Security Lectures

1
Security Lectures

• Doug White
• CIS 375

2
Hacker Terminology

• Black Hats
• White Hats
• Script Kiddies

3
Basic Types of Attacks

• Passive (Data Collection)
• Probes and Scans
• NMAP, et. al.
• Network Mapping
• Social Engineering
• Sniffing Attacks
• Packet Sniffs and DSniff
• CryptAnalysis

4
Hacking Cont.

• Passive Attacks Cont.
• Detection
• Detect Promiscuous Mode or Prevent
• Self Scanning
• Honeypots!
• IDS SNORT/ACID
• Smart Logging

5
Hacking Cont.

• Passive Attacks cont.
• Trojans
• Subseven
• BackOriface

6
Hacking cont.

• Active Attacks
• Denial of Service
• Zombies and Spoofing
• The Smurf ICMP
• The Fraggle UDP
• Floods like SYNS or ACKS
• Ping of Death
• Worms and Scripts
• Script Kiddies and scans

7
Hacking Cont.

• Techniques and more terms
• Root Kitting
• Relay Attacks
• Buffer Overflows

8
White Hat Hacking

• Ethics and the Law
• The Telecommunications Act of 1996
• Due Diligence and Due Care
• Privacy Act
• Patriot Act
• The problem of international law and The Diamond
  Age (Neal Stephenson)

9
White Hat Ops

• Penetration Testing
• Security Assessment (QA type analysis)

10
Hacker Mentality

• Cyberpunk
• Neuromancer
• Snow Crash
• Blade Runner
• The Matrix
• Hacking Clubs
• Hacking4girlez
• The cult of the dead cow
• Stopped

11
Hacking Conferences

• Black Hat
• DEFCON
• Blackhat.org
• White Hat
• SANS.ORG
• ISC2.ORG

12
Hacking Training and Certs

• Intenseschool.com
• Certified Ethical Hacker

13
Security in Organizations

• Crypto
• History of Crypto
• Private Key cryptography
• Fast but key exchange is the major issue
• Public Key cryptography
• Slow so may not be usable in all circumstances
• Hybrid
• Use public keys to exchange private keys

14
Physical Security

• Gates, cameras, dogs, and guards
• Location of data centers
• Detection

15
Access Controls

• Data Classifications
• Secrets etc.
• Need to Know Issues
• System HIGH systems
• Data Control
• Destruction and archiving

16
Planning for Disaster

• Business Continuity Plans
• Disaster Recovery Plans
• Hot Sites
• Warm Sites
• Cold Sites
• Handling the flow of information

17
Disaster

• Mission Critical Systems Planning
• Time Horizons
• Data Transference
• Personnel Loss and Replacement
• Systems Loss and Replacement

18
Disaster Control

• Designated Press Contact
• Chain of Command
• Training, training, training

19
The Perimeter of Security

• End to End Security is The Correct Approach
• Secure not just a single point but all points
  from end to end.
• Every good security system has layering or
  onion skin approaches

20
For Example

• A workstation is in a room on the fifth floor
• The workstation is connected directly to a
  mainframe which is not connected to anything else
• The room is locked
• The room has camera surveillance
• The room has motion detectors
• The path to the room has same
• The front door requires a badge and voice code to
  get in
• The front door has a human guard

21
How do you crack the mainframe?
22
Easy

• Use badge
• Enter building
• Say hi to guard
• Open door with key
• Sit down
• Type

23
Building Network Security

• The same perimeter concept holds as for the
  physical world
• Consider the network in layers

24
Border

• CISCO IOS
• ACL controls
• Anti spoofing
• Static Issues
• Firewall
• ACL Controls
• Packet Filtering
• Stateful

25
Authentication

• VPN
• Kerberos

26
Confidentiality

• VPN
• Encryption

27
Non-Repudiation

• Digital Signatures
• Digitally signed documents and files

28
Log Management for Border

• Log everything, Review Little
• Expert Systems and Rule Based Exception Logging
• Log successful connections and multiple failures,
  validate successful connections against rule
  base, report connection issues
• Strip DOS, Probes, et. Al.

29
Log Everything, Review Little

• Egress
• Determine what sorts of connections are usual.
• Report unusual outbound activity
• Report dangerous activity (even if it is usual)

30
The Beginners Guide to Pen Tests

• Some basic Scenarios
• Hackers External
• Has no prior knowledge (or only public knowledge)
• Has dumpster diving knowledge
• Has only external restricted access
• User External
• Is connected and has limited access to internal
  systems via VPN or other medium
• Hacker Internal
• Has gained physical access to facilities either
  covertly or overtly (employee)
• May have varying levels of access

31
More Pen Testing

• More Basic Scenarios
• Disgruntled Employee Dismissed
• May have some back door access
• May still have account access
• May still have remote access
• Disgruntled Employee On Board
• May have massive access
• May have unlimited use
• May be able to obtain additional physical access

32
Risk Assessment

• You can never eliminate all risk.
• Some risks must be accepted
• Some risks must be mitigated
• Cost benefit analysis is used to determine if the
  security is worth the cost.
• E.g. your 1967 Chevrolet is worth 78. Should
  you install a 1000 security system to protect it?

33
Pen Testing

• So determine which risks result in the greatest
  exposures.
• Create a Pen Test Scenario
• Have the PT team write a full assessment of their
  plans
• Determine that the plan will have zero impact on
  the production systems or that contingency plans
  are in place.

34
Pen Testing

• Conduct the Test
• Evaluate the results to determine gaps in the
  security systems
• Determine the cost benefit of fixing the gaps
• Fix whatever is financially feasible

35
Do it yourself Pen Test

• Tools
• NMAP
• Sniffer
• DSniff
• Dual boot linux / ? Based laptop or two laptops
  is even better. (also use removable drives)
• Net stumbler
• Airsnort

36
DIYPT

• Baseline
• Scenarios
• Data Collection Phase
• Dumpster Dive
• Social Engineer
• Observe
• Lather, Rinse, Repeat
• Safe Test
• External, public system, etc.
• Review
• Examine Logs, where did the security fail?

37
DIYPT

• Data Collection Internal
• Sniffing and Scanning
• DSniffing
• WarDialing and AirSnorting
• With all Data in Place
• Penetration Attempts Begin
• Review Logs when complete
• Repair Gaps

38
DIYPT

• Hardening
• All exposed systems should be hardened
• Use RATS (nist.org) to examine security settings
  on a given system
• Develop security profiles for platforms (what
  should be turned on, and off)
• Dont forget switches, hubs, routers, etc.
• Examine default passwords, SNMP, Telnet, and HTTP
  access to all devices
• Be sure and nmap all devices

39
DIYPT

• Develop a port fingerprint for all systems
• Use automated controls to scan these systems for
  changes
• Repeat in Cron

40
DIYPT

• Harden Software
• Applications that are exposed should also be
  pentested
• Use SANS, etc. to determine risk of application
• Be sure and try every possible exploit on your
  exposed apps (SQL Injections, et. Al.) because
  hackers will (you may want to outsource this)