Real World Threats

1
Real World Threats October 19, 2000
2
Traditional dead horse wisdom

• Dakota (Sioux) tribal wisdom says
• "When you are riding a dead horse the best
  strategy is to dismount."

3
When riding a dead horse...

• Buying a stronger whip

4
When riding a dead horse...

• Appoint a committee to study the horse

5
When riding a dead horse...

• Comparing the state of dead horses in todays
  environment

6
When riding a dead horse...

• Change the requirements declaring that "This
  horse is not dead.

7
When riding a dead horse...

• Harness several dead horses together for
  increased speed

8
When riding a dead horse...

• Hire contractors to ride the dead horse.

9
Statistics of e-Commerce Growth

• The number of connected computers is currently
  29,670,000 in 240 countries and territories net
  wizards, 1997
• 23 percent of small-to-midsized businesses are
  now networked, up from 18 percent from last year
  IDC
• 28 percent of all hosts on the Net are in the
  .com domain net wizards, 1998
• There are only 147,000 Web storefronts but there
  may be as many as 1 million by 2000 IDC

10
Statistics of e-Commerce Growth

• Business-related Internet services are growing
  125 percent per
• year Forrester Research
• Worldwide revenue for the access market will
  reach almost 1.5 billion this year and will reach
  almost 15 billion by the year 2000 Forrester
  Research
• By 2000, U.S. companies will be spending 12.9
  billion a year to secure their computer networks
  Dataquest, San Jose, Calif

11
Some Internet Growth Statistics (source NSI)
Domain registration has increased rapidly,
especially in .com.
12
E-Commerce and Internet Losses

• 6 million internet users have experienced credit
  card misuse online national consumers league
• 12.5 billion in intellectual property losses in
  1998 IIAP
• In a survey of nearly 1,600 information
  technology professionals from 50 countries, 73
  percent of all companies reported some security
  breach or corporate espionage during the past 12
  months PWC/InformationWeek1998 Annual Information
  Security Survey
• The No. 1 concern, shared by 79 percent of 400
  senior executives, was, "protecting information
  systems from external intrusion DT Corporate
  Worries in the year 2005

13
Trend in Hacking Technology
Knowledge Required
Attack Sophistication
14
Concerns in the brick-and-mortar world

• Liability
• Loss of property
• Regulatory violation
• Embarrassment and reputation loss
• Loss of market share
• Extortion
• Fraud and embezzlement
• Systems outage

15
Concerns in thenetworked, e-commerce world

• Liability
• Loss of property
• Regulatory violation
• Embarrassment and reputation loss
• Loss of market share
• Extortion
• Fraud and embezzlement
• Systems outage

16
People are also exploiting network
vulnerabilities deliberately

• The public service hacker - trying to prove a
  point
• Hactivists - exposing societal issues
• Script Kiddies - surfing the web spray painting
  sites
• Corporate enemies - doing your business harm
• Disgruntled employees - getting even
• Corporate espionage - Intellectual property
  (marketing plans, RD information, manufacturing
  processes)

17
e-Commerce and e-Businessneed secure systems

• Maintain the trust of your customers
• Avoid damage to your image
• Control access to your intellectual property
• Protect the integrity of the information you
  present
• Deny competitors market advantage

18
Shareholder Knowledge and Due Diligence
19
Find a Company to Hack
20
Oil Company Identified as Target
21
Gather Data on Targets Operations

• Gather Site Data
• Look for possible
  Network Links
• Identify all Partner
  and Alliance Companies

22
Gather Data on Affiliates and Partners
23
Gather Data on Affiliates Operations
24
Internet Target Location Identified
25
Identify Other Domains Owned by the Target
26
Tools and Information Resourcesfor Hacking
Some tools were written purely to help Systems
Administrators
Some tools were written to identify and exploit
security vulnerabilities
27
Search for Tools to Probe Target
A single search for hacking scanning tools
shows 2070 Hits
28
Freeware Tools Gather Details About Target
Network and Systems
29
Internet Address and Open Ports Verified
30
Computer Platform Type Identified
31
Search for Hacking Tutorials
Search for Hacking Tutorials shows 4,240 Hits
32
Pick a Tutorial for Computer Type
33
Research Tutorial for Computer Type
34
Key Stroke Level Instructions Available
35
Search for Tools for Computer Type
36
Pick Tools for Computer Type
37
Select Tools for this Attack
38
Scan Target for Vulnerabilities
39
Scanner Tools can Check for Numerous Problems
40
Password Crackers Search for Weak Passwords
41
Password Crackers Search forWeak Passwords
42
Exploit Vulnerabilities Found
43
Install Trojan For Remote Access

• Back Orifice Features
• DNS stuff, Ping, Query
• Get passwords
• Get system info
• Log keystrokes
• Send message box
• Http fileserver
• Recieve file
• Port redirection
• Choose between XOR and 3DES encryption
• Shutdown/Restart server
• Send file
• Add/List shares on Microsoft networks

44
Index of Back Orifice and Some of Its Many
Optional Modules
45
Back Orifice Help Files Provide Instructions for
Novices
46
Back Orifice Interface to Compromised System
47
Sniffers are used to StealPasswords and Data
48
Free Tools Remove Attack Data From System Log
Files
49
ClearEvent Modifies NT Logs
50
Zap Modifies Unix Logs
51
Help File for DOS Attack
52
Phase 1 Scope
Determine and Verify target scope - Whois -
Nslookup - ICMP sweep - Port scans
Host1 - telnet - ftp
Host2 - ssh - smtp
Internet
Host3 - telnet - dns
53
Phase 2 Vulnerability Scan
Host1 - telnet - ftp
Scan for vulnerabilities using - Commercial
network scanning tools - Freeware tools -
Custom scripts
Host2 - ssh - smtp
Internet
Host3 - ssh - dns
54
Phase 3 Exploit Vulnerabilities
Exploit vulnerabilities using - Freeware tools
- Custom scripts - Network Sniffer
Host1 - telnet - ftp
Host2 - ssh - smtp
Internet
Host3 - ssh - dns
55
Phase 4 Denial of Service
Host1 - telnet - ftp
Host2 - ssh - smtp
Internet
56
Single Limiting Concern

• TRUST

57
Trust Concerns

• Web Site
• Intranet
• Internet Connectivity
• Intellectual Property
• Employee Lists
• Marketing Strategy/Leads

58
Trends in the Threats toe-commerce e-business

• Distributed Denial of Service Attacks
• Back Orifice and BO2K
• More Wide spread use of secondary source attacks
• Use of Insiders to facilitate the crimes
• Use of hacking information is also being used
  for criminal activity

59
So what do you do?

• Dont panic Dont NOT THINK ABOUT the issue
• Dont rush into a solution there is NO SILVER
  BULLET SOLUTION
• Develop a plan
• Decide what you need to protect
• How much protection is worth
• How much loss/compromise/denial of service will
  cost

60
So what do you do?

• Find experts to help make sure they are
  disinterested and independent of products
• Find out what your peers are doing Outside your
  verticals as well as inside
• Execute the plan
• Protection
• Detection
• Reaction

61
So what do you do?

• Guiding principals
• Protect things of value commensurate with the
  value
• Detect when things are going wrong
• React appropriately and expeditiously to detected
  threats
• Remember its your business FIRST not a Law
  Enforcement activity
• Be prepared

62
Small Business and Home Computer Security
Modem Connectivity
?
Identity Theft!!
63
Massively Parallel Attacksaka DDOS
Attack Controller/Master Host
Attacker
ISP
Victim
64
When did we loose control?
65
Para-Protect
Ops Center 24 Hour Hotline -- 888-402-7272
5870 Trinity Parkway Trinity One Suite
200 Centreville, VA 20120-1967 Phone
703-266-2805 Fax 703-266-2806 Email
info_at_para-protect.com Web http//www.para-prote
ct.com