???????? ???????? ???????
- ?????????????? ?????? ?? ????????????? ????????
??? ? ????????????? ???????? - ????? ?????? Telnet-??????? ?? ?????????????
????? - ?????????????? ?????? ?????????? ?? ????????
- ???????? ?????????? ? ?????? ????????? ???????,
?? ????????????? ?????????? ???? - ?????????? ?????? ????
65?????????????? ????????
- ????? ? ????
- ??????????????
- ????????? ???????
- ??????? ???????? ? ?????
- ???????
- ?????? ?????????
66???????????? ????????
- ???????? ? ??????????-?????????? ????????????
- ???????????? ??????? ??? ???? ??????????????
- ???????? ? ?????????? ?????????
- ???????? ????????? ????????????
- ???????? ? ??????????????????? ???????
- ?????????? ??????? ?? Internet-?????
- ???????????? ????????? ????????????
- ?????? ? ????? ???????????????? ???????
67?????? ?????????
- ??????????? ????????? ??????
- ????? ???? ???????
- ????? ? ????????????
- ? ?.?.
68?????? ?????????
????? ? ????????????
023106.162135 172.20.20.1 gt 255.255.255.255
icmp echo request 023106.597051 172.20.20.1 gt
255.255.255.255 icmp echo request 023106.98637
2 172.20.20.1 gt 255.255.255.255 icmp echo
request ttl 1 023107.162839 172.20.20.1 gt
255.255.255.255 icmp echo request
SMURF (????????)
Dec 22 161526 SEC-6-IPACCESSLOGDP list
Internet denied icmp 172.20.20.1 -gt
255.255.255.255 (8/0), 1 packet Dec 22 161626
SEC-6-IPACCESSLOGDP list Internet denied icmp
172.20.20.2 -gt 255.255.255.255 (8/0), 24 packets
69?????? ????????
- ????????? ???????
- 2600, Phrack, ?????
- ????????? ???????????
- DEFCON, ?????
- ?????? ????????
- Usenet, FIDO
- ????????? Web-???????
- rootshell.com, phrack.org, hackcity.com
70?? ? ?????? ????????? ???????
- ??
- ????????? ??? ???????????? ?????????
- ??????
- ????????? ??????? ????????????
- ?? ???????? ? ???????? ?????? ???????
- ???????????????
- ???????? ? ??????
- ?? ????????????? ??? ??????????? ????
- ??????? ??????? ??????????????? ?????????
71??????? RealSecure
72????????? ?????????????? ????
- ??????????????? ???????? ????? ??????
- ???????????? ??????, SATAN
- ?????????????? ??????????
- ??????????? ????????
- ????? ? ????????????
- SYN Flood, Ping of Death, Teardrop, WinNuke
- ??????? ????????????????? ???????
- Back Orifice, Netbus, L0pht Crack for Windows
- ????????? ?????
- ????? ?? MS IIS, MS Exchange, MS SQL Server
73????????? RealSecure
- RealSecure Sensor
- ??????? ?????? ???????? (Network Sensor)
- ????????? ????? (OS Sensor)
- ?????-????? (Server Sensor)
- RealSecure for Nokia
- RealSecure Manager
- RealSecure WorkGroup Manager
- RealSecure Enterprise Manager
- RealSecure Manager for HP OpenView
- RealSecure Manager for Tivoli
74???????? ?????????????
- ??????????? ????, ??????????? ?????? ????????????
???????? ?????????
- ?????????? ???????? ??????? (??????? ???????????
??????)
- ???????? ??????????? ????? (? ?.?. ? ?? ??????)
- ???????? ??????? ? ???????? ??????
- ?????? ?????????????? ???????
- ?????? ?????? ?? ???????????????, ???
75RealSecure Network Sensor
- ????????? Ethernet, Fast Ethernet, Token Ring,
FDDI ? Gigabit Ethernet
- ????????? ?????????? SMB/NetBIOS ? ?????
?????????? TCP/IP (IP, TCP, UDP, ICMP ? ?????? ??
?? ??????)
- ???????????????? ??? ??????????? Windows NT ?
Solaris
76RealSecure Network Sensor
???????????
- ?????? ????????? ????????????
- ?????? ?????? ??????? ?????
- ??????????? ? ???????? ?????? ???????
- ????????????? ?? ???????????? ???????
- ??????????? ???? ?? ?????????? ?? ????
- ????????????? ??????????? (Stealth-?????)
77RealSecure for Nokia
- IPSO, ?????????? ?? ?? ???? BSD ?? NOKIA
- ????????? ??????? ???????????
- ??????????? ??????? ??????????? ?
?????????????????? - ??????? ???????? ??????
78RealSecure OS Sensor
- ????????? ????? ??? ??????????? Windows NT
- Windows NT Security Log
- Windows NT Event Log
- Windows NT Application Log
- Unix Syslog
- Cisco Syslog
- ????????? ????? ??? ??????????? Unix
- (Solaris, HP UX, AIX)
- ????????? Syslog
- ????????? Syslog
- Cisco Syslog
- BSM log
79RealSecure OS Sensor
???????????
- ???????? ??????????? ??????????
- ??????????? ????????? ????
- ???????? ? ????????????? ?????
- ??????????? ?????? ??????
- ??????????? ?????? ? Decoy-??????
80RealSecure Server Sensor
- ??????????? ???? ?? ???? ??????? ?? ??????????
???? ????
- ???????????
- ??????????????????
- ??????????? ???? ????
- ?????? ? ????????????? ?????
- ???????? ? ????? ? ???????????
- ??????? ????????????? ??????????? ??????
81??????????? RealSecure
- ????? 700 ?????????????? ???????
- ??????? ????? ?????????????? ???????
- ??????? ????????? ???????? ??? ??????????? ????
- ???????????????? ??????????
- ????????? ???????? ???????????? ?? ?????
- ?????? ?? ???????????????????? ???????
- ????????? ?????????? ??????????? ? ???????
- ????????????? ?????????? ???????? ????
82???????? ????????????
- ??????????? ??????? ? ???? ??????
- ??????????? ?? e-mail, ???????? ? ?.?.
- ????????? SNMP ??? ?????? ???????? ??????????
- ????????? ?????????? ??????????
- ?????????? ???????????????? ? firewall
- ?????????? ??????? ?????? ??????????
- ?????? ????? ??? ??????????? ???????
- ??????????????? ???????? ??????????
- ?????????? ? ???????????? ??????? ???????
83????????? ???????????? ? ?????????? ???????
84??????????? ???????????? ??????? (?? ???????
RealSecure)
- ??????????? ? ???????????? ?? ????? ? ????????
?????? ??????? - ???????????????? ?? ?????? ????, ????????????
???????, ???? ? ??????????? ?? - ?????? ???????? ??????? ? ???????? ???????????
- ???????????????? ?????????? ????? ???????????? ?
?????? ??????? - ????? ?????????????? ???????
- ?? ??????? ??????? ???????????? ?? ?????????
- ?????? ? ?????? ? ????????? ? ????????????
- ?????????? ????????? ?????????? ???????
85?????????? ??????? ??????????????? ???
????????????????????????
???????? ??????? ??????????? ????????????
????????? ??? ???????????? ISS Certified
Security Instructor Check Point Certified
Security Engineer