Security Lectures - PowerPoint PPT Presentation

1 / 40
About This Presentation
Title:

Security Lectures

Description:

White Hat Hacking. Ethics and the Law. The Telecommunications Act of 1996 ... The Beginners Guide to Pen Tests. Some basic Scenarios. Hackers External ... – PowerPoint PPT presentation

Number of Views:40
Avg rating:3.0/5.0
Slides: 41
Provided by: dougw59
Category:

less

Transcript and Presenter's Notes

Title: Security Lectures


1
Security Lectures
  • Doug White
  • CIS 375

2
Hacker Terminology
  • Black Hats
  • White Hats
  • Script Kiddies

3
Basic Types of Attacks
  • Passive (Data Collection)
  • Probes and Scans
  • NMAP, et. al.
  • Network Mapping
  • Social Engineering
  • Sniffing Attacks
  • Packet Sniffs and DSniff
  • CryptAnalysis

4
Hacking Cont.
  • Passive Attacks Cont.
  • Detection
  • Detect Promiscuous Mode or Prevent
  • Self Scanning
  • Honeypots!
  • IDS SNORT/ACID
  • Smart Logging

5
Hacking Cont.
  • Passive Attacks cont.
  • Trojans
  • Subseven
  • BackOriface

6
Hacking cont.
  • Active Attacks
  • Denial of Service
  • Zombies and Spoofing
  • The Smurf ICMP
  • The Fraggle UDP
  • Floods like SYNS or ACKS
  • Ping of Death
  • Worms and Scripts
  • Script Kiddies and scans

7
Hacking Cont.
  • Techniques and more terms
  • Root Kitting
  • Relay Attacks
  • Buffer Overflows

8
White Hat Hacking
  • Ethics and the Law
  • The Telecommunications Act of 1996
  • Due Diligence and Due Care
  • Privacy Act
  • Patriot Act
  • The problem of international law and The Diamond
    Age (Neal Stephenson)

9
White Hat Ops
  • Penetration Testing
  • Security Assessment (QA type analysis)

10
Hacker Mentality
  • Cyberpunk
  • Neuromancer
  • Snow Crash
  • Blade Runner
  • The Matrix
  • Hacking Clubs
  • Hacking4girlez
  • The cult of the dead cow
  • Stopped

11
Hacking Conferences
  • Black Hat
  • DEFCON
  • Blackhat.org
  • White Hat
  • SANS.ORG
  • ISC2.ORG

12
Hacking Training and Certs
  • Intenseschool.com
  • Certified Ethical Hacker

13
Security in Organizations
  • Crypto
  • History of Crypto
  • Private Key cryptography
  • Fast but key exchange is the major issue
  • Public Key cryptography
  • Slow so may not be usable in all circumstances
  • Hybrid
  • Use public keys to exchange private keys

14
Physical Security
  • Gates, cameras, dogs, and guards
  • Location of data centers
  • Detection

15
Access Controls
  • Data Classifications
  • Secrets etc.
  • Need to Know Issues
  • System HIGH systems
  • Data Control
  • Destruction and archiving

16
Planning for Disaster
  • Business Continuity Plans
  • Disaster Recovery Plans
  • Hot Sites
  • Warm Sites
  • Cold Sites
  • Handling the flow of information

17
Disaster
  • Mission Critical Systems Planning
  • Time Horizons
  • Data Transference
  • Personnel Loss and Replacement
  • Systems Loss and Replacement

18
Disaster Control
  • Designated Press Contact
  • Chain of Command
  • Training, training, training

19
The Perimeter of Security
  • End to End Security is The Correct Approach
  • Secure not just a single point but all points
    from end to end.
  • Every good security system has layering or
    onion skin approaches

20
For Example
  • A workstation is in a room on the fifth floor
  • The workstation is connected directly to a
    mainframe which is not connected to anything else
  • The room is locked
  • The room has camera surveillance
  • The room has motion detectors
  • The path to the room has same
  • The front door requires a badge and voice code to
    get in
  • The front door has a human guard

21
How do you crack the mainframe?
22
Easy
  • Use badge
  • Enter building
  • Say hi to guard
  • Open door with key
  • Sit down
  • Type

23
Building Network Security
  • The same perimeter concept holds as for the
    physical world
  • Consider the network in layers

24
Border
  • CISCO IOS
  • ACL controls
  • Anti spoofing
  • Static Issues
  • Firewall
  • ACL Controls
  • Packet Filtering
  • Stateful

25
Authentication
  • VPN
  • Kerberos

26
Confidentiality
  • VPN
  • Encryption

27
Non-Repudiation
  • Digital Signatures
  • Digitally signed documents and files

28
Log Management for Border
  • Log everything, Review Little
  • Expert Systems and Rule Based Exception Logging
  • Log successful connections and multiple failures,
    validate successful connections against rule
    base, report connection issues
  • Strip DOS, Probes, et. Al.

29
Log Everything, Review Little
  • Egress
  • Determine what sorts of connections are usual.
  • Report unusual outbound activity
  • Report dangerous activity (even if it is usual)

30
The Beginners Guide to Pen Tests
  • Some basic Scenarios
  • Hackers External
  • Has no prior knowledge (or only public knowledge)
  • Has dumpster diving knowledge
  • Has only external restricted access
  • User External
  • Is connected and has limited access to internal
    systems via VPN or other medium
  • Hacker Internal
  • Has gained physical access to facilities either
    covertly or overtly (employee)
  • May have varying levels of access

31
More Pen Testing
  • More Basic Scenarios
  • Disgruntled Employee Dismissed
  • May have some back door access
  • May still have account access
  • May still have remote access
  • Disgruntled Employee On Board
  • May have massive access
  • May have unlimited use
  • May be able to obtain additional physical access

32
Risk Assessment
  • You can never eliminate all risk.
  • Some risks must be accepted
  • Some risks must be mitigated
  • Cost benefit analysis is used to determine if the
    security is worth the cost.
  • E.g. your 1967 Chevrolet is worth 78. Should
    you install a 1000 security system to protect it?

33
Pen Testing
  • So determine which risks result in the greatest
    exposures.
  • Create a Pen Test Scenario
  • Have the PT team write a full assessment of their
    plans
  • Determine that the plan will have zero impact on
    the production systems or that contingency plans
    are in place.

34
Pen Testing
  • Conduct the Test
  • Evaluate the results to determine gaps in the
    security systems
  • Determine the cost benefit of fixing the gaps
  • Fix whatever is financially feasible

35
Do it yourself Pen Test
  • Tools
  • NMAP
  • Sniffer
  • DSniff
  • Dual boot linux / ? Based laptop or two laptops
    is even better. (also use removable drives)
  • Net stumbler
  • Airsnort

36
DIYPT
  • Baseline
  • Scenarios
  • Data Collection Phase
  • Dumpster Dive
  • Social Engineer
  • Observe
  • Lather, Rinse, Repeat
  • Safe Test
  • External, public system, etc.
  • Review
  • Examine Logs, where did the security fail?

37
DIYPT
  • Data Collection Internal
  • Sniffing and Scanning
  • DSniffing
  • WarDialing and AirSnorting
  • With all Data in Place
  • Penetration Attempts Begin
  • Review Logs when complete
  • Repair Gaps

38
DIYPT
  • Hardening
  • All exposed systems should be hardened
  • Use RATS (nist.org) to examine security settings
    on a given system
  • Develop security profiles for platforms (what
    should be turned on, and off)
  • Dont forget switches, hubs, routers, etc.
  • Examine default passwords, SNMP, Telnet, and HTTP
    access to all devices
  • Be sure and nmap all devices

39
DIYPT
  • Develop a port fingerprint for all systems
  • Use automated controls to scan these systems for
    changes
  • Repeat in Cron

40
DIYPT
  • Harden Software
  • Applications that are exposed should also be
    pentested
  • Use SANS, etc. to determine risk of application
  • Be sure and try every possible exploit on your
    exposed apps (SQL Injections, et. Al.) because
    hackers will (you may want to outsource this)
Write a Comment
User Comments (0)
About PowerShow.com