Cracking/Network Security

1
Cracking/Network Security

• Pete Brillhart
• Joe Bradshaw
• Mike Adair

2
Topics

• Definitions
• Crackers/hackers
• Malicious software
• Web security
• Users
• Types of attacks
• Securing the Organization
• Case study
• Summary

3
Definitions

• Computer Security generic name for the
  collection of tools designed to protect data and
  thwart hackers
• Network Security protect data during their
  transmission
• Internet Security protect data during their
  transmission to a collection of interconnected
  networks
• Security Attack any action that compromises the
  security of information owned by an organization

4
Definitions - Continued

• Security Mechanism mechanism designed to
  detect, prevent or recover from a security
  attack.
• Security service a service that enhances the
  security of the data processing systems and the
  information transfers to an organization.

5
Crackers not Hackers ?

• Cracker - A person who breaks into computer
  systems, using them withoutauthorization, either
  maliciously or to just to show off.
• Hacker - One who is knowledgeable about computers
  and creative in computer programming, usually
  implying the ability to program in assembly
  language or low-level languages. A hacker can
  mean an expert programmer who finds special
  tricks for getting around obstacles and
  stretching the limits of a system.

6
Famous Crackers

• Kevin Mitnick Computer Terrorist - responsible
  for more havoc in the computer world today than
  virtually any other computer outlaw.
• Kevin Poulsen Cracker for the Dark Side - So
  good was Poulsen at cracking government and
  military systems that the defense industry
  offered him a dream job as a security-cleared
  consultant, testing the integrity of Pentagon
  security systems. By day, he hacked to protect
  government secrets. By night, he was a high-tech
  bandit whose intrusions became increasingly
  criminal.
• Justin Tanner Peterson "Agent Steal" - Peterson
  often spoke of his undercover work to help the
  FBI and other agencies bring down outlaw
  crackers. He had even helped police locate the
  incriminating files stashed by Kevin Poulsen.

7
Four Steps

• Gain knowledge about target
• Get some basic access to the target machine
  (exploit programs like FTP and sendmail or get a
  regular user)
• Get admin rights
• Cover tracks

8
Cracker Methods

• Social engineering
• Breaking and Entering/Dumpster Diving/Phone
  tapping
• Feds DO trash, just like us
• Exploit known vulnerabilities of systems
• Temporary Employment
• Denial of Service

9
Cracker Tools

• Google
• Telephone
• E-mail
• Port Scanner
• Vulnerability Checker
• Buffer Overruns
• Packet Sniffing
• Password Cracking
• Virus
• Most Cracker Software is available free on the
  Web.

10
Time to Crack

• LC4 90 of the passwords in 48 hours on a Win2K
  and NT
• PWLTool Most Win95 and Win98 passwords in under
  a minute
• WEP A day, a week, but not too long
• Excel 15 days on average
• JtR Fast. Supports Kerberos AFS and Windows
  NT/2000/XP LM hashes

11
Password Complexity
psw length Letters Digits too All
Printable 4 instantly instantly 8 minutes 5 4
minutes 20 minutes 9 hours 6 100 minutes 12
hours 27 days 7 45 hours 18 days 5 years 8 24
days 21 months 371 years 9 48 days 65
years 26,000 years
12
Script Kiddies

• Vixie crontab buffer overflow for RedHat Linux
• suid perl - text by quantumg
• Abuse Sendmail 8.6.9
• ttysurf - grab someone's tty
• shadow.c - Get shadow passwd files

13
Malicious Software - Viruses

• Computer virus attacks cost global businesses an
  estimated 55 billion in damages in 2003.
• 2002s cost was 30 Billion
• Cost has gone up 83
• According to Symantec there are 68,115 known
  viruses at the time of this presentation.

14
Do You Really Love me ??
Chris Britt, Springfield, IL -- From the State
Journal-Register. Visit The Journal Register
15
Viruses - Continued

• Viruses are getting more sophisticated.
• Backdoor.SdBot
• Connects to IRC servers
• Listens for commands to download and run files
• I-Worm.NetSky.aa
• Installs a backdoor
• Capable of DoS attacks

16
Worms

• Propagates itself from system to system
• Worms use network vehicles to transport
  themselves
• E-mail
• Remote Login Capability
• Remote Execution Capability
• Most Famous worm code red July 2001
• Blaster Infected 14 corporate machines
• Code Red Infected 360,000 servers in 14 hours

17
MS Blaster Worm

• Remediation cost 475,000 per company (median
  average - including hard, soft and productivity
  costs) with larger node-count companies reporting
  losses up to 4,228,000 
• Entered company networks most often through
  infected laptops, then through VPNs, and finally
  through mis-configured firewalls or routers.

18
WORM_SDBOT.UH

• First worm to imbedded a sniffer program
• worm drops a copy of itself as the file
  WIN32X.EXE in the Windows system folder
• creates several threads to be used for its
  sniffing, keylogging, and other backdoor
  capabilities

19
Trojan Horses

• A ordinary looking program that contains hidden
  code that when invoked performs some unwanted or
  harmful function.
• Common Trojans
• NETBUS.160
• Back Orifice 2000
• SubSeven

20
Web Security

• Web sites and applications growing Exponentially
• Increased web cracking activity
• "75 of all web servers running MS IIS 5.0 are
  vulnerable to exploitation." 
• Due to software vulnerabilities Microsoft is
  losing market share in this area.

21
Web Defacement

• Replacing your current homepage content with
  pornographic or other content to shame or
  humiliate your organization or used for
  political messages or statements related to
  current events.
• NASA Defacement

22
Users

• The Fred principle
• Fred the User
• Usually the first person to detect a network
  problem
• Usually the one to cause the network problem in
  the first place
• Office Internet expert just ask him
• Security nightmare

23
Users (cont)

• Things Fred can do to keep the network safer.
• Create a strong password (using numbers, and
  letters in combination)
• Change the password from time to time
• Be wary of emails and dont open attachments from
  someone you dont know and trust
• Run virus protection and keep it up to date
• Keep frequent with Windows security patches
• Think about using a different browser such as
  Mozilla Firefox
• Dont answer questions (phone or email) that
  request password or account information.

24
Attacks

• Two Types
• Passive
• Packet sniffing Traffic Analysis
• Release of message contents
• Active
• Masquerade one entity pretends to be a
  different entity
• Replay passive capture of data units and then
  retransmission
• Denial of Service prevents or prohibits the use
  of communication facilities

25
Attacks

• DoS- Denial of Service
• Wireless DoS Attacks
• Smurf
• Snork

26
Securing the Organization

• The cost of securing your organization should not
  exceed the cost of replacing your data, or the
  cost if data is released
• What does the organization need to protect?
• What is the security philosophy of the
  organization?
• What standards should be followed?
• Employee access to the data?
• Who is responsible for security?

27
Some Obvious Steps

• Install the patches
• Use decent passwords
• Limit number of administrators and frequency of
  administrator access
• Turn off unneeded things
• Its OK to use layers

28
Top Ten Security Problems

• Reaching the right balance
• Weak Authentication
• Management Tools
• Internet
• Weakest point on the net
• Diverse Technologies
• Physical Access
• Inappropriate Policies and Procedures
• Education
• Failure to Plan

29
Security Foundation

• Principles
• Security Policy Framework
• Security Criteria
• Standards
• Guidelines

30
Case Study

• Temporary person hired in a firm
• Full Scale industrial espionage simulation
• Complete multifaceted attack
• Open Source Research
• Misrepresentation
• Walk Through Facilities
• Internal Hacking
• Internal Coordination of external accomplices

31
Results

• All but one project compromised
• Information valued in the billions of dollars
• Pending litigation compromised
• Patent applications revealed
• Time length of attack 1.5 days
• Attack never discovered by IT staff

32
Blueprint for a full scale attack

• Manufacturing Information
• Other Sensitive Information

Open Source Info
Government Affairs
Knowledge as the Key

• Manufacturing Data
• Patent Applications
• Other Sensitive
• Information

NFS
Root Access
Vulnerability Scanner
Misc. Data
Misc. Data
33
Summary

• Threats to Organizational data increase daily.
• Information outages and network downtime cost
  Organizations money each year.
• As IT threats increase, the cost to secure the
  Organization increases as well.
• Organizations need sound security polices,
  training, disaster recovery plans and monetary
  support from key management to try diffuse this
  issue.

34
Demonstrations

• Network General NetAsyt Sniffer
• Attack Traces
• NMAP
• Netscan Tools
• Hex Workshop
• TCP View
• Google

35
E-mail Captured Via Sniffer
36
Web Traffic Capture

• CLU Web Mail Login

37
SSL Traffic