Healthcare Information Security Governance and Public Safety II

Transcription

1 Healthcare Information Security Governance and Public Safety II Technical Track Seminar Agenda 8/26/2009 1

2 Vulnerability Assessment, Vulnerability Management and Penetration Testing PART 1 9:00 10:30

3 Anatomy of A Hack How hacker attack your system? Reconnaissance Scanning Gaining Access Privilege Escalation and Maintaining Access Covering tracks

4 Reconnaissance หา URL ของ เป าหมาย ม WEB Site อ นอ ก ใน Intranet หร อไม หาเอกสารท อาจม ข อม ลส าค ญ หาข อม ลบ คคล ข อม ลส าค ญจาก แหล งอ นๆ Search Engine Sub Domains pdf, doc, xls, ppt Directory Services Social Networking Web Site ร บสม ครงาน ข อม ลบร ษ ทจดทะเบ ยน

5 หา URL ของเป าหมาย

6 ม WEB Site อ นอ กใน Intranet หร อไม mail.acisonline.net mx.acisonline.net Ns.acisonline.net ftp.acisonline.net webmail. acisonline.net web.acisonline.net gateway.acisonline.net secure.acisonline.net intranet. acisonline.net extranet.acisonline.net smtp.acisonline.net pop.acisonline.net

7 หาเอกสารท อาจม ข อม ลสาค ญ filetype:doc site:acisonline.net filetype:pdf site:acisonline.net

8 หาข อม ลบ คคล

9 ข อม ลสาค ญจากแหล งอ นๆ

10 ข อม ลสาค ญจากแหล งอ นๆ (ต อ) archive.org

11 ข อม ลสาค ญจากแหล งอ นๆ (ต อ) archive.org

12 ข อม ลสาค ญจากแหล งอ นๆ (ต อ) Netcraft.com

13 Footprinting Tools BiLE Suite Web Data Extractor Tool SpiderFoot 3D Traceroute Path Analyzer Pro Maltego Power Collector Tool Kartoo Search Engine

14 Scanning ARP Scan PING Sweep TCP Scan Stealth Scanning Full TCP Scan Service Fingerprint OS Fingerprint UDP Scan

15 Scanning NMAP Scanner

16 Enumeration Banner Grapping Service Fingerprint NetBIOS Enumeration User Lists Group Lists Share Folders/Printer Sharing RPC Enumeration SNMP Scan

17 Enumeration NMAP Scanner

18 Enumeration Service Fingerprint

19 Gaining Access Exploit Buffer Overflow Password Eavesdropping Password Attack Dictionary Attack Brute-Force Attack

20 Gaining Access Exploit

21 Vulnerability Assessment (VA)

22 Vulnerability Management (VM)

23 Penetration Testing Black-Box Penetration Testing White-Box Penetration Testing

24 Penetration Testing

25 Penetration Testing

26 Microsoft Windows Platform Assessing and Hardening PART 2 10:45 12:00

27 System Configuration Review Testers using manual review techniques use security configuration guides or checklists to verify that system settings are configured to minimize security risks NIST maintains a repository of security configuration checklists for IT products at

28 NIST SP800-70: Security Configuration Checklists Program for IT Products The name of the organization and authors that produce the checklist Center for Internet Security (CIS) Citadel Security Software Defense Information Systems Agency (DISA) National Security Agency (NSA) NIST, Computer Security Division ThreatGuard HP, Kyocera Mita America INC, LJK Software, Microsoft Corporation

29 Microsoft Windows Security Guidelines and Checklists Microsoft Security Guidance Security Guide Documents Security Template National Security Agency (NSA) As Microsoft Security Guidance Center for Internet Security (CIS) CIS Benchmark Documents (Modified from Microsoft Security Guidance) Scoring Tools Defense Information System Agency (DISA)

30 Microsoft Windows Security Guidelines and Checklists Defense Information Security Agency (DISA) Windows 2000 Security Checklist Windows 2003 Security Checklist Windows Vista Security Checklist Windows XP Security Checklist Windows 2008 Security Checklist Evaluate Script Windows Gold Disk (scan only) Implementation Guides Windows 2000/XP/2003/Vista/ Windows 2008

31 Security Template [Event Audit] AuditSystemEvents = 1 [System Access] LSAAnonymousNameLookup = 0 [System Log] MaximumLogSize = [Privilege Rights] SeInteractiveLogonRight = *S [File Security] "%systemroot%\system32\tlntsvr.exe",1,"d :PAR(A;OIIO;FA;;;BA)(A;OIIO;FA;;;SY)" [Registry Values] MACHINE\System\CurrentControlSet\Service s\tcpip\parameters\enabledeadgwdetect=4, 0 You can use Security Configuration and Analysis tool to: Assessment Analysis Configuration

32 Using Security Configuration and Analysis Tool DEMO

33 Linux / Unix Assessing and Hardening PART 3 13:15 14:30

34 Unix/Linux Security Guidelines and Checklists Center for Internet Security (CIS) CIS Benchmark Documents Scoring Tools Mac OS X AIX FreeBSD Red Hat Linux Solaris 10 SUSE Linux Solaris 10 11/06 and 8/07 Slackware Linux Solaris Debian Linux HP-UX Novell OES:NetWare

35 Unix/Linux Security Guidelines and Checklists National Security Agency (NSA) Security Configuration Guide Apple Mac OS X v10.3.x "Panther Apple Mac OS X v10.4.x "Tiger" RedHat Enterprise Linux 5 Guides Update Nov 19, 2007 Sun Solaris 8 Guides Sun Solaris 9 Guides Defense Information Security Agency (DISA) MAC OS X 10.4 STIG Memo Update July 25, 2007 UNIX STIG V5R1 Update April 4, 2006

36 Bastille-Unix Security Guide Recommended >>> 100%

37 Bastille-Linux DEMO

38 Wireless LAN Assessing and Monitoring PART 4 15:00 16:30

39 Vulnerabilities of IEEE Open system authentication vulnerabilities MAC Address spoofing SSID can easy to discovered Shared key authentication vulnerabilities WEP Weak IVs Packet Injection WPA (Personal) Brute-force attack External authentication vulnerabilities RADIUS Shared Key Brute-force attack Rouge AP

40 Wireless LAN Attacks DEMO

41 Wireless LAN Security Guidelines and Checklists Center for Internet Security (CIS) Assessing the security of a wireless environment Wireless Network Benchmark Defense Information Security Agency (DISA) Wireless Security Checklist Wireless Security Technical Implementation Guide National Security Agency (NSA) Recommended Wireless Local Area Network Architecture Guidelines for the Development and Evaluation of IEEE Intrusion Detection Systems (IDS)

42 Wireless Intrusion Prevention System

43 Example: Air Defense

44 Example: WiFi Manager

45 Rouge AP Detect

46 Spectrum Analysis

47 Site Survey

48 Faraday Cages

49 Faraday Cages (cont)

50 Questions and Answers