This talk: Common Remote Exploitation Techniques. Common System Exploits. Some Common Attack Vectors. A Typical Business Network.

Similar documents
CRYPTUS DIPLOMA IN IT SECURITY

Certified Ethical Hacker Exam Version Comparison. Version Comparison

Evading Infrastructure Security Mohamed Bedewi Penetration Testing Consultant

COURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM

Agenda. Taxonomy of Botnet Threats. Background. Summary. Background. Taxonomy. Trend Micro Inc. Presented by Tushar Ranka

Firewalls, Tunnels, and Network Intrusion Detection

Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits)

This Lecture. The Internet and Sockets. The Start If everyone just sends a small packet of data, they can all use the line at the same.

Firewalls, Tunnels, and Network Intrusion Detection. Firewalls

PTSv2 in pills: The Best First for Beginners who want to become Penetration Testers. Self-paced, online, flexible access

Professional Penetration Testing Techniques and Vulnerability Assessment ...

CS2107 Introduction to Information and System Security (Slid. (Slide set 8)

Firewalls, IDS and IPS

CSCI 4250/6250 Fall 2015 Computer and Networks Security

Attacks and Defense. Phase 1: Reconnaissance

INDUSTRIAL CONTROL SYSTEMS CYBER SECURITY DEMONSTRATION

CS 640 Introduction to Computer Networks. Network security (continued) Key Distribution a first step. Lecture24

Solution of Exercise Sheet 5

Linux Network Security

Internet Worms, Firewalls, and Intrusion Detection Systems

Build Your Own Security Lab

Description: Objective: Attending students will learn:

ITEC441- IS Security. Chapter 15 Performing a Penetration Test

CYBERTRON NETWORK SOLUTIONS

When a student leaves this intensive 5 day class they will have hands on understanding and experience in Ethical Hacking.

How To Protect A Network From Attack From A Hacker (Hbss)

Firewalls. Ola Flygt Växjö University, Sweden Firewall Design Principles

Intrusion Detection & SNORT. Fakrul Alam fakrul@bdhbu.com

CMPT 471 Networking II

Chapter 15. Firewalls, IDS and IPS

Ethical Hacking and Information Security. Foundation of Information Security. Detailed Module. Duration. Lecture with Hands On Session: 90 Hours

Network Attacks and Defenses

CS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention. Spring 2013

CS 356 Lecture 17 and 18 Intrusion Detection. Spring 2013

Certified Ethical Hacker (CEH) Ethical Hacking & Counter Measures Course 9962; 5 Days, Instructor-Led

Penetration Testing with Kali Linux

Exercise 7 Network Forensics

Port Scanning and Vulnerability Assessment. ECE4893 Internetwork Security Georgia Institute of Technology

Chapter 9 Firewalls and Intrusion Prevention Systems

Security: Attack and Defense

Network/Internet Forensic and Intrusion Log Analysis

Network Security: 30 Questions Every Manager Should Ask. Author: Dr. Eric Cole Chief Security Strategist Secure Anchor Consulting

Worms, Trojan Horses and Root Kits

Securing Cisco Network Devices (SND)

Learn Ethical Hacking, Become a Pentester

TCP/IP Security Problems. History that still teaches

Firewalls. Chapter 3

Firewall Firewall August, 2003

Network Defense Tools

Penetration Testing //Vulnerability Assessment //Remedy

Vulnerability Assessment and Penetration Testing

Security Mgt. Tools and Subsystems

CSE331: Introduction to Networks and Security. Lecture 17 Fall 2006

FIREWALLS. Firewall: isolates organization s internal net from larger Internet, allowing some packets to pass, blocking others

Certified Ethical Hacker (CEH)

CSE331: Introduction to Networks and Security. Lecture 18 Fall 2006

CEH Version8 Course Outline

National Cyber League Certified Ethical Hacker (CEH) TM Syllabus


Phase 2: Scanning Detec0ng informa0on useful for break- in Live machines Network topology Firewall configura0on Applica0ons and OS types Vulnerabili0es

A Systems Engineering Approach to Developing Cyber Security Professionals

CS5008: Internet Computing

ΕΠΛ 674: Εργαστήριο 5 Firewalls

Ethical Hacking Course Layout

Security Threat Kill Chain What log data would you need to identify an APT and perform forensic analysis?

JK0 015 CompTIA E2C Security+ (2008 Edition) Exam

Intrusion Detection Systems. Darren R. Davis Student Computing Labs

Network Security. Chapter 3. Cornelius Diekmann. Version: October 21, Lehrstuhl für Netzarchitekturen und Netzdienste Institut für Informatik

Cisco IPS Tuning Overview

A S B

Firewalls, NAT and Intrusion Detection and Prevention Systems (IDS)

Firewalls & Intrusion Detection

8 steps to protect your Cisco router

SYSTEM ADMINISTRATION MTAT LECTURE 8 SECURITY

Secure Software Programming and Vulnerability Analysis

Network Security Monitoring and Behavior Analysis Pavel Čeleda, Petr Velan, Tomáš Jirsík

Firewalls. Firewalls. Idea: separate local network from the Internet 2/24/15. Intranet DMZ. Trusted hosts and networks. Firewall.

SCADA Security Example

Firewalls and Software Updates

FIREWALL AND NAT Lecture 7a

Computer Security. Introduction to. Michael T. Goodrich Department of Computer Science University of California, Irvine. Roberto Tamassia PEARSON

Presented By: Holes in the Fence. Agenda. IPCCTV Attack. DDos Attack. Why Network Security is Important

Trends in Malware DRAFT OUTLINE. Wednesday, October 10, 12

Cryptography and network security

Desktop and Laptop Security Policy

Configuring Personal Firewalls and Understanding IDS. Securing Networks Chapter 3 Part 2 of 4 CA M S Mehta, FCA

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design

Unit 3 Research Project. Eddie S. Jackson. Kaplan University. IT540: Management of Information Security. Kenneth L. Flick, Ph.D.

Computer Security CS 426 Lecture 36. CS426 Fall 2010/Lecture 36 1

Host Hardening. OS Vulnerability test. CERT Report on systems vulnerabilities. (March 21, 2011)

ΕΠΛ 475: Εργαστήριο 9 Firewalls Τοίχοι πυρασφάλειας. University of Cyprus Department of Computer Science

Course Duration: 80Hrs. Course Fee: INR (Certification Lab Exam Cost 2 Attempts)

Topics in Network Security

Firewalls. configuring a sophisticated GNU/Linux firewall involves understanding

Chapter 8 Security Pt 2

Common Cyber Threats. Common cyber threats include:

Deployment of Snort IDS in SIP based VoIP environments

TESTING OUR SECURITY DEFENCES

Intrusion Detection. Overview. Intrusion vs. Extrusion Detection. Concepts. Raj Jain. Washington University in St. Louis

Transcription:

Common System Exploits Tom Chothia Computer Security, Lecture 15 This talk: Common Remote Exploitation Techniques How does an attacker end up running the metsploit attack we sure last week against your system? Footprinting Scanning and Enumeration Exploiting services After gaining access A Typical Business Network Some Common Attack Vectors Attacks on Web Page WebServer NAT Comp1 Comp2 DataBase E-mail Server SSH/RDP Web Proxy Wi-Fi Attacks from incoming e-mail Attacks on all servers Local attacks via wi-fi Insider attacks. Footprinting Footprinting Find out as much as possible about the business s footprint. What does it do? What does it provide for its employees? What IP addresses does it use? How does user contact support? Lots of this information is on a companies website. Web searchers for the company can also provide a lot of information. WHOIS and DNS lookup will tell an attacker all the IP address range used by a business. traceroute may reveal the IP address of routers. These routers may use default passwords 1

Scanning and Enumeration Find out what services are running What version of each services. What operating system. nmap nmap is a network mapping tool. It can tell you want ports are open. It will try to guess the service. By default does TCP on low ports only. Can also do UDP and any ports. The Internet Protocol Packet Fingerprint What is the OS? Different OS will set different values in the IP &TCP packets. TCP sequence number IP packet time to live. Find OS with nmap A or namp -O Check for default/common logins Are any services using the default passwords? e.g. ssh is used for remote login (port 22) Default password for jail broken iphones was alpine (big attack on iphones 2 years ago). Footprinting and Scanning Ensure that as little information about the company appears publically. Password protect parts of the website External attacker can always find the IPs and open ports on the public computers. In the worst case they can find the entire network architecture. Internal attackers are harder to stop 2

Search for Known Exploits There are many databases of vulnerabilities on the web e.g. http://cve.mitre.org/! http://nvd.nist.gov/! http://metasploit.com/modules/! Search for Known Exploits Finding and weaponizing a buffer overflow can take 6 months for a team of experts. So most hacker script kiddies use exploit code someone else has written. You are much more likely to be attacked via a known exploit, than a new one. Metasploit Metaspliot is a framework to perform memory attacks and deliver payloads You select the module for the exploit. The payload is the arbitrary code the victim system will run. The legitimate use of Metasploit is to test your own system for weaknesses. Never run it against a system you don t own, without written permission. What an attack might do once they have access. Install RootKit Steal password file, credit card numbesr, personal data. Create new user accounts and back doors. Replace existing libraries and application with malware. Log key strokes. Send Spam Performs DoS attacks Defenses: Intrusion Detection Systems A good system administrators will monitor their network. IDSs look at all packets (like wireshark) and report suspicious behavior. Can catch nmap and metasploit. E.g. Snort: www.snort.org IDS: Snort Rules: action proto src_ip src_port direction dst_ip dst_port (options) e.g. alert tcp $WEB_SERVER!80 -> any any msg: Web Server making out going connection ; alert any 80 -> any any msg: Active X attack ; content: clsid:a105bd70-bf56-4d10- BC91-41C88321F47C 3

Anti-Virus Anti-Virus products scan the computer for known malware. Can also scan e-mail and network traffic Only as good as the last update. Can be disabled by an attacker with admin access. Defenses: Firewalls Firewalls block Internet traffic. May be on the computer (host) or built into a router (network). Fire walls can be stateless of statefull Stateless firewalls could e.g. block all traffic block all traffic not on port 80. Defenses: Firewalls Statefull Firewalls record the traffic and use it to make future decisions. E.g. block incoming connection but allow outgoing connections. Can t firewall services used by outside world. More advanced Nmap Scanning Stateless fires may block incoming SYN but not incoming ACK. Statefull firewalls make block incoming ACK but not incoming SYN. Nmap has can scan with both -PS and PA and many other scan options. See http://www.youtube.com/watch? v=hk-21p2m8yy Defenses: Fast Patches Most importantly of all Make sure all security patches are installed immediately. There is almost always a patch to stop any well known exploit. Top Defenses: 1. Apply patches 2. Firewall 3. Anti-Virus 4. Intrusion Detection Systems 5. Check file hashes 6. Good password and user policies First 2 should be fine for Linux or Mac, first 3 for windows. All 6 if you are a sys. admin. 4

Some things to try: Conclusion Nmap scans on your home network Watch the nmap video linked to from the lectures page. Set up your firewall, on host and router. Install and set up snort. Search Metasploit for exploits against the oldest computer you have. Attackers will: Scan your machines, Identify the services running, Try to use known exploits against these services. Defend the system: Monitor for attacks, e.g. Anti-virus, Firewall to block unused ports, Apply Security Patches a.s.a.p Next Lecture: What attackers are actually doing on the Internet Virus, Worms and Trojans DDoS Phishing attacks. Botnets SCADA attacks. 5

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information