lptv4 module 41 data leakage penetration testing_norestriction

/ECSA/LPT

EC Council Mod le XXXXIEC-Council Module XXXXI

Data Leakage Penetration T tiTesting

Penetration Testing Roadmap

Start HereInformation Vulnerability External

Gathering Analysis Penetration Testing

Fi ll Router and InternalFirewall

Penetration Testing

Router and Switches

Penetration Testing

Internal Network

Penetration Testing

IDS

Penetration Testing

Wireless Network

Penetration Testing

Denial of Service

Penetration Testing

Password Cracking

Stolen Laptop, PDAs and Cell Phones

Social EngineeringApplication

Cont’d

EC-CouncilCopyright © by EC-Council

All Rights reserved. Reproduction is strictly prohibited

Penetration TestingPenetration Testing Penetration TestingPenetration Testing

Penetration Testing Roadmap (cont’d)(cont d)

Cont’dPhysical S i

Database P i i

VoIP P i T iSecurity

Penetration Testing

Penetration testing Penetration Testing

Vi dVirus and Trojan

Detection

War Dialing VPN Penetration Testing

Log Management

Penetration Testing

File Integrity Checking

Blue Tooth and Hand held

Device Penetration Testing

Telecommunication And Broadband Communication

Email Security Penetration Testing

Security Patches

Data Leakage Penetration Testing

End Here



Communication Penetration Testing

gPenetration Testing

Penetration Testing

Data Leakage

Loss of private and sensitive data affects the financial condition of an organization, and damages its reputation.

Many companies are worried about data leakage through Many companies are worried about data leakage through email.



Data Leakage Statistics



Source: http://www.networksunlimited.com

How Much Security?



Source: Infowatch, 2007

How Data Can be Leaked

Doors of data leakage:

USB and other removable devices

FTP ports

Bluetooth

Email attachments

FirewireFirewire

Memory slots



Spyware and Trojans

What to Protect

Employee’s information such as names, addresses, social security numbers, and other identity-related information

Marketing and new product plans

Corporate strategies

Target markets and prospect information

Usual business methods

Product designs research and costsProduct designs, research, and costs

Alliance and contract arrangements: delivery, pricing, and terms

Customer and supplier informationCustomer and supplier information

Staffing, operations, and wage/salary

Credit records or credit union account information



Trade secrets and intellectual property

Steps for Data Leakage Penetration TestingPenetration Testing

Step 1: Check physical availability of USB devices

Step 2: Check whether USB drive is enabled

Step 3: Try to enable USB

Step 4: Check whether USB asks for passwordStep 4: Check whether USB asks for password

Step 5: Check whether Bluetooth is enabled

Step 6: Check if the firewire is enabled



Step 7: Check if FTP ports 21,22 are enabled

Steps for Data Leakage Penetration Testing (cont’d)Penetration Testing (cont d)

Step 8: Check whether memory slot is available and enabled in systems

Step 9: Check whether employees are using camera devices within restricted areas

Step 10: Check whether systems have any camera driver installed

Step 11: Check whether anti-spyware and anti-trojans are enabledStep 11: Check whether anti-spyware and anti-trojans are enabled

Step 12: Check whether encrypted data can be decrypted

Step 13: Check if the internal hardware components are locked



Step 14: Check whether mail and attachments size is restricted

Step 1: Check Physical Availability of USB DevicesAvailability of USB Devices

USB devices are used for bulk data transfer.USB devices are used for bulk data transfer.

A system uses USB devices to transfer the data.

Check the device manager to find the physical availability of USB devices.



Step 2: Check Whether USB Drive is EnabledDrive is Enabled

A USB drive is directly connected to the computer through USB port and is used for data transfer.

Check whether USB drive is enabled or disabled.



Step 3: Try to Enable USB

If the USB is disabled, try to enable the USB.

If you are able to enable the device, it means that the user has admin privileges, which should not be the case for normal users.



Step 4: Check Whether USB Asked for PasswordAsked for Password

Most USB devices are secured with a passwordMost USB devices are secured with a password.

Check whether the device is asked for authentication after it Check whether the device is asked for authentication after it is connected to the system.



Step 5: Check Whether Bluetooth is Enabledis Enabled

Some systems have built-in Bluetooth Some systems have built in Bluetooth connectivity options.

Check whether these connections are enabled.

Try to enable such connection.

If you are able to enable the device, it means that the user has admin privileges which should not be the case



privileges, which should not be the case for normal users.

Step 6: Check if the Firewire is EnabledEnabled

Firewire is used to transfer data at a hi h d higher speed.

It transfers data upto 400 MbpsIt transfers data upto 400 Mbps.

It is also known as IEEE 1394 It is also known as IEEE 1394.

Check whether firewire is enabled or not.

Go to the DOS window and type



ipconfig/all.

Step 7: Check if FTP Ports 21 and 22 are Enabled22 are Enabled

Check whether FTP ports 21 and 22 are enabled or not.

Check the firewall settings to see if the ports are blocked.



Step 8: Check Whether any Memory Slot is Available and Enabled in Systemsy

There are many memory slots present on the system, such as RAM slots, y y p y , ,SRAM slots, and virtual memory slots.

Check for all available memory slot in the system.

Use the slot manager which creates slot information record for each memory slot.

Slot manager identifies all the memory resources and creates a slot resource table.



Step 9: Check Whether Employees are Using Camera Devices within Restricted

AreasAreas

Employees with camera devices can easily capture confidential data in p y y ptheir device.

Illegal use of such devices in restricted/sensitive areas leads to data leakage.



Step 10: Check Whether Systems have Any Camera Driver Installedy

Check whether the system has yany camera driver installed. The image cannot be displayed. Your computer may not have enough memory to open the image, or the image may have been corrupted. Restart your computer, and then open the file again. If the red x still appears, you may have to delete the image and then insert it again.

Go to My Computer→Properties→Hardware→Device Manager



Step 11: Check Whether Anti-Spyware and Anti-Trojans are

E bl dEnabled

Check whether anti-spyware and anti-Trojans are enabled py jor not.

S d li i h d h k h h Send malicious programs to the system and check whether these anti-spyware detects it or not.



Step 12: Check Whether Encrypted Data Can be Decryptedb yp

Data encryption technique protects organization’s vital information against unauthorized users.

Use cryptanalysis tools to decrypt the encrypted Use cryptanalysis tools to decrypt the encrypted information.

Cryptanalysis tools:

Jipher

Crank



Step 13: Check if the Internal Hardware Components are Lockedp

Check whether internal hardware components Check whether internal hardware components such as LAN/WLAN and PCMCIA cards are locked or not.



Step 14: Check Whether Size of Mail and Mail Attachments is Restricted

Check the size limits for mails and mail attachments.

For Microsoft Exchange Server, Go to the mailbox properties mail flow setting tab and open the message size restriction

di l b t h k th i f th t f d d i d ildialog box to check the size of the transferred and received mail.

T t d th tt h t h i i th th d fi d Try to send the attachment having more size than the defined limit.



Data Privacy and Protection Acts

Gramm-Leach-BlileyG y

Health Insurance Portability and Accountability Act (HIPAA)(HIPAA)

The Patriot ActThe Patriot Act

Data Protection ActData Protection Act

Sarbanes Oxley Act (SOX)



Sarbanes Oxley Act (SOX)

Data Protection Tools

VIP Privacy

Safend Protector

VISOCO Data Protection Master

Reconnex's iGuard

CryptEnCrypt

Steganos Security SuiteData Protection Software

FolderAccess

Steganos Security Suite

Private InfoKeeperFolderAccess

LockFolderQwikSecure File Protection System



Summary

Loss of private and sensitive data affects the financial condition and reputation of the organizationreputation of the organization.

Employee’s information such as names, addresses, and social security numbers must be protected.p

Doors of data leakage are USB, FTP ports, Bluetooth, email attachment, firewire, memory slots, spyware, and Trojans.

Check physical availability of USB devices and try to enable them.

Check whether Bluetooth, firewire, and FTP ports are enabled.



Check whether anti-spyware and anti-Trojans are enabled.

lptv4 module 41 data leakage penetration testing_norestriction

Documents

camera driver installed

internal hardware components

sensitive data affects

check physical availability

camera devices

data leakage

usb drive

memory slot