Download ppt - Sbi-secureit.com

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
Document related concepts

Microsoft SQL Server wikipedia , lookup

Transcript 
Packet saga
Using Strategic Hacking To Terrorize Commercial
And Governmental Entities On The Internet.
By:
Khaled M.A. Nassar
Wael A. Ali
Agenda
– Introduction.
– Methodology.
• Simple attack.
• Professional hacking.
• Strategic Hacking.
– Scenarios.
• DOS Scenario.
• Takeover scenario.
– Conclusions.
– Recommendations.
Introduction
motive
motive
motive
attack
motive
Network
attack
attack
motive
motive
motive
Methodology
• Simple attack.
• Professional hacking.
• Strategic Hacking.
Simple attack
Exploit
DOS
Vulnerable
service
Target host
Login
service
Brute force
Professional hacking
Foot-printing
Scanning
Enumeration
Gaining Access
Pilfering
Escalating Privileges
Covering Tracks
Creating Backdoors
Misinformation
Denial of service
Strategic Hacking
Information Gathering
Footprinting
Information Analysis
Enumeratio
n
Scanning
Locating
Entities
Reliability checks
Locating
Patterns
Whatif
analysi
s
Name,
Piece of information
Planning
Critical
timing
consideration
Ending the attack
Hiding
traces
Brute-force
unmonitore
d services
Stealth
testing
Installing
backdoor
s
Sequences &
prerequisites
Design
Attack trees
and
Scenarios
Initiating attack
DOS
attacks
Misinforma
tion Attacks
Accomplishing objectives
Denial of
service
Network
takeover
Information
Tampering
Information
Stealing
Gainin
g
access
Escalation loop
Escalatin
g
privileges
Pilferi
ng
Scenarios
+
6
13
……
..
16
Firewall
……
..
7
+
……
…..
switch
11
Switch
Administrator
……..
……..
Switch
Secretary
2
8
Service
Service
Web dev.
10
Web
admin
DB admin
9
Web srv.
Service
Non.op. DB
Operational db
3
14
Web server
Manager
1
15
…
…
…
…..
Firewall
4
12
DB server
5
switch
switch
Takeover scenario
• The targeted network:
– A governmental unit that provides computerized license
renovation.
– The online service is not yet running but is being developed.
• The time:
– Nothing specific.
• Intruders:
– Someone who has interest in making the electronic
government project fail. So, he hired a professional team of
intruders to do the job for him.
• Motive:
– He wants to take over the network so he could manipulate it
anytime he wants to prove something. And if have to he would
want to destroy all the data in the network.
Takeover (targeted network)
Ma
na
ger
Firewall
Switch
Switch
We
b
dev
.
Web
srv.
Non.op
Operat
. DB
ional
db
Sec
reta
ry Ser
vic
e
Ser
Ser
vic
vic
e
e
+
We
b DB
ad ad
mi min
n
Takeover (Footprinting)
•
•
•
•
•
The secretary e-mail from the website.
The IP addresses for the network xxx.xxx.xxx.0-31. All
real IP’s.
A good idea about how the system works by going to
the physical place and asking how to renovate a
license.
The intruder notices that there is a room called “the
server room”.
The developer is a professional in a different OS
platform than administrators. This could mean nonstandard Operating systems.
Takeover (Scanning)
•
The firewall is badly configured to block only
suspicious ports.
The attackers presume that the firewall also allows all
outgoing traffic.
The Machines scanning results are as following:
•
•
–
–
–
Web server is listening on: 1- 80, static pages. 2- 8080,
some dynamic pages the developer is developing for the
forthcoming service.
Operational database server: apparently the SQL server port
is filtered as it shows from the scan.
Non-operational DB server: SQL port is opened as well as
terminal server port.
Takeover ( Enumeration )
•
•
•
•
•
Web server and operational database servers are updated with
patches and have antivirus.
Non-operational database server is not.
Manager machine is sharing the printer and a writable folder.
All service machines have the names “service1-3” and
username and password “service”.
All client machines are windows 2000.
Takeover ( Analysis)
Location of critical individuals, Groups and technologies
•
•
•
•
•
The secretary machine usually is less secured but has more
information about the company than the whole company.
Web developer machine usually has more privileges than
normal users but the developer most of time is not keen on
security as administrator.
The technical group (web admin, database admin and
developer) has access on the servers group.
The server group is in a separate room (maybe on a separate
hub).
Only two users on the administrators’ machines. This implies
that the two different administrators (DB, web) most probably
know the system’s, web’s, and database’s password to be able to
fill in for each others.
Takeover ( Analysis)
Pattern location
•
•
•
The service machine is a pattern.
Having terminal service on the nonoperational database could be a pattern
on other servers.
The password for the servers could be
similar (a pattern). If we could sniff one,
we would get the rest.
Takeover ( Analysis)
What-if analysis and Attack Scenarios
•
Send the secretary a Trojan horse.
–
–
•
They could find critical information about the manager, the company,
and maybe even backup of the source codes and databases.
They could find old password or any other critical in mail boxes.
Attack the un-armored web server on the developer machine.
–
–
•
They will be able to get the source code and designs.
This goes for all client machines: they will sure gather new
information and use it to sniff at least local password, brute force
other machines, and make misinformation and DOS attacks.
Attack the SQL server on the non-operational server.
–
–
–
They maybe able to sniff passwords of the hub.
Download the data of the server.
Know the structure of the operational database and try to send
queries.
Takeover (Reliability checking)
Stealth-testing the vulnerabilities
+
Manager
Firewall
Switch
Secretary
Switch
Service
Web
admin
DB
admin
Web srv.
Web dev.
Non.op.
DB
Service
Operation
al db
Service
Takeover (Reliability checking)
Brute forcing unmonitored services
+
Manager
Firewall
Switch
Secretary
Switch
Service
Web
admin
DB
admin
Web srv.
Web dev.
Non.op.
DB
Service
Operation
al db
Service
Takeover (Planning for the attack)
Sequence of attack and prerequisites
Attack trees and scenarios
Takeover (Initiating the attack )
Gaining access
+
Manager
Firewall
Switch
Secretary
Switch
Service
Web
admin
DB
admin
Web srv.
Web dev.
Non.op.
DB
Service
Operation
al db
Service
Takeover (Escalation loop )
Pilfering
+
Manager
Firewall
Switch
Secretary
Switch
Service
Web
admin
DB
admin
Web srv.
Web dev.
Non.op.
DB
Service
Operation
al db
Service
Takeover (Escalation loop )
Escalation
+
Manager
Firewall
Switch
Secretary
Switch
Service
Web
admin
DB
admin
Web srv.
Web dev.
Non.op.
DB
Service
Operation
al db
Service
Takeover (Escalation loop )
Escalation
+
Manager
Firewall
Switch
Secretary
Switch
Service
Web
admin
DB
admin
Web srv.
Web dev.
Non.op.
DB
Service
Operation
al db
Service
Takeover (Escalation loop )
Escalation
+
Manager
Firewall
Switch
Secretary
Switch
Service
Web
admin
DB
admin
Web srv.
Web dev.
Non.op.
DB
Service
Operation
al db
Service
Takeover (Escalation loop )
Escalation
+
Manager
Firewall
Switch
Secretary
Switch
Service
Web
admin
DB
admin
Web srv.
Web dev.
Non.op.
DB
Service
Operation
al db
Service
Takeover
Accomplishing the objectives
•
They are ready to do whatever their
employer asks them to do.
Takeover
Ending the attack
•
Installing backdoors
–
•
The intruders install 2 instances of “netcat” on the
server. The first one will act as a server. The other
one will act as a client that tries to connect every
week to a previously compromised server by the
intrusion team.
Hiding traces.
–
The team executes a root-kit that erases the logs,
hide the binaries and erase any users they may
have added to some systems.
Takeover
Impact on the organization
•
Invading the privacy of at least
thousands of citizens which could very
much compromise the electronic
government project in Egypt.
Conclusions
• Malicious hacking cause companies great deals of
money, effort, and time.
• Malicious hacking could be motivated by electronic
terrorism.
• Advanced or strategic hacking could be used to terrorize
commercial as well as governmental organizations.
• A well design attack may compromise the organization’s
integrity.
• Such attacks could also threaten national projects like
electronic government.
• Facing such threats is a must.
Countermeasures
• Intelligence.
• IIDS.
• Honey pots.
Recommendation
•
•
Developing a research and development
institution for cyber security that should
provide solutions and consultation services for
the governmental as well as the private
organizations.
Increasing the awareness of people in the
field of cyber security to increase the possibility
of a new generation that could explore and
develop this new space.
Inspiration
• Presentation artwork is
inspired by:
–
–
–
–
Boris Vallejo.
Hackers (the movie).
TCP/IP packets’ headers.
Dr. Strangelove (the
movie).
Thanks
Questions?
Related documents
Firewall Configuration
Firewall Configuration
Growth Hacking - Roy Povarchik
Growth Hacking - Roy Povarchik
Read more
Read more
SQL Server 7.0 Strategy Deck
SQL Server 7.0 Strategy Deck
homework 8
homework 8
Acquisition or Takeover
Acquisition or Takeover
Cisco Discovery 1 Module 08 Quiz Picture Descriptions
Cisco Discovery 1 Module 08 Quiz Picture Descriptions
JMSK ROOM MANAGEMENT APPLICATION 1.0 INTRODUCTION
JMSK ROOM MANAGEMENT APPLICATION 1.0 INTRODUCTION
Chapter 1
Chapter 1
ppt - SIUE Computer Science
ppt - SIUE Computer Science
hostile takeovers and defensive mechanisms in the united kingdom
hostile takeovers and defensive mechanisms in the united kingdom
Download paper (PDF)
Download paper (PDF)