Hack Your SQL Server Database Before the Hackers Do
|
|
- Marion Scott
- 8 years ago
- Views:
Transcription
1 Note: This article was edited in Oct. 2013, from numerous Web Sources. TJS At the Install: The default install for SQL server makes it is as secure as it will ever be. DBAs and developers will eventually create databases with inadequate security. Then they will give users and groups too much access to its data. If that is not enough, they will then build Web sites or Web applications that indirectly give untrusted masses access to sensitive enterprise data. Suddenly, SQL Server is a security nightmare. Of course, a DBA can do all of the above things securely, but how many DBAs are thoroughly versed in Database and Web application security? If a DBA is careful, they monitor the entire attack surface. For an already busy DBA, maybe even working only in a small enterprise, diligent monitoring can be a full-time occupation. Furthermore, as security time moves inexorably forward, more and more sophisticated web initiated attacks into database servers emerge, and often are all too easy to miss, even for a diligent DBA. Bottom line: DBAs need proper security tools. Early SQL Server Hacks: SQLSnake and SQL Slammer Prior to 2003, the Microsoft SQL Administrator user s default password was blank. Sadly, many administrators were installing SQL Servers on the Internet with that configuration. The Microsoft database engine MSDE 2000 exhibited two buffer overflow vulnerabilities. If the MSDE 2000 process runs in the security context of a domain user or the local SYSTEM account, successful exploitation of these security holes will mean a total compromise of the target system. These can be exploited by a remote attacker without ever having to authenticate to the server. In 2003, an Internet-based worm called SQLSnake roamed and attempted to spread from SQL server to SQL server, taking advantage of the blank administrator password. The SQLSnake worm targets TCP port 1433, the default port used for Microsoft SQL Server traffic. The worm is non-destructive, but once it infects a machine it sends an configuration information to ixltd@postone.com. The SQL Slammer worm was based on an SQL Server vulnerability, but the worm s code did not use the SQL language. Instead, it exploited a buffer overflow bug in Microsoft's flagship SQL Server and Desktop Engine database products. Microsoft had issued a critical patch for this SQL server vulnerability on July 24, 2002, but many, including some at Microsoft, did not install this critical patch. Slammer was launched on January 25, Database Security 2013: Hack your SQL Server before they do Page 1
2 Slammer caused a denial of service on some Internet hosts and dramatically slowed down general Internet traffic. Slammer spread rapidly, infecting most of its 75,000 victims within ten minutes. SQL-Slammer sends a 376 byte long UDP packet to port 1434 using random targets at a very high rate. Vulnerable systems will immediately start sending identical 376 byte packets once they are infected. The worm sends traffic to random IP addresses, including multicast IP addresses, causing a Denial of Service on the target network. Single infected machines reported traffic in excess of 50 Mb/sec after being infected. Many more database attacks come from either privilege escalation, SQL injection, or finding the database user passwords. This article will not cover privilege escalation or SQL injection attacks. Instead, much of this article will focus on cracking database user passwords. Here Come the Tools: Dozens of database tools can simplify the task of building in and maintaining security an SQL Server system and its databases. The tools run from free to expensive, single to general purpose, simple to complex. Not only can the good guys use them, but we all know that the bad guys are using the same tools to probe and poke into your servers. Table 1 shows some useful tools. Database Security 2013: Hack your SQL Server before they do Page 2
3 Using the Tools When the SQLSnake worm appeared, it revealed an SQL Server Browser service vulnerability, exposing information about available database servers to attackers. As a result, finding SQL Server instances running on your network can be problematic. Using SQLPing find all the instances SQLPing 3.0 from SQLSecurity.com attempts to detect SQL Server and MSDE instances, including multiple SQL Server instances installed on a single physical server. It also has the ability to challenge passwords through brute force probes. There are several known ways to scan and find running instances, and SQLPing takes advantage of them all. SQLPing is easy to use, but there is little documentation for it. SQLPing can actively ping the network, or simply search the Active Directory (AD) for any SQL Server registrations and check the SQL Server Browser Service to see whether any servers have broadcast their existence. Active scans are more accurate and more clearly reveal activity on your SQL Server network. SQLPing will also perform dictionary and brute-force password checking. However, the brute-force password checks are less robust than the specially developed password cracking tools. Security Best Practices Analyzer (SBPA) - your known SQL Server Instances One all the SQL Server instances are known, the next task is to evaluate how secure they are. The Microsoft SQL Server 2005 Best Practices Analyzer is a free and easyto-use tool which easily catches all of your low hanging fruit security vulnerabilities. The SBPA can scan SQL Server instances on a local or a remote machine. SBPA accesses the registries and other resources, so it is best to run it locally. To scan your entire SQL Server network, you need to be a domain or local administrator with permissions on the each remote machine s registry. The tool has various options for selecting which components to scan for in each instance and can import or export component lists. You can also select which databases to include in the scan; the default is to scan all databases, including the system databases. The analyzer defines a large set of rules that define best practices, and you can control which rules it uses to scan a particular server. A scan can take anywhere from a few minutes to a very long time, depending on the number of server instances and components you select. The scan checks more than 100 server and database issues related to known vulnerabilities, then produces its report. Each issue discovered includes a brief description, often a link to the Help file, and an Database Security 2013: Hack your SQL Server before they do Page 3
4 option to stop checking the rule for any or all SQL Server instances for future scans, when appropriate. Microsoft Baseline Security Analyzer MBSA The MBSA claims to support SQL Server, but its real value is to check that you have the latest patches installed. One of the first tasks in system hardening is to install the latest patches, so MBSA performs this important task for SQL server installations. Database Password Creation, Storage, and Cracking -- MS SQL Server Strong passwords are the foundation of a secure server. Many SQL Server instances have users from outside Microsoft s Active Directory. Such SQL servers cannot always use Integrated Windows authentication methods. In these instances, SQL developers have to create users and their passwords. This can lead to many SQL Server users with weak passwords. Microsoft SQL Server stores each user separate password as a hash in a system table. SQL Server 2000 would uppercase the password, hash it with the SHA1 hash, and then store the hash in the system table. SQL Servers 2005 and 2008 no longer uppercased the passwords before hashing, but SHA1 was still used to hash the passwords. SQL Server 2012 uses SHA2-512 to hash the passwords, so these password hashes are much more resistant to being cracked than previously. But with faster systems and SHA-512 cracker tools, they will still be breakable. SQL Servers have long used the native HASHBYTES function to create hashes when needed, such as for user passwords. Earlier HASHBYTES versions used the SHA1 hashing algorithm, but SQL Server 2012 improves password security by using the SHA_512 hash. The newer SHA-3 hash, introduced in November, 2012, was the result of a 6 year US Government sponsored contest to produce a much better hashing algorithm, is not supported. The Microsoft Technet snippets below show how to use HASHBYTES for password hashing. HASHBYTES Algorithmic Choices HASHBYTES ( '<algorithm>', 'input' } ) <algorithm>::= MD2 MD4 MD5 SHA SHA1 SHA2_256 SHA2_512 Using HASHBYTES in a Program nvarchar(4000); = CONVERT(nvarchar(4000),'dslfdkjLK85kldhnv$n000#knf'); SELECT GO Database Security 2013: Hack your SQL Server before they do Page 4
5 Despite the new SHA3 hash, SQL Server still makes all of the login information accessible from the view master.sys.sql_logins. Using this table, you can determine the user names as well as the associated password hashes. Of course the DBA has access to this table, but if can be done, the following simple SQL command can get the password hashes: 1 2 INSERT INTO mydatabase.password_table_copy SELECT * FROM master.sys.sql_logins Password Creation and Storage in Other Databases Users of Oracle, MySQL, and Sybase ASE-15 can find their password hashes and crack them through similar methods. Once the hashes are found, they can be exported to text files, where a cracking program can be used to determine the passwords. See the related article for more information on modern hash cracking systems. NGSSQLCrack and Cain & Abel Password Cracking Tools NGSSQLCrack from Next Generation Security Software is probably the easiest database password cracking tool to use. NGSSQLCrack borrows techniques from the free LophtCrack Windows password cracking tool of the 1990 s. NGSSQLCrack is commercial, but a free test download is also available. NGSSQLCrack runs on MS SQL Server versions 7/ 2000/ 2005/2008, Oracle 8i/9i/10g/11g, Sybase ASE 15, and MySQL 4.1, 5.0, 5.1 & 5.5. NGSSQLCrack will connect to the SQL Server instance of your choice and grab the SQL login password hashes. It also allows the password hashes to be manually entered or copied into the tool. It can use both dictionary and bruteforce attacks and provides some simple options for customizing the session. You can also specify your own dictionary file and character set including case-insensitive options for the brute-force attacks. It can take a long time to perform a complete crack, depending on the size of your dictionary file, the character set you select for the brute-force analysis, and the password size range you select. The tool reports any passwords it discovers immediately. Database Security 2013: Hack your SQL Server before they do Page 5
6 If you want to get into industrial-strength password cracking, use the free, cross-platform Cain & Abel. C & A gives you many more options than NGSSQLCrack for gathering, sniffing, and cracking all kinds of passwords from Windows and other OSs as well as SQL Server along with much more robust cracking options. C & A is a true hacker s tool, and you ll probably need to spend some time learning how to use it effectively. It s scary how well C & A can crack passwords. Hopefully, after using C & A, you will never again create a simple or short password for any use whatsoever. SQL Vulnerability Analyzers -- The Metasploit Project and NGSSQuirreL Many SQL Server hacking tools are niche products, focusing on one aspect of security such as password strength or port visibility. But there are literally hundreds of potential vulnerabilities in a product as complex as SQL Server, and it would take the most diligent administrator years to find all the problems. That s where a comprehensive, industrial-strength vulnerability scanner is a lifesaver. Many such commercial vulnerability scanners are available, most of which are general network analyzers that happen to include scans of SQL Server instances. The heavyweight database scanner is the Metasploit Project, which is describes as an open source platform for developing, testing, and using exploit code. It uses the Metasploit Framework, a development platform that supports creating both security tools and exploits. The framework is largely the reason for Metasploit s wide use by both ethical and black-hat hackers, since it s relatively easy to adapt the tools for specific purposes. Over the years, many of SQL Server s vulnerabilities have been discovered using these tools. Metasploit isn t for the faint of heart, but it s incredibly powerful. Much of Metasploit s power is used for evil, and you can almost bet it s being used right now on your servers. At the very least, you should assume that it is! NGSSoftware also offers the NGSSQuirreL for SQL Server. This is a powerful SQL Server security analyzer that performs more than 700 tests to find most of the known vulnerabilities in various SQL Server versions. The product is a bit picky about getting started on a particular SQL instance, so much so that it might take you a half dozen tries to configure everything correctly to make a successful connection for a scan. Once you ve set up NGSSQuirreL correctly on your system, start the scan and go get some coffee. By the time you get a cup of coffee and return to your desk, the scan should have finished that s surprisingly quick and what you can expect for an NGSSQuirreL scan, even on a remote server over a broadband connection near the low end of the Database Security 2013: Hack your SQL Server before they do Page 6
7 speed range. After NGSSQuirreL finishes the scan, it displays an easily navigated tree view containing a lot of information about the SQL Server instance as well as the problems the tool found. NGSSQuirreL scans often reveal many more vulnerabilities than you expect, especially on a remote servers, sometimes even production servers. Each vulnerability found in the scan results list has plenty of information about the problem and what to do about it, along with lists of affected database or server objects, as needed. Not every problem that NGSSQuirreL finds means you have a serious security vulnerability, but taken together, they can indicate a server s potential vulnerability. The No-Brainer Security Tool -- Microsoft Update We have saved the very best SQL Server security tool of all for last. Running this tool regularly is essential to ensure secure database servers. But the tool Microsoft Update isn t exactly a hacker tool. A fully patched machine is one of your best defenses against new attacks. Microsoft s Patch Tuesday is the second Tuesday of the month. In hacker speak, Black Wednesday follows, as attackers develop new attacks overnight after Microsoft releases the details of newly patched vulnerabilities. As everyone knows, you need to test all Microsoft patches, especially the SQL Server updates before deploying them to production servers. Don t use Windows Update, which doesn t have nearly the reach of Microsoft Update. Third-party tools that perform similar functions to Microsoft Update are available as well. One Step Ahead of Hackers In this age of increasingly clever attacks on our database servers, administrators have to be diligent about monitoring and testing the security of their SQL Server machines. You can strengthen your database defenses by using the tools described in this document. Or, you can use similar ones to find out what hackers already know about your databases and servers. In either case, use some tools regularly to keep you database servers as secure as you can. Database Security 2013: Hack your SQL Server before they do Page 7
ITEC441- IS Security. Chapter 15 Performing a Penetration Test
1 ITEC441- IS Security Chapter 15 Performing a Penetration Test The PenTest A penetration test (pentest) simulates methods that intruders use to gain unauthorized access to an organization s network and
More informationWindows Remote Access
Windows Remote Access A newsletter for IT Professionals Education Sector Updates Issue 1 I. Background of Remote Desktop for Windows Remote Desktop Protocol (RDP) is a proprietary protocol developed by
More informationCRYPTUS DIPLOMA IN IT SECURITY
CRYPTUS DIPLOMA IN IT SECURITY 6 MONTHS OF TRAINING ON ETHICAL HACKING & INFORMATION SECURITY COURSE NAME: CRYPTUS 6 MONTHS DIPLOMA IN IT SECURITY Course Description This is the Ethical hacking & Information
More informationCOURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM
COURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM Course Description This is the Information Security Training program. The Training provides you Penetration Testing in the various field of cyber world.
More informationHackers: Detection and Prevention
Computer Networks & Computer Security SE 4C03 Project Report Hackers: Detection and Prevention Due Date: March 29 th, 2005 Modified: March 28 th, 2005 Student Name: Arnold Sebastian Professor: Dr. Kartik
More informationCSE331: Introduction to Networks and Security. Lecture 15 Fall 2006
CSE331: Introduction to Networks and Security Lecture 15 Fall 2006 Worm Research Sources "Inside the Slammer Worm" Moore, Paxson, Savage, Shannon, Staniford, and Weaver "How to 0wn the Internet in Your
More informationNetwork and Host-based Vulnerability Assessment
Network and Host-based Vulnerability Assessment A guide for information systems and network security professionals 6600 Peachtree-Dunwoody Road 300 Embassy Row Atlanta, GA 30348 Tel: 678.443.6000 Toll-free:
More informationComputer Networks & Computer Security
Computer Networks & Computer Security Software Engineering 4C03 Project Report Hackers: Detection and Prevention Prof.: Dr. Kartik Krishnan Due Date: March 29 th, 2004 Modified: April 7 th, 2004 Std Name:
More informationRadware s Behavioral Server Cracking Protection
Radware s Behavioral Server Cracking Protection A DefensePro Whitepaper By Renaud Bidou Senior Security Specialist,Radware October 2007 www.radware.com Page - 2 - Table of Contents Abstract...3 Information
More informationTop 10 Database. Misconfigurations. mtrinidad@appsecinc.com
Top 10 Database Vulnerabilities and Misconfigurations Mark Trinidad mtrinidad@appsecinc.com Some Newsworthy Breaches From 2011 2 In 2012.. Hackers carry 2011 momentum in 2012 Data theft, hacktivism, espionage
More informationDemystifying Penetration Testing for the Enterprise. Presented by Pravesh Gaonjur
Demystifying Penetration Testing for the Enterprise Presented by Pravesh Gaonjur Pravesh Gaonjur Founder and Executive Director of TYLERS Information Security Consultant Certified Ethical Hacker (CEHv8Beta)
More informationWeb Application Threats and Vulnerabilities Web Server Hacking and Web Application Vulnerability
Web Application Threats and Vulnerabilities Web Server Hacking and Web Application Vulnerability WWW Based upon HTTP and HTML Runs in TCP s application layer Runs on top of the Internet Used to exchange
More informationTIME TO LIVE ON THE NETWORK
TIME TO LIVE ON THE NETWORK Executive Summary This experiment tests to see how well commonly used computer platforms withstand Internet attacks in the wild. The experiment quantifies the amount of time
More informationSimple Steps to Securing Your SSL VPN
Simple Steps to Securing Your SSL VPN A five-point strategy for secure remote access Managing secure remote access is a tough job. Because remote systems may directly connect to the Internet rather than
More informationVulnerability Assessment and Penetration Testing
Vulnerability Assessment and Penetration Testing Module 1: Vulnerability Assessment & Penetration Testing: Introduction 1.1 Brief Introduction of Linux 1.2 About Vulnerability Assessment and Penetration
More informationSecurity Maintenance Practices. IT 4823 Information Security Administration. Patches, Fixes, and Revisions. Hardening Operating Systems
IT 4823 Information Security Administration Securing Operating Systems June 18 Security Maintenance Practices Basic proactive security can prevent many problems Maintenance involves creating a strategy
More informationLearn Ethical Hacking, Become a Pentester
Learn Ethical Hacking, Become a Pentester Course Syllabus & Certification Program DOCUMENT CLASSIFICATION: PUBLIC Copyrighted Material No part of this publication, in whole or in part, may be reproduced,
More informationPenetration Testing Report Client: Business Solutions June 15 th 2015
Penetration Testing Report Client: Business Solutions June 15 th 2015 Acumen Innovations 80 S.W 8 th St Suite 2000 Miami, FL 33130 United States of America Tel: 1-888-995-7803 Email: info@acumen-innovations.com
More informationBlack Box Penetration Testing For GPEN.KM V1.0 Month dd "#$!%&'(#)*)&'+!,!-./0!.-12!1.03!0045!.567!5895!.467!:;83!-/;0!383;!
Sample Penetration Testing Report Black Box Penetration Testing For GPEN.KM V1.0 Month dd "#$%&'#)*)&'+,-./0.-121.030045.5675895.467:;83-/;0383; th, yyyy A&0#0+4*M:+:#&*#0%+C:,#0+4N:
More informationIBM Managed Security Services Vulnerability Scanning:
IBM Managed Security Services August 2005 IBM Managed Security Services Vulnerability Scanning: Understanding the methodology and risks Jerry Neely Network Security Analyst, IBM Global Services Page 2
More informationOverview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs
Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Why Network Security? Keep the bad guys out. (1) Closed networks
More informationThick Client Application Security
Thick Client Application Security Arindam Mandal (arindam.mandal@paladion.net) (http://www.paladion.net) January 2005 This paper discusses the critical vulnerabilities and corresponding risks in a two
More informationHacking Database for Owning your Data
Hacking Database for Owning your Data 1 Introduction By Abdulaziz Alrasheed & Xiuwei Yi Stealing data is becoming a major threat. In 2012 alone, 500 fortune companies were compromised causing lots of money
More informationHands-On Ethical Hacking and Network Defense Second Edition Chapter 8 Desktop and Server OS Vulnerabilities
Objectives After reading this chapter and completing the exercises, you will be able to: Describe vulnerabilities of Windows and Linux operating systems Identify specific vulnerabilities and explain ways
More informationG/On. Basic Best Practice Reference Guide Version 6. For Public Use. Make Connectivity Easy
For Public Use G/On Basic Best Practice Reference Guide Version 6 Make Connectivity Easy 2006 Giritech A/S. 1 G/On Basic Best Practices Reference Guide v.6 Table of Contents Scope...3 G/On Server Platform
More informationBuild Your Own Security Lab
Build Your Own Security Lab A Field Guide for Network Testing Michael Gregg WILEY Wiley Publishing, Inc. Contents Acknowledgments Introduction XXI xxiii Chapter 1 Hardware and Gear Why Build a Lab? Hackers
More informationHoneyBOT User Guide A Windows based honeypot solution
HoneyBOT User Guide A Windows based honeypot solution Visit our website at http://www.atomicsoftwaresolutions.com/ Table of Contents What is a Honeypot?...2 How HoneyBOT Works...2 Secure the HoneyBOT Computer...3
More informationFIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 4 Finding Network Vulnerabilities
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 4 Finding Network Vulnerabilities Learning Objectives Name the common categories of vulnerabilities Discuss common system
More informationPenetration Testing Walkthrough
Penetration Testing Walkthrough Table of Contents Penetration Testing Walkthrough... 3 Practical Walkthrough of Phases 2-5... 4 Chose Tool BackTrack (Armitage)... 5 Choose Target... 6 Phase 2 - Basic Scan...
More informationWHITEPAPER. Nessus Exploit Integration
Nessus Exploit Integration v2 Tenable Network Security has committed to providing context around vulnerabilities, and correlating them to other sources, such as available exploits. We currently pull information
More informationHow To Classify A Dnet Attack
Analysis of Computer Network Attacks Nenad Stojanovski 1, Marjan Gusev 2 1 Bul. AVNOJ 88-1/6, 1000 Skopje, Macedonia Nenad.stojanovski@gmail.com 2 Faculty of Natural Sciences and Mathematics, Ss. Cyril
More informationA Decision Maker s Guide to Securing an IT Infrastructure
A Decision Maker s Guide to Securing an IT Infrastructure A Rackspace White Paper Spring 2010 Summary With so many malicious attacks taking place now, securing an IT infrastructure is vital. The purpose
More informationSecurity Considerations White Paper for Cisco Smart Storage 1
Security Considerations White Paper for Cisco Smart Storage An open network is like a bank s vault with windows Bill Thomson Network-Attached Storage (NAS) is a relatively simple and inexpensive way to
More informationHow Your Current IT Security System Might Be Leaving You Exposed TAKEAWAYS CHALLENGES WHITE PAPER
WHITE PAPER CHALLENGES Protecting company systems and data from costly hacker intrusions Finding tools and training to affordably and effectively enhance IT security Building More Secure Companies (and
More informationServer Security. Contents. Is Rumpus Secure? 2. Use Care When Creating User Accounts 2. Managing Passwords 3. Watch Out For Aliases 4
Contents Is Rumpus Secure? 2 Use Care When Creating User Accounts 2 Managing Passwords 3 Watch Out For Aliases 4 Deploy A Firewall 5 Minimize Running Applications And Processes 5 Manage Physical Access
More informationCYBERTRON NETWORK SOLUTIONS
CYBERTRON NETWORK SOLUTIONS CybertTron Certified Ethical Hacker (CT-CEH) CT-CEH a Certification offered by CyberTron @Copyright 2015 CyberTron Network Solutions All Rights Reserved CyberTron Certified
More informationGuarding Against SQL Server Attacks: Hacking, cracking, and protection techniques.
Guarding Against SQL Server Attacks: Hacking, cracking, and protection techniques. In this information age, the data server has become the heart of a company. This one piece of software controls the rhythm
More informationSECURITY TERMS: Advisory Backdoor - Blended Threat Blind Worm Bootstrapped Worm Bot Coordinated Scanning
SECURITY TERMS: Advisory - A formal notice to the public on the nature of security vulnerability. When security researchers discover vulnerabilities in software, they usually notify the affected vendor
More informationApplication Intrusion Detection
Application Intrusion Detection Drew Miller Black Hat Consulting Application Intrusion Detection Introduction Mitigating Exposures Monitoring Exposures Response Times Proactive Risk Analysis Summary Introduction
More informationFREQUENTLY ASKED QUESTIONS
FREQUENTLY ASKED QUESTIONS Secure Bytes, October 2011 This document is confidential and for the use of a Secure Bytes client only. The information contained herein is the property of Secure Bytes and may
More informationINTERNATIONAL JOURNAL OF COMPUTER ENGINEERING & TECHNOLOGY (IJCET)
INTERNATIONAL JOURNAL OF COMPUTER ENGINEERING & TECHNOLOGY (IJCET) International Journal of Computer Engineering and Technology (IJCET), ISSN 0976 ISSN 0976 6367(Print) ISSN 0976 6375(Online) Volume 3,
More informationActuality of SMBRelay in Modern Windows Networks
Actuality of SMBRelay in Modern Windows Networks Ares, April 2012 intercepter.mail@gmail.com http://sniff.su Intro I first came across SMBRelay in the middle of 2000s and the experience was unsatisfying..
More informationSTABLE & SECURE BANK lab writeup. Page 1 of 21
STABLE & SECURE BANK lab writeup 1 of 21 Penetrating an imaginary bank through real present-date security vulnerabilities PENTESTIT, a Russian Information Security company has launched its new, eighth
More informationINNOV-04 The SANS Top 20 Internet Security Vulnerabilities
INNOV-04 The SANS Top 20 Internet Security Vulnerabilities (and what it means to OpenEdge Applications) Michael Solomon, CISSP PMP CISM Solomon Consulting Inc. www.solomonconsulting.com (Thanks to John
More informationVULNERABILITY ASSESSMENT WHITEPAPER INTRODUCTION, IMPLEMENTATION AND TECHNOLOGY DISCUSSION
VULNERABILITY ASSESSMENT WHITEPAPER INTRODUCTION, IMPLEMENTATION AND TECHNOLOGY DISCUSSION copyright 2003 securitymetrics Security Vulnerabilities of Computers & Servers Security Risks Change Daily New
More informationQuick Start Guide: Utilizing Nessus to Secure Microsoft Azure
Quick Start Guide: Utilizing Nessus to Secure Microsoft Azure Introduction Tenable Network Security is the first and only solution to offer security visibility, Azure cloud environment auditing, system
More informationCommon Security Vulnerabilities in Online Payment Systems
Common Security Vulnerabilities in Online Payment Systems Author- Hitesh Malviya(Information Security analyst) Qualifications: C!EH, EC!SA, MCITP, CCNA, MCP Current Position: CEO at HCF Infosec Limited
More informationProtect Your IT Infrastructure from Zero-Day Attacks and New Vulnerabilities
Protect Your IT Infrastructure from Zero-Day Attacks and New Vulnerabilities Protecting a business s IT infrastructure is complex. Take, for example, a retailer operating a standard multi-tier infrastructure
More informationComputer Viruses: How to Avoid Infection
Viruses From viruses to worms to Trojan Horses, the catchall term virus describes a threat that's been around almost as long as computers. These rogue programs exist for the simple reason to cause you
More informationPort Scanning and Vulnerability Assessment. ECE4893 Internetwork Security Georgia Institute of Technology
Port Scanning and Vulnerability Assessment ECE4893 Internetwork Security Georgia Institute of Technology Agenda Reconnaissance Scanning Network Mapping OS detection Vulnerability assessment Reconnaissance
More information2014 Entry Form (Complete one for each entry.) Fill out the entry name exactly as you want it listed in the program.
2014 Entry Form (Complete one for each entry.) Fill out the entry name exactly as you want it listed in the program. Entry Name HFA Submission Contact Phone Email Qualified Entries must be received by
More information6WRUP:DWFK. Policies for Dedicated SQL Servers Group
OKENA 71 Second Ave., 3 rd Floor Waltham, MA 02451 Phone 781 209 3200 Fax 781 209 3199 6WRUP:DWFK Policies for Dedicated SQL Servers Group The sample policies shipped with StormWatch address both application-specific
More informationINDUSTRIAL CONTROL SYSTEMS CYBER SECURITY DEMONSTRATION
INDUSTRIAL CONTROL SYSTEMS CYBER SECURITY DEMONSTRATION Prepared for the NRC Fuel Cycle Cyber Security Threat Conference Presented by: Jon Chugg, Ken Rohde Organization(s): INL Date: May 30, 2013 Disclaimer
More informationProject 2: Penetration Testing (Phase II)
Project 2: Penetration Testing (Phase II) CS 161 - Joseph/Tygar November 17, 2006 1 Edits If we need to make clarifications or corrections to this document after distributing it, we will post a new version
More informationTopics in Network Security
Topics in Network Security Jem Berkes MASc. ECE, University of Waterloo B.Sc. ECE, University of Manitoba www.berkes.ca February, 2009 Ver. 2 In this presentation Wi-Fi security (802.11) Protecting insecure
More informationManipulating Microsoft SQL Server Using SQL Injection
Manipulating Microsoft SQL Server Using SQL Injection Author: Cesar Cerrudo (sqlsec@yahoo.com) APPLICATION SECURITY, INC. WEB: E-MAIL: INFO@APPSECINC.COM TEL: 1-866-9APPSEC 1-212-947-8787 INTRODUCTION
More informationPenetration Testing with Kali Linux
Penetration Testing with Kali Linux PWK Copyright 2014 Offensive Security Ltd. All rights reserved. Page 1 of 11 All rights reserved to Offensive Security, 2014 No part of this publication, in whole or
More informationCertified Ethical Hacker (CEH)
Certified Ethical Hacker (CEH) Course Number: CEH Length: 5 Day(s) Certification Exam This course will help you prepare for the following exams: Exam 312 50: Certified Ethical Hacker Course Overview The
More informationUnderstanding Security Testing
Understanding Security Testing Choosing between vulnerability assessments and penetration testing need not be confusing or onerous. Arian Eigen Heald, M.A., Ms.IA., CNE, CISA, CISSP I. Introduction Many
More informationFive Steps to Improve Internal Network Security. Chattanooga ISSA
Five Steps to Improve Internal Network Security Chattanooga ISSA 1 Find Me AverageSecurityGuy.info @averagesecguy stephen@averagesecurityguy.info github.com/averagesecurityguy ChattSec.org 2 Why? The methodical
More informationVoipSwitch Security Audit
VoipSwitch Security Audit Security audit was made at 1 st January 2013 (3.00 PM 10.00 PM UTC +1) by John Doe who is Security Advisor at VoipSwitch Company. Server's IP address : 11.11.11.11 Server has
More informationThe Twenty Most Critical Internet Security Vulnerabilities (Updated) ~ The Experts Consensus
The Twenty Most Critical Internet Security Vulnerabilities (Updated) ~ The Experts Consensus Version 4.0 October 8, 2003 Copyright (C) 2001-2003, SANS Institute Questions / comments may be directed to
More informationExploiting Transparent User Identification Systems
Exploiting Transparent User Identification Systems Wayne Murphy Benjamin Burns Version 1.0a 1 CONTENTS 1.0 Introduction... 3 1.1 Project Objectives... 3 2.0 Brief Summary of Findings... 4 3.0 Background
More informationEthical Hacking Course Layout
Ethical Hacking Course Layout Introduction to Ethical Hacking o What is Information Security? o Problems faced by the Corporate World o Why Corporate needs Information Security? Who is a Hacker? o Type
More informationSecurity Awareness For Server Administrators. State of Illinois Central Management Services Security and Compliance Solutions
Security Awareness For Server Administrators State of Illinois Central Management Services Security and Compliance Solutions Purpose and Scope To present a best practice approach to securing your servers
More informationCertified Ethical Hacker Exam 312-50 Version Comparison. Version Comparison
CEHv8 vs CEHv7 CEHv7 CEHv8 19 Modules 20 Modules 90 Labs 110 Labs 1700 Slides 1770 Slides Updated information as per the latest developments with a proper flow Classroom friendly with diagrammatic representation
More informationSY0-201. system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users.
system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users. From a high-level standpoint, attacks on computer systems and networks can be grouped
More informationHow We're Getting Creamed
ed Attacks How We're Getting Creamed By Ed Skoudis June 9, 2011 ed Attacks - 2011 Ed Skoudis 1 $ cut -f5 -d: /etc/passwd grep -i skoudis Ed Skoudis Started infosec career at Bellcore in 1996 working for
More informationSecure Web Development Teaching Modules 1. Security Testing. 1.1 Security Practices for Software Verification
Secure Web Development Teaching Modules 1 Security Testing Contents 1 Concepts... 1 1.1 Security Practices for Software Verification... 1 1.2 Software Security Testing... 2 2 Labs Objectives... 2 3 Lab
More informationGlobal Cyber Range (GCR) Empowering the Cybersecurity Professional (CyPro)
Global Cyber Range (GCR) Empowering the Cybersecurity Professional (CyPro) NICE Conference 2014 CYBERSECURITY RESILIENCE A THREE TIERED SOLUTION NIST Framework for Improving Critical Infrastructure Cybersecurity
More informationSapphire/Slammer Worm. Code Red v2. Sapphire/Slammer Worm. Sapphire/Slammer Worm. Sapphire/Slammer Worm. Why Was Slammer So Fast?
First Worm Ever Morris Worm Robert Morris, a PhD student at Cornell, was interested in network security He created the first worm with a goal to have a program live on the Internet in November 9 Worm was
More informationMedical Device Security Health Imaging Digital Capture. Security Assessment Report for the Kodak DryView 8150 Imager Release 1.0.
Medical Device Security Health Imaging Digital Capture Security Assessment Report for the Kodak DryView 8150 Imager Release 1.0 Page 1 of 9 Table of Contents Table of Contents... 2 Executive Summary...
More informationPenetration: from Application down to OS
April 13, 2010 Penetration: from Application down to OS Getting OS Access Using Lotus Domino Application Server Vulnerabilities Digitаl Security Research Group (DSecRG) www.dsecrg.com Alexandr Polyakov.
More informationUser Security Education and System Hardening
User Security Education and System Hardening Topic 1: User Security Education You have probably received some form of information security education, either in your workplace, school, or other settings.
More informationMatriXay Database Vulnerability Scanner V3.0
MatriXay Database Vulnerability Scanner V3.0 (DAS- DBScan) - - - The best database security assessment tool 1. Overview MatriXay Database Vulnerability Scanner (DAS- DBScan) is a professional tool with
More informationSecret Server Qualys Integration Guide
Secret Server Qualys Integration Guide Table of Contents Secret Server and Qualys Cloud Platform... 2 Authenticated vs. Unauthenticated Scanning... 2 What are the Advantages?... 2 Integrating Secret Server
More informationUsing Microsoft s Free Security Tools Help Secure your Windows Systems taken from Web and Other Sources by Thomas Jerry Scott November, 2003
Using Microsoft s Free Security Tools Help Secure your Windows Systems taken from Web and Other Sources by Thomas Jerry Scott November, 2003 The following chart shows the name and download locations for
More informationWeb Application Security
E-SPIN PROFESSIONAL BOOK Vulnerability Management Web Application Security ALL THE PRACTICAL KNOW HOW AND HOW TO RELATED TO THE SUBJECT MATTERS. COMBATING THE WEB VULNERABILITY THREAT Editor s Summary
More informationWindows Client/Server Local Area Network (LAN) System Security Lab 2 Time allocation 3 hours
Windows Client/Server Local Area Network (LAN) System Security Lab 2 Time allocation 3 hours Introduction The following lab allows the trainee to obtain a more in depth knowledge of network security and
More informationPresented By: Bryan Miller CCIE, CISSP
Presented By: Bryan Miller CCIE, CISSP Speaker Introduction Risks Controls Why We Should Pen Test Why We Don t Pen Test Tools & Techniques Low Hanging Fruit Case Studies Copyright 2010 Syrinx Technologies
More informationAttack Frameworks and Tools
Network Architectures and Services, Georg Carle Faculty of Informatics Technische Universität München, Germany Attack Frameworks and Tools Pranav Jagdish Betreuer: Nadine Herold Seminar Innovative Internet
More informationSecurity Threat Kill Chain What log data would you need to identify an APT and perform forensic analysis?
Security Threat Kill Chain What log data would you need to identify an APT and perform forensic analysis? This paper presents a scenario in which an attacker attempts to hack into the internal network
More informationOracle Security Auditing
Introduction - Commercial Slide. RISK 2008, Oslo, Norway, April 23 rd 2008 Oracle Security Auditing By Pete Finnigan Written Friday, 25th January 2008 Founded February 2003 CEO Pete Finnigan Clients UK,
More informationOracle Security Auditing
RISK 2008, Oslo, Norway, April 23 rd 2008 Oracle Security Auditing By Pete Finnigan Written Friday, 25th January 2008 1 Introduction - Commercial Slide. Founded February 2003 CEO Pete Finnigan Clients
More informationThe Trivial Cisco IP Phones Compromise
Security analysis of the implications of deploying Cisco Systems SIP-based IP Phones model 7960 Ofir Arkin Founder The Sys-Security Group ofir@sys-security.com http://www.sys-security.com September 2002
More informationIf you know the enemy and know yourself, you need not fear the result of a hundred battles.
Rui Pereira,B.Sc.(Hons),CIPS ISP/ITCP,CISSP,CISA,CWNA/CWSP,CPTE/CPTC Principal Consultant, WaveFront Consulting Group ruiper@wavefrontcg.com 1 (604) 961-0701 If you know the enemy and know yourself, you
More informationWhite Paper. Low Hanging Fruits: The Top Five Easiest Ways to Hack or Get Hacked
Low Hanging Fruits: The Top Five Easiest Ways to Hack or Get Hacked Table of Contents Executive Summary...3 This white paper was written by: Amit Bagree Principal Security Consultant McAfee Foundstone
More informationOracle Database Security Myths
Oracle Database Security Myths December 13, 2012 Stephen Kost Chief Technology Officer Integrigy Corporation Phil Reimann Director of Business Development Integrigy Corporation About Integrigy ERP Applications
More informationDatabase Auditing: Best Practices. Rob Barnes, CISA Director of Security, Risk and Compliance Operations rbarnes@appsecinc.com
Database Auditing: Best Practices Rob Barnes, CISA Director of Security, Risk and Compliance Operations rbarnes@appsecinc.com Verizon 2009 Data Breach Investigations Report: 285 million records were compromised
More informationThe purpose of this report is to educate our prospective clients about capabilities of Hackers Locked.
This sample report is published with prior consent of our client in view of the fact that the current release of this web application is three major releases ahead in its life cycle. Issues pointed out
More informationDeploying Secure Internet Connectivity
C H A P T E R 5 Deploying Secure Internet Connectivity This chapter is a step-by-step procedure explaining how to use the ASDM Startup Wizard to set up the initial configuration for your ASA/PIX Security
More informationIMF Tune Quarantine & Reporting Running SQL behind a Firewall. WinDeveloper Software Ltd.
IMF Tune Quarantine & Reporting Running SQL behind a Firewall WinDeveloper Software Ltd. 1 Basic Setup Quarantine & Reporting Web Interface must be installed on the same Windows Domain as the SQL Server
More informationCS 356 Lecture 25 and 26 Operating System Security. Spring 2013
CS 356 Lecture 25 and 26 Operating System Security Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control
More information3. Broken Account and Session Management. 4. Cross-Site Scripting (XSS) Flaws. Web browsers execute code sent from websites. Account Management
What is an? s Ten Most Critical Web Application Security Vulnerabilities Anthony LAI, CISSP, CISA Chapter Leader (Hong Kong) anthonylai@owasp.org Open Web Application Security Project http://www.owasp.org
More informationOwn your LAN with Arp Poison Routing
Own your LAN with Arp Poison Routing By: Rorik Koster April 17, 2006 Security is a popular buzzword heard every day throughout our American culture and possibly even more so in our global economy. From
More informationNeed for Database Security. Whitepaper
Whitepaper 2 Introduction The common factor in today s global economy where most of the business is done electronically via B2B [Business to Business] or via B2C [business to consumer] or other more traditional
More informationWhy Should You Care About Security Issues? SySmox WEB security Info@sysmox.com. Top seven ColdFusion Security Issues
SySmox WEB security Info@sysmox.com Top seven ColdFusion Security Issues This installment discusses the most prevalent security issues with server configurations and application implementations for ColdFusion.
More informationTHE ROLE OF IDS & ADS IN NETWORK SECURITY
THE ROLE OF IDS & ADS IN NETWORK SECURITY The Role of IDS & ADS in Network Security When it comes to security, most networks today are like an egg: hard on the outside, gooey in the middle. Once a hacker
More informationAnalysis of SQL injection prevention using a proxy server
Computer Science Honours 2005 Project Proposal Analysis of SQL injection prevention using a proxy server By David Rowe Supervisor: Barry Irwin Department of Computer
More informationAdministration Quick Start
www.novell.com/documentation Administration Quick Start ZENworks 11 Support Pack 3 February 2014 Legal Notices Novell, Inc., makes no representations or warranties with respect to the contents or use of
More information