tcom 59901 information assurance management system hacking
TRANSCRIPT
![Page 1: TCOM 59901 Information Assurance Management System Hacking](https://reader035.vdocuments.net/reader035/viewer/2022081806/56649f585503460f94c7d90c/html5/thumbnails/1.jpg)
TCOM 5990 1
Information Assurance Management
System Hacking
![Page 2: TCOM 59901 Information Assurance Management System Hacking](https://reader035.vdocuments.net/reader035/viewer/2022081806/56649f585503460f94c7d90c/html5/thumbnails/2.jpg)
TCOM 5990 2
Hacking Windows 95/98
• Win 9x was not designed to be secure…like NT was…well
• 4 categories of remote exploitation– Direct connect to shared resource– Backdoor server daemons– Exploit known server application vulnerabilities– Denial of service
![Page 3: TCOM 59901 Information Assurance Management System Hacking](https://reader035.vdocuments.net/reader035/viewer/2022081806/56649f585503460f94c7d90c/html5/thumbnails/3.jpg)
TCOM 5990 3
Hacking Windows 95/98
• Note that three of these require some misconfiguration or poor judgement on the part of the sysadmin or user
• Can be easily fixed...
![Page 4: TCOM 59901 Information Assurance Management System Hacking](https://reader035.vdocuments.net/reader035/viewer/2022081806/56649f585503460f94c7d90c/html5/thumbnails/4.jpg)
TCOM 5990 4
Hacking Windows NT
• The Administrator
• Can’t go anywhere if your not…
• Passwords…Manual guessing– Easiest password possible…no password!
– Something easy
– Popular software default passwords
![Page 5: TCOM 59901 Information Assurance Management System Hacking](https://reader035.vdocuments.net/reader035/viewer/2022081806/56649f585503460f94c7d90c/html5/thumbnails/5.jpg)
TCOM 5990 5
Hacking Windows NT
• Automated guessing– Legion...– Can scan multiple class C IP ranges for
Windows shares and has a manual dictionary attack tool.
– NAT NetBIOS Auditing Tool does one at a time
![Page 6: TCOM 59901 Information Assurance Management System Hacking](https://reader035.vdocuments.net/reader035/viewer/2022081806/56649f585503460f94c7d90c/html5/thumbnails/6.jpg)
TCOM 5990 6
Hacking Windows NT
– Network password exchange
– L0phtcrack - password files• SMB Packet Capture bypasses that
need - grabs them on the fly by listening to local network segment
• Password Countermeasures?
![Page 7: TCOM 59901 Information Assurance Management System Hacking](https://reader035.vdocuments.net/reader035/viewer/2022081806/56649f585503460f94c7d90c/html5/thumbnails/7.jpg)
TCOM 5990 7
What to Do?
• Block access to TCP and UDP ports 135-139
• Enable TCP/IP security
• Set Restrict Anonymous key in Registry
![Page 8: TCOM 59901 Information Assurance Management System Hacking](https://reader035.vdocuments.net/reader035/viewer/2022081806/56649f585503460f94c7d90c/html5/thumbnails/8.jpg)
TCOM 5990 8
What to Do?
• Remove Everyone from the Access This Computer in user rights
• Apply the Service Packs and hotfixes
![Page 9: TCOM 59901 Information Assurance Management System Hacking](https://reader035.vdocuments.net/reader035/viewer/2022081806/56649f585503460f94c7d90c/html5/thumbnails/9.jpg)
TCOM 5990 9
What to Do?
• Strong Passwords! And enforce it!
• Rename the Administrator account…time, time, time
• Disable Guest
![Page 10: TCOM 59901 Information Assurance Management System Hacking](https://reader035.vdocuments.net/reader035/viewer/2022081806/56649f585503460f94c7d90c/html5/thumbnails/10.jpg)
TCOM 5990 10
What to Do?
• Admin passwords must be the strongest…and change them regularly
• No Domain Admin credentials on stand-alone machines
![Page 11: TCOM 59901 Information Assurance Management System Hacking](https://reader035.vdocuments.net/reader035/viewer/2022081806/56649f585503460f94c7d90c/html5/thumbnails/11.jpg)
TCOM 5990 11
What to Do?
• Install passprop from NTRK to enable account lockout for Administrators
• Install SYSKEY enhanced encryption for the SAM…time, time, time
![Page 12: TCOM 59901 Information Assurance Management System Hacking](https://reader035.vdocuments.net/reader035/viewer/2022081806/56649f585503460f94c7d90c/html5/thumbnails/12.jpg)
TCOM 5990 12
What to Do?
• Enable auditing…then check the logs! Weekly or use automated log analysis tools
• Verify Registry access permissions are secure
![Page 13: TCOM 59901 Information Assurance Management System Hacking](https://reader035.vdocuments.net/reader035/viewer/2022081806/56649f585503460f94c7d90c/html5/thumbnails/13.jpg)
TCOM 5990 13
What to Do?
• Set the Hidden Registry value on sensitive servers…removes the host from browse lists
• Don’t run unnecessary services and avoid those that run in the security context of a user
![Page 14: TCOM 59901 Information Assurance Management System Hacking](https://reader035.vdocuments.net/reader035/viewer/2022081806/56649f585503460f94c7d90c/html5/thumbnails/14.jpg)
TCOM 5990 14
What to Do?
• Understand how to configure applications securely or don’t run them!
• Educate your users on sensitivity of passwords
![Page 15: TCOM 59901 Information Assurance Management System Hacking](https://reader035.vdocuments.net/reader035/viewer/2022081806/56649f585503460f94c7d90c/html5/thumbnails/15.jpg)
TCOM 5990 15
What to Do?
• Migrate to switched architectures…harder to eavesdrop then shared infrastructures
• Keep current with security mailing lists