Download presentation
Presentation is loading. Please wait.
1
Extranet for Security Professionals Intrusion Scenarios Heather T. Kowalski Tong Xu Ying Hao Hui Huang Bill Halpin Nov. 14, 2000
2
Preview Review of Project Progress Accomplishments Current Status What We Have Learned Today’s Focus: Intrusion Scenarios Future Steps
3
Review Business Mission Central Repository of Security Information Central Location for Information Sharing Secure Environment, Manageable Resource System Architecture Essential Services/Assets Normal Usage Scenarios
4
Primary Users Client WorkStation Router (FW1) Cisco 7200 128.237.144.1 Web Server Windows NT 4.0 (SP6), Hot Fixes DNS RedHat 6.2 Firewall-2 Windows NT 4.0 (SP6) Hot Fixes Database DNS RedHat 6.2 NES 3.63 Cold Fusion 4.5.1 ActiveState Perl 5.5 Tripwire 2.2.1 IPchains Guardian Pro V5 IDS-2 Windows NT 4.0 (SP6) Hot Fixes RealSecure 3.2 IDS-1 Windows NT 4.0 (SP6) Hot Fixes RealSecure 3.2 Visual FoxPro
5
Attackers vs. Legitimate Users Recreational/Casual Hackers Disgruntled Employee Organized Criminal Groups Nation/State ESP User VSO & CR Owners Site Manager Organizational Manager Site Administrator
6
Objectives of Attacks Embarrassment of the Target Organization Embarrassment of the Target User Financial Gain by Selling Acquired Information Improve Hacking Skill Set Fun/Vanity Publicity
7
Attacker Profile: Recreational/Casual Hacker Resources: none or limited Time: depends on opportunity Tools: free/cheap and readily available tools Risk attitude: unaware of consequences and risks Access: from outside network Objective: fun, vanity, skill test, or none Damage: limited
8
Attacker Profile: Disgruntled Employee Resources: enough to create a significant attack Time: depends on malice Risk Attitude: strongly risk averse Access: from inside Objectives: Revenge through embarrassment Financial gain
9
Attackers Profile: Organized Entity Who: organized criminals, fanatics, enemy nations/states, etc Resources and Time: unlimited Risk Attitude: genuine risk seeker Access: external or internal Objectives: Publicity!!! Real Damage!!!
10
Potential Attack Pattern Attack as User Gain the illegal access as end user Gain the illegal access as system administrator Attack on Component Disable or slow down the process ability of a component Attack on Application Induce system crash Induce service failure Induce assets damage
11
Compromisable Components Route DNS Firewall Web Server Database IDS Sniffing, Scans, Enumeration, Malicious Code, Flooding Malicious Code, Buffer Overflow Time, Planning, Buffer Overflow, Password
12
More Facts No intrusion in ESP has been reported since date of establishment ESP has strong physical security Multi-layer protection Dedicated room Only few have physical access Other protective efforts Regular reconfiguration of firewall (once/ per month) Virus signature files are updated daily
13
Recreational Hacker Router (FW1) Firewall-2 DNS2IDS Web Server DNS1 Database IDS
14
Compromised User Workstation Router (FW1) Firewall-2 DNS2IDS Web Server DNS1 Database IDS
15
Admin Console Router (FW1) Firewall-2 DNS2IDS Web Server DNS1 Database IDS
16
Future Plans Regular Saturday Team Meetings Planned Meeting with Client Final Presentation and Report Summary of Findings Recommendations
17
Questions?
18
Type of DOS Attacks Bandwidth consumption Resource starvation Programming flaws Router attacks DNS attacks
19
Examples of DOS Attacks Network based DOS attack ICMP traffics (PING, Echo flood) SYN-flood Windows NT Programming Flaw Attacks Tools: TearDrop, OOB (port 139), Land, Ping of Death Cisco Router Attacking Tools Tool: Land
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.