Healthcare Information Security Governance and Public Safety II

Healthcare Information Security Governance and Public Safety II Technical Track Seminar Agenda 8/26/2009 1

Vulnerability Assessment, Vulnerability Management and Penetration Testing PART 1 9:00 10:30

Anatomy of A Hack How hacker attack your system? Reconnaissance Scanning Gaining Access Privilege Escalation and Maintaining Access Covering tracks

Reconnaissance หา URL ของ เป าหมาย ม WEB Site อ นอ ก ใน Intranet หร อไม หาเอกสารท อาจม ข อม ลส าค ญ หาข อม ลบ คคล ข อม ลส าค ญจาก แหล งอ นๆ Search Engine Sub Domains pdf, doc, xls, ppt Directory Services Social Networking Web Site ร บสม ครงาน ข อม ลบร ษ ทจดทะเบ ยน

หา URL ของเป าหมาย

ม WEB Site อ นอ กใน Intranet หร อไม mail.acisonline.net mx.acisonline.net Ns.acisonline.net ftp.acisonline.net webmail. acisonline.net web.acisonline.net gateway.acisonline.net secure.acisonline.net intranet. acisonline.net extranet.acisonline.net smtp.acisonline.net pop.acisonline.net

หาเอกสารท อาจม ข อม ลสาค ญ filetype:doc site:acisonline.net filetype:pdf site:acisonline.net

หาข อม ลบ คคล

ข อม ลสาค ญจากแหล งอ นๆ

ข อม ลสาค ญจากแหล งอ นๆ (ต อ) http://www. archive.org

ข อม ลสาค ญจากแหล งอ นๆ (ต อ) http://www. archive.org

ข อม ลสาค ญจากแหล งอ นๆ (ต อ) http://www. Netcraft.com

Footprinting Tools BiLE Suite Web Data Extractor Tool SpiderFoot 3D Traceroute Path Analyzer Pro Maltego Power E-mail Collector Tool Kartoo Search Engine

Scanning ARP Scan PING Sweep TCP Scan Stealth Scanning Full TCP Scan Service Fingerprint OS Fingerprint UDP Scan

Scanning NMAP Scanner

Enumeration Banner Grapping Service Fingerprint NetBIOS Enumeration User Lists Group Lists Share Folders/Printer Sharing RPC Enumeration SNMP Scan

Enumeration NMAP Scanner

Enumeration Service Fingerprint

Gaining Access Exploit Buffer Overflow Password Eavesdropping Password Attack Dictionary Attack Brute-Force Attack

Gaining Access Exploit

Vulnerability Assessment (VA)

Vulnerability Management (VM)

Penetration Testing Black-Box Penetration Testing White-Box Penetration Testing

Penetration Testing

Penetration Testing

Microsoft Windows Platform Assessing and Hardening PART 2 10:45 12:00

System Configuration Review Testers using manual review techniques use security configuration guides or checklists to verify that system settings are configured to minimize security risks NIST maintains a repository of security configuration checklists for IT products at http://checklists.nist.gov

NIST SP800-70: Security Configuration Checklists Program for IT Products The name of the organization and authors that produce the checklist Center for Internet Security (CIS) Citadel Security Software Defense Information Systems Agency (DISA) National Security Agency (NSA) NIST, Computer Security Division ThreatGuard HP, Kyocera Mita America INC, LJK Software, Microsoft Corporation

Microsoft Windows Security Guidelines and Checklists Microsoft Security Guidance http://technet.microsoft.com/en-us/library/cc184906.aspx Security Guide Documents Security Template National Security Agency (NSA) As Microsoft Security Guidance Center for Internet Security (CIS) CIS Benchmark Documents (Modified from Microsoft Security Guidance) Scoring Tools Defense Information System Agency (DISA)

Microsoft Windows Security Guidelines and Checklists Defense Information Security Agency (DISA) Windows 2000 Security Checklist Windows 2003 Security Checklist Windows Vista Security Checklist Windows XP Security Checklist Windows 2008 Security Checklist Evaluate Script Windows Gold Disk (scan only) Implementation Guides Windows 2000/XP/2003/Vista/ Windows 2008

Security Template [Event Audit] AuditSystemEvents = 1 [System Access] LSAAnonymousNameLookup = 0 [System Log] MaximumLogSize = 16384 [Privilege Rights] SeInteractiveLogonRight = *S-1-5-32-544 [File Security] "%systemroot%\system32\tlntsvr.exe",1,"d :PAR(A;OIIO;FA;;;BA)(A;OIIO;FA;;;SY)" [Registry Values] MACHINE\System\CurrentControlSet\Service s\tcpip\parameters\enabledeadgwdetect=4, 0 You can use Security Configuration and Analysis tool to: Assessment Analysis Configuration

Using Security Configuration and Analysis Tool DEMO

Linux / Unix Assessing and Hardening PART 3 13:15 14:30

Unix/Linux Security Guidelines and Checklists Center for Internet Security (CIS) CIS Benchmark Documents Scoring Tools Mac OS X AIX FreeBSD Red Hat Linux Solaris 10 SUSE Linux Solaris 10 11/06 and 8/07 Slackware Linux Solaris 2.5.1-9.0 Debian Linux HP-UX Novell OES:NetWare

Unix/Linux Security Guidelines and Checklists National Security Agency (NSA) Security Configuration Guide Apple Mac OS X v10.3.x "Panther Apple Mac OS X v10.4.x "Tiger" RedHat Enterprise Linux 5 Guides Update Nov 19, 2007 Sun Solaris 8 Guides Sun Solaris 9 Guides Defense Information Security Agency (DISA) MAC OS X 10.4 STIG Memo Update July 25, 2007 UNIX STIG V5R1 Update April 4, 2006

Bastille-Unix Security Guide Recommended >>> 100%

Bastille-Linux DEMO

Wireless LAN Assessing and Monitoring PART 4 15:00 16:30

Vulnerabilities of IEEE 802.11 Open system authentication vulnerabilities MAC Address spoofing SSID can easy to discovered Shared key authentication vulnerabilities WEP Weak IVs Packet Injection WPA (Personal) Brute-force attack External authentication vulnerabilities RADIUS Shared Key Brute-force attack Rouge AP

Wireless LAN Attacks DEMO

Wireless LAN Security Guidelines and Checklists Center for Internet Security (CIS) Assessing the security of a wireless environment Wireless Network Benchmark Defense Information Security Agency (DISA) Wireless Security Checklist Wireless Security Technical Implementation Guide National Security Agency (NSA) Recommended 802.11 Wireless Local Area Network Architecture Guidelines for the Development and Evaluation of IEEE 802.11 Intrusion Detection Systems (IDS)

Wireless Intrusion Prevention System

Example: Air Defense

Example: WiFi Manager

Rouge AP Detect

Spectrum Analysis

Site Survey

Faraday Cages

Faraday Cages (cont)

Questions and Answers