Introduction To ICT Security Audit OWASP Day Malaysia 2011
-
Upload
linuxmalaysia-malaysia -
Category
Documents
-
view
336 -
download
0
description
Transcript of Introduction To ICT Security Audit OWASP Day Malaysia 2011
![Page 1: Introduction To ICT Security Audit OWASP Day Malaysia 2011](https://reader034.fdocuments.net/reader034/viewer/2022051209/547b91c8b4af9f881e8b45ae/html5/thumbnails/1.jpg)
Introduction IT Audit & Assessment20 Sept 2011
OWASP Day Malaysia 2011
https://www.owasp.org/index.php/OWASP_Day_KL_2011
![Page 2: Introduction To ICT Security Audit OWASP Day Malaysia 2011](https://reader034.fdocuments.net/reader034/viewer/2022051209/547b91c8b4af9f881e8b45ae/html5/thumbnails/2.jpg)
Agenda
● Objective of The Day● Identified The Risks● Who should be involved● Where To Starts● What To Audit● When To Audit● How To Do It
![Page 3: Introduction To ICT Security Audit OWASP Day Malaysia 2011](https://reader034.fdocuments.net/reader034/viewer/2022051209/547b91c8b4af9f881e8b45ae/html5/thumbnails/3.jpg)
Objective
• Harden Our Servers• In Depth Defense
• Find the loophole• Find the zero day
![Page 4: Introduction To ICT Security Audit OWASP Day Malaysia 2011](https://reader034.fdocuments.net/reader034/viewer/2022051209/547b91c8b4af9f881e8b45ae/html5/thumbnails/4.jpg)
Risk
Only one risk – Human
To Err Is Human
![Page 5: Introduction To ICT Security Audit OWASP Day Malaysia 2011](https://reader034.fdocuments.net/reader034/viewer/2022051209/547b91c8b4af9f881e8b45ae/html5/thumbnails/5.jpg)
Its our job to find it. :-)
![Page 6: Introduction To ICT Security Audit OWASP Day Malaysia 2011](https://reader034.fdocuments.net/reader034/viewer/2022051209/547b91c8b4af9f881e8b45ae/html5/thumbnails/6.jpg)
Risks
● Not a latest Patches● Forget my password● Allow all, Deny None● Install everything● Share anything● Phishing● No backup
![Page 7: Introduction To ICT Security Audit OWASP Day Malaysia 2011](https://reader034.fdocuments.net/reader034/viewer/2022051209/547b91c8b4af9f881e8b45ae/html5/thumbnails/7.jpg)
Not The Latest Patches
● Be alert– http://www.mycert.org.my/en/
– http://www.securityfocus.com/
– http://packetstormsecurity.org/
– http://gcert.mampu.gov.my/
– http://www.cert.org/certcc.html
Internet Storm Center
– http://isc.sans.edu/
Patches Priority One
– http://www.sans.org/top-cyber-security-risks/
![Page 8: Introduction To ICT Security Audit OWASP Day Malaysia 2011](https://reader034.fdocuments.net/reader034/viewer/2022051209/547b91c8b4af9f881e8b45ae/html5/thumbnails/8.jpg)
Lab One
● Subscribe websites to Google Reader
● http://www.kb.cert.org/vuls/
![Page 9: Introduction To ICT Security Audit OWASP Day Malaysia 2011](https://reader034.fdocuments.net/reader034/viewer/2022051209/547b91c8b4af9f881e8b45ae/html5/thumbnails/9.jpg)
Forget My Password
● We will use easy password● Password must = Senang nak ingat, susah nak
teka.
● Don't leak the hash● Generate MD5 hash
– http://md5crack.com/crackmd5.php
● Crack MD5– http://isc.sans.edu/tools/reversehash.html
![Page 10: Introduction To ICT Security Audit OWASP Day Malaysia 2011](https://reader034.fdocuments.net/reader034/viewer/2022051209/547b91c8b4af9f881e8b45ae/html5/thumbnails/10.jpg)
Lab Two
● Crack this– password
– abc123
– haris
– Your own name
– Birthday date in numbers
– Birthday date in any format
![Page 11: Introduction To ICT Security Audit OWASP Day Malaysia 2011](https://reader034.fdocuments.net/reader034/viewer/2022051209/547b91c8b4af9f881e8b45ae/html5/thumbnails/11.jpg)
Allow All Deny None
● Any ports outbound open● Not proxy between LAN and Internet● Used by BOT to attack and comm with BOSS
![Page 12: Introduction To ICT Security Audit OWASP Day Malaysia 2011](https://reader034.fdocuments.net/reader034/viewer/2022051209/547b91c8b4af9f881e8b45ae/html5/thumbnails/12.jpg)
Lab Three
● Telnet– Telnet in CMD and Shell
– Port 80 GET /index.htm HTTP/1.1 and enter twice
– Port 25 helo and quit
● Visit this website– http://www.yougetsignal.com/tools/open-ports/
– http://canyouseeme.org/
![Page 13: Introduction To ICT Security Audit OWASP Day Malaysia 2011](https://reader034.fdocuments.net/reader034/viewer/2022051209/547b91c8b4af9f881e8b45ae/html5/thumbnails/13.jpg)
Install Everything
● To many patches● To many services● Only select what you want
![Page 14: Introduction To ICT Security Audit OWASP Day Malaysia 2011](https://reader034.fdocuments.net/reader034/viewer/2022051209/547b91c8b4af9f881e8b45ae/html5/thumbnails/14.jpg)
Share Everything
● Windows Share permission “every body”– Don't trust your network
● Putting files in web servers– Google BOT nyum-nyum
![Page 15: Introduction To ICT Security Audit OWASP Day Malaysia 2011](https://reader034.fdocuments.net/reader034/viewer/2022051209/547b91c8b4af9f881e8b45ae/html5/thumbnails/15.jpg)
Lab Four
● Google own name in PDF files– harisfazillah filetype:pdf
● You own IC numbers (with and without -)– Do this on your own
![Page 16: Introduction To ICT Security Audit OWASP Day Malaysia 2011](https://reader034.fdocuments.net/reader034/viewer/2022051209/547b91c8b4af9f881e8b45ae/html5/thumbnails/16.jpg)
Phishing
● The most used tactic to gain password– Email
– Phone
![Page 17: Introduction To ICT Security Audit OWASP Day Malaysia 2011](https://reader034.fdocuments.net/reader034/viewer/2022051209/547b91c8b4af9f881e8b45ae/html5/thumbnails/17.jpg)
Lab Five
● Track your organisation here– http://www.phishtank.com/
● You will never know, you are the target.● Defacement Archive
– http://www.zone-h.org/archive
![Page 18: Introduction To ICT Security Audit OWASP Day Malaysia 2011](https://reader034.fdocuments.net/reader034/viewer/2022051209/547b91c8b4af9f881e8b45ae/html5/thumbnails/18.jpg)
Break
Jom Minum
![Page 19: Introduction To ICT Security Audit OWASP Day Malaysia 2011](https://reader034.fdocuments.net/reader034/viewer/2022051209/547b91c8b4af9f881e8b45ae/html5/thumbnails/19.jpg)
?- The Management
- ICT- Me
Everybody need to be involved
Who
![Page 21: Introduction To ICT Security Audit OWASP Day Malaysia 2011](https://reader034.fdocuments.net/reader034/viewer/2022051209/547b91c8b4af9f881e8b45ae/html5/thumbnails/21.jpg)
Where To Start
● Any servers that have IP address– Public or Internal
– Heavy traffic websites and Email
● LAN– Review firewall and proxy log
– SMTP activities
– IRC bot activities
– HTTP and HTTPS requests
– Minitor network traffic
![Page 22: Introduction To ICT Security Audit OWASP Day Malaysia 2011](https://reader034.fdocuments.net/reader034/viewer/2022051209/547b91c8b4af9f881e8b45ae/html5/thumbnails/22.jpg)
Lab Seven
● Get the bootable CD● tcpdump● wireshark● Any network analysis tools
![Page 23: Introduction To ICT Security Audit OWASP Day Malaysia 2011](https://reader034.fdocuments.net/reader034/viewer/2022051209/547b91c8b4af9f881e8b45ae/html5/thumbnails/23.jpg)
When To Do It
● A must every 6 months● Any security warning
![Page 24: Introduction To ICT Security Audit OWASP Day Malaysia 2011](https://reader034.fdocuments.net/reader034/viewer/2022051209/547b91c8b4af9f881e8b45ae/html5/thumbnails/24.jpg)
Contact
http://green-osstools.blogspot.com/