Presentation is loading. Please wait.

Presentation is loading. Please wait.

Preparing for The Present & The Future

Published byIzabel Rico Salvado Modified over 5 years ago

Similar presentations

Presentation on theme: "Preparing for The Present & The Future"— Presentation transcript:

1 Preparing for The Present & The Future
17/11/2018 Information and Network Security Preparing for The Present & The Future 17/11/2018 Totally Connected Security

2 Presentation Summary Hacker/Cracker Operation Stages Discovery
Exploitation Cover up Backdoor/Trojan 17/11/2018 Totally Connected Security

3 Presentation Summary Prevention Forensics Policies
Ethical Hacking/Pen Testing Tools Forensics First response Preserving evidence 17/11/2018 Totally Connected Security

4 So… Has it been working? “85 percent of enterprises surveyed have been breached in the last 12 months, with 64 percent of the breaches costing $2 million or more.” - csi Of those: 99% used antivirus software 98% used firewalls 91% employed physical security to protect their computer and information assets 92% employed some measure of access control 17/11/2018 Totally Connected Security

5 17/11/2018 So… Has it been working? Misuse of network access by employees was about as frequent as virus attacks, occurring in more than 75% of organizations. Theft of proprietary information occurred in over 20% of organizations, resulting in financial losses of more than $ 2.7 million on average. Denial of service occurred in over 40% of organizations, with financial losses averaging over $2.5 million per organization. System penetration occurred in more than 35% of organizations, sabotage in over 25%. Disgruntled employees were identified nearly as often as external hackers as the most likely source of security violations (over 75% of organizations cited both!). * CSI/03 These are the CSI 03 statistics, as we can see, Firewalls, Antivirus, and Patching your systems are just simply not enough anymore! 17/11/2018 Totally Connected Security

6 17/11/2018 Totally Connected Security

7 Discovery Port Scanning Information Gathering
Identify running services Web Server, Mail Server, SSH, etc.. Firewalls Information Gathering OS Fingerprinting Banner information How vulnerable 17/11/2018 Totally Connected Security

8 Discovery 17/11/2018 Totally Connected Security

9 Exploitation Vulnerable service is found Exploit is run against system
Attacker searches internet for existing exploit Attacker creates their own exploit Exploit is run against system Typically gain root or administrator privileges At worst gain low level user privileges System’s security is compromised 17/11/2018 Totally Connected Security

10 Exploitation 17/11/2018 Totally Connected Security

11 Exploitation 17/11/2018 Totally Connected Security

12 Cover up Altering or deletion of logs Rootkits
17/11/2018 Cover up Altering or deletion of logs Rootkits Replace system binaries (netstat, ls, etc) Hides attackers connection to the system Hides installed software Backdoor / Trojan system Allow attacker to return unnoticed Allow attacker to remotely control system IRC Bots * THERE ARE WAYS THAT YOU CAN MAKE IT SO NO USER SHOWS UP IN THE LIST, BUT STILL ALLOWS THE ATTACKER ADMINISTRIVE PRIVILEGES 17/11/2018 Totally Connected Security

13 Cover up 17/11/2018 Totally Connected Security

14 Prevention Policies Not just for IT Acceptable use Password protection
Phone Fax Physical 17/11/2018 Totally Connected Security

15 Ethical Hacking / Pen Test
What you can expect Identify exposures and risks Give detailed results of the testing performed What the results indicate Recommendations on fixes need to be applied and how 17/11/2018 Totally Connected Security

16 Ethical Hacking / Pen Test
What should you include? Internal Printers, Faxes, Switches, Desktops, etc.. External Firewalls Routers Dial Up VPN’s & Remote Users Wireless Access points Laptops 17/11/2018 Totally Connected Security

17 Ethical Hacking / Pen Test
17/11/2018 Ethical Hacking / Pen Test Common Attack Browsing attacks Information Disclosure Mass rooting/scanning Viruses and Trojans Browser Hijacking Employee misuse more than all other threats! 17/11/2018 Totally Connected Security

18 Ethical Hacking / Pen Test
Relying on Commercial software Inability to identify certain vulnerabilities High false positives After the Audit Implementing Fixes Mitigating risks Ensuring fixes were applied correctly 17/11/2018 Totally Connected Security

19 Tools Security Scanners Port Scanners Nessus (http://www.nessus.org/)
Retina© by Eeye ( Port Scanners Nmap – “Network Mapper” ( HPING - TCP/IP packet assembler/analyzer ( 17/11/2018 Totally Connected Security

20 Tools Packet Sniffers Patch Management IRIS (www.eeye.com)
Ethereal ( Patch Management HFNetChkPro - ( Patchlink ( Microsoft SMS -( 17/11/2018 Totally Connected Security

21 Forensics - Summary What to do when an incident occurs
Determine point of entry/infection Sniffers IDS Unusual Behavior Acquiring evidence Shutting down the system Creating an image Documentation 17/11/2018 Totally Connected Security

22 Forensics Some questions to ask: If conducting a large search:
What type of evidence is being sought? Is there a computer use policy? Is there a network administrator? Where are the backups? If conducting a large search: What keywords can I use to identify computers that contain evidence? What type of system will I be looking at? 17/11/2018 Totally Connected Security

23 Point of entry Things to look for; Unusual registry keys
\Software\Microsoft\Windows\CurrentVersion\Run\* Modified hosts file %windir%\system32\drivers\etc\hosts Unknown running services Run “sigverif” 17/11/2018 Totally Connected Security

24 Some tools for discovery
TCPView - Filemon - Deleted File Analysis Utility - DumpSec - F.I.R.E. - 17/11/2018 Totally Connected Security

25 Forensics Don’t panic! Use tools to identify the source of infection!
Sniffers to identify malicious data / content IDS to isolate which machines were violated User reports of unusual behavior 17/11/2018 Totally Connected Security

26 Forensics I found it, now what? Shutting down systems:
17/11/2018 Forensics I found it, now what? Shutting down systems: DOS, Win95/98/NT/2K/XP – Pull the plug NT Server / Win2k Server – Shut down Image the drive to preserve the evidence Encase – SafeBack - Forensic Toolkit - NTImage - Wiping Utilities: Shutting down vs. Pulling the plug Imaging: To preserver to evidence Ensure looking at evidence doesn’t change system files Allow the machine to go back into production 17/11/2018 Totally Connected Security

27 Forensics Once you have your image, maintain proper chain of custody
Ensure evidence is stored securely and logs are maintained of all who have access Use camera’s in storage area’s Never leave evidence in an unsecured area 17/11/2018 Totally Connected Security

28 Forensics 17/11/2018 Totally Connected Security

29 NO SUCH THING AS BEING TOO THOROUGH !
17/11/2018 Documentation Take pictures Overall work area Screen / Programs running Connections Time and Date of incident What was acquired NO SUCH THING AS BEING TOO THOROUGH ! Taking pictures for screen shots can show evidence of activity at the time Connections can show plugged in devices used to steal intelec. Property Time and Date important to construct time line What was taken? Continuity 17/11/2018 Totally Connected Security

30 Summary Statistics regarding computer break- ins with traditional countermeasures Important difference between crackers and ethical hackers 17/11/2018 Totally Connected Security

31 Summary What to expect from Audits/Pen Tests
Tools which can be used to assist in network assessments Incident Response and forensics in a windows environment 17/11/2018 Totally Connected Security

32 Totally Connected Security
17/11/2018 Totally Connected Security 1312 SE Marine Dr. Vancouver, BC V5X 4K4 (604) 17/11/2018 Totally Connected Security

Download ppt "Preparing for The Present & The Future"

Similar presentations

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
1 COMPUTER SECURITY AND ETHICS Chapter Five. Computer Security Risks 2.

1 COMPUTER SECURITY AND ETHICS Chapter Five. Computer Security Risks 2.
Mr C Johnston ICT Teacher

Mr C Johnston ICT Teacher
Web Defacement Anh Nguyen May 6 th, 2010. Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.

Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.
Hacker, Cracker?! Are they the same? No!!! Hacker programmers intensely interested in the arcane and recondite workings of any computer operating system.

Hacker, Cracker?! Are they the same? No!!! Hacker programmers intensely interested in the arcane and recondite workings of any computer operating system.
Network Security Testing Techniques Presented By:- Sachin Vador.

Network Security Testing Techniques Presented By:- Sachin Vador.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.
Security Awareness: Applying Practical Security in Your World Chapter 6: Total Security.

Security Awareness: Applying Practical Security in Your World Chapter 6: Total Security.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Operating System Security Chapter 9. Operating System Security Terms and Concepts An operating system manages and controls access to hardware components.

Operating System Security Chapter 9. Operating System Security Terms and Concepts An operating system manages and controls access to hardware components.
Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.

Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.
Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer

Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer
Directory and File Transfer Services Chapter 7. Learning Objectives Explain benefits offered by centralized enterprise directory services such as LDAP.

Directory and File Transfer Services Chapter 7. Learning Objectives Explain benefits offered by centralized enterprise directory services such as LDAP.
Port Knocking Software Project Presentation Paper Study – Part 1 Group member: Liew Jiun Hau (20086034) Lee Shirly (20095815) Ong Ivy (20095040)

Port Knocking Software Project Presentation Paper Study – Part 1 Group member: Liew Jiun Hau ( ) Lee Shirly ( ) Ong Ivy ( )
Securing Operating Systems Chapter 10. Security Maintenance Practices and Principles Basic proactive security can prevent many problems Maintenance involves.

Securing Operating Systems Chapter 10. Security Maintenance Practices and Principles Basic proactive security can prevent many problems Maintenance involves.
Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.

Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.
AIS, 20141 Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)

AIS, Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)
COEN 252 Computer Forensics

COEN 252 Computer Forensics
COEN 252 Computer Forensics Collecting Network-based Evidence.

COEN 252 Computer Forensics Collecting Network-based Evidence.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Similar presentations

Ads by Google