Common System Exploits Tom Chothia Computer Security, Lecture 17.

Slides:



Advertisements
Similar presentations
Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)
Advertisements

 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,
Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University.
CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.
Intrusion Detection Systems By: William Pinkerton and Sean Burnside.
System Security Scanning and Discovery Chapter 14.
System and Network Security Practices COEN 351 E-Commerce Security.
Computer Security and Penetration Testing
INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.
Penetration Testing.
Port Knocking Software Project Presentation Paper Study – Part 1 Group member: Liew Jiun Hau ( ) Lee Shirly ( ) Ong Ivy ( )
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
1 Infrastructure Hardening. 2 Objectives Why hardening infrastructure is important? Hardening Operating Systems, Network and Applications.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
AIS, Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)
Malware  Viruses  Virus  Worms  Trojan Horses  Spyware –Keystroke Loggers  Adware.
Honeypot and Intrusion Detection System
Common Cyber Defenses Tom Chothia Computer Security, Lecture 18.
CIS 450 – Network Security Chapter 3 – Information Gathering.
Firewalls Nathan Long Computer Science 481. What is a firewall? A firewall is a system or group of systems that enforces an access control policy between.
1 CHAPTER 3 CLASSES OF ATTACK. 2 Denial of Service (DoS) Takes place when availability to resource is intentionally blocked or degraded Takes place when.
Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.
Network Assessment How intrusion techniques contribute to system/network security Network and system monitoring System mapping Ports, OS, applications.
Distributed Denial of Service Attacks Shankar Saxena Veer Vivek Kaushik.
1 Figure 4-1: Targeted System Penetration (Break-In Attacks) Host Scanning  Ping often is blocked by firewalls  Send TCP SYN/ACK to generate RST segments.
CIS 450 – Network Security Chapter 14 – Specific Exploits for UNIX.
Securing the Network Infrastructure. Firewalls Typically used to filter packets Designed to prevent malicious packets from entering the network or its.
BY SYDNEY FERNANDES T.E COMP ROLL NO: INTRODUCTION Networks are used as a medium inorder to exchange data packets between the server and clients.
Security and Assurance in IT organization Name: Mai Hoang Nguyen Class: INFO 609 Professor: T. Rohm.
Computer Security By Duncan Hall.
Web Security Firewalls, Buffer overflows and proxy servers.
Role Of Network IDS in Network Perimeter Defense.
“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.
Computer Security Sample security policy Dr Alexei Vernitski.
Securing a Host Computer BY STEPHEN GOSNER. Definition of a Host  Host  In networking, a host is any device that has an IP address.  Hosts include.
Penetration Testing By Blaze Sterling. Roadmap What is Penetration Testing How is it done? Penetration Testing Tools Kali Linux In depth included tools.
Unit 2 Personal Cyber Security and Social Engineering Part 2.
 Terms:  “Security”: is a system’s ability to provide services while maintaining the five IA pillars  “Attack”: an action that violates one of the.
SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #
General Information: This document was created for use in the "Bridges to Computing" project of Brooklyn College. You are invited and encouraged to use.
Lecture 19 Page 1 CS 236 Online 6. Application Software Security Why it’s important: –Security flaws in applications are increasingly the attacker’s entry.
Microsoft OS Vulnerabilities April 1, 2010 MIS 4600 – MBA © Abdou Illia.
Chapter 40 Internet Security.
Seminar On Ethical Hacking Submitted To: Submitted By:
Top 5 Open Source Firewall Software for Linux User
Working at a Small-to-Medium Business or ISP – Chapter 8
Footprinting and Scanning
Chapter 6 Application Hardening
Common Methods Used to Commit Computer Crimes
The Linux Operating System
Instructor Materials Chapter 7 Network Security
Backdoor Attacks.
Secure Software Confidentiality Integrity Data Security Authentication
EN Lecture Notes Spring 2016
Click to edit Master subtitle style
Firewall – Survey Purpose of a Firewall Characteristic of a firewall
Answer the questions to reveal the blocks and guess the picture.
Footprinting and Scanning
Security in Networking
6.6 Firewalls Packet Filter (=filtering router)
Unit 27: Network Operating Systems
Digital Pacman: Firewall Edition
Information Security Session October 24, 2005
The Siphon Project An Implementation of Stealth Target Acquisition & Information Gathering Methodologies Introduction: Introduce self, Chris introduce.
Topic 5: Communication and the Internet
Chapter 27: System Security
Designing IIS Security (IIS – Internet Information Service)
Session 20 INST 346 Technologies, Infrastructure and Architecture
6. Application Software Security
Presentation transcript:

Common System Exploits Tom Chothia Computer Security, Lecture 17

This talk: Common Remote Exploitation Techniques How does an attacker end up running the metsploit attack we sure last week against your system? Footprinting Scanning and Enumeration Exploiting services After gaining access

Wi-Fi A Typical Business Network WebServer Comp1 DataBase … Server SSH/RDP Web Proxy … Comp2

Wi-Fi What are the attack vectors? WebServer Comp1 DataBase … Server SSH/RDP Web Proxy … Comp2

Footprinting Find out as much as possible about the business’s footprint. –What does it do? –What does it provide for its employees? –What IP addresses does it use? –How does user contact support? Lots of this information is on a companies website.

Footprinting Web searchers for the company can also provide a lot of information. WHOIS and DNS lookup will tell an attacker all the IP address range used by a business. traceroute may reveal the IP address of routers. –These routers may use default passwords

Scanning and Enumeration Find out what services are running What version of each services. What operating system.

nmap nmap is a network mapping tool. It can tell you want ports are open. It will try to guess the service. By default does TCP on low ports only. –Can also do UDP and any ports.

The Internet Protocol Packet

Nmap nmap a

The Internet Protocol Packet

Fingerprint What is the OS? Different OS will set different values in the IP &TCP packets. –TCP sequence number –IP packet time to live. Find OS with nmap –A or namp -O

Nmap o

Check for default logins Are any services using the default passwords? e.g. ssh is used for remote login (port 22) Default password for jail broken iPhones was “alpine” (big attack on iPhones this time last year).

Footprinting and Scanning Ensure that as little information about the company appears publically. –Password protect parts of the website External attacker can always find the IPs and open ports on the public computers. In the worst case they can find the entire network architecture. Internal attackers are harder to stop

Check for Public Files NetBios: Network Basic Input/Output System For sharing files across a network. Does the user have any public readable files? smbclient -L host -I IP address

Search for Known Exploits There are many databases of vulnerabilities on the web e.g

e.g. tomcat.

Search for Known Exploits Finding and “weaponizing” a buffer overflow can take 6 months for a team of experts. So most hacker “script kiddies” use exploit code someone else has written. You are much more likely to be attacked via a known exploit, than a new one.

Metasploit Metaspliot is a framework to perform memory attacks and deliver payloads –You select the module for the exploit. –The payload is the “arbitrary code” the victim system will run. The legitimate use of Metasploit is to test your own system for weaknesses. Never run it against a system you don’t own, without written permission.

Metasploit attack demo Metasploit scan Metainterpter.

What an attack might do once they have access. Steal password file. Create new user accounts and back doors. Replace existing libraries and application with malware. Log key strokes. Send Spam Performs DoS attacks …

Defenses: Intrusion Detection Systems A good system administrators will monitor their network. IDSs look at all packets (like wireshark) and report suspicious behavior. Can catch nmap and metasploit. E.g. Snort:

Anti-Virus Anti-Virus products scan the computer for known malware. Can also scan . Only as good as the last update. Can be disabled by an attacker with admin access.

Defenses: Firewalls Firewalls can block most Internet traffic. May be on the computer or built into a router. Could for example block all traffic not on port 80. –Would stop the attack in this talk. Can’t firewall services used by outside world.

Defenses: Fast Patches Most importantly of all Make sure all security patches are installed immediately. There is almost always a patch to stop any well known exploit.

Top Defenses: 1.Apply patches 2.Firewall 3.Anti-Virus 4.Intrusion Detection Systems 5.Check file hashes 6.Good password and user policies First 2 should be fine for Linux or Mac, first 3 for windows. All 6 if you are a sys. admin.

Conclusion Attackers will: Scan your machines, Identify the services running, Try to use known exploits against these services. Defend the system: Monitor for attacks, e.g. Anti-virus, Firewall to block unused ports, Apply Security Patches a.s.a.p

Next Lecture: Trusted Computing: Using hardware to provide security and control remote computers.