111 100% security “ ” the only system which is truly secure is one which is switched off and...
Post on 22-Dec-2015
222 views
TRANSCRIPT
![Page 1: 111 100% Security “ ” The only system which is truly secure is one which is switched off and unplugged, locked in a titanium lined safe, buried in a concrete](https://reader036.vdocuments.net/reader036/viewer/2022062715/56649d7d5503460f94a5fcb8/html5/thumbnails/1.jpg)
111
100% Security100% Security100% Security100% Security
“
”
The only system which is truly secure is one which is switched off and
unplugged, locked in a titanium lined safe, buried in a concrete bunker, and is surrounded by nerve gas and very
highly paid armed guards. Even then, I wouldn’t stake my life on it ….
Gene Spafford—Director, Computer Operations, Audit, and Security Technology (COAST), Purdue University
![Page 2: 111 100% Security “ ” The only system which is truly secure is one which is switched off and unplugged, locked in a titanium lined safe, buried in a concrete](https://reader036.vdocuments.net/reader036/viewer/2022062715/56649d7d5503460f94a5fcb8/html5/thumbnails/2.jpg)
222
Supply ChainManagement
Customer Care
E-Commerce
E-Learning
Workforce Optimization
The Internet Challenge
Expanded Access Heightened Network Security Risks
Internet AccessInternet Access
CorporateIntranet
CorporateIntranet
InternetPresenceInternet
Presence
InternetBusinessValue
Expansion of E-Business!!Expansion of E-Business!!
![Page 3: 111 100% Security “ ” The only system which is truly secure is one which is switched off and unplugged, locked in a titanium lined safe, buried in a concrete](https://reader036.vdocuments.net/reader036/viewer/2022062715/56649d7d5503460f94a5fcb8/html5/thumbnails/3.jpg)
333
Threat Capabilities:More Dangerous & Easier To Use
Sophistication of Hacker Tools
Packet Forging/ Spoofing
19901980
Password Guessing
Self Replicating Code
Password Cracking
Exploiting Known Vulnerabilities
Disabling Audits
Back Doors
Sweepers
Sniffers
Stealth Diagnostics
Technical Knowledge Required
High
Low 2000
DDOS
Internet Worms
![Page 4: 111 100% Security “ ” The only system which is truly secure is one which is switched off and unplugged, locked in a titanium lined safe, buried in a concrete](https://reader036.vdocuments.net/reader036/viewer/2022062715/56649d7d5503460f94a5fcb8/html5/thumbnails/4.jpg)
444
Examples
![Page 5: 111 100% Security “ ” The only system which is truly secure is one which is switched off and unplugged, locked in a titanium lined safe, buried in a concrete](https://reader036.vdocuments.net/reader036/viewer/2022062715/56649d7d5503460f94a5fcb8/html5/thumbnails/5.jpg)
555
Distributed Denial of Service (DDoS)
•Stacheldraht - “barbed wire”
•Trinoo
•Tribe Flood Network (TFN) and TFN2000
•Shaft
![Page 6: 111 100% Security “ ” The only system which is truly secure is one which is switched off and unplugged, locked in a titanium lined safe, buried in a concrete](https://reader036.vdocuments.net/reader036/viewer/2022062715/56649d7d5503460f94a5fcb8/html5/thumbnails/6.jpg)
666
Attacks Keep Getting Easier
Connected to www.test.com
www.test.com
![Page 7: 111 100% Security “ ” The only system which is truly secure is one which is switched off and unplugged, locked in a titanium lined safe, buried in a concrete](https://reader036.vdocuments.net/reader036/viewer/2022062715/56649d7d5503460f94a5fcb8/html5/thumbnails/7.jpg)
777
l0PHT Crack l0PHT Crack Dumps All Passwords Dumps All Passwords from the NT Registryfrom the NT Registry
Specify a Specify a Computer:Computer:
![Page 8: 111 100% Security “ ” The only system which is truly secure is one which is switched off and unplugged, locked in a titanium lined safe, buried in a concrete](https://reader036.vdocuments.net/reader036/viewer/2022062715/56649d7d5503460f94a5fcb8/html5/thumbnails/8.jpg)
888
l0PHT Crack Dumps the Password Filesl0PHT Crack Dumps the Password Files
![Page 9: 111 100% Security “ ” The only system which is truly secure is one which is switched off and unplugged, locked in a titanium lined safe, buried in a concrete](https://reader036.vdocuments.net/reader036/viewer/2022062715/56649d7d5503460f94a5fcb8/html5/thumbnails/9.jpg)
999
The Intruder Opens a Word DictionaryThe Intruder Opens a Word Dictionary
![Page 10: 111 100% Security “ ” The only system which is truly secure is one which is switched off and unplugged, locked in a titanium lined safe, buried in a concrete](https://reader036.vdocuments.net/reader036/viewer/2022062715/56649d7d5503460f94a5fcb8/html5/thumbnails/10.jpg)
101010
and Runs the Crackand Runs the Crack
![Page 11: 111 100% Security “ ” The only system which is truly secure is one which is switched off and unplugged, locked in a titanium lined safe, buried in a concrete](https://reader036.vdocuments.net/reader036/viewer/2022062715/56649d7d5503460f94a5fcb8/html5/thumbnails/11.jpg)
111111
![Page 12: 111 100% Security “ ” The only system which is truly secure is one which is switched off and unplugged, locked in a titanium lined safe, buried in a concrete](https://reader036.vdocuments.net/reader036/viewer/2022062715/56649d7d5503460f94a5fcb8/html5/thumbnails/12.jpg)
12© 2001, Cisco Systems, Inc. All rights reserved.
A new generation of attacks:The Internet Worms
![Page 13: 111 100% Security “ ” The only system which is truly secure is one which is switched off and unplugged, locked in a titanium lined safe, buried in a concrete](https://reader036.vdocuments.net/reader036/viewer/2022062715/56649d7d5503460f94a5fcb8/html5/thumbnails/13.jpg)
131313
The Code Red & NIMDA WormsWhat Happened??
Code Red- July 19-20/2001- 359,104 Hosts in 13 hours- $2.6 Billion in Damages!
Estimates from Computer Economics (Carlsbad, CA)
NIMDA- September 18, 2001- Fastest spreading virus - 300K+ Hosts, 2.2M devices
Damage still being assessed
![Page 14: 111 100% Security “ ” The only system which is truly secure is one which is switched off and unplugged, locked in a titanium lined safe, buried in a concrete](https://reader036.vdocuments.net/reader036/viewer/2022062715/56649d7d5503460f94a5fcb8/html5/thumbnails/14.jpg)
141414
Code Red Spreads
July 19, Midnight – 159 hosts infected
![Page 15: 111 100% Security “ ” The only system which is truly secure is one which is switched off and unplugged, locked in a titanium lined safe, buried in a concrete](https://reader036.vdocuments.net/reader036/viewer/2022062715/56649d7d5503460f94a5fcb8/html5/thumbnails/15.jpg)
151515
July 19, 11:40 am – 4,920 hosts infected
Code Red Spreads
![Page 16: 111 100% Security “ ” The only system which is truly secure is one which is switched off and unplugged, locked in a titanium lined safe, buried in a concrete](https://reader036.vdocuments.net/reader036/viewer/2022062715/56649d7d5503460f94a5fcb8/html5/thumbnails/16.jpg)
161616
July 20, Midnight – 341,015 hosts infected
Code Red Spreads
![Page 17: 111 100% Security “ ” The only system which is truly secure is one which is switched off and unplugged, locked in a titanium lined safe, buried in a concrete](https://reader036.vdocuments.net/reader036/viewer/2022062715/56649d7d5503460f94a5fcb8/html5/thumbnails/17.jpg)
171717
The Code Red WormHow It Works
• Conceals itself in HTTP Packets. Firewalls alone cannot safeguard against the virus
• The worm exploits vulnerabilities found in Microsoft’s Internet Information Server (IIS) v4&5 via a buffer overflow attack
• It then exploits arbitrary code and installs a copy of itself into the infected computer’s memory – which infects other hosts.
![Page 18: 111 100% Security “ ” The only system which is truly secure is one which is switched off and unplugged, locked in a titanium lined safe, buried in a concrete](https://reader036.vdocuments.net/reader036/viewer/2022062715/56649d7d5503460f94a5fcb8/html5/thumbnails/18.jpg)
181818
The NIMDA WormHow It Works
• Hybrid of Worm & Virus
• Spread by:
- E-mail attachment (virus)- Network Shares (worm)- Javascript by browsing compromised web site (virus)- Infected hosts scanning for exploitable hosts (worm)- Infected hosts scanning for backdoors created by Code-Red and sadmind/IIS worms (worm)
![Page 19: 111 100% Security “ ” The only system which is truly secure is one which is switched off and unplugged, locked in a titanium lined safe, buried in a concrete](https://reader036.vdocuments.net/reader036/viewer/2022062715/56649d7d5503460f94a5fcb8/html5/thumbnails/19.jpg)
191919
Anatomy Of A Worm
3 - Payload
2 - Propagation Mechanism
1 - The Enabling Vulnerability
![Page 20: 111 100% Security “ ” The only system which is truly secure is one which is switched off and unplugged, locked in a titanium lined safe, buried in a concrete](https://reader036.vdocuments.net/reader036/viewer/2022062715/56649d7d5503460f94a5fcb8/html5/thumbnails/20.jpg)
202020
The Enabling Vulnerability
Using the Index Server buffer overflow attack, the worm attempts to install itself on IIS Web servers.
1Internet
IIS
IIS
IIS
IISIIS
![Page 21: 111 100% Security “ ” The only system which is truly secure is one which is switched off and unplugged, locked in a titanium lined safe, buried in a concrete](https://reader036.vdocuments.net/reader036/viewer/2022062715/56649d7d5503460f94a5fcb8/html5/thumbnails/21.jpg)
212121
Propagation
After gaining access to the servers, the worm replicates itself and selects new targets for infection.
GO
2 IIS
IIS
IIS
![Page 22: 111 100% Security “ ” The only system which is truly secure is one which is switched off and unplugged, locked in a titanium lined safe, buried in a concrete](https://reader036.vdocuments.net/reader036/viewer/2022062715/56649d7d5503460f94a5fcb8/html5/thumbnails/22.jpg)
222222
Payload
3
When the server is infected with a worm, the attacker has administrator-level access to the server. Not only can the attacker deface Web pages, but they also have the power to reformat the hard drive, install a rootkit, steal credit card numbers, etc.
STEALDEFACEBACK DOORROOTKIT
![Page 23: 111 100% Security “ ” The only system which is truly secure is one which is switched off and unplugged, locked in a titanium lined safe, buried in a concrete](https://reader036.vdocuments.net/reader036/viewer/2022062715/56649d7d5503460f94a5fcb8/html5/thumbnails/23.jpg)
232323
Additional Information
• Compulsory Reading
"Hacking Exposed".
• Security Links (vulnerabilities, tips, exploits, tools)
http://www.securityfocus.com
http://packetstorm.securify.org
http://www.insecure.org