TEFO STUDERUS HACKING 4 FUN & PROFIT

Size: px
Start display at page:

Download "TEFO STUDERUS HACKING 4 FUN & PROFIT"

Transcription

1 TEFO STUDERUS HACKING 4 FUN & PROFIT Ivan Bütler Compass Security AG, Switzerland Compass Security AG Glärnischstrasse 7 Postfach 1628 CH-8640 Rapperswil Tel Fax

2 Ist die Dame reich? Scheinheirat??? Slide 2

3 Ivan Bütler, CEO Compass Security E1 blog.csnc.ch Twitter.com/ibuetler Xing LinkedIn ~ibuetler ~ibuetler Slide 3

4 Ethical Hacker / Penetration Tester Gründer & CEO Compass Security AG University of Applied Science Rapperswil University of Applied Science Lucerne University of St.Gallen BlackHat Las Vegas 2008 SmartCard (In) Security IT Underground Warsaw 2009 Advanced Web Hacking Swiss IT Leadership Forum Nice 2009 Cyber Underground Gründer der Swiss Cyber Storm Konferenz Vorstandsmitglied von Information Security Society Switzerland (ISSS) Vorstandsmitglied von Cyber Tycoons Anti-Warfare Foundation Slide 4

5 Agenda Credit Card Fraud / Handel von illegalen Gütern Gezielte Attacken Mobile Security Nationale Cyber Defense Strategie Security Community Slide 5

6 Direkte Attacken Angriffe auf Server im Internet (Webseiten etc.) BLOCKED PASSED BLOCKED Slide 6

7 SQL Einleitung Protokoll HTTPS RMI SQL Slide 7

8 SQL Injection Angriff Protokoll HTTPS + SQL Hacker Code RMI SQL Slide 8

9 Demo 1: SQL Injection Compass Security AG Glärnischstrasse 7 Postfach 1628 CH-8640 Rapperswil Tel Fax

10 Wie bereichert man sich? (1) Anonymer Handel von illegalen Gütern Compass Security AG Glärnischstrasse 7 Postfach 1628 CH-8640 Rapperswil Tel Fax

11 Show: Video 1: Cyber Market Compass Security AG Glärnischstrasse 7 Postfach 1628 CH-8640 Rapperswil Tel Fax

12 Handel von illegalen Gütern Dumps Carders Carding WU WMZ WU LR CVVs Drops Rippers Stolen Credit Cards Provider of Dumps Using Dumps Western Union Web Money Western Union Liberty Reserve Card Verification Value R ing Location CVV verification service Slide 12

13 Zahlen über Liberty Reserve? Payment with Liberty Reserve Slide 13

14 Liberty Reserve? -> Internet Währung (anonym) Slide 14

15 Liberty Reserve als Internet Währung Verkäufer/Käufer brauchen ein LR Konto Das LR Konto bekommt man durch ein (anonym) Anonym Anonym Slide 15

16 LR Wechselstuben Richtiges Geld wird in LR gewechselt Dazu braucht es sogenannte Exchanger Banken (Russland) Es gibt mehr als 100 Exchanger Banken Trust Slide 16

17 Wie bereichert man sich? (2) Anonymer Handel von illegalen Gütern Compass Security AG Glärnischstrasse 7 Postfach 1628 CH-8640 Rapperswil Tel Fax

18 Trennung Hacking von Bereicherung Hacking Financial Benefit Slide 18

19 Agenda Credit Card Fraud / Handel von illegalen Gütern Gezielte Attacken Mobile Security Nationale Cyber Defense Strategie Security Community Slide 19

20 Gezielte Angriffe Umgehung der Perimeter Sicherheit PASSED Slide 20

21 USB Stick Attack Covert Channel Attacke Auslieferung über USB-Stick Start via Auto-Start Angreifer kontrolliert das *Opfer* aus der Ferne Company Network Internet Slide 21

22 Demo 2: Gezielte Attacken Compass Security AG Glärnischstrasse 7 Postfach 1628 CH-8640 Rapperswil Tel Fax

23 Direkte Verbindungen nach Aussen Einfache Inside-Out Attacke Corporate LAN Internet Direkte Channels ACK tunnel TCP tunnel (pop, telnet, ssh) UDP tunnel (syslog, snmp) ICMP tunnel IPSEC, PPTP Slide 23

24 Proxifizierte Verbindungen nach Aussen Erweiterte Inside-Out Attacken LAN Proxy Corporate LAN Internet Proxified Channels Socks SSL tunnel HTTP/S tunnel (payload of http = tunnel) HTTP/S proxy CONNECT method tunnel DNS tunnel FTP tunnel Mail tunnel DMZ Proxy Slide 24

25 Spearphishing Malicious Mail Microsoft Office Word Document Slide 25

26 Hardware Bot Client Slide 26

27 PlugBot Konzept Slide 27

28 APT (Advanced Persistent Threat) Compass Security AG Glärnischstrasse 7 Postfach 1628 CH-8640 Rapperswil Tel Fax

29 Advanced Persistent Threat Command & Control Communication (DNS Tunneling) Client DNS Server POLL POLL POLL Command File Commands Execute commands Slide 29

30 Statistik: Exploits vor Patch verfügbar Advisory is published Patch 54 days Exploit 6 days Slide 30

31 Advanced Persistent Threat Today Erst-Infektion (keine local admin rechte) Ausbau der Privilegen auf Local Admin C&C Slide 31

32 Advanced Persistent Threat Agent Agent Zombie Host Zombie Host C&C Server Agent Zombie Host Zombie Host Slide 32

33 Agenda Credit Card Fraud / Handel von illegalen Gütern Targeted Attacks Mobile Security National Cyber Defense Strategy Security Community Slide 33

34 Attacks & Interfaces Slide 34

35 Slide 35

36 Demo 3: SMS Spoofing Compass Security AG Glärnischstrasse 7 Postfach 1628 CH-8640 Rapperswil Tel Fax

37 SMS-ID-Spoofing Slide 37

38 Agenda Credit Card Fraud / Handel von illegalen Gütern Targeted Attacks Mobile Security Nationale Cyber Defense Strategie Security Community Slide 38

39 National Cyber Defense Strategy Schweiz Compass Security AG Glärnischstrasse 7 Postfach 1628 CH-8640 Rapperswil Tel Fax

40 Nationale Cyber Defense Strategie Abschätzen von Technologien und Trends ANTIZIPATION PRÄVENTION Installation Firewalls, Anti-Virus, IDS/IPS, Penetration Testing Anti-Hacking Tools REAKTION Verfahren und Prozesse, Kompetenzen, Kommunikation Slide 40

41 Wir brauchen Cyber Spezialisten! Österreich sucht mit der Cyber Security Austria die besten Talente zwischen 14 und 22 Jahren. Slide 41

42 Risiken kennen und Verantwortung übernehmen! Slide 42

43 Ivan Bütler, Compass Security AG Fragen?! Slide 43

Inside-Out Attacks. ivan.buetler@csnc.ch. Security Event April 28, 2004 Page 1. Responses to the following questions

Inside-Out Attacks. ivan.buetler@csnc.ch. Security Event April 28, 2004 Page 1. Responses to the following questions Inside-Out Attacks ivan.buetler@csnc.ch Security Event April 28, 2004 Page 1 Goals of this presentation Responses to the following questions What are inside-out attacks Who will use this technique? How

More information

Inside-Out Attacks. ivan.buetler@csnc.ch. Covert Channel Attacks Inside-out Attacks Seite 1 GLÄRNISCHSTRASSE 7 POSTFACH 1671 CH-8640 RAPPERSWIL

Inside-Out Attacks. ivan.buetler@csnc.ch. Covert Channel Attacks Inside-out Attacks Seite 1 GLÄRNISCHSTRASSE 7 POSTFACH 1671 CH-8640 RAPPERSWIL Inside-Out Attacks ivan.buetler@csnc.ch Covert Channel Attacks Inside-out Attacks Seite 1 Goals of this presentation! Responses to the following questions! What are inside-out attacks! Who will use this

More information

APT Detection using Splunk

APT Detection using Splunk APT Detection using Splunk Wir starten mit Schütteln Swiss Cyber Storm -> 22. Oktober 2014, KKL Luzern Former US Secret Service Agent, Robert Rodriguez Microsoft Research, Elia Florio www.swisscyberstorm.com

More information

Bypassing Firewall. @ PISA AGM Theme Seminar 2005. Presented by Ricky Lou Zecure Lab Limited

Bypassing Firewall. @ PISA AGM Theme Seminar 2005. Presented by Ricky Lou Zecure Lab Limited Bypassing Firewall @ PISA AGM Theme Seminar 2005 Presented by Ricky Lou Zecure Lab Limited Firewall Piercing (Inside-Out Attacks) Disclaimer We hereby disclaim all responsibility for the following hacks.

More information

Smart Card APDU Analysis

Smart Card APDU Analysis Smart Card APDU Analysis Black Hat Briefings 2008 Las Vegas Ivan "e1" Buetler ivan.buetler@csnc.ch Compass Security AG - Switzerland Compass Security AG Glärnischstrasse 7 Postfach 1628 CH-8640 Rapperswil

More information

Hacking for Fun and Profit

Hacking for Fun and Profit Hacking for Fun and Profit W3Lc0me to Th3 Fu1ur How to break stuff How to trade How to hide Help! Page 1 Knowing the enemy Page 2 E1 - Who am I ^ Ivan Bütler, Uznach, 31.12.1970 ^ Speaker at Blackhat 2008

More information

Security Evaluation CLX.Sentinel

Security Evaluation CLX.Sentinel Security Evaluation CLX.Sentinel October 15th, 2009 Walter Sprenger walter.sprenger@csnc.ch Compass Security AG Glärnischstrasse 7 Postfach 1628 CH-8640 Rapperswil Tel.+41 55-214 41 60 Fax+41 55-214 41

More information

Reverse Shells Enable Attackers To Operate From Your Network. Richard Hammer August 2006

Reverse Shells Enable Attackers To Operate From Your Network. Richard Hammer August 2006 Reverse Shells Enable Attackers To Operate From Your Network Richard Hammer August 2006 Reverse Shells? Why should you care about reverse shells? How do reverse shells work? How do reverse shells get installed

More information

Cyber Essentials. Test Specification

Cyber Essentials. Test Specification Cyber Essentials Test Specification Contents Scope of the Audit...2 Assumptions...3 Success Criteria...3 External systems...4 Required tests...4 Test Details...4 Internal systems...7 Tester pre-requisites...8

More information

Networking: EC Council Network Security Administrator NSA

Networking: EC Council Network Security Administrator NSA coursemonster.com/uk Networking: EC Council Network Security Administrator NSA View training dates» Overview The EC-Council's NSA certification looks at network security from a defensive view. The NSA

More information

Overview. Common Internet Threats. Spear Phishing / Whaling. Phishing Sites. Virus: Pentagon Attack. Viruses & Worms

Overview. Common Internet Threats. Spear Phishing / Whaling. Phishing Sites. Virus: Pentagon Attack. Viruses & Worms Overview Common Internet Threats Tom Chothia Computer Security, Lecture 19 Phishing Sites Trojans, Worms, Viruses, Drive-bydownloads Net Fast Flux Domain Flux Infiltration of a Net Underground economy.

More information

Moderne Sicherheit. Fokussiert auf Business Continuity, Mobilität & Application Control. Marc Mathys Country Manager Switzerland

Moderne Sicherheit. Fokussiert auf Business Continuity, Mobilität & Application Control. Marc Mathys Country Manager Switzerland Moderne Sicherheit Fokussiert auf Business Continuity, Mobilität & Application Control Marc Mathys Country Manager Switzerland Network Security History in a Nutshell 1990s The Internet is bad if we do

More information

Evading Infrastructure Security Mohamed Bedewi Penetration Testing Consultant

Evading Infrastructure Security Mohamed Bedewi Penetration Testing Consultant Evading Infrastructure Security Mohamed Bedewi Penetration Testing Consultant What infrastructure security really means? Infrastructure Security is Making sure that your system services are always running

More information

Firewall Tips & Tricks. Paul Asadoorian Network Security Engineer Brown University November 20, 2002

Firewall Tips & Tricks. Paul Asadoorian Network Security Engineer Brown University November 20, 2002 Firewall Tips & Tricks Paul Asadoorian Network Security Engineer Brown University November 20, 2002 Holy Firewall Batman! Your Network Evil Hackers Firewall Defense in Depth Firewalls mitigate risk Blocking

More information

Networking for Caribbean Development

Networking for Caribbean Development Networking for Caribbean Development BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n o g. o r g N E T W O R K I N G F O R C A R I B B E A N D E V E L O P M E N T BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n

More information

Hacking-Lab Remote Security Lab 15. April 2010

Hacking-Lab Remote Security Lab 15. April 2010 Compass Security AG Glärnischstrasse 7 CH-8640 Rapperswil T +41 55 214 41 60 F +41 55 214 41 61 www.csnc.ch Hacking-Lab Remote Security Lab 15. April 2010 Name des Dokumentes: EN_Hacking_Lab_V5.0.doc Version:

More information

Proxies. Chapter 4. Network & Security Gildas Avoine

Proxies. Chapter 4. Network & Security Gildas Avoine Proxies Chapter 4 Network & Security Gildas Avoine SUMMARY OF CHAPTER 4 Generalities Forward Proxies Reverse Proxies Open Proxies Conclusion GENERALITIES Generalities Forward Proxies Reverse Proxies Open

More information

Who Moved My Firewall. Clinton Thomson Derivco (PTY) Ltd

Who Moved My Firewall. Clinton Thomson Derivco (PTY) Ltd Who Moved My Firewall Clinton Thomson Derivco (PTY) Ltd 1 Agenda Introduction to Derivco (Pty) Ltd Efficacy of Firewalls Firewall Roles Threat Landscape De-perimeterisation Q & A 2 Derivco as a company

More information

Citrix NetScaler Best Practices. Claudio Mascaro Senior Systems Engineer BCD-Sintrag AG

Citrix NetScaler Best Practices. Claudio Mascaro Senior Systems Engineer BCD-Sintrag AG Citrix NetScaler Best Practices Claudio Mascaro Senior Systems Engineer BCD-Sintrag AG Agenda Deployment Initial Konfiguration Load Balancing NS Wizards, Unified GW, AAA Feature SSL 2 FTP SQL NetScaler

More information

General Network Security

General Network Security 4 CHAPTER FOUR General Network Security Objectives This chapter covers the following Cisco-specific objectives for the Identify security threats to a network and describe general methods to mitigate those

More information

IBM Security. Alle Risiken im Blick und bessere Compliance Kumulierte und intelligente Security Alerts mit QRadar Security Intelligence

IBM Security. Alle Risiken im Blick und bessere Compliance Kumulierte und intelligente Security Alerts mit QRadar Security Intelligence IBM Security Alle Risiken im Blick und bessere Compliance Kumulierte und intelligente Security Alerts mit QRadar Security Intelligence Peter Kurfürst Vertrieb IBM Security Lösungen Enterprise-Kunden Baden-Württemberg

More information

INFORMATION SECURITY TRAINING CATALOG (2015)

INFORMATION SECURITY TRAINING CATALOG (2015) INFORMATICS AND INFORMATION SECURITY RESEARCH CENTER CYBER SECURITY INSTITUTE INFORMATION SECURITY TRAINING CATALOG (2015) Revision 3.0 2015 TÜBİTAK BİLGEM SGE Siber Güvenlik Enstitüsü P.K. 74, Gebze,

More information

APT Advanced Persistent Threat Time to rethink?

APT Advanced Persistent Threat Time to rethink? APT Advanced Persistent Threat Time to rethink? 23 November 2012 Gergely Tóth Senior Manager, Security & Privacy Agenda APT examples How to get inside? Remote control Once we are inside Conclusion 2 APT

More information

Network Security Fundamentals

Network Security Fundamentals APNIC elearning: Network Security Fundamentals 27 November 2013 04:30 pm Brisbane Time (GMT+10) Introduction Presenter Sheryl Hermoso Training Officer sheryl@apnic.net Specialties: Network Security IPv6

More information

Reducing Application Vulnerabilities by Security Engineering

Reducing Application Vulnerabilities by Security Engineering Reducing Application Vulnerabilities by Security Engineering - Subash Newton Manager Projects (Non Functional Testing, PT CoE Group) 2008, Cognizant Technology Solutions. All Rights Reserved. The information

More information

APNIC elearning: Network Security Fundamentals. 20 March 2013 10:30 pm Brisbane Time (GMT+10)

APNIC elearning: Network Security Fundamentals. 20 March 2013 10:30 pm Brisbane Time (GMT+10) APNIC elearning: Network Security Fundamentals 20 March 2013 10:30 pm Brisbane Time (GMT+10) Introduction Presenter/s Nurul Islam Roman Senior Training Specialist nurul@apnic.net Specialties: Routing &

More information

Computer Security CS 426 Lecture 36. CS426 Fall 2010/Lecture 36 1

Computer Security CS 426 Lecture 36. CS426 Fall 2010/Lecture 36 1 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls CS426 Fall 2010/Lecture 36 1 Announcements There will be a quiz on Wed There will be a guest lecture on Friday, by Prof. Chris Clifton

More information

Workshop Designed & Powered by TCIL IT, Chandigarh

Workshop Designed & Powered by TCIL IT, Chandigarh Two Days Interactive workshop on Cyber Security and Ethical Hacking Total (16 HOURS) Workshop Designed & Powered by TCIL IT, Chandigarh Speaker:- Mr Rahul Tyagi - ETHICAL HACKER Workshop Contents Cyber

More information

Firewall Firewall August, 2003

Firewall Firewall August, 2003 Firewall August, 2003 1 Firewall and Access Control This product also serves as an Internet firewall, not only does it provide a natural firewall function (Network Address Translation, NAT), but it also

More information

Vulnerability Assessment and Penetration Testing

Vulnerability Assessment and Penetration Testing Vulnerability Assessment and Penetration Testing Module 1: Vulnerability Assessment & Penetration Testing: Introduction 1.1 Brief Introduction of Linux 1.2 About Vulnerability Assessment and Penetration

More information

Windows Attack - Gain Enterprise Admin Privileges in 5 Minutes

Windows Attack - Gain Enterprise Admin Privileges in 5 Minutes Windows Attack - Gain Enterprise Admin Privileges in 5 Minutes Compass Security AG, Daniel Stirnimann Compass Security AG Glärnischstrasse 7 Postfach 1628 CH-8640 Rapperswil Tel +41 55-214 41 60 Fax +41

More information

Information Technology Career Cluster Introduction to Cybersecurity Course Number: 11.48100

Information Technology Career Cluster Introduction to Cybersecurity Course Number: 11.48100 Information Technology Career Cluster Introduction to Cybersecurity Course Number: 11.48100 Course Description: Introduction to Cybersecurity is designed to provide students the basic concepts and terminology

More information

Firewall VPN Router. Quick Installation Guide M73-APO09-380

Firewall VPN Router. Quick Installation Guide M73-APO09-380 Firewall VPN Router Quick Installation Guide M73-APO09-380 Firewall VPN Router Overview The Firewall VPN Router provides three 10/100Mbit Ethernet network interface ports which are the Internal/LAN, External/WAN,

More information

UTT Technologies offers an effective solution to protect the network against 80 percent of internal attacks:

UTT Technologies offers an effective solution to protect the network against 80 percent of internal attacks: HiPER 840 4-WAN Broadband Gateway/Router Overview HiPER 840 4-WAN Broadband Gateway/Router is a purpose-built solution designed for small-sized Internet cafés, broadband communities and schools which require

More information

Course Content: Session 1. Ethics & Hacking

Course Content: Session 1. Ethics & Hacking Course Content: Session 1 Ethics & Hacking Hacking history : How it all begin Why is security needed? What is ethical hacking? Ethical Hacker Vs Malicious hacker Types of Hackers Building an approach for

More information

Securizarea Calculatoarelor și a Rețelelor 13. Implementarea tehnologiei firewall CBAC pentru protejarea rețelei

Securizarea Calculatoarelor și a Rețelelor 13. Implementarea tehnologiei firewall CBAC pentru protejarea rețelei Platformă de e-learning și curriculă e-content pentru învățământul superior tehnic Securizarea Calculatoarelor și a Rețelelor 13. Implementarea tehnologiei firewall CBAC pentru protejarea rețelei Firewall

More information

Virtual Server and DDNS. Virtual Server and DDNS. For BIPAC 741/743GE

Virtual Server and DDNS. Virtual Server and DDNS. For BIPAC 741/743GE Virtual Server and DDNS For BIPAC 741/743GE August, 2003 1 Port Number In TCP/IP and UDP networks, a port is a 16-bit number, used by the host-to-host protocol to identify to which application program

More information

CS; SSART-Treffen, November 18, 2015. Internet Banking: Increasing power of cyber crime... and what to do?

CS; SSART-Treffen, November 18, 2015. Internet Banking: Increasing power of cyber crime... and what to do? CS; SSART-Treffen, November 18, 2015 Internet Banking: Increasing power of cyber crime.. and what to do? Different targets for cyber crime Collect large data volumes (financial data) Collect customer related

More information

Guidelines for Website Security and Security Counter Measures for e-e Governance Project

Guidelines for Website Security and Security Counter Measures for e-e Governance Project and Security Counter Measures for e-e Governance Project Mr. Lalthlamuana PIO, DoICT Background (1/8) Nature of Cyber Space Proliferation of Information Technology Rapid Growth in Internet Increasing Online

More information

Firewalls. Ahmad Almulhem March 10, 2012

Firewalls. Ahmad Almulhem March 10, 2012 Firewalls Ahmad Almulhem March 10, 2012 1 Outline Firewalls The Need for Firewalls Firewall Characteristics Types of Firewalls Firewall Basing Firewall Configurations Firewall Policies and Anomalies 2

More information

Detailed Description about course module wise:

Detailed Description about course module wise: Detailed Description about course module wise: Module 1: Basics of Networking and Major Protocols 1.1 Networks and its Types. 1.2 Network Topologies 1.3 Major Protocols and their Functions 1.4 OSI Reference

More information

Spyware. Michael Glenn Technology Management Michael.Glenn@Qwest.com. 2004 Qwest Communications International Inc.

Spyware. Michael Glenn Technology Management Michael.Glenn@Qwest.com. 2004 Qwest Communications International Inc. Spyware Michael Glenn Technology Management Michael.Glenn@Qwest.com Agenda Security Fundamentals Current Issues Spyware Definitions Overlaps of Threats Best Practices What Service Providers are Doing References

More information

Classification of Firewalls and Proxies

Classification of Firewalls and Proxies Classification of Firewalls and Proxies By Dhiraj Bhagchandka Advisor: Mohamed G. Gouda (gouda@cs.utexas.edu) Department of Computer Sciences The University of Texas at Austin Computer Science Research

More information

If you know the enemy and know yourself, you need not fear the result of a hundred battles.

If you know the enemy and know yourself, you need not fear the result of a hundred battles. Rui Pereira,B.Sc.(Hons),CIPS ISP/ITCP,CISSP,CISA,CWNA/CWSP,CPTE/CPTC Principal Consultant, WaveFront Consulting Group ruiper@wavefrontcg.com 1 (604) 961-0701 If you know the enemy and know yourself, you

More information

CYBER SECURITY: A REPORT FROM THE TRENCHES 2015 AGC NATIONAL & CHAPTER LEADERSHIP CONFERENCE MIKE.ZUSMAN@CARVESYSTEMS.COM

CYBER SECURITY: A REPORT FROM THE TRENCHES 2015 AGC NATIONAL & CHAPTER LEADERSHIP CONFERENCE MIKE.ZUSMAN@CARVESYSTEMS.COM CYBER SECURITY: A REPORT FROM THE TRENCHES 2015 AGC NATIONAL & CHAPTER LEADERSHIP CONFERENCE SECURITY IS A PROCESS, NOT A STATE CARVE SYSTEMS LLC MIKE.ZUSMAN@CARVESYSTEMS.COM How did I get here? (short

More information

shortcut Tap into learning NOW! Visit www.informit.com/shortcuts for a complete list of Short Cuts. Your Short Cut to Knowledge

shortcut Tap into learning NOW! Visit www.informit.com/shortcuts for a complete list of Short Cuts. Your Short Cut to Knowledge shortcut Your Short Cut to Knowledge The following is an excerpt from a Short Cut published by one of the Pearson Education imprints. Short Cuts are short, concise, PDF documents designed specifically

More information

W16 INTEGRATING SECURITY INTO THE DEVELOPMENT LIFECYCLE. Ryan English SPI Dynamics Inc BIO PRESENTATION 6/28/2006 3:00 PM

W16 INTEGRATING SECURITY INTO THE DEVELOPMENT LIFECYCLE. Ryan English SPI Dynamics Inc BIO PRESENTATION 6/28/2006 3:00 PM BIO PRESENTATION W16 6/28/2006 3:00 PM INTEGRATING SECURITY INTO THE DEVELOPMENT LIFECYCLE Ryan English SPI Dynamics Inc Better Software Conference June 26 29, 2006 Las Vegas, NV USA Ryan English Ryan

More information

Secure Network Access System (SNAS) Indigenous Next Generation Network Security Solutions

Secure Network Access System (SNAS) Indigenous Next Generation Network Security Solutions Secure Network Access System (SNAS) Indigenous Next Generation Network Security Solutions Gigi Joseph, Computer Division,BARC. Gigi@barc.gov.in Intranet Security Components Network Admission Control (NAC)

More information

Hands-on Hacking Unlimited

Hands-on Hacking Unlimited About Zone-H Attacks techniques (%) File Inclusion Shares misconfiguration SQL Injection DNS attack through social engineering Web Server external module intrusion Attack against the administrator/user

More information

E-commerce. business. technology. society. Kenneth C. Laudon Carol Guercio Traver. Second Edition. Copyright 2007 Pearson Education, Inc.

E-commerce. business. technology. society. Kenneth C. Laudon Carol Guercio Traver. Second Edition. Copyright 2007 Pearson Education, Inc. Copyright 2007 Pearson Education, Inc. Slide 5-1 E-commerce business. technology. society. Second Edition Kenneth C. Laudon Carol Guercio Traver Copyright 2007 Pearson Education, Inc. Slide 5-2 Chapter

More information

PowerShell for Penetration Testers

PowerShell for Penetration Testers Training: PowerShell for Penetration Testers Dates of the training: March 14-15,2016 in Heidelberg, Germany Book Now using the code: TR16HMTRAINING and save an additional 10% of the current valid rate!

More information

AnyWeb AG / ITSM Practice Circle 23.01.2007 / Christof Madöry www.anyweb.ch

AnyWeb AG / ITSM Practice Circle 23.01.2007 / Christof Madöry www.anyweb.ch AnyWeb AG / ITSM Practice Circle 23.01.2007 / Christof Madöry www.anyweb.ch Cisco Works Neue Version LMS 2.6 und wie weiter CiscoWorks LAN Management Solution (LMS) AnyWeb AG / ITSM Practice Circle 23.01.2007

More information

Botnets: The Advanced Malware Threat in Kenya's Cyberspace

Botnets: The Advanced Malware Threat in Kenya's Cyberspace Botnets: The Advanced Malware Threat in Kenya's Cyberspace AfricaHackon 28 th February 2014 Who we Are! Paula Musuva-Kigen Research Associate Director, Centre for Informatics Research and Innovation (CIRI)

More information

Social Engineering Test Cases June 9th, 2009

Social Engineering Test Cases June 9th, 2009 Compass Security AG Glärnischstrasse 7 CH-8640 Rapperswil T +41 55 214 41 60 F +41 55 214 41 61 www.csnc.ch Social Engineering Test Cases June 9th, 2009 Document Name: Social_Engineering_V2.0.docx Version:

More information

Session Hijacking Exploiting TCP, UDP and HTTP Sessions

Session Hijacking Exploiting TCP, UDP and HTTP Sessions Session Hijacking Exploiting TCP, UDP and HTTP Sessions Shray Kapoor shray.kapoor@gmail.com Preface With the emerging fields in e-commerce, financial and identity information are at a higher risk of being

More information

BotNets- Cyber Torrirism

BotNets- Cyber Torrirism BotNets- Cyber Torrirism Battling the threats of internet Assoc. Prof. Dr. Sureswaran Ramadass National Advanced IPv6 Center - Director Why Talk About Botnets? Because Bot Statistics Suggest Assimilation

More information

CS5008: Internet Computing

CS5008: Internet Computing CS5008: Internet Computing Lecture 22: Internet Security A. O Riordan, 2009, latest revision 2015 Internet Security When a computer connects to the Internet and begins communicating with others, it is

More information

I N S T A L L A T I O N M A N U A L

I N S T A L L A T I O N M A N U A L I N S T A L L A T I O N M A N U A L 2015 Fastnet SA, St-Sulpice, Switzerland. All rights reserved. Reproduction in whole or in part in any form of this manual without written permission of Fastnet SA is

More information

LTS. Internet Security Stakeholders, Issues, and Examples

LTS. Internet Security Stakeholders, Issues, and Examples Internet Security Stakeholders, Issues, and Examples Gary Hayward Telcordia Technologies and Laboratory for Telecommunications Sciences gah@research.telcordia.com 301 688 1729 May 13, 2002 An SAIC Company

More information

IoT & INFOSEC: A REPORT FROM THE TRENCHES - AGC IT Conference- July 2015 MIKE.ZUSMAN@CARVESYSTEMS.COM

IoT & INFOSEC: A REPORT FROM THE TRENCHES - AGC IT Conference- July 2015 MIKE.ZUSMAN@CARVESYSTEMS.COM IoT & INFOSEC: A REPORT FROM THE TRENCHES - AGC IT Conference- July 2015 SECURITY IS A PROCESS, NOT A STATE CARVE SYSTEMS LLC MIKE.ZUSMAN@CARVESYSTEMS.COM Carve s Roots (tl;dr)

More information

best Open Systems Day Fall 2006 Unterföhring Marco Kühn best Systeme GmbH kuehn@best.de

best Open Systems Day Fall 2006 Unterföhring Marco Kühn best Systeme GmbH kuehn@best.de Project Crossbow best Open Systems Day Fall 2006 Unterföhring Marco Kühn best Systeme GmbH kuehn@best.de Agenda IP heute in Solaris 10 Crossbow Ziele Crossbow Virtual Networks Crossbow IP Instances 28.11.06

More information

AnyWeb AG 2008 www.anyweb.ch

AnyWeb AG 2008 www.anyweb.ch HP SiteScope (End-to-End Monitoring, System Availability) Christof Madöry AnyWeb AG ITSM Practice Circle September 2008 Agenda Management Technology Agentless monitoring SiteScope in HP BTO SiteScope look

More information

Learn Ethical Hacking, Become a Pentester

Learn Ethical Hacking, Become a Pentester Learn Ethical Hacking, Become a Pentester Course Syllabus & Certification Program DOCUMENT CLASSIFICATION: PUBLIC Copyrighted Material No part of this publication, in whole or in part, may be reproduced,

More information

ITEC441- IS Security. Chapter 15 Performing a Penetration Test

ITEC441- IS Security. Chapter 15 Performing a Penetration Test 1 ITEC441- IS Security Chapter 15 Performing a Penetration Test The PenTest A penetration test (pentest) simulates methods that intruders use to gain unauthorized access to an organization s network and

More information

Exam Questions SY0-401

Exam Questions SY0-401 Exam Questions SY0-401 CompTIA Security+ Certification http://www.2passeasy.com/dumps/sy0-401/ 1. A company has implemented PPTP as a VPN solution. Which of the following ports would need to be opened

More information

Quarterly Report: Symantec Intelligence Quarterly

Quarterly Report: Symantec Intelligence Quarterly Symantec Intelligence Quarterly: Best Practices and Methodologies Quarterly Report: Symantec Intelligence Quarterly Symantec Intelligence Quarterly: Best Practices and Methodologies Contents Symantec

More information

Web Application Security. Radovan Gibala Senior Field Systems Engineer F5 Networks r.gibala@f5.com

Web Application Security. Radovan Gibala Senior Field Systems Engineer F5 Networks r.gibala@f5.com Web Application Security Radovan Gibala Senior Field Systems Engineer F5 Networks r.gibala@f5.com Security s Gaping Hole 64% of the 10 million security incidents tracked targeted port 80. Information Week

More information

Internet Security Firewalls

Internet Security Firewalls Overview Internet Security Firewalls Ozalp Babaoglu! Exo-structures " Firewalls " Virtual Private Networks! Cryptography-based technologies " IPSec " Secure Socket Layer ALMA MATER STUDIORUM UNIVERSITA

More information

Introduction to Computer Security Benoit Donnet Academic Year 2015-2016

Introduction to Computer Security Benoit Donnet Academic Year 2015-2016 Introduction to Computer Security Benoit Donnet Academic Year 2015-2016 1 Agenda Networking Chapter 1: Firewalls Chapter 2: Proxy Chapter 3: Intrusion Detection System Chapter 4: Network Attacks Chapter

More information

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection. A firewall is a software- or hardware-based network security system that allows or denies network traffic according to a set of rules. Firewalls can be categorized by their location on the network: A network-based

More information

Cyber Essentials PLUS. Common Test Specification

Cyber Essentials PLUS. Common Test Specification Cyber Essentials PLUS Common Test Specification Page 1 Version Control Version Date Description Released by 1.0 07/08/14 Initial Common Test Specification release SR Smith 1.1 19/08/14 Updated Scope SR

More information

quick documentation Die Parameter der Installation sind in diesem Artikel zu finden:

quick documentation Die Parameter der Installation sind in diesem Artikel zu finden: quick documentation TO: FROM: SUBJECT: ARND.SPIERING@AS-INFORMATIK.NET ASTARO FIREWALL SCAN MIT NESSUS AUS BACKTRACK 5 R1 DATE: 24.11.2011 Inhalt Dieses Dokument beschreibt einen Nessus Scan einer Astaro

More information

How I Learned to Stop Worrying and Love Compliance Ron Gula, CEO Tenable Network Security

How I Learned to Stop Worrying and Love Compliance Ron Gula, CEO Tenable Network Security How I Learned to Stop Worrying and Love Compliance Ron Gula, CEO Tenable Network Security PART 1 - COMPLIANCE STANDARDS PART 2 SECURITY IMPACT THEMES BUILD A MODEL THEMES MONITOR FOR FAILURE THEMES DEMONSTRATE

More information

Owner of the content within this article is www.isaserver.org Written by Marc Grote www.it-training-grote.de

Owner of the content within this article is www.isaserver.org Written by Marc Grote www.it-training-grote.de Owner of the content within this article is www.isaserver.org Written by Marc Grote www.it-training-grote.de Microsoft Forefront TMG How to use TMG network templates Abstract In this article I will show

More information

Outline (Network Security Challenge)

Outline (Network Security Challenge) Outline (Network Security Challenge) Security Device Selection Internet Sharing Solution Service Publishing 2 Security Device Selection Firewall Firewall firewall: An introduction to firewalls A firewall

More information

Effective Methods to Detect Current Security Threats

Effective Methods to Detect Current Security Threats terreactive AG. Swiss Cyber Storm 2015. Effective Methods to Detect Current Security Threats Taking your IT security to the next level, you have to consider a paradigm shift. In the past companies mostly

More information

Mingyu Web Application Firewall (DAS- WAF) - - - All transparent deployment for Web application gateway

Mingyu Web Application Firewall (DAS- WAF) - - - All transparent deployment for Web application gateway Mingyu Web Application Firewall (DAS- WAF) - - - All transparent deployment for Web application gateway All transparent deployment Full HTTPS site defense Prevention of OWASP top 10 Website Acceleration

More information

NETASQ MIGRATING FROM V8 TO V9

NETASQ MIGRATING FROM V8 TO V9 UTM Firewall version 9 NETASQ MIGRATING FROM V8 TO V9 Document version: 1.1 Reference: naentno_migration-v8-to-v9 INTRODUCTION 3 Upgrading on a production site... 3 Compatibility... 3 Requirements... 4

More information

COURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM

COURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM COURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM Course Description This is the Information Security Training program. The Training provides you Penetration Testing in the various field of cyber world.

More information

A43. Modern Hacking Techniques and IP Security. By Shawn Mullen. Las Vegas, NV IBM TRAINING. IBM Corporation 2006

A43. Modern Hacking Techniques and IP Security. By Shawn Mullen. Las Vegas, NV IBM TRAINING. IBM Corporation 2006 IBM TRAINING A43 Modern Hacking Techniques and IP Security By Shawn Mullen Las Vegas, NV 2005 CSI/FBI US Computer Crime and Computer Security Survey 9 out of 10 experienced computer security incident in

More information

Microsoft Systems Architecture 2.0 (MSA 2.0) Security Review An analysis by Foundstone, Inc.

Microsoft Systems Architecture 2.0 (MSA 2.0) Security Review An analysis by Foundstone, Inc. Microsoft Systems Architecture 2.0 (MSA 2.0) Security Review An analysis by Foundstone, Inc. Foundstone Labs October, 2003 Table of Contents Table of Contents...2 Introduction...3 Scope and Approach...3

More information

Cryptography and network security

Cryptography and network security Cryptography and network security Firewalls slide 1 Firewalls Idea: separate local network from the Internet Trusted hosts and networks Firewall Intranet Router DMZ Demilitarized Zone: publicly accessible

More information

Firewall Security 101

Firewall Security 101 Firewall Security 101 Laura Jeanne Knapp Technical Evangelist 1-919-224-2205 Laura@lauraknapp.com ISEC_ 010 Hacker Threats Satan and other scanning tools allow hacker to probe network for entry points

More information

Chapter 4: Security of the architecture, and lower layer security (network security) 1

Chapter 4: Security of the architecture, and lower layer security (network security) 1 Chapter 4: Security of the architecture, and lower layer security (network security) 1 Outline Security of the architecture Access control Lower layer security Data link layer VPN access Wireless access

More information

Detection of Advanced Persistent Threat by Analyzing the Big Data Log

Detection of Advanced Persistent Threat by Analyzing the Big Data Log , pp.30-36 http://dx.doi.org/10.14257/astl.2013.29.06 Detection of Advanced Persistent Threat by Analyzing the Big Data Log Jisang Kim 1, Taejin Lee, Hyung-guen Kim, Haeryong Park KISA, Information Security

More information

IxLoad-Attack: Network Security Testing

IxLoad-Attack: Network Security Testing IxLoad-Attack: Network Security Testing IxLoad-Attack tests network security appliances determining that they effectively and accurately block attacks while delivering high end-user quality of experience

More information

Certified Ethical Hacker Exam 312-50 Version Comparison. Version Comparison

Certified Ethical Hacker Exam 312-50 Version Comparison. Version Comparison CEHv8 vs CEHv7 CEHv7 CEHv8 19 Modules 20 Modules 90 Labs 110 Labs 1700 Slides 1770 Slides Updated information as per the latest developments with a proper flow Classroom friendly with diagrammatic representation

More information

June 2014 WMLUG Meeting Kali Linux

June 2014 WMLUG Meeting Kali Linux June 2014 WMLUG Meeting Kali Linux "the quieter you become, the more you are able to hear" Patrick TenHoopen Kali Linux Kali Linux is a free and open source penetration testing Linux distribution designed

More information

Domain 6.0: Network Security

Domain 6.0: Network Security ExamForce.com CompTIA Network+ N10-004 Study Guide 1 Domain 6.0: Network Security Chapter 6 6.1 Explain the function of hardware and software security devices Network based firewall, Host based firewall

More information

Firewalls. CEN 448 Security and Internet Protocols Chapter 20 Firewalls

Firewalls. CEN 448 Security and Internet Protocols Chapter 20 Firewalls CEN 448 Security and Internet Protocols Chapter 20 Firewalls Dr. Mostafa Hassan Dahshan Computer Engineering Department College of Computer and Information Sciences King Saud University mdahshan@ccis.ksu.edu.sa

More information

Information Security Threat Trends

Information Security Threat Trends Talk @ Microsoft Security Day Sep 2005 Information Security Threat Trends Mr. S.C. Leung 梁 兆 昌 Senior Consultant 高 級 顧 問 CISSP CISA CBCP M@PISA Email: scleung@hkcert.org 香 港 電 腦 保 安 事 故 協 調 中 心 Introducing

More information

Remote Access & Security. Technology Overview. Markus Feeß Netze / Sicherheit SGK 2. Medizinische Technik Erlangen

Remote Access & Security. Technology Overview. Markus Feeß Netze / Sicherheit SGK 2. Medizinische Technik Erlangen Remote Access & Security Technology Overview Medizinische Technik Erlangen Markus Feeß Netze / Sicherheit SGK 2 1 John and the broken leg - Part I Archiv A? B C 2 WAN Technologies GSM Global System for

More information

Today s Topics. Protect - Detect - Respond A Security-First Strategy. HCCA Compliance Institute April 27, 2009. Concepts.

Today s Topics. Protect - Detect - Respond A Security-First Strategy. HCCA Compliance Institute April 27, 2009. Concepts. Protect - Detect - Respond A Security-First Strategy HCCA Compliance Institute April 27, 2009 1 Today s Topics Concepts Case Study Sound Security Strategy 2 1 Security = Culture!! Security is a BUSINESS

More information

CYBERTRON NETWORK SOLUTIONS

CYBERTRON NETWORK SOLUTIONS CYBERTRON NETWORK SOLUTIONS CybertTron Certified Ethical Hacker (CT-CEH) CT-CEH a Certification offered by CyberTron @Copyright 2015 CyberTron Network Solutions All Rights Reserved CyberTron Certified

More information

PND at a glance: The World s Premier Online Practical Network Defense course. Self-paced, online, flexible access

PND at a glance: The World s Premier Online Practical Network Defense course. Self-paced, online, flexible access The World s Premier Online Practical Network Defense course PND at a glance: Self-paced, online, flexible access 1500+ interactive slides (PDF, HTML5 and Flash) 7+ hours of video material 10 virtual labs

More information

Protection against DDoS and WEB attacks. Michael Soukonnik Radware Ltd michaels@radware.com

Protection against DDoS and WEB attacks. Michael Soukonnik Radware Ltd michaels@radware.com Protection against DDoS and WEB attacks Michael Soukonnik Radware Ltd michaels@radware.com Landscape Ponemon Research 2012: Cyber security threats Cyber security threats according to risk mitigation priority

More information

IBM. Vulnerability scanning and best practices

IBM. Vulnerability scanning and best practices IBM Vulnerability scanning and best practices ii Vulnerability scanning and best practices Contents Vulnerability scanning strategy and best practices.............. 1 Scan types............... 2 Scan duration

More information

Securing Modern Substations With an Open Standard Network Security Solution. Kevin Leech Schweitzer Engineering Laboratories, Inc.

Securing Modern Substations With an Open Standard Network Security Solution. Kevin Leech Schweitzer Engineering Laboratories, Inc. Securing Modern Substations With an Open Standard Network Security Solution Kevin Leech Schweitzer Engineering Laboratories, Inc. Copyright SEL 2009 What Makes a Cyberattack Unique? While the resources

More information