CMGT/441 Intro. to Information Systems Security Management Philip Robbins – November 21, 2013...

CMGT/441 Intro. to Information Systems Security Management Philip Robbins November 21, 2013 Ethical Hacking & Desktop, Server, and Embedded Operating System Vulnerabilities Information Technology University of Phoenix Kapolei Learning Center Week #1 1

2 Ethical Hacking Topics Introductions Syllabus Review Fundamentals of Ethical Hacking Windows & *nix OS Vulnerabilities Embedded OS Vulnerabilities Class Discussion, Tools, Security Resources Review Questions, Q&A Quiz #1 Assignment #1

3 Introductions Who am I? Information Systems Authorizing Official Representative -United States Pacific Command (USPACOM) -Risk Management Field -Assessments to USPACOM Authorizing Official / CIO Former Electronics & Environmental Engineer Bachelor of Science in Electrical Engineering Master of Science in Information Systems Ph.D. Student in Communication & Information Sciences Certified Information Systems Security Professional (CISSP) and Project Management Professional (PMP)

4 Syllabus Class Textbook

5 Fundamentals A locked door keeps an honest man out.

6 Fundamentals Introduction to Proactive System Security What this class IS about: An introductory course in adopting a proactive (v.s. reactive) stance towards systems security. What this class IS NOT about: An offensive class in hacking. How does one better understand how to defend against system security attacks? By performing and testing against them.

7 Fundamentals What is Hacking? Classical Definition: Seeking to understand computer systems strictly for the love of having that knowledge. Modern Definition: Illegal access to computer or network systems. BEFORE NOW

8 Fundamentals What is a Hacker?

10 Fundamentals Who/what is a Cracker? Term used to describe a hacker with malicious intent. Crackers (cyber criminals) get into all kinds of mischief, including breaking or "cracking" copy protection on software programs, breaking into systems and causing harm, changing data, or stealing.

11 Fundamentals Hacker v.s. Cracker? - Today theres no real distinction between the two terms. Hacker = Cracker However - Some hackers regard crackers as less educated. - Some crackers dont create their own work; simply steal other people's work to cause mischief, or for personal gain.

12 Fundamentals Who are Script kiddies? - Unskilled individuals who use scripts or programs developed by knowledgeable programmers to attack computer systems. - Generally considered posers or kiddies lacking the ability to write sophisticated scripts or programs on their own. - Usually seeking to gain credit or impress their friends.

13 Fundamentals What is an Ethical Hacker? Oxymoron: Honest Criminal - A new breed of network defenders. - Performs the same activities a hacker does but with the owner / companys permission. - Usually contracted to perform penetration testing.

14 Fundamentals Penetration Testing - Discover vulnerabilities. - Perform attack and penetration assessments. - Perform discovery and scanning for open ports & services. - Apply exploits to gain access and expand access as necessary. - Activities involving application penetration testing and application source review. - Interact with the client as required. - Produce reports documenting discoveries during the engagement. - Report your findings with the client at the conclusion of each engagement. v.s. Security Testing + Participate in research and provide recommendations for improvement. + Participate in knowledge sharing.

15 Fundamentals Why perform Penetration Tests?

16 Fundamentals Steps for a Penetration Test Step #1: Planning Phase - Scope & Strategy of the assignment is determined. - Existing security policies and standards are used for defining the scope. Step #2: Discovery Phase - Collect as much information as possible about the system including data in the system, user names and even passwords (fingerprinting). - Scan and Probe into the ports. - Check for vulnerabilities of the system. Step #3: Attack Phase - Find exploits for various vulnerabilities. - Obtain necessary security Privileges to exploit the system & exploit.

17 Fundamentals Steps for a Penetration Test Step #4: Reporting Phase - Report must contain detailed findings. - Risks of vulnerabilities found and their impact on business - Recommendations for solutions, if any (Security Testing).

18 Fundamentals Penetration Testing Limitations - Cant find all the vulnerabilities on a system. - Time for tester - Budget - Scope - Skills of testers - Data loss and corruption - Downtime for organization - Increased costs for organization* * How could pen testing decrease costs for an organization?

19 Fundamentals Roles & Responsibilities of the Pen-Tester - Testers should collect required information from the Organization to enable penetration tests (depending on the type of testing model). - Find flaws that could allow hackers to attack a target machine. - Pen Testers should think & act like real hackers (ethically). -Tester should be responsible for any loss in the system or information during the testing. - Tester should keep data and information confidential.

20 Fundamentals Types of Pen-Testing Methodologies White Box Model - Tester is given the company network topology, info on technology used, and permission to interview all employees (including IT personnel). Black Box Model - Tester is not given any information. - Management doesnt tell staff about the pen test being conducted. - Help determine if companys security personnel are able to detect attacks. Gray Box Model - Hybrid of the white and black box models. - Tester may get partial information.

21 Class Discussion Which pen-testing category / model closely mimics that of an insider threat? Which type of pen-testing model is better suited for an organization on a extremely limited budget? Which pen-testing model is most accurate? Which can be considered to have the greatest drawback?

22 Class Discussion

23 Fundamentals Types of Hats - White Hats (Ethical / Pen-Testers improving security) - Black Hats (Hackers / Crackers degrading security) - Grey Hats (In-between White and Black) - Red Hat (Enterprise Linux)

24 Fundamentals What can you do Legally? What about: -Port scanning? -Possession of hacking tools? -Photographing? -ISP Acceptable Use Policy (AUP)? -Installing viruses on a computer network denying users? In Hawaii, the state must prove that the person charged with committing a crime on a computer had the intent to commit a crime.

25 Fundamentals Federal Laws: - Computer Fraud and Abuse Act, Title 18 Crime to access classified information with authorization. - Electronic Communication and Abuse Act Illegal to intercept any communication, regardless of how it was transmitted. - Stored Wire and Electronic Communications and Transactional Records Act Defines unauthorized access to computers that store classified information.

26 Class Discussion What are the advantages of using a written contract when engaged in a computer consulting job? Why is it important that your attorney read over the contract before you sign it? What is upper managements role for a penetration test?

27 Class Discussion Why do you think the government does not define a common law for computer-related crimes, rather than allowing each state to address these issues?

28 Fundamentals Ethical Hacking in a Nutshell -Must have a good understanding of networks & computer technology. -Must be able to communicate with management & IT personnel. -Must have an understanding of the laws that apply to your location. -Must be able to apply the necessary tools to perform your tasks.

29 Fundamentals Professional Certifications Certified Ethical Hacker (CEH) Cisco Certified Network Associate (CCNA) Project Management Professional (PMP) Certified Information Systems Security Professional (CISSP)

30 Fundamentals Careers

31 Fundamentals CEH 22 Domains

32 Tools Backtrack 5r3 Ubuntu Linux Distribution providing a comprehensive collection of security-related tools for digital forensics and pen testing use. http://www.backtrack-linux.org/downloads/

33 Tools Kali Linux (a.k.a. Backtrack 6) A debian Linux Distribution rewritten from Backtrack. Preinstalled with numerous penetration- testing programs, including nmap (a port scanner), Wireshark (a packet analyzer), John the Ripper (a password cracker), and Aircrack-ng (a software suite for penetration-testing wireless LANs). http://www.kali.org/downloads

34 Tools Metasploitable 2.0 Intentionally vulnerable Linux virtual machine. http://www.offensive-security.com/metasploit-unleashed/Metasploitable http://sourceforge.net/projects/metasploitable/files/Metasploitable2/

35 Tools Damn Vulnerable Linux (DVL) 1.5 Infectious Disease Originally formed from Slackware with the goal of being an intentionally vulnerable system for practice/teaching purposes in regards to Network and Computer Security. Now considered discontinued. http://distrowatch.com/table.php?distribution=dvl http://download.vulnhub.com/dvl/DVL_1.5_Infectious_Disease.iso

36 General Security Resources Cyber Hui http://www.cyberhui.org/ Cyber Hui is a community of Hawaii Cyber security professionals dedicated to sharing skills and knowledge with high school and college students. Join the Hui; check out their resources and discussion forums. SANS Institute http://www.sans.org/ Source for information security training and security certification; develops, maintains, and makes available at no cost, a collection of research documents about various aspects of information security. Find whitepapers here that interest you. Symantec Connect http://www.securityfocus.com/ Technical community for Symantec customers, end-users, developers, and partners. SearchSecurity http://searchsecurity.techtarget.com/ Online Information Security Magazine providing immediate access to late breaking industry news, virus alerts, new hacker threats and attacks. Internet Storm Center https://isc.sans.edu/forums/Diary+Discussions/ Community forums, discussions, and daily podcasts on auditing, forensics, network security, pen testing.

37 General Security Resources CyberPatriot http://www.uscyberpatriot.org/CP5/Training.aspx Air Force Cyber Defense Competition.

38 General Security Resources IASE http://iase.disa.mil/policy-guidance/ Most comprehensive compilation of DoD Policies & Guidance documentation for Information Assurance.

39 Review Questions Question #1 The U.S. Department of Justice defines a hacker as which of the following? a.A person who accesses a computer or network without the owners permission. b.A penetration tester. c.A person who uses telephone services without payment. d.A person who accesses a computer or network with the owners permission.

40 Review Questions Question #1 The U.S. Department of Justice defines a hacker as which of the following? a.A person who accesses a computer or network without the owners permission. b.A penetration tester. c.A person who uses telephone services without payment. d.A person who accesses a computer or network with the owners permission.

41 Review Questions Question #2 A penetration tester is which of the following? a.A person who accesses a computer or network without permission from the owner. b.A person who uses telephone services without payment. c.A security professional whos hired to hack into a network to discover vulnerabilities. d.A hacker who accesses a system without permission but does not delete or destroy files.

42 Review Questions Question #2 A penetration tester is which of the following? a.A person who accesses a computer or network without permission from the owner. b.A person who uses telephone services without payment. c.A security professional whos hired to hack into a network to discover vulnerabilities. d.A hacker who accesses a system without permission but does not delete or destroy files.

43 Review Questions Question #3 Some experienced hackers refer to inexperienced hackers who copy or use prewritten scripts or programs as which of the following? a.Script Monkey b.Packet Kiddies. c.Packet Monkeys. d.Script Kiddies.

44 Review Questions Question #3 Some experienced hackers refer to inexperienced hackers who copy or use prewritten scripts or programs as which of the following? a.Script Monkey b.Packet Kiddies. c.Packet Monkeys. d.Script Kiddies.

45 Review Questions Question #4 A team composed of people with varied skills who attempt to penetrate a network is referred to as which of the following? a.Green Team b.Blue Team c.Black Team d.Red Team

46 Review Questions Question #4 A team composed of people with varied skills who attempt to penetrate a network is referred to as which of the following? a.Green Team b.Blue Team c.Black Team d.Red Team

47 Review Questions Question #5 What portion of your ISP contract might affect your ability to conduct a penetration test over the internet? a.Scanning Policy b.Port Access Policy c.Acceptable Use Policy d.Warranty Policy

48 Review Questions Question #5 What portion of your ISP contract might affect your ability to conduct a penetration test over the internet? a.Scanning Policy b.Port Access Policy c.Acceptable Use Policy d.Warranty Policy

49 Review Questions Question #6 Which federal law prohibits unauthorized access of classified information? a.Computer Fraud and Abuse Act, Title 18 b.Electronic Communication and Abuse Act c.Stored Wire and Electronic Communications and Transactional Records Act d.Fourth Amendment

50 Review Questions Question #6 Which federal law prohibits unauthorized access of classified information? a.Computer Fraud and Abuse Act, Title 18 b.Electronic Communication and Abuse Act c.Stored Wire and Electronic Communications and Transactional Records Act d.Fourth Amendment

51 Review Questions Question #7 Which federal law prohibits intercepting any communication, regardless of how it was transmitted? a.Computer Fraud and Abuse Act, Title 18 b.Electronic Communication and Abuse Act c.Stored Wire and Electronic Communications and Transactional Records Act d.Fourth Amendment

52 Review Questions Question #7 Which federal law prohibits intercepting any communication, regardless of how it was transmitted? a.Computer Fraud and Abuse Act, Title 18 b.Electronic Communication and Abuse Act c.Stored Wire and Electronic Communications and Transactional Records Act d.Fourth Amendment

53 Review Questions Question #8 Which federal law amended Chapter 119 of Title 18, U.S. Code? a.Computer Fraud and Abuse Act, Title 18 b.Electronic Communication and Abuse Act c.Stored Wire and Electronic Communications and Transactional Records Act d.U.S. Patriot Act, Sec. 217: Interception of Computer Trespasser Communications

54 Review Questions Question #8 Which federal law amended Chapter 119 of Title 18, U.S. Code? a.Computer Fraud and Abuse Act, Title 18 b.Electronic Communication and Abuse Act c.Stored Wire and Electronic Communications and Transactional Records Act d.U.S. Patriot Act, Sec. 217: Interception of Computer Trespasser Communications

55 Review Questions Question #9 To determine whether scanning is illegal in your area, you should do which of the following? a.Refer to the U.S. code b.Refer to the U.S. Patriot Act c.Refer to the state laws d.Contact your ISP

56 Review Questions Question #9 To determine whether scanning is illegal in your area, you should do which of the following? a.Refer to the U.S. code b.Refer to the U.S. Patriot Act c.Refer to the state laws d.Contact your ISP

57 Review Questions Question #10 As a security tester, what should you do before installing hacking software on your computer? a.Check with local law enforcement agencies. b.Contact your hardware vendor. c.Contact your software vendor. d.Contact your ISP.

58 Review Questions Question #10 As a security tester, what should you do before installing hacking software on your computer? a.Check with local law enforcement agencies. b.Contact your hardware vendor. c.Contact your software vendor. d.Contact your ISP.

59 Review Questions Question #11 Before using hacking software over the Internet, you should contact which of the following? a.Your ISP. b.Your vendor. c.Local law enforcement authorities to check for compliance d.The FBI

60 Review Questions Question #11 Before using hacking software over the Internet, you should contact which of the following? a.Your ISP. b.Your vendor. c.Local law enforcement authorities to check for compliance d.The FBI

61 Review Questions Question #12 Which organization issues the Top 20 list of current network vulnerabilities? a.SANS Institute b.ISECOM c.EC-Council d.OPST

62 Review Questions Question #12 Which organization issues the Top 20 list of current network vulnerabilities? a.SANS Institute b.ISECOM c.EC-Council d.OPST

63 OS Vulnerabilities Windows How do we deal with this?

64 OS Vulnerabilities Windows -OSs contain serious vulnerabilities that attackers can exploit. -Default installations are especially at risk. How do we deal with this? -Reducing our attack surface. -Disable, reconfigure, uninstall unnecessary services. -Employ System Hardening techniques. -Monitor new vulnerabilities / automatic updates. -Periodic assessment / scans. -Patch.

65 OS Vulnerabilities CVE search on NVD http://www.cve.mitre.org/cve/index.html http://web.nvd.nist.gov/view/vuln/search?execution=e2s1

67 OS Vulnerabilities Windows File Systems Purpose is to store and manage information. File Allocation Table (FAT): Standard File System for most removable media. Why would using FAT in a multiuser environment be considered a critical vulnerability? 512 B = 1 sector 1 cluster = smallest allocated unit for a file

68 OS Vulnerabilities Windows File Systems Purpose is to store and manage information. File Allocation Table (FAT): Standard File System for most removable media. Why would using FAT in a multiuser environment be considered a critical vulnerability? Because FAT doesnt support file-level access control lists (ACLs)! 512 B = 1 sector 1 cluster = smallest allocated unit for a file

69 OS Vulnerabilities Windows File Systems New Technology File System (NTFS): Supports larger files and disk volumes while addressing security through ACLs and FS journaling. Alternate Data Streams (ADSs) is a NTFS feature used for compatibility with the old Apple Hierarchical File System, using both data forks (contents of documents), and resource forks (file type identification) to store data. Why are ADSs considered a security risk?

70 OS Vulnerabilities Windows File Systems New Technology File System (NTFS): Supports larger files and disk volumes while addressing security through ACLs and FS journaling. Alternate Data Streams (ADSs) is a NTFS feature used for compatibility with the old Apple Hierarchical File System, using both data forks (contents of documents), and resource forks (file type identification) to store data. Why are ADSs considered a security risk? ADSs make it possible for hackers who want to hide & store, exploitation tools, and other malicious files on compromised systems.

71 OS Vulnerabilities Windows File Systems New Technology File System (NTFS): Tools used for detecting ADSs -- LADS http://www.heysoft.de/en/software/lads.php Program lists all alternate data streams of an NTFS directory. lns http://ntsecurity.nu/toolbox/lns LNS is a tool that searches for NTFS streams (aka alternate data streams or multiple data streams). Tripwire http://www.tripwire.com/ Enterprise Vulnerability Management Solution using signatures to find vulnerabilities. dir /r Command Prompt (cmd) Command used from the directory you want to display and ADSs available in Windows Vista and later.

72 OS Vulnerabilities Windows File Systems New Technology File System (NTFS): Using LADS & lns to detect ADSs. LADS - Freeware version 4.00 (C) Copyright 1998-2004 Frank Heyne Software (http://www.heysoft.de) This program lists files with alternate data streams (ADS) Use LADS on your own risk!http://www.heysoft.de Scanning directory C: size ADS in file ---------- --------------------------------- Error 32 opening C:\pagefile.sys The following summary might be incorrect because there was at least one error! 0 bytes in 0 ADS listed LADS - Freeware version 4.00 (C) Copyright 1998-2004 Frank Heyne Software (http://www.heysoft.de) This program lists files with alternate data streams (ADS) Use LADS on your own risk!http://www.heysoft.de Scanning directory C:\compaq size ADS in file ---------- --------------------------------- 32768 C:\compaq\test_file:ipeye.exe 32768 C:\compaq\test_file2:klogger.exe 143360 C:\compaq\test_file3:psexec.exe 86016 C:\compaq\test_file4:pslist.exe 294912 bytes in 4 ADS listed Compromised System lns 1.0 - (c) 2002, Arne Vidstrom ([email protected]) - http://ntsecurity.nu/toolbox/lns/ c:\compaq\test_file - Alternative data stream [:ipeye.exe:$DATA] c:\compaq\test_file2 - Alternative data stream [:klogger.exe:$DATA] c:\compaq\test_file3 - Alternative data stream [:psexec.exe:$DATA] c:\compaq\test_file4 - Alternative data stream [:pslist.exe:$DATA][email protected]://ntsecurity.nu/toolbox/lns/ Compromised System Uncompromised System

73 OS Vulnerabilities Remote Procedure Call (RPC) Interprocess communication mechanism. Allows a computer program to cause a subroutine or procedure (program) to execute in another address space (on another computer within a shared network).

74 OS Vulnerabilities Remote Procedure Call (RPC) http://technet.microsoft.com/en-us/security/bulletin/

75 OS Vulnerabilities Remote Procedure Call (RPC)

76 OS Vulnerabilities http://www.microsoft.com/technet/security/tools/mbsahome.mspx/

77 OS Vulnerabilities

78 OS Vulnerabilities http://www.dorkatron.com/docs/ISA330/W2%20-%20READING%20-%20MBSA%20Report%20for%20Philip%20Robbins.pdf

79 OS Vulnerabilities Network Basic Input / Output System (NetBIOS) -OSI Session Layer 5. -Software loaded into memory that allows a program to interact with a shared network resource or device. -NetBIOS frees an application from understanding the details of a network. -Still used today for ensuring backward capability. -Uses ports open to the internet: UDP/137 UDP/138 TCP/139

80 OS Vulnerabilities Network Basic Input / Output System (NetBIOS) Why is NetBIOs over TCP/IP considered a security risk?

81 OS Vulnerabilities Network Basic Input / Output System (NetBIOS) Why is NetBIOs over TCP/IP considered a security risk?

82 OS Vulnerabilities Network Basic Input / Output System (NetBIOS) Why is NetBIOs over TCP/IP considered a security risk? Because an attacker can gain the following information: -Computer name -Contents of the remote name cache, including IP addresses -A list of local NetBIOS names -A list of names resolved by broadcast or via WINS -Contents of the session table with the destination IP addresses

83 OS Vulnerabilities Server Message Block (SMB) -OSI Application Layer 7. -Used for sharing access to files, printers, serial ports, and misc communications between nodes on a network. -Uses TCP/445 port. -Vulnerabilities are associated with Microsofts implementation of the SMB protocol and the components it directly relies on. http://uwnthesis.wordpress.com/2013/05/29/metasploit-how-to-use-server-message-block-smb-or-file-sharing-scanning/

84 OS Vulnerabilities Common Internet File System (CIFS) -Replaces SMB but allows backward capability. -Remote File System Protocol that allows computers to share network resources over the internet.

85 OS Vulnerabilities Domain Controllers - Servers that handle authentication. - DCs using CIFS listen on the following ports: DNS (53), HTTP (80), Kerberos (88), RPC (135), NetBIOS (137 & 139), LDAP (389), HTTPS (443), SMB/CIFS (445), LDAP over SSL (636), Active Directory Global Catalog (328) - Most attackers look for DCs because they contain so much information they want to access.

86 OS Vulnerabilities Null Sessions -Allows you to connect to a remote machine without using a user name or password. -Anonymous logins. -i.e. FTP, SQL (null SA password), IPC$, etc This is the most frequently used method for network reconnaissance employed by hackers.

87 OS Vulnerabilities Buffer Overflows -Occurs when data is written to a buffer (temporary memory space) and, because of insufficient bounds checking, corrupts data in memory next to the allocated buffer. -Applications written in C & C++ are vulnerable. -Can allow attackers to run shell code.

88 OS Vulnerabilities Trojan -Non replicating type of malware. -Program that appears to perform a desired function. -Gains privileged access. -Allows remote administration (backdoors). -Creates a file server (FTP). -Drops malicious payload.

89 OS Vulnerabilities Rootkits -Installed by intruders who have gained root access. -Contains malicious Trojan binary programs. -Designed to hide and maintain privileged access. -Can reside in the kernel. -Removal becomes complicated.

90 Class Discussion What are the benefits of using passwords as an authentication method? Why can it be considered a weakness / vulnerability?

91 Class Discussion What are the benefits of using passwords as an authentication method? Cost effective and disposable. Why can it be considered a weakness / vulnerability? What you know v.s. what you are or what you have. A username and password is all that stands between an attacker and access.

92 OS Vulnerabilities Passwords -All users / admins should change their passwords regularly. -Establish minimum length for users (8 chars) and admins (15 chars) -Require complexity: include letters, numbers, symbols, both upper and lower case chars. -No dictionary (common) or slang words (in any language). -No connection to the user: ss#, birthdays, or names. -Never write passwords down (esp. online, through email, or store on a users computer). -Be aware of shoulder surfing. -Limit reuse of old passwords. -Set account lockout duration (i.e. timeout 30 seconds after first attempt). -Set account lockout thresholds (i.e. disable account after 3 attempts).

93 OS Vulnerabilities Passwords http://splashdata.com/press/pr121023.htm

94 OS Vulnerabilities http://www.labnol.org/internet/common-passwords-to-avoid/14136/

95 Vulnerability Scanners eEye Retina http://www.eeye.com/

96 Vulnerability Scanners Tenable Nessus http://www.tenable.com/products/nessus

97 Vulnerability Scanners GFI Languard http://www.gfi.com/products-and-solutions/network-security-solutions/gfi-languard

98 Vulnerability Scanners OpenVAS http://www.openvas.org/

99 Patch Scanners HFNetchk & Shavlik -Created by Mark Shavlik. -MBSA is based on HFNetchk. -Shavlik for Patch Management. http://www.shavlik.com/

100 Patch Scanners Microsofts System Management Server (SMS) -Patch Management for all computers on your network. http://www.microsoft.com/en-us/server-cloud/system-center/configuration-manager-2012.aspx

101 Patch Scanners Windows Software Update Services (WSUS) -Patch Management from the network. -WSUS downloads patches and publishes them internally. -Control over which updates are deployed. http://technet.microsoft.com/en-us/windowsserver/bb332157.aspx

102 OS Vulnerabilities System Hardening -Patch all known vulnerabilities (automatic updates v.s. patch testing). -Remove unwanted services. -Enforce password complexity & policies. -Removed unused user accounts. -Configure and manage user privileges. -Implement an Antivirus Solution. -Enable logging / monitoring tools. -Closed unused open network ports: FTP (20, 21), TFTP (69), Telnet (23), DNS (53), NNTP (119), NetBIOS (135, 137, 138, 139, 445), RDP (3389), SNMP (161, 162), RPC (1025-1039)

103 OS Vulnerabilities *nix

104 Class Discussion Why do you think people believe windows is more vulnerable than *nix OSs?

105 Class Discussion Why do you think people believe windows is more vulnerable than *nix OSs? Because a majority of people use windows, most attackers focus on compromising that OS. Why do you think only 1% of all desktop users use Linux?

106 Class Discussion Why do you think only 1% of all desktop users use Linux? Even if Grandma knew about the alternative, (i) would she even prefer it, and (ii) is she capable?

107 OS Vulnerabilities *nix Samba - Free software. - *nix servers can share resources with Windows clients, and vice versa without prejudice. - Designed to trick Windows resources into believing that *nix resources are Windows resources. http://www.samba.org/

108 OS Vulnerabilities Samba - Search NVD for *nix vulnerabilities related to samba.

109 Embedded OS Vulnerabilities What are Embedded Systems? Any computer system that isnt a general-purpose PC. What are Embedded Operating Systems? Embedded Systems that include their own operating system, including stripped-down versions of commonly used OSs. What are some examples of embedded systems that contain embedded Oss?

110 Embedded OS Vulnerabilities Things to keep in mind: Dont underestimate the security risks associated with embedded systems simply because theyre small, perform simple tasks, or the belief that no one would bother attacking them. Embedded OSs are networked and are everywhere (think about Critical Infrastructure & SCADA). Many of the vulnerabilities seen in common OSs directly carry over. Coding of the OS and patching can be difficult due to memory Constraints. How do you patch a PIC16F877?

111 Embedded OS Vulnerabilities W32.Stuxnet -Identified in 2010. -Considered first cyber weapon. -Affected Supervisory Control and Data Acquisition Systems (SCADA) and Programmable Logic Controllers (PLC) within IRANS nuclear enrichment facilities.

112 Embedded OS Vulnerabilities Android

113 Embedded OS Vulnerabilities Android http://www.wtop.com/1253/3433568/Govt-warns-Android-vulnerable-to-mobile-hacks

114 Class Discussion What are some of the vulnerabilities associated with embedded devices like smart phones? What are the risks?

116 Embedded OS Vulnerabilities

117 Embedded OS Vulnerabilities

118 Class Tools Vulnerable targets Practice researching and identifying vulnerabilities within our isolated test environment. localhost user: root password: toor localhost user: Administrator password: password

119 Review Questions Question #1 MBSA performs which of the following security checks? a.Security update checks. b.IIS checks. c.System time checks. d.Computer logon checks.

120 Review Questions Question #1 MBSA performs which of the following security checks? a.Security update checks. b.IIS checks. c.System time checks. d.Computer logon checks.

121 Review Questions Question #2 Which ports should be filtered out to protect a network from SMB attacks? a.134 to 138 and 445. b.135, 139, and 443. c.137 to 139 and 445. d.53 and 445.

122 Review Questions Question #2 Which ports should be filtered out to protect a network from SMB attacks? a.134 to 138 and 445. b.135, 139, and 443. c.137 to 139 and 445. d.53 and 445.

123 Review Questions Question #3 Applications written in which programming language(s) are especially vulnerable to buffer overflow attacks? a.C b.Perl c.C++ d.Java

124 Review Questions Question #3 Applications written in which programming language(s) are especially vulnerable to buffer overflow attacks? a.C b.Perl c.C++ d.Java

125 Review Questions Question #4 Which of the following is the most efficient way to determine which OS a company is using? a.Run Nmap or other port-scanning programs. b.Use the whois database. c.Install a sniffer on the companys network segment. d.Call the company and ask.

126 Review Questions Question #4 Which of the following is the most efficient way to determine which OS a company is using? a.Run Nmap or other port-scanning programs. b.Use the whois database. c.Install a sniffer on the companys network segment. d.Call the company and ask.

127 Review Questions Question #5 Which program can detect rootkits on *nix systems? a.chkrootkit b.rktdetect c.SELinux d.Ionx

128 Review Questions Question #5 Which program can detect rootkits on *nix systems? a.chkrootkit b.rktdetect c.SELinux d.Ionx

129 Review Questions Question #6 Which of the following doesnt use an embedded OS? a.An ATM b.A workstation running Windows Vista Business c.A NAS device running Windows Server 2008 R2 d.A slot machine

130 Review Questions Question #6 Which of the following doesnt use an embedded OS? a.An ATM b.A workstation running Windows Vista Business c.A NAS device running Windows Server 2008 R2 d.A slot machine

131 Review Questions Question #7 Which of the following is a major challenge of securing embedded OSs? a.Training users b.Configuration c.Patching d.Backup and recovery

132 Review Questions Question #7 Which of the following is a major challenge of securing embedded OSs? a.Training users b.Configuration c.Patching d.Backup and recovery

133 Review Questions Question #8 SCADA systems are used for which of the following? a.Monitoring embedded OSs b.Monitoring ATM access codes c.Monitoring equipment in large-scale industries d.Protecting embedded OSs from remote attacks

134 Review Questions Question #8 SCADA systems are used for which of the following? a.Monitoring embedded OSs b.Monitoring ATM access codes c.Monitoring equipment in large-scale industries d.Protecting embedded OSs from remote attacks

135 Review Questions Question #9 (last one) Cell phone vulnerabilities make it possible for attackers to do which of the following? (Choose all that apply.) a.Use your phone as a microphone to eavesdrop on meetings. b.Install a BIOS-based rootkit. c.Clone your phone to make illegal long-distance phone calls. d.Listen to your phone concersations.

136 Review Questions Question #9 (last one) Cell phone vulnerabilities make it possible for attackers to do which of the following? (Choose all that apply.) a.Use your phone as a microphone to eavesdrop on meetings. b.Install a BIOS-based rootkit. c.Clone your phone to make illegal long-distance phone calls. d.Listen to your phone concersations.

137 Quiz #1 Multiple choice, closed book, closed notes.

138 Questions? [email protected] www2.hawaii.edu/~probbins https://www.dorkatron.com/docs/CMGT441/

CMGT/441 Intro. to Information Systems Security Management Philip Robbins – November 21, 2013...

Documents

Transcript of CMGT/441 Intro. to Information Systems Security Management Philip Robbins – November 21, 2013...