CMGT/441 Intro. to Information Systems Security Management

CMGT/441 Intro. to Information Systems Security Management

Philip Robbins – November 21, 2013

Ethical Hacking & Desktop, Server, and Embedded Operating System Vulnerabilities

Information TechnologyUniversity of Phoenix Kapolei Learning Center

Week #1

1

2

Ethical Hacking

Topics• Introductions• Syllabus Review• Fundamentals of Ethical Hacking• Windows & *nix OS Vulnerabilities• Embedded OS Vulnerabilities

• Class Discussion, Tools, Security Resources• Review Questions, Q&A• Quiz #1• Assignment #1

3

IntroductionsWho am I? • Information Systems Authorizing Official Representative

- United States Pacific Command (USPACOM)- Risk Management Field- Assessments to USPACOM Authorizing Official / CIO

• Former Electronics & Environmental Engineer• Bachelor of Science in Electrical Engineering• Master of Science in Information Systems• Ph.D. Student in Communication & Information Sciences• Certified Information Systems Security Professional (CISSP) and Project

Management Professional (PMP)

4

SyllabusClass Textbook

5

Fundamentals

“A locked door keeps an honest man out.”

6

Fundamentals• Introduction to Proactive System Security

What this class IS about:An introductory course in adopting a proactive (v.s. reactive) stance towards systems security.

What this class IS NOT about:An offensive class in hacking.

How does one better understand how to defend against system security attacks?By performing and testing against them.

7

Fundamentals• What is Hacking?

Classical Definition:Seeking to understand computer systems strictly for the love of having that knowledge.

Modern Definition:Illegal access to computer or network systems.

BEFORE

NOW

8

Fundamentals• What is a “Hacker”?

10

Fundamentals

Who/what is a “Cracker”?

Term used to describe a hacker with malicious intent.

Crackers (cyber criminals) get into all kinds of mischief, including breaking or "cracking" copy protection on

software programs, breaking into systems and causing harm, changing data, or stealing.

11

Fundamentals• “Hacker” v.s. “Cracker”?- Today there’s no real distinction between the two terms.

Hacker = Cracker

However…- Some hackers regard crackers as less educated.- Some crackers don’t create their own work; simply steal other people's work to cause mischief, or for personal gain.

12

Fundamentals• Who are “Script kiddies”?

- Unskilled individuals who use scripts or programs developed by knowledgeable programmers to attack computer systems.

- Generally considered “posers” or “kiddies” lacking the ability to write sophisticated scripts or programs on their own.

- Usually seeking to gain credit or impress their friends.

13

FundamentalsWhat is an “Ethical Hacker”?• Oxymoron: Honest Criminal

- A new breed of network defenders.

- Performs the same activities a hacker does but with the owner / company’s permission.

- Usually contracted to perform penetration testing.

14

Fundamentals• Penetration Testing- Discover vulnerabilities.- Perform attack and penetration assessments.- Perform discovery and scanning for open ports & services.- Apply exploits to gain access and expand access as necessary.- Activities involving application penetration testing and application source review.- Interact with the client as required.- Produce reports documenting discoveries during the engagement.- Report your findings with the client at the conclusion of each engagement.

v.s.• Security Testing+ Participate in research and provide recommendations for improvement.+ Participate in knowledge sharing.

15

Fundamentals• Why perform Penetration Tests?

16

Fundamentals• Steps for a Penetration TestStep #1: Planning Phase- Scope & Strategy of the assignment is determined.- Existing security policies and standards are used for defining the scope.

Step #2: Discovery Phase- Collect as much information as possible about the system including data in the system, user names and even passwords (fingerprinting). - Scan and Probe into the ports.- Check for vulnerabilities of the system.

Step #3: Attack Phase- Find exploits for various vulnerabilities.- Obtain necessary security Privileges to exploit the system & exploit.

17

Fundamentals• Steps for a Penetration TestStep #4: Reporting Phase- Report must contain detailed findings.- Risks of vulnerabilities found and their impact on business- Recommendations for solutions, if any (Security Testing).

18

Fundamentals• Penetration Testing Limitations- Can’t find all the vulnerabilities on a system.- Time for tester- Budget- Scope- Skills of testers- Data loss and corruption- Downtime for organization- Increased costs for organization*

* How could pen testing decrease costs for an organization?

http://www.samcharter.com/roles-and-responsibilities-sam/

19

Fundamentals• Roles & Responsibilities of the Pen-Tester

- Testers should collect required information from the Organization to enable penetration tests (depending on the type of testing model).

- Find flaws that could allow hackers to attack a target machine.

- Pen Testers should think & act like real hackers (ethically).

-Tester should be responsible for any loss in the system or information during the testing.

- Tester should keep data and information confidential.

20

Fundamentals• Types of Pen-Testing Methodologies

White Box Model- Tester is given the company network topology, info on technology used, and permission to interview all employees (including IT personnel).

Black Box Model- Tester is not given any information.- Management doesn’t tell staff about the pen test being conducted.- Help determine if company’s security personnel are able to detect attacks.

Gray Box Model- Hybrid of the white and black box models.- Tester may get partial information.

21

Class Discussion• Which pen-testing category / model closely mimics

that of an insider threat?

• Which type of pen-testing model is better suited for an organization on a extremely limited budget?

• Which pen-testing model is most accurate? Which can be considered to have the greatest drawback?

22

Class Discussion

23

Fundamentals• Types of Hats

- White Hats (Ethical / Pen-Testers improving security) - Black Hats (Hackers / Crackers degrading

security)- Grey Hats (In-between White and Black)- Red Hat (Enterprise Linux)

24

Fundamentals• What can you do Legally? What about:

- Port scanning?- Possession of hacking tools?- Photographing?- ISP Acceptable Use Policy (AUP)?- Installing viruses on a computer network denying users?

In Hawaii, the state must prove that the person charged with committing a crime on a computer had the “intent to commit a crime.”

25

Fundamentals• Federal Laws:

- Computer Fraud and Abuse Act, Title 18Crime to access classified information with authorization.

- Electronic Communication and Abuse ActIllegal to intercept any communication, regardless of how it was transmitted.

- Stored Wire and Electronic Communications andTransactional Records ActDefines unauthorized access to computers that store classified information.

26

Class Discussion• What are the advantages of using a written contract

when engaged in a computer consulting job?

• Why is it important that your attorney read over the contract before you sign it?

• What is upper management’s role for a penetration test?

27

Class Discussion• Why do you think the government does not define a

common law for computer-related crimes, rather than allowing each state to address these issues?

28

Fundamentals• Ethical Hacking in a Nutshell

- Must have a good understanding of networks & computer technology.

- Must be able to communicate with management & IT personnel.

- Must have an understanding of the laws that apply to your location.

- Must be able to apply the necessary tools to perform your tasks.

29

Fundamentals• Professional Certifications

Certified Ethical Hacker (CEH)

Cisco Certified Network Associate (CCNA)

Project Management Professional (PMP)

Certified Information Systems SecurityProfessional (CISSP)

30

Fundamentals• Careers

31

Fundamentals• CEH 22 Domains

32

ToolsBacktrack 5r3Ubuntu Linux Distribution providing a comprehensive collection of security-related tools for digital forensics andpen testing use.

http://www.backtrack-linux.org/downloads/

33

ToolsKali Linux (a.k.a. Backtrack 6)A debian Linux Distribution rewritten from Backtrack. Preinstalled with numerous penetration-testing programs, including nmap (a port scanner), Wireshark (a packet analyzer), John the Ripper (a password cracker), and Aircrack-ng (a software suite for penetration-testing wireless LANs).

http://www.kali.org/downloads

34

ToolsMetasploitable 2.0Intentionally vulnerable Linux virtual machine.

http://www.offensive-security.com/metasploit-unleashed/Metasploitablehttp://sourceforge.net/projects/metasploitable/files/Metasploitable2/

http://www.offensive-security.com/metasploit-unleashed/File:Metasploitable2_booted.png

35

ToolsDamn Vulnerable Linux (DVL) 1.5 Infectious DiseaseOriginally formed from Slackware with the goal of being an intentionally vulnerable system for practice/teaching purposes in regards to Network and Computer Security. Now considered discontinued.

http://distrowatch.com/table.php?distribution=dvlhttp://download.vulnhub.com/dvl/DVL_1.5_Infectious_Disease.iso

36

General Security Resources• Cyber Hui

http://www.cyberhui.org/Cyber Hui is a community of Hawaii Cyber security professionals dedicated to sharing skills and knowledge with high school and college students. Join the Hui; check out their resources and discussion forums.

• SANS Institute http://www.sans.org/

Source for information security training and security certification; develops, maintains, and makes available at nocost, a collection of research documents about various aspects of information security. Find whitepapers here that interest you.

• Symantec Connect http://www.securityfocus.com/Technical community for Symantec customers, end-users, developers, and partners.

• SearchSecurity http://searchsecurity.techtarget.com/Online Information Security Magazine providing immediate access to late breaking industry news, virus alerts, new hacker threats and attacks.

• Internet Storm Center https://isc.sans.edu/forums/Diary+Discussions/Community forums, discussions, and daily podcasts on auditing, forensics, network security, pen testing.

37

General Security Resources• CyberPatriot http://www.uscyberpatriot.org/CP5/Training.aspxAir Force Cyber Defense Competition.

38

General Security Resources• IASE http://iase.disa.mil/policy-guidance/Most comprehensive compilation of DoD Policies & Guidance documentation for Information Assurance .

39

Review Questions• Question #1

The U.S. Department of Justice defines a hacker as whichof the following?

a. A person who accesses a computer or network without the owner’s permission.

b. A penetration tester.c. A person who uses telephone services without payment.d. A person who accesses a computer or network with the

owner’s permission.

40


The U.S. Department of Justice defines a hacker as whichof the following?

a. A person who accesses a computer or network without the owner’s permission.

b. A penetration tester.c. A person who uses telephone services without payment.d. A person who accesses a computer or network with the

owner’s permission.

41


A penetration tester is which of the following?

a. A person who accesses a computer or network without permission from the owner.

b. A person who uses telephone services without payment.c. A security professional who’s hired to hack into a network to

discover vulnerabilities.d. A hacker who accesses a system without permission but does

not delete or destroy files.

42


A penetration tester is which of the following?

a. A person who accesses a computer or network without permission from the owner.

b. A person who uses telephone services without payment.c. A security professional who’s hired to hack into a network to

discover vulnerabilities.d. A hacker who accesses a system without permission but does

not delete or destroy files.

43


Some experienced hackers refer to inexperiencedhackers who copy or use prewritten scripts or programsas which of the following?

a. Script Monkeyb. Packet Kiddies.c. Packet Monkeys.d. Script Kiddies.

44


Some experienced hackers refer to inexperiencedhackers who copy or use prewritten scripts or programsas which of the following?

a. Script Monkeyb. Packet Kiddies.c. Packet Monkeys.d. Script Kiddies.

45


A team composed of people with varied skills who attempt to penetrate a network is referred to as which of the following?

a. Green Teamb. Blue Teamc. Black Teamd. Red Team

46


A team composed of people with varied skills who attempt to penetrate a network is referred to as which of the following?

a. Green Teamb. Blue Teamc. Black Teamd. Red Team

47


What portion of your ISP contract might affect your ability to conduct a penetration test over the internet?

a. Scanning Policyb. Port Access Policyc. Acceptable Use Policyd. Warranty Policy

48


What portion of your ISP contract might affect your ability to conduct a penetration test over the internet?

a. Scanning Policyb. Port Access Policyc. Acceptable Use Policyd. Warranty Policy

49


Which federal law prohibits unauthorized access of classified information?

a. Computer Fraud and Abuse Act, Title 18b. Electronic Communication and Abuse Actc. Stored Wire and Electronic Communications and Transactional

Records Actd. Fourth Amendment

50


Which federal law prohibits unauthorized access of classified information?



51


Which federal law prohibits intercepting any communication, regardless of how it was transmitted?



52


Which federal law prohibits intercepting any communication, regardless of how it was transmitted?



53


Which federal law amended Chapter 119 of Title 18, U.S. Code?


Records Actd. U.S. Patriot Act, Sec. 217: Interception of Computer Trespasser

Communications

54


Which federal law amended Chapter 119 of Title 18, U.S. Code?


Records Actd. U.S. Patriot Act, Sec. 217: Interception of Computer

Trespasser Communications

55


To determine whether scanning is illegal in your area, you should do which of the following?

a. Refer to the U.S. codeb. Refer to the U.S. Patriot Actc. Refer to the state lawsd. Contact your ISP

56


To determine whether scanning is illegal in your area, you should do which of the following?

a. Refer to the U.S. codeb. Refer to the U.S. Patriot Actc. Refer to the state lawsd. Contact your ISP

57


As a security tester, what should you do before installing hacking software on your computer?

a. Check with local law enforcement agencies.b. Contact your hardware vendor.c. Contact your software vendor.d. Contact your ISP.

58


As a security tester, what should you do before installing hacking software on your computer?

a. Check with local law enforcement agencies.b. Contact your hardware vendor.c. Contact your software vendor.d. Contact your ISP.

59


Before using hacking software over the Internet, you should contact which of the following?

a. Your ISP.b. Your vendor.c. Local law enforcement authorities to check for complianced. The FBI

60


Before using hacking software over the Internet, you should contact which of the following?

a. Your ISP.b. Your vendor.c. Local law enforcement authorities to check for complianced. The FBI

61


Which organization issues the Top 20 list of current network vulnerabilities?

a. SANS Instituteb. ISECOMc. EC-Councild. OPST

62


Which organization issues the Top 20 list of current network vulnerabilities?

a. SANS Instituteb. ISECOMc. EC-Councild. OPST

63

OS Vulnerabilities• Windows

How do we deal with this?

64

OS Vulnerabilities• Windows- OSs contain serious vulnerabilities that attackers can exploit.- Default installations are especially at risk.

How do we deal with this?- Reducing our attack surface.- Disable, reconfigure, uninstall unnecessary services.- Employ System Hardening techniques.- Monitor new vulnerabilities / automatic updates.- Periodic assessment / scans.- Patch.- Patch.- Patch.

65

OS Vulnerabilities• CVE search on NVD

http://www.cve.mitre.org/cve/index.htmlhttp://web.nvd.nist.gov/view/vuln/search?execution=e2s1

67

OS Vulnerabilities• Windows File SystemsPurpose is to store and manage information.

File Allocation Table (FAT):Standard File System for most removable media.

Why would using FAT in a multiuser environment be considered a critical vulnerability?

512 B = 1 sector1 cluster = smallest allocated unit for a file

68

OS Vulnerabilities• Windows File SystemsPurpose is to store and manage information.

File Allocation Table (FAT):Standard File System for most removable media.

Why would using FAT in a multiuser environment be considered a critical vulnerability?Because FAT doesn’t support file-level access control lists (ACLs)!

512 B = 1 sector1 cluster = smallest allocated unit for a file

69

OS Vulnerabilities• Windows File Systems

New Technology File System (NTFS):Supports larger files and disk volumes while addressing security through ACLs and FS journaling.

Alternate Data Streams (ADSs) is a NTFS feature usedfor compatibility with the old Apple Hierarchical File System, using both data forks (contents of documents), and resource forks (file type identification) to store data.

Why are ADSs considered a security risk?

70


New Technology File System (NTFS):Supports larger files and disk volumes while addressing security through ACLs and FS journaling.

Alternate Data Streams (ADSs) is a NTFS feature usedfor compatibility with the old Apple Hierarchical File System, using both data forks (contents of documents), and resource forks (file type identification) to store data.

Why are ADSs considered a security risk?ADSs make it possible for hackers who want to hide & store, exploitation tools, and other malicious files on compromised systems.

71


New Technology File System (NTFS): Tools used for detecting ADSs --

• LADS http://www.heysoft.de/en/software/lads.phpProgram lists all alternate data streams of an NTFS directory.

• lns http://ntsecurity.nu/toolbox/lns

LNS is a tool that searches for NTFS streams (aka alternate data streams or multiple data streams).

• Tripwire http://www.tripwire.com/

Enterprise Vulnerability Management Solution using signatures to find vulnerabilities.

• dir /r Command Prompt (cmd) Command used from the directory you want to display and ADSs available in Windows Vista and later.

72

OS Vulnerabilities• Windows File SystemsNew Technology File System (NTFS): Using LADS & lns to detect ADSs.

LADS - Freeware version 4.00 (C) Copyright 1998-2004 Frank Heyne Software (http://www.heysoft.de) This program lists files with alternate data streams (ADS) Use LADS on your own risk!

Scanning directory C: size ADS in file ---------- ---------------------------------

Error 32 opening C:\pagefile.sys

The following summary might be incorrect because there was at least one error!

0 bytes in 0 ADS listed

LADS - Freeware version 4.00 (C) Copyright 1998-2004 Frank Heyne Software (http://www.heysoft.de) This program lists files with alternate data streams (ADS) Use LADS on your own risk!

Scanning directory C:\compaq size ADS in file ---------- --------------------------------- 32768 C:\compaq\test_file:ipeye.exe 32768

C:\compaq\test_file2:klogger.exe 143360

C:\compaq\test_file3:psexec.exe 86016

C:\compaq\test_file4:pslist.exe

294912 bytes in 4 ADS listed Compromised System

lns 1.0 - (c) 2002, Arne Vidstrom ([email protected]) - http://ntsecurity.nu/toolbox/lns/ c:\compaq\test_file - Alternative data stream [:ipeye.exe:$DATA] c:\compaq\test_file2 - Alternative data stream [:klogger.exe:$DATA] c:\compaq\test_file3 - Alternative data stream [:psexec.exe:$DATA] c:\compaq\test_file4 - Alternative data stream [:pslist.exe:$DATA] Compromised System

Uncompromised System

http://www.heysoft.de/

http://www.heysoft.de/

mailto:[email protected]

http://ntsecurity.nu/toolbox/lns/

73

OS Vulnerabilities• Remote Procedure Call (RPC)

Interprocess communication mechanism.

Allows a computer program to cause a subroutine or procedure (program) to execute in another address space (on another computer within a shared network).

74


http://technet.microsoft.com/en-us/security/bulletin/

75


76

OS Vulnerabilities

http://www.microsoft.com/technet/security/tools/mbsahome.mspx/

77

OS Vulnerabilities

78

OS Vulnerabilities

http://www.dorkatron.com/docs/ISA330/W2%20-%20READING%20-%20MBSA%20Report%20for%20Philip%20Robbins.pdf

79

OS Vulnerabilities• Network Basic Input / Output System (NetBIOS)

- OSI Session Layer 5.- Software loaded into memory that allows a program to

interact with a shared network resource or device.- NetBIOS frees an application from understanding the details

of a network.- Still used today for ensuring backward capability.- Uses ports open to the internet:

UDP/137UDP/138 TCP/139

80

OS Vulnerabilities• Network Basic Input / Output System (NetBIOS)Why is NetBIOs over TCP/IP considered a security risk?

81


82


Because an attacker can gain the following information:- Computer name- Contents of the remote name cache, including IP addresses- A list of local NetBIOS names- A list of names resolved by broadcast or via WINS- Contents of the session table with the destination IP addresses

83

OS Vulnerabilities• Server Message Block (SMB)

- OSI Application Layer 7.- Used for sharing access to files, printers, serial ports, and misc

communications between nodes on a network.- Uses TCP/445 port.

- Vulnerabilities are associated with Microsoft’s implementation of the SMB protocol and the components it directly relies on.

http://uwnthesis.wordpress.com/2013/05/29/metasploit-how-to-use-server-message-block-smb-or-file-sharing-scanning/

84

OS Vulnerabilities• Common Internet File System (CIFS)- Replaces SMB but allows backward capability.- Remote File System Protocol that allows computers to share

network resources over the internet.

85

OS Vulnerabilities• Domain Controllers- Servers that handle authentication.- DC’s using CIFS listen on the following ports:

DNS (53), HTTP (80), Kerberos (88), RPC (135),NetBIOS (137 & 139), LDAP (389), HTTPS (443),SMB/CIFS (445), LDAP over SSL (636), Active Directory Global Catalog (328)

- Most attackers look for DCs because theycontain so much information they want toaccess.

86

OS Vulnerabilities• Null Sessions- Allows you to connect to a remote machine without using a

user name or password.- Anonymous logins.- i.e. FTP, SQL (null SA password), IPC$, etc…

This is the most frequently used method for network reconnaissance employed by hackers.

87

OS Vulnerabilities• Buffer Overflows- Occurs when data is written to a buffer (temporary memory

space) and, because of insufficient bounds checking, corrupts data in memory next to the allocated buffer.

- Applications written in C & C++ are vulnerable.- Can allow attackers to run shell code.

88

OS Vulnerabilities• Trojan- Non replicating type of malware.- Program that appears to perform a desired function.- Gains privileged access.- Allows remote

administration (backdoors).- Creates a file server (FTP).- Drops malicious payload.

89

OS Vulnerabilities• Rootkits- Installed by intruders who have gained root access.- Contains malicious Trojan binary programs.- Designed to hide and maintain privileged access.- Can reside in the kernel.- Removal becomes complicated.

90

Class Discussion• What are the benefits of using passwords as an

authentication method?

• Why can it be considered a weakness / vulnerability?

91

Class Discussion• What are the benefits of using passwords as an

authentication method?Cost effective and disposable.

• Why can it be considered a weakness / vulnerability?“What you know” v.s. “what you are” or “what you have.”

A username and password is all that stands betweenan attacker and access.

92

OS Vulnerabilities• Passwords- All users / admins should change their passwords regularly.- Establish minimum length for users (8 chars) and admins (15 chars)- Require complexity: include letters, numbers, symbols, both upper and

lower case chars.- No dictionary (common) or slang words (in any language).- No connection to the user: ss#, birthdays, or names.- Never write passwords down (esp. online, through email, or store on a

users computer).- Be aware of shoulder surfing.- Limit reuse of old passwords.- Set account lockout duration (i.e. timeout 30 seconds after first attempt).- Set account lockout thresholds (i.e. disable account after 3 attempts).

93

OS Vulnerabilities• Passwords

http://splashdata.com/press/pr121023.htm

94

OS Vulnerabilities

http://www.labnol.org/internet/common-passwords-to-avoid/14136/

95

Vulnerability Scanners• eEye Retina

http://www.eeye.com/

96

Vulnerability Scanners• Tenable Nessus

http://www.tenable.com/products/nessus

97

Vulnerability Scanners• GFI Languard

http://www.gfi.com/products-and-solutions/network-security-solutions/gfi-languard

98

Vulnerability Scanners• OpenVAS

http://www.openvas.org/

99

Patch Scanners• HFNetchk & Shavlik- Created by Mark Shavlik.- MBSA is based on HFNetchk.- Shavlik for Patch Management.

http://www.shavlik.com/

100

Patch Scanners• Microsoft’s System Management Server (SMS)- Patch Management for all computers on your network.

http://www.microsoft.com/en-us/server-cloud/system-center/configuration-manager-2012.aspx

101

Patch Scanners• Windows Software Update Services (WSUS)- Patch Management from the network.

- WSUS downloads patchesand publishes them internally.

- Control over which updatesare deployed.

http://technet.microsoft.com/en-us/windowsserver/bb332157.aspx

102

OS Vulnerabilities• System Hardening- Patch all known vulnerabilities (automatic updates v.s. patch testing).- Remove unwanted services.- Enforce password complexity & policies.- Removed unused user accounts.- Configure and manage user privileges.- Implement an Antivirus Solution.- Enable logging / monitoring tools.- Closed unused open network ports:

FTP (20, 21), TFTP (69), Telnet (23), DNS (53), NNTP (119),NetBIOS (135, 137, 138, 139, 445), RDP (3389), SNMP (161, 162), RPC (1025-1039)

103

OS Vulnerabilities• *nix

104

Class Discussion• Why do you think people believe windows is more

vulnerable than *nix OSs?

105

Class Discussion• Why do you think people believe windows is more

vulnerable than *nix OSs?

Because a majority of people use windows, most attackers focus on compromising that OS.

• Why do you think only 1% of all desktop users use Linux?

106

Class Discussion• Why do you think only 1% of all desktop users use

Linux?

Even if Grandma knew about the alternative, (i) would she even prefer it, and (ii) is she capable?

107

OS Vulnerabilities• *nix

Samba- Free software.

- *nix servers can share resources with Windows clients, and vice versa withoutprejudice.

- Designed to trick Windows resources into believing that *nixresources are Windows resources.

http://www.samba.org/

108

OS VulnerabilitiesSamba- Search NVD for *nix vulnerabilities related to samba.

109

Embedded OS Vulnerabilities

• What are Embedded Systems?Any computer system that isn’t a general-purpose PC.

• What are Embedded Operating Systems?Embedded Systems that include their own operating system, including stripped-down versions of commonly used OSs.

What are some examples of embedded systems that contain embedded Oss?

http://www.google.com/imgres?imgurl=http://tecfactory.in/wp-content/uploads/2010/12/embedded-systems.jpg&imgrefurl=http://tecfactory.in/training/embedded-system/&usg=__IP0e8CghByoL3Vg6EEami5CvGsA=&h=286&w=388&sz=20&hl=en&start=4&sig2=RyX4g79f9qiIHKCm5x8wCA&zoom=1&tbnid=4zG477d-O07W7M:&tbnh=91&tbnw=123&ei=GxA0UrOKD4a5igKg-oC4DQ&um=1&itbs=1&sa=X&ved=0CDIQrQMwAw

110

Embedded OS Vulnerabilities• Things to keep in mind:Don’t underestimate the security risks associated with embedded systems simply because they’re small, perform simple tasks, or the belief that no one would bother attacking them.

Embedded OSs are networked and are everywhere (think about Critical Infrastructure & SCADA).

Many of the vulnerabilities seen in common OSs directly carry over.

Coding of the OS and patching can be difficult due to memory Constraints. How do you patch a PIC16F877?

111


• W32.Stuxnet- Identified in 2010.- Considered first cyber weapon.- Affected Supervisory Control and Data Acquisition Systems (SCADA) and Programmable Logic Controllers (PLC) within IRANS nuclear enrichment facilities.

112

Embedded OS Vulnerabilities• Android

113

Embedded OS Vulnerabilities• Android

http://www.wtop.com/1253/3433568/Govt-warns-Android-vulnerable-to-mobile-hacks

114

Class Discussion• What are some of the vulnerabilities associated with

embedded devices like smart phones?

• What are the risks?

116


117


118

Class ToolsVulnerable targets…Practice researching and identifying vulnerabilities within our isolated test environment.

localhostuser: rootpassword: toor

localhostuser: Administratorpassword: password

119


MBSA performs which of the following security checks?

a. Security update checks.b. IIS checks.c. System time checks.d. Computer logon checks.

120


MBSA performs which of the following security checks?

a. Security update checks.b. IIS checks.c. System time checks.d. Computer logon checks.

121


Which ports should be filtered out to protect a network from SMB attacks?

a. 134 to 138 and 445.b. 135, 139, and 443.c. 137 to 139 and 445.d. 53 and 445.

122


Which ports should be filtered out to protect a network from SMB attacks?

a. 134 to 138 and 445.b. 135, 139, and 443.c. 137 to 139 and 445.d. 53 and 445.

123


Applications written in which programming language(s) are especially vulnerable to buffer overflow attacks?

a. Cb. Perlc. C++d. Java

124


Applications written in which programming language(s) are especially vulnerable to buffer overflow attacks?

a. Cb. Perlc. C++d. Java

125


Which of the following is the most efficient way to determine which OS a company is using?

a. Run Nmap or other port-scanning programs.b. Use the whois database.c. Install a sniffer on the company’s network segment.d. Call the company and ask.

126


Which of the following is the most efficient way to determine which OS a company is using?

a. Run Nmap or other port-scanning programs.b. Use the whois database.c. Install a sniffer on the company’s network segment.d. Call the company and ask.

127


Which program can detect rootkits on *nix systems?

a. chkrootkitb. rktdetectc. SELinuxd. Ionx

128


Which program can detect rootkits on *nix systems?

a. chkrootkitb. rktdetectc. SELinuxd. Ionx

129


Which of the following doesn’t use an embedded OS?

a. An ATMb. A workstation running Windows Vista Businessc. A NAS device running Windows Server 2008 R2d. A slot machine

130


Which of the following doesn’t use an embedded OS?

a. An ATMb. A workstation running Windows Vista Businessc. A NAS device running Windows Server 2008 R2d. A slot machine

131


Which of the following is a major challenge of securing embedded OSs?

a. Training usersb. Configurationc. Patchingd. Backup and recovery

132


Which of the following is a major challenge of securing embedded OSs?

a. Training usersb. Configurationc. Patchingd. Backup and recovery

133


SCADA systems are used for which of the following?

a. Monitoring embedded OSsb. Monitoring ATM access codesc. Monitoring equipment in large-scale industriesd. Protecting embedded OSs from remote attacks

134


SCADA systems are used for which of the following?

a. Monitoring embedded OSsb. Monitoring ATM access codesc. Monitoring equipment in large-scale industriesd. Protecting embedded OSs from remote attacks

135

Review Questions• Question #9 (last one)

Cell phone vulnerabilities make it possible for attackers to do which of the following? (Choose all that apply.)

a. Use your phone as a microphone to eavesdrop on meetings.b. Install a BIOS-based rootkit.c. Clone your phone to make illegal long-distance phone calls.d. Listen to your phone concersations.

136

Review Questions• Question #9 (last one)

Cell phone vulnerabilities make it possible for attackers to do which of the following? (Choose all that apply.)

a. Use your phone as a microphone to eavesdrop on meetings.b. Install a BIOS-based rootkit.c. Clone your phone to make illegal long-distance phone calls.d. Listen to your phone concersations.

137

Quiz #1• Multiple choice, closed book, closed notes.

138

Questions?

[email protected]/~probbinshttps://www.dorkatron.com/docs/CMGT441/

CMGT/441 Intro. to Information Systems Security Management

Documents

Transcript of CMGT/441 Intro. to Information Systems Security Management