A New Era. A New Edge. Phishing within your company

Similar documents
Social Engineering Toolkit

Hypervisor Software and Virtual Machines. Professor Howard Burpee SMCC Computer Technology Dept.

Installing Windows On A Macintosh Or Linux Using A Virtual Machine

CDH installation & Application Test Report

Evaluating the Balabit Shell Control Box

Symantec Cyber Readiness Challenge Player s Manual

Penetration Testing LAB Setup Guide

ORACLE VIRTUAL DESKTOP INFRASTRUCTURE

Automated Penetration Testing with the Metasploit Framework. NEO Information Security Forum March 19, 2008

Cybercrime myths, challenges and how to protect our business. Vladimir Kantchev Managing Partner Service Centrix

Download Virtualization Software Download a Linux-based OS Creating a Virtual Machine using VirtualBox: VM name

VMWare Workstation 11 Installation MICROSOFT WINDOWS SERVER 2008 R2 STANDARD ENTERPRISE ED.

Accessing RCS IBM Console in Windows Using Linux Virtual Machine

ECT362 Installing Linux Virtual Machine in KL322

Metasploit Pro Getting Started Guide

Lab 7 - Exploitation 1. NCS 430 Penetration Testing Lab 7 Sunday, March 29, 2015 John Salamy

60467 Project 1. Net Vulnerabilities scans and attacks. Chun Li

CS5331 Web Security - Assignment 0

VMTurbo Operations Manager 4.5 Installing and Updating Operations Manager

VMware Horizon FLEX User Guide

IDS and Penetration Testing Lab ISA 674

Today s Topics. Protect - Detect - Respond A Security-First Strategy. HCCA Compliance Institute April 27, Concepts.

Targeted attacks: Tools and techniques

Post Exploitation. n00bpentesting.com

Building a Penetration Testing Virtual Computer Laboratory

IT Service Desk

Comparing Free Virtualization Products

Using VMware Player. VMware Player. What Is VMware Player?

Intelligence Gathering. n00bpentesting.com

PC Security and Maintenance

The BackTrack Successor

Verax Service Desk Installation Guide for UNIX and Windows

Managing Remote Access

ITEC441- IS Security. Chapter 15 Performing a Penetration Test

INFORMATION SECURITY TRAINING CATALOG (2015)

Virtual machine W4M- Galaxy: Installation guide

Installing and Administering VMware vsphere Update Manager

Using VirtualBox ACHOTL1 Virtual Machines

WA2192 Introduction to Big Data and NoSQL. Classroom Setup Guide. Web Age Solutions Inc. Copyright Web Age Solutions Inc. 1

This session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit.

Metasploit The Elixir of Network Security

FAQ. NetApp MAT4Shift. March 2015

VMware Horizon FLEX User Guide

How users bypass your security!

Introducing ZENworks 11 SP4. Experience Added Value and Improved Capabilities. Article. Article Reprint. Endpoint Management

The Social-Engineer Toolkit (SET)

Introduction to Virtualization

The SMB Cyber Security Survival Guide

Avoiding Malware in Your Dental Practice. 10 Best Practices to Defend Your Data

Virtualization with VMWare

HOW TO PROTECT YOUR VIRTUAL DESKTOPS AND SERVERS? Security for Virtual and Cloud Environments

OCS Virtual image. User guide. Version: Viking Edition

The evolution of virtual endpoint security. Comparing vsentry with traditional endpoint virtualization security solutions

Avoiding Malware in Your Dental Practice. 10 Best Practices to Defend Your Data

Thinspace deskcloud. Quick Start Guide

VMware vcenter Update Manager Administration Guide

If you know the enemy and know yourself, you need not fear the result of a hundred battles.

Installation of Winisis on Windows 8 (64 bits) using Oracle Virtual Box Ernesto Spinak 15/07/2013

INUVIKA OPEN VIRTUAL DESKTOP FOUNDATION SERVER

Virtual Appliance Setup Guide

Administrator Guide. v 11

HP Client Automation Standard Fast Track guide

IDS and Penetration Testing Lab ISA656 (Attacker)

Unlimited Server 24/7/365 Support

Virtualization Technology (or how my Windows computer gave birth to a bunch of Linux computers)

DATA SECURITY HACKS, HIPAA AND HUMAN RISKS

Implementation & Management of Systems Security. Amavax Project. Ethical Hacking Challenge. Group Project By

MEGA Web Application Architecture Overview MEGA 2009 SP4

Tips for getting started! with! Virtual Data Center!

Vulnerability Assessment Lab

In order to upload a VM you need to have a VM image in one of the following formats:

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.

Security. Environments. Dave Shackleford. John Wiley &. Sons, Inc. s j}! '**»* t i j. l:i. in: i««;

Enterprise Network Deployment, 10,000 25,000 Users

Introducing ZENworks 11 SP4

RES ONE Automation 2015 Task Overview

Single Product Review - Bitdefender Security for Virtualized Environments - November 2012

Create a Virtual Test Environment

Keyword: Cloud computing, service model, deployment model, network layer security.

Self Service Penetration Testing

Secure and Safe Computing Primer Examples of Desktop and Laptop standards and guidelines

Protecting Your Organisation from Targeted Cyber Intrusion

Product comparison. GFI LanGuard 2014 vs. Microsoft Windows Server Update Services 3.0 SP2

Virtual Desktop Infrastructure in

Testing New Applications In The DMZ Using VMware ESX. Ivan Dell Era Software Engineer IBM

VMware Identity Manager Connector Installation and Configuration

Why The Security You Bought Yesterday, Won t Save You Today

Linux Boot Camp. Our Lady of the Lake University Computer Information Systems & Security Department Kevin Barton Artair Burnett

VMware vcenter Support Assistant 5.1.1

Migrating to ESXi: How To

Computer and Information Security End User Questionnaire

Creating a Linux Virtual Machine using Virtual Box

Steven Kaplan, CISSP, CISA Accuvant Sandra Bittner, CISSP Arizona Public Service Palo Verde Nuclear Generating Station

VMware vcenter Log Insight Getting Started Guide

Security Event Management. February 7, 2007 (Revision 5)

Backup & Disaster Recovery Appliance User Guide

Transcription:

Phishing within your company

Learning Objectives What is phishing and how to minimize its impact Obtain a basic understanding of how to use virtual machines Use BackTrack, a tool used by many security and IT audit professionals Run Metasploit, a tool used by many security professionals Show users how to avoid phishing scams through demonstration

What is Phishing An art of getting information from someone. E-mail will come as HTML, with a link. Link could go to a fake website or point the user to an exploited issue. Set up a fake but real looking website (SET) or an exploited link using Metasploit. Spear-phishing targeted attack. - The content of the e-mail seems real. Attackers are getting smarter each day.

Phishing can be bad Examples of information collected: - User name and Password - SSN - Bank account number - Credit card numbers - Allow remote access of your machine - etc. Attackers can install viruses/spyware If they get one person to click, they can get some good information.

A sample of a phishing e-mail This e-mail came to me while I was working on this presentation. It went to my SPAM filter. I viewed the original source code and took screen shots. You will see how the link in my e-mail is different than what is in the HTML code inside of the e-mail.

Sample Phishing E-mail

The HTML Behind the Phishing E- mail

Sample e-mail that could take you to a Java Exploit

Quick Survey Anyone get any good e-mails that were probably part of phishing scam? How many people are new to the concept of using Virtual Machines? Who is familiar with BackTrack?

What is a Virtual Machine (VM) A computer that runs in an existing computer. A computer trapped inside of another computer. The entire computer is contained within a file, it is software based. There are two terms used to describe virtualization: Host and Guest.

Virtual Machines Basics A Host is the main machine, sharing its resources A Guest runs on a Host Some of the resources a Host can share: - RAM - Processor - Hard drive - CD/DVD - USB - Network Card

VM scenario Suppose you have a laptop (host) with a 500GB hard drive and 8GB of RAM. If you create a Guest that is 60GB, the file starts at 0GB but can grow to 60GB as you use the Guest, your Host only has 440GB of space remaining. If you give the Guest 2GB of RAM, when it runs your Host will only have 6GB of RAM available for its operation. If you shut the machine down, the 2GB of RAM goes back to the Host, but the disk space is still allocated to the Guest.

Personal Virtual Software This presentation is covering laptops/desktops. Corporate versions are not typically free, but will cover them briefly. VMWare - https://my.vmware.com/web/vmware/free#desktop_end_user_computing/vmware_player/5_0 - Player (Windows Free) - Fusion (Mac $$) Microsoft - http://www.microsoft.com/windows/virtual-pc/support/virtual-pc-2007.aspx - Virtual PC (Windows only Free) Oracle - https://www.virtualbox.org/wiki/downloads - VirtualBox (Many OSs, Free)

Corporate Virtual Machines Many companies use VMWare ESX or Microsoft Hyper-V. VMWare ESX runs on a Linux/UNIX platform, vsphere is designed for cloud servers. Microsoft Hyper-V runs on Windows 2008 or 2012 If you auditing a server that is a Guest virtual machine. You may also need to audit the Host server.

How I may use Virtual Machines If you need to learn about a new Operating System You want to run security tools against various machines - Will not harm your network Configure SSH to move files from your Host to Guest by using a secure FTP application: Example, reports, logs, etc.

BackTrack Disclaimer: Do not use the tools demonstrated here on a live system without permission. You will get in trouble.

What is BackTrack? BackTrack is tool that contains a collection of security tools. These tools are used by security and penetration testing individuals. Here are some examples of the tools: - Information gathering - Password crackers - Network scanners (Bluetooth/wireless) - Vulnerability scanners - Penetration testing tools

List of categories

BackTrack Basics BackTrack is referred to as a Linux Live CD Great way to test security tools The underlying Linux used is Ubuntu Great way to learn Linux without buying a new machine Provides the tools that a script kiddie may use.

How to run BackTrack Download the ISO file: http://www.backtrack-linux.org/downloads/ Options for running BackTrack - Burn the ISO image to a disk (Live) - Install on a hard drive (Permanent) - Create a virtual machine (Temporary)

Metasploit Designed by HD Moore, the current Chief Security Officer at Rapid7 Originally created in 2003 Used to find and expose vulnerabilities in software A paid version is available for easier management, from Rapid7

Metasploit terms When you are using Metasploit here are some terms you will see: Exploit - the weakness found Payload - when you exploit the machine what happens. Do you create a shell and see the victim s hard drive? Add an administrator account without knowing their password. Shellcode - the code used during the payload. You can write your own code to achieve your goal.

Some of the vulnerabilities Microsoft - MS08-067 (Stuxnet/Conficker) Java exploit Adobe

Social-Engineer Toolkit (SET) Designed by David Kennedy It is used to capture user names and passwords. If you are a penetration tester what would a few user accounts be worth? Allows you to create a clone of a website. The cloned site runs on your machine.

SET in Action - the Original site

SET in Action - The Attackers cloned site

An unsuspecting user

The Result

How can you protect your company Use of technology and policies can help Sample policies Sender ID (Company control) SPAM Filtering (Company control) End user training Use of personal e-mail while at work Define a group to handle concerns and incidents Antivirus/Antispyware Patching

Sender ID Good first line of defense before an e-mail can enter your network. Designed by Microsoft and a consortium of other companies. Has been approved for use by the Internet Engineering Task Force. Verifies an e-mail message from the Internet domain with an IP address associated with that Domain Name.

SPAM Filtering A good second layer is SPAM filtering. This can eliminate those e-mails that sneak by the Sender ID Untangle (free, but more features can be purchased) Barracuda (subscription) SpamAssassin (Open source from Apache) MS Exchange add Real-time Block Lists (RBL) If you are running filtering block lists are they still current and working?

Online Protection (end user training) From IC3.gov 2011 Annual Report - Online Crime Prevention Be suspicious of any unsolicited email requesting personal information. Avoid filling out forms in email messages that ask for personal information. This could be a phishing scam. Always compare the link in the email to the link that you are actually directed to visit. Log on to the entity s official website, instead of linking to it from an unsolicited email. Contact the actual business that supposedly sent the email to verify if the email is genuine.

User Education If something gets by the company s technology. We need to rely on the end user. Train users not to immediately click on attachments or links, can come from their personal e-mail. Training, help users look for clues, bad grammar or hover over links before clicking on them.

Education by example Sometimes showing the user what can happen can be a powerful training tool. Use Social-Engineer Toolkit (SET) create your own fake site, demonstrate what can happen. Paid service to train users on Phishing. - phishme.com - wombatsecurity.com

Technology on the user s machine Keep browsers up to date - Use Anti-phishing features within newer browsers - New browsers highlight the domain Apply security patches from all vendors: Microsoft, Java, Adobe, etc. Keep Antispyware/Antivirus up to date, run if someone opened a link.

Browser domain highlight

Demonstration

Summary Phishing can result in bad things on your network Virtual machines are a software based computer. BackTrack runs on Linux and is a collection of security tools Metasploit can be found in BackTrack that exposes and can exploit software vulnerabilities.

Summary Create policies and use technology available Educate people, be careful on clicking on links and attachments Social-Engineer Toolkit allows you to clone a site. You can send a link to a user, if they enter their credentials, you can log in as them.

References IC3.GOV 2011 Annual report http://www.ic3.gov/media/annualreport/2011_ic3report.pdf Microsoft Send ID http://www.microsoft.com/mscorp/safety/technologies/senderid/default.mspx Thanks to: John Hochevar, CISSP

Thank you Patrick Mattson, CISSP, CISA Sr. IT Consultant, Mattson Computer Consulting E-mail: patrick at imattson.com Phone: 414-939-6221 Linkedin: www.linkedin.com/in/patricktmattson

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information