COUNTER HACK

1
COUNTER HACK

• Chapter 5 Reconnaissance

Information Networking Security and Assurance LAB
Department of Communication Engineering
National Chung Cheng University Chia-Yi, Taiwan
, ROC
Mike
2
Low-Technology Reconnaisance

• Socail Engineering
• Physical Break-in
• Dumpster Diving

3
Defenses against

• Social Engineering Attacks
• Physical Break-in
• Dumpster Diving

4
Socail Engineering Attacks

• Building trust.
• Manipulate the target person to divulge secrets.
• Gather confidential information.

5
Defenses against Social Engineering Attacks

• User awareness.
• Trained. give explicit direction.
• Not to give sensitive information away to a
  friendly caller.
• Building a place where the employee reset the
  password for 24 hours per day.

6
Physical Break-In

• Enter the company
• such as employees,temps,contractors etc.
• Plant malicious programs on internal system
• Having gained access to systems and information

7
Defenses against Physical Break-In

• Security badges to each and every employee.
• After 5 mins,each of your machine should bring up
  a screen saver requiring the user to type in
  password.
• Lock on cabinets with sensitive machines.

8
Dumpster Diving

• Trashing Gold.
• Discarded paper information.

9
Denfenses against Dumpster Diving

• A well-used paper shredder
• Important data gets deposited in the extra
  receptacle.

10
Search the Fine Web (STFW)

• How to get information about the target?
• Internet resources
• Whois Databases
• Tool
• InterNIC(www.internic.net)
• Allwhois Web site(www.allwhois.com/home.html)
• Network Solutions whois database(www.networksoluti
  on.com)
• Longest prefix matching
• Policy routing

11
General Purpose Reconnaissance Tools

• Sam Spade (www.samspade.org/ssw/)
• CyberKit (www.cyber-kit.net/index.net/index.html)
• NetScan (www.netscantools.com/nstmain.html)
• iNetTools (www.wildpackets.com/products/inettools)
  

12
Conclusion

• How to gets the information of the target?
• Tools

13
Conclusion

• Awareness