Download Document

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
Document related concepts

Cracking of wireless networks wikipedia , lookup

Next-Generation Secure Computing Base wikipedia , lookup

Post-quantum cryptography wikipedia , lookup

Information security wikipedia , lookup

Unix security wikipedia , lookup

Wireless security wikipedia , lookup

Distributed firewall wikipedia , lookup

Airport security wikipedia , lookup

Mobile security wikipedia , lookup

Security printing wikipedia , lookup

Hacker wikipedia , lookup

Cyber-security regulation wikipedia , lookup

Computer security wikipedia , lookup

Security-focused operating system wikipedia , lookup

Transcript 
Information and Network
Security
Preparing for
The Present & The Future
2017-05-25
Totally Connected Security
Presentation Summary
Hacker/Cracker Operation Stages
 Discovery
 Exploitation
 Cover up
 Backdoor/Trojan
2017-05-25
Totally Connected Security
Presentation Summary
Prevention
 Policies
 Ethical Hacking/Pen Testing
 Tools
Forensics
 First response
 Preserving evidence
 Tools
2017-05-25
Totally Connected Security
So… Has it been working?
“85 percent of enterprises surveyed have been
breached in the last 12 months, with 64 percent of
the breaches costing $2 million or more.” - csi
 Of those:
 99% used antivirus software
 98% used firewalls
 91% employed physical security to protect their
computer and information assets
 92% employed some measure of access control
2017-05-25
Totally Connected Security
So… Has it been working?
 Misuse of network access by employees was about as
frequent as virus attacks, occurring in more than 75% of
organizations.
 Theft of proprietary information occurred in over 20% of
organizations, resulting in financial losses of more than
$ 2.7 million on average.
 Denial of service occurred in over 40% of organizations,
with financial losses averaging over $2.5 million per
organization.
 System penetration occurred in more than 35% of
organizations, sabotage in over 25%.
 Disgruntled employees were identified nearly as often as
external hackers as the most likely source of security
violations (over 75% of organizations cited both!).
* CSI/03
2017-05-25
Totally Connected Security
2017-05-25
Totally Connected Security
Discovery
 Port Scanning
 Identify running services
 Web Server, Mail Server, SSH, etc..
 Firewalls
 Information Gathering
 OS Fingerprinting
 Banner information
 How vulnerable
2017-05-25
Totally Connected Security
Discovery
2017-05-25
Totally Connected Security
Exploitation
 Vulnerable service is found
 Attacker searches internet for existing exploit
 Attacker creates their own exploit
 Exploit is run against system
 Typically gain root or administrator privileges
 At worst gain low level user privileges
 System’s security is compromised
2017-05-25
Totally Connected Security
Exploitation
2017-05-25
Totally Connected Security
Exploitation
2017-05-25
Totally Connected Security
Cover up
 Altering or deletion of logs
 Rootkits
 Replace system binaries (netstat, ls, etc)
 Hides attackers connection to the system
 Hides installed software
 Backdoor / Trojan system
 Allow attacker to return unnoticed
 Allow attacker to remotely control system
 IRC Bots
2017-05-25
Totally Connected Security
Cover up
2017-05-25
Totally Connected Security
Prevention
Policies
 Acceptable use
 Password protection
Not just for IT
 Phone
 Fax
 Physical
2017-05-25
Totally Connected Security
Ethical Hacking / Pen Test
What you can expect
 Identify exposures and risks
 Give detailed results of the testing
performed
 What the results indicate
 Recommendations on fixes need to be
applied and how
2017-05-25
Totally Connected Security
Ethical Hacking / Pen Test
 What should you include?
 Internal
 Printers, Faxes, Switches, Desktops, etc..
 External
 Firewalls
 Routers
 Dial Up
 VPN’s & Remote Users
 Wireless
 Access points
 Laptops
2017-05-25
Totally Connected Security
Ethical Hacking / Pen Test
Common Attack
 Browsing attacks
 Information Disclosure
 Mass rooting/scanning
 Viruses and Trojans
 Browser Hijacking
Employee misuse more than all other
threats!
2017-05-25
Totally Connected Security
Ethical Hacking / Pen Test
 Relying on Commercial software
 Inability to identify certain vulnerabilities
 High false positives
 After the Audit
 Implementing Fixes
 Mitigating risks
 Ensuring fixes were applied correctly
2017-05-25
Totally Connected Security
Tools
 Security Scanners
 Nessus
(http://www.nessus.org/)
 Retina© by Eeye (http://www.eeye.com/)
 Port Scanners
 Nmap – “Network Mapper”
(http://www.insecure.org/)
 HPING - TCP/IP packet assembler/analyzer
(www.hping.org)
2017-05-25
Totally Connected Security
Tools
Packet Sniffers
 IRIS
(www.eeye.com)
 Ethereal
(www.ethereal.com)
Patch Management
 HFNetChkPro - (http://www.shavlik.com/)
 Patchlink
- (http://www.patchlink.com)
 Microsoft SMS -
(http://www.microsoft.com/smserver)
2017-05-25
Totally Connected Security
Forensics - Summary
 What to do when an incident occurs
 Determine point of entry/infection
 Sniffers
 IDS
 Unusual Behavior
 Acquiring evidence
 Shutting down the system
 Creating an image
 Documentation
2017-05-25
Totally Connected Security
Forensics
 Some questions to ask:
 What type of evidence is being sought?
 Is there a computer use policy?
 Is there a network administrator?
 Where are the backups?
 If conducting a large search:
 What keywords can I use to identify computers
that contain evidence?
 What type of system will I be looking at?
2017-05-25
Totally Connected Security
Point of entry
Things to look for;
 Unusual registry keys
 \Software\Microsoft\Windows\CurrentVersion\R
un\*
 Modified hosts file
 %windir%\system32\drivers\etc\hosts
 Unknown running services
 Run “sigverif”
2017-05-25
Totally Connected Security
Some tools for discovery
 TCPView - www.sysinternals.com/ntw2k/source/tcpview.shtml
 Filemon - www.sysinternals.com/ntw2k/source/filemon.shtml
 Deleted File Analysis Utility www.execsoft.com/freeware/undelete/download.asp
 DumpSec - www.systemtools.com/somarsoft/
 F.I.R.E. - http://prdownloads.sourceforge.net/biatchux/fire0.4a.iso?download
2017-05-25
Totally Connected Security
Forensics
Don’t panic!
 Use tools to identify the source of
infection!



2017-05-25
Sniffers to identify malicious data / content
IDS to isolate which machines were violated
User reports of unusual behavior
Totally Connected Security
Forensics
 I found it, now what?
 Shutting down systems:
 DOS, Win95/98/NT/2K/XP – Pull the plug
 NT Server / Win2k Server – Shut down
 Image the drive to preserve the evidence
 Encase – http://www.guidancesoftware.com
 SafeBack - http://www.forensics-intl.com/safeback.html
 Forensic Toolkit - http://www.accessdata.com
 NTImage - http://www.dmares.com
2017-05-25
Totally Connected Security
Forensics
Once you have your image, maintain
proper chain of custody
 Ensure evidence is stored securely and
logs are maintained of all who have
access
 Use camera’s in storage area’s
 Never leave evidence in an unsecured
area
2017-05-25
Totally Connected Security
Forensics
2017-05-25
Totally Connected Security
Documentation
 Take pictures
 Overall work area
 Screen / Programs running
 Connections
 Time and Date of incident
 What was acquired
NO SUCH THING AS BEING TOO THOROUGH !
2017-05-25
Totally Connected Security
Summary
Statistics regarding computer breakins with traditional countermeasures
Important difference between
crackers and ethical hackers
2017-05-25
Totally Connected Security
Summary
What to expect from Audits/Pen
Tests
Tools which can be used to assist in
network assessments
Incident Response and forensics in a
windows environment
2017-05-25
Totally Connected Security
Totally Connected Security
www.tcsecurity.ca
1312 SE Marine Dr.
Vancouver, BC V5X 4K4
(604) 432-7828
2017-05-25
Totally Connected Security
Related documents
Totally Integrated Power
Totally Integrated Power
LEARNING STYLES - Academic Success Center
LEARNING STYLES - Academic Success Center
Topology Ph.D. Qualifying Exam K. Lesh G. Martin January 16, 1999
Topology Ph.D. Qualifying Exam K. Lesh G. Martin January 16, 1999
Attending Physician`s Statement of Disability
Attending Physician`s Statement of Disability
The Cantor Ternary Set: The word ternary means third and indicates
The Cantor Ternary Set: The word ternary means third and indicates
SPD-100 - Dynalco
SPD-100 - Dynalco
Slide 1
Slide 1
FORENSICS Computer Forensics
FORENSICS Computer Forensics
TOTALLY α * CONTINUOUS FUNCTIONS IN TOPOLOGICAL SPACES
TOTALLY α * CONTINUOUS FUNCTIONS IN TOPOLOGICAL SPACES
New Class of rg*b-Continuous Functions in Topological Spaces
New Class of rg*b-Continuous Functions in Topological Spaces