Скачать презентацию Forces that Have Brought the world to it s Скачать презентацию Forces that Have Brought the world to it s

c97858f0420b527aefb178500bb139ef.ppt

  • Количество слайдов: 49

Forces that Have Brought the world to it’s knees over the centuries Forces that Have Brought the world to it’s knees over the centuries

Hackers and their art An introduction into why they do it and how they Hackers and their art An introduction into why they do it and how they research it.

If you know the enemy and know yourself, you need not fear the result If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle. Sun Tzu, The Art of War

What Is Hacking? The Act of Gaining Access to a Computer File or Network What Is Hacking? The Act of Gaining Access to a Computer File or Network Without Authorization.

The Hackers Motivation Is the Hacker a Criminal? The Hackers Motivation Is the Hacker a Criminal?

“We seek after knowledge and you call us criminals. Yes, I am a criminal. “We seek after knowledge and you call us criminals. Yes, I am a criminal. My crime is that of curiosity. My crime is that of outsmarting you, Something that you will never forgive me for. You may stop this individual but, you can’t stop us all… After all, we’re all alike. ” The Hackers Manifesto The Mentor

The Five Phases • • • Reconnaissance Scanning Gaining access Maintaining access Covering the The Five Phases • • • Reconnaissance Scanning Gaining access Maintaining access Covering the tracks

Phase I Reconnaissance Phase I Reconnaissance

Low Technology Reconnaissance • Social engineering • Physical break in / Piggybacking • Dumpster Low Technology Reconnaissance • Social engineering • Physical break in / Piggybacking • Dumpster Diving

Computer Based Reconnaissance Information Gathered on line through the use of tools such as Computer Based Reconnaissance Information Gathered on line through the use of tools such as “Sam Spade”. Tools available to the hacker in this program include but are not limited to: • Ping • Traceroute • Finger Client • Multiple Whois databases • DNS lookup • DNZ Zone transfer • IP block registration • View web site source code • Crawl a web site • Notepad for taking system notes

What the Hacker Hopes to Gain at This Stage of Attack: • • • What the Hacker Hopes to Gain at This Stage of Attack: • • • Domain name Contacts at the target organization DNS server IP addresses Other target system addresses A glimpse of technologies in use User names and passwords (or their format)

Basic Defenses at This Stage • • • Disabling Ping on border routers Split Basic Defenses at This Stage • • • Disabling Ping on border routers Split DNS Keep Whois database records up to date Do not use OS type or system function in domain names Create, implement, and enforce a user password policy

Split DNS Split DNS

Phase II Scanning Phase II Scanning

Typical Scanning Techniques • • War dialing using THC-Scan Network mapping using Cheops-ng Port Typical Scanning Techniques • • War dialing using THC-Scan Network mapping using Cheops-ng Port Scanning using Nmap Vulnerability scanning using Nessus

What the Hacker Hopes to Gain at This Stage of Attack: • • List What the Hacker Hopes to Gain at This Stage of Attack: • • List of telephone #’s with active modems List of open ports Map of the network List of vulnerabilities

Basic Defenses Against War Dialing • Create, Implement, and enforce a Dial up policy Basic Defenses Against War Dialing • Create, Implement, and enforce a Dial up policy • Use of Call back service on server • Removal of banner from dial up connection

Basic Defenses Against Network Mapping • • Remove telnet and web server from firewall Basic Defenses Against Network Mapping • • Remove telnet and web server from firewall Implement ACL’s on all border routers Use ACL’s to block ICMP to internal net Disable unused ports / services on routers

Basic Defenses Against Port Scanning • Run a port scan against your own system Basic Defenses Against Port Scanning • Run a port scan against your own system to find open ports and close them • Disable unneeded services through the services control panel • Use software firewalls and proxy servers

Basic Defenses for Vulnerability Scanning • Routinely update servers with latest patches and service Basic Defenses for Vulnerability Scanning • Routinely update servers with latest patches and service packs • Run multiple vulnerability scanners against your network to find the “Holes” before they do • Ensure that all software installed on firewalls and servers is from a reputable source

Phase III Gaining Access Phase III Gaining Access

Typical Methods of Gaining System Access • • • On site Hacking Stolen user Typical Methods of Gaining System Access • • • On site Hacking Stolen user ID’s and Passwords Running “Brute force attacks” Trojan horses Cracking password files

Access Methods Continued • Utilization of data gathered while “Sniffing” • IP spoofing and Access Methods Continued • Utilization of data gathered while “Sniffing” • IP spoofing and ARP cache poisoning • Exploiting buffer overflows in software

What the Hacker Hopes to Gain at This Stage of the Attack: Access!!! Just What the Hacker Hopes to Gain at This Stage of the Attack: Access!!! Just making sure you were still awake ; )

LAN Sniffing (HUB) LAN Sniffing (HUB)

LAN Sniffing (Switch) LAN Sniffing (Switch)

Basic Defenses Against Sniffing • Use Secure Shell instead of Telnet • Use VPN Basic Defenses Against Sniffing • Use Secure Shell instead of Telnet • Use VPN tools to encrypt data between systems • Install Switches instead of Hubs • Create VLANS on switches • Hard code the ARP tables on your systems

Buffer Overflow Buffer Overflow

Basic Defenses Against Buffer Overflows • Implement a non-executable stack (Ex: set noexec_user_stack=1) • Basic Defenses Against Buffer Overflows • Implement a non-executable stack (Ex: set noexec_user_stack=1) • On windows 2000 use Secure. Stack • Use automated code examining tools like ITS 4

Basic Defenses Against Password Cracking • Create and implement a strong PW policy (At Basic Defenses Against Password Cracking • Create and implement a strong PW policy (At least 8 characters alpha and numeric) • Force users to change passwords regularly by using Windows Users policy • Install PW filtering software to ensure integrity of user chosen passwords • Conduct PW audits with their programs (L 0 pht. Crack or John the Ripper)

Phase IV Maintaining Access Phase IV Maintaining Access

Methods of maintaining access • Trojan Horses • Backdoors Methods of maintaining access • Trojan Horses • Backdoors

Basic Defenses against Trojans and Backdoors • Routinely scan for Trojans on your network Basic Defenses against Trojans and Backdoors • Routinely scan for Trojans on your network • Ensure definition files for Anti-virus software up to date • Look for changes in the system • Install anti-virus software on both server and client machines • Create “fingerprints” of key files and run an integrity checker against them on a regular basis

Phase V Covering the tracks Phase V Covering the tracks

Methods of avoiding detection • NTFS alternate data streams and hidden files • Reverse Methods of avoiding detection • NTFS alternate data streams and hidden files • Reverse WWW shell • Altering, Replacing, or Moving log files

NTFS alternate data streams and hidden files • NTFS supports file streaming (each filename NTFS alternate data streams and hidden files • NTFS supports file streaming (each filename is like a chest of drawers) 1. ) Name of file viewed in explorer 2. ) “Normal” Stream (Contains the expected contents of the file) 3. ) Alternate Data Streams hidden under normal file

Why are Streams Stealthy? • Streams don’t show up in windows explorer (only “Normal” Why are Streams Stealthy? • Streams don’t show up in windows explorer (only “Normal” streams are displayed) • Length of file displayed in explorer only includes “Normal” stream • When files are copied all streams follow the name if copied into an NTFS partition

Basic Defenses Against File Hiding in Windows • Most commercial anti-virus packages detect malicious Basic Defenses Against File Hiding in Windows • Most commercial anti-virus packages detect malicious code • LADS

Reverse WWW Shell • • Client / server implemented in a single program Carries Reverse WWW Shell • • Client / server implemented in a single program Carries a command shell over HTTP Attacker uses client to access server from off site Software appears to be surfing the web but, is really polling client for commands to be executed on the server

Reverse WWW Shell Reverse WWW Shell

Basic defenses against Reverse WWW Shell • Physical security of Servers • Utilization of Basic defenses against Reverse WWW Shell • Physical security of Servers • Utilization of intrusion detection systems • Investigate “Strange” or unknown processes (especially those running with root privileges)

Basic Defenses against log file tampering • Setup logs to track failed logons attempts Basic Defenses against log file tampering • Setup logs to track failed logons attempts (Don’t just set them up …. . USE THEM!!!) • Periodically review logs for any anomalies • Use logs as a baseline to periodically review if new security measures need to be implemented

Conclusion Conclusion

“Imagine a school where children can read and write, but with teachers who can “Imagine a school where children can read and write, but with teachers who can not, and you have a metaphor of the information age in which we live. ” Peter Cochrane

Web Resources for Keeping Up to Date • SANS: http: //www. sans. org • Web Resources for Keeping Up to Date • SANS: http: //www. sans. org • Security Focus: http: //www. securityfocus. com • Search Security: http: //www. searchsecurity. com

Acquisition of Software Resources • Sam Spade: http: //www. samspade. org • THC-Scan: http: Acquisition of Software Resources • Sam Spade: http: //www. samspade. org • THC-Scan: http: //www. pimmel. com/thcfiles. php 3 • Cheops-ng http: //cheops-ng. sourceforge. net • Nmap http: //www. insecure. org/nmap

Acquisition of Software Resources • NESSUS: http: //www. nessus. org • Secure. Stack: http: Acquisition of Software Resources • NESSUS: http: //www. nessus. org • Secure. Stack: http: //www. securewave. com/products/securestack/secure_stack. html • ITS 4: http: //www. cigital. com/its 4 • John the Ripper: http: //www. Openwall. com/john

Acquisition of Software Resources • L 0 pht. Crack: http: //www. atstake. com/research/lc 3 Acquisition of Software Resources • L 0 pht. Crack: http: //www. atstake. com/research/lc 3 • Sniffit: http: //reptile. rug. ac. be/~coder/sniffit. html • Secure Shell (Open Source): http: //www. openssh. com • Netcat: http: //www. atstake. com/research/tools/index. html

Acquisition of Software Resources • AIDE (Advanced Intrusion Detection Environment): http: //www. cs. tut. Acquisition of Software Resources • AIDE (Advanced Intrusion Detection Environment): http: //www. cs. tut. fi/~rammer/aide. html • LADS (Locate Alternate Data Streams): http: //www. heysoft. de/index. htm • Reverse WWW Shell: http: //www. megasecurity. org/Sources/rwwwshell-1_6_perl. txt