Why ha.ckers. org doesn’t get hacked. Who we are. James Flom (id) COO SecTheory Ltd

Slides:



Advertisements
Similar presentations
Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)
Advertisements

For Developmental Services Financial Group (DSFG)
ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
Cosc 4765 Network Security: Routers, Firewall, filtering, NAT, and VPN.
Intrusion Detection Systems By: William Pinkerton and Sean Burnside.
CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.
Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.
Introduction to Firewall Technologies. Objectives Upon completion of this course, you will be able to: Understand basic concepts of network security Master.
How do Networks work – Really The purposes of set of slides is to show networks really work. Most people (including technical people) don’t know Many people.
N ETWORK S ECURITY Presented by: Brent Vignola. M ATERIAL OVERVIEW … Basic security components that exist in all networks Authentication Firewall Intrusion.
Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.
Security Forum 2001John Kristoff - DePaul University1 Network Firewalls John Kristoff DePaul University Chicago, IL
Security Awareness: Applying Practical Security in Your World
Firewall Raghunathan Srinivasan October 30, 2007 CSE 466/598 Computer Systems Security.
Web server security Dr Jim Briggs WEBP security1.
Proxy Servers CS-480b Dick Steflik Proxy Servers Part of an overall Firewall strategy Sits between the local network and the external network Originally.
A Guide to major network components
Computer Network (MASQ/NAT/PROXY)
COEN 252: Computer Forensics Router Investigation.
Firewall and Proxy Server Director: Dr. Mort Anvari Name: Anan Chen Date: Summer 2000.
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.
1 Computer Security: Protect your PC and Protect Yourself.
Cloud Computing How secure is it? Author: Marziyeh Arabnejad Revised/Edited: James Childress April 2014 Tandy School of Computer Science.
Chapter 8 PIX Firewall. Adaptive Security Algorithm (ASA)  Used by Cisco PIX Firewall  Keeps track of connections originating from the protected inside.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Csci5233 Computer Security1 Bishop: Chapter 27 System Security.
Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.
Honeypot and Intrusion Detection System
0Gold 11 0Gold 11 LapLink Gold 11 Firewall Service How Connections are Created A Detailed Overview for the IT Manager.
P RESENTED B Y - Subhomita Gupta Roll no: 10 T OPICS TO BE DISCUSS ARE : Introduction to Firewalls  History Working of Firewalls Needs Advantages and.
Windows 7 Firewall.
Denial-of-Service Attacks Justin Steele Definition “A "denial-of-service" attack is characterized by an explicit attempt by attackers to prevent legitimate.
Firewall Technologies Prepared by: Dalia Al Dabbagh Manar Abd Al- Rhman University of Palestine
CSC 382: Computer SecuritySlide #1 Firewalls. CSC 382: Computer SecuritySlide #2 Single Host Firewall Simplest type of firewall—one host acts as a gateway.
Lecture 16 Page 1 Advanced Network Security Perimeter Defense in Networks: Virtual Private Networks Advanced Network Security Peter Reiher August, 2014.
Network Security Technologies CS490 - Security in Computing Copyright © 2005 by Scott Orr and the Trustees of Indiana University.
Network Security Chapter 11 powered by DJ 1. Chapter Objectives  Describe today's increasing network security threats and explain the need to implement.
Securing the Network Infrastructure. Firewalls Typically used to filter packets Designed to prevent malicious packets from entering the network or its.
1 OFF SYMB - 12/7/2015 Firewalls Basics. 2 OFF SYMB - 12/7/2015 Overview Why we have firewalls What a firewall does Why is the firewall configured the.
Operating Systems Security
Overview of Firewalls. Outline Objective Background Firewalls Software Firewall Hardware Firewall Demilitarized Zone (DMZ) Firewall Types Firewall Configuration.
Firewall Technology and InterCell Communication Peter T. Dinsmore Trusted Information Systems Network Associates Inc 3060 Washington Rd (Rt. 97) Glenwood,
Role of Router. The Router as a Perimeter Device  Usually the main function of a router is considered as the forwarding of packets between two network.
Joe Budzyn Jeff Goeke-Smith Jeff Utter. Risk Analysis  Match the technologies used with the security need  Spend time and resources covering the most.
Internet Flow By: Terry Hernandez. Getting from the customers computer onto the internet Internet Browser
Securing a Host Computer BY STEPHEN GOSNER. Definition of a Host  Host  In networking, a host is any device that has an IP address.  Hosts include.
Maryknoll Wireless Network Access Steps for Windows 7 As of Aug 20, 2012.
SMOOTHWALL FIREWALL By Nitheish Kumarr. INTRODUCTION  Smooth wall Express is a Linux based firewall produced by the Smooth wall Open Source Project Team.
Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.
Windows Vista Configuration MCTS : Network Security.
Chapter 8.  Upon completion of this chapter, you should be able to:  Understand the purpose of a firewall  Name two types of firewalls  Identify common.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Access Control Lists Accessing the WAN – Chapter 5.
NAT、DHCP、Firewall、FTP、Proxy
Top 5 Open Source Firewall Software for Linux User
Working at a Small-to-Medium Business or ISP – Chapter 8
Click to edit Master subtitle style
Firewall – Survey Purpose of a Firewall Characteristic of a firewall
Introduction to Networking
Firewalls Routers, Switches, Hubs VPNs
Web Privacy Chapter 6 – pp 125 – /12/9 Y K Choi.
Firewalls Jiang Long Spring 2002.
Network hardening Chapter 14.
Firewalls Chapter 8.
AbbottLink™ - IP Address Overview
IP Control Gateway (IPCG)
Designing IIS Security (IIS – Internet Information Service)
Implementing Firewalls
Presentation transcript:

Why ha.ckers. org doesn’t get hacked

Who we are. James Flom (id) COO SecTheory Ltd

Just a little faith… Date: May 31, :34AM I know we will get hacked one day - it's a certainty. It's something I've come to terms with well before I even had a blog. You can't go through life fearing the inevitable. At the same time I do all I can to protect the site, given what it needs to do. There are a few holes in the site that I know of that would limit my own ability to function. I've been hardening those more as time goes on, but ultimately, it will take time (that I don't have) to make it iron clad. - RSnake

In the beginning… RSnake: “Hey id, you’ve got a server, want to host this ha.ckers.org site for me?” Uh, sure…

Stories! Imagecrash (343k) Drive from SB to SF First Slashdot First Reddit ISP shutdown (2x)

/.

ha.ckers get’s a new home in Pleasonton, CA Hanging on a shelf in a 90⁰ garage…

ha.ckers get’s a new home in TX The ClickForensics telco closet of doom No pics, sorry 

ha.ckers get’s a 2nd new home in TX Heat issues part 1 Stupid string/handle Power bill not paid Leaf Blower of Doom A little bit of B&E

ha.ckers gets a 3rd new home in TX Heat issues part 2… Free AV! Slowloris/DoS Tile saw of doom

ha.ckers gets a 4th new home in TX Don’t bump picture

Idiots Abound… I AM FURIOUS!!!!!!!!! One of your associates, ha.ckers.org has given me a virus. When ever i click on a link a box pops up saying a bunch of jibber jab but it does say: Host: Ha.ckers.org. Unless you and ha.ckers.org do not want to be sued you better figure out a way to get the virus you guys created off my computer pronto!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! - Melissa Shaw

The Network

Network Features Firewall PF (OpenBSD) – Redirects traffic similar to a Cisco “static” translation – No egress traffic allowed from DMZ – Out interface ACL philosophy – DoS protection Floods Slowloris style attacks – Network separation Admin traffic never traverses the DMZ network.

Who are you? Do you have a permitted source IP to connect to the firewall? Do you have the correct cert? Do you have a user/pass (SSH) Do you have a permitted source IP to connect to the administrative proxy? Do you have the right URL path? Do you have a user/pass for.htaccess? Do you have authentication to the application? Will the browser allow the connection (Robert’s Preso)?

I don’t trust you

Going to jail

OS Security Can only access the administrative interfaces via secure admin network/bastion host Jails are mounted read only – even if compromised they cannot be rootkitted Only have to upgrade the Base Jail No real users live in the jails – files owned by no known user to the jailed OS No binaries not needed by the jails are in the Base Jail

Logging Everything that can log does log All logs are aggregated to log host that is not reachable by any DMZ host OSSEC used to aggregate and monitor logs with custom rules Logs are off the host and onto the log host as they are generated Forensics are done every day

New Generation Network Switched to relayd – OpenBSD implementation – SSL acceleration so packets can be read on the egress Each virtual interface gets it’s own network stack and firewall ruleset

Next Generation OS Completely read only jails Unique Base Jails for each type of server Logging via UNIX socket to parent OS – nothing touches the disk Further improvements in removing unneeded software Each jail has it’s own network stack and on host firewall

ha.ckers gets a 5th new home in TX

Questions?