Hacking Exposed 7 Network Security Secrets & Solutions Chapter 7 Remote Connectivity and VoIP Hacking 1.

Slides:



Advertisements
Similar presentations
Voice over IP Fundamentals
Advertisements

Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.
Guide to Network Defense and Countermeasures Second Edition
Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)
Chapter 10 Securing Windows Server 2008 MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration.
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 11: Planning Network Access.
MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 14: Troubleshooting Remote Connections.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 14: Windows Server 2003 Security Features.
Security Awareness: Applying Practical Security in Your World
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
NETWORKS Lauren Hickman Patrick McCamy Morgan Pace Noah Ryder.
70-270, MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Twelve Implementing Terminal.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.
Copyright Microsoft Corp Ramnish Singh IT Advisor Microsoft Corporation Secure Remote Access Challenges, Choices, Best Practices.
Chapter 11: Dial-Up Connectivity in Remote Access Designs
MCTS GUIDE TO MICROSOFT WINDOWS 7 Chapter 14 Remote Access.
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 10: Remote Access.
Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.
Week #10 Objectives: Remote Access and Mobile Computing Configure Mobile Computer and Device Settings Configure Remote Desktop and Remote Assistance for.
The Voice Security Company Kirk Vaughan Product Director –VoIP SIP Application Security.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
Guide to Operating System Security Chapter 9 Web, Remote Access, and VPN Security.
Configuring Routing and Remote Access(RRAS) and Wireless Networking
SYSTEM ADMINISTRATION Chapter 13 Security Protocols.
Chapter 7: Using Windows Servers to Share Information.
VPN AND SECURITY FLAWS Rajesh Perumal Clemson University.
Hands-On Microsoft Windows Server 2008
Chapter 13 – Network Security
Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.
1 Chapter Overview Using the New Connection Wizard to configure network and Internet connections Using the New Connection Wizard to configure outbound.
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Applied Communications Technology Voice Over IP (VOIP) nas1, April 2012 How does VOIP work? Why are we interested? What components does it have? What standards.
Dial-up, PBX, Voic , and VPN Hacking Lesson 13.
1 Week 6 – NPS and RADIUS Install and Configure a Network Policy Server Configure RADIUS Clients and Servers NPS Authentication Methods Monitor and Troubleshoot.
20411B 8: Installing, Configuring, and Troubleshooting the Network Policy Server Role Presentation: 60 minutes Lab: 60 minutes After completing this module,
OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
1 Chapter 12: VPN Connectivity in Remote Access Designs Designs That Include VPN Remote Access Essential VPN Remote Access Design Concepts Data Protection.
Module 11: Remote Access Fundamentals
Module 2: Installing and Maintaining ISA Server. Overview Installing ISA Server 2004 Choosing ISA Server Clients Installing and Configuring Firewall Clients.
1 Chapter Overview Password Protection Security Models Firewalls Security Protocols.
1 Objectives Windows Firewalls with Advanced Security Bit-Lock Update and maintain your clients using Windows Server Update Service Microsoft Baseline.
IP Security IP sec IPsec is short for Internet Protocol Security. It was originally created as a part of IPv6, but has been retrofitted into IPv4. It.
Remote Connectivity and VoIP Hacking
Guide to MCSE , Second Edition, Enhanced1 The Windows XP Security Model User must logon with: Valid user ID Password User receives access token Access.
Mario D’Silva National Technology Specialists Unified Communications UNC307.
TCOM Information Assurance Management System Hacking.
1 Week #5 Routing and NAT Network Overview Configuring Routing Configuring Network Address Translation Troubleshooting Routing and Remote Access.
Chapter 6 Remote Connectivity and VoIP Hacking Last modified
1 Chapter 13: RADIUS in Remote Access Designs Designs That Include RADIUS Essential RADIUS Design Concepts Data Protection in RADIUS Designs RADIUS Design.
4.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security.
1 Welcome to Designing a Microsoft Windows 2000 Network Infrastructure.
March 2009 Sipera Overview. 2 © 2009 Sipera Systems, Inc. All Rights Reserved. About Sipera  Leader in real-time Unified Communications (UC) security.
Dial-up, VPN and Network Devices hacking. Dial-up hacking Phone number footprinting: phone directories (on-line and CD-ROM) Wardialing (scanning): automatically.
Network customization
Chapter 7: Using Windows Servers
Working at a Small-to-Medium Business or ISP – Chapter 8
Module Overview Installing and Configuring a Network Policy Server
Securing the Network Perimeter with ISA 2004
Configuring and Troubleshooting Routing and Remote Access
Mitel Networks SX-200 ICP Sales Training Terminology.
Lesson #10 MCTS Cert Guide Microsoft Windows 7, Configuring Chapter 10 Configuring Network and Firewall Settings.
Remote Connectivity and VoIP Hacking
IS4550 Security Policies and Implementation
Network customization
Designing IIS Security (IIS – Internet Information Service)
Presentation transcript:

Hacking Exposed 7 Network Security Secrets & Solutions Chapter 7 Remote Connectivity and VoIP Hacking 1

Remote Connectivity and VoIP Hacking Dial-up Hacking PBX (Private Branch Exchange) Hacking Voic Hacking Virtual Private Network (VPN) Hacking Voice Over IP (VoIP) Attacks 2

Dial-up Hacking Preparing to Dial up Many companies still use dial-up connections – Connecting to old servers, network devices, Industrial control system (ICS) Dial-up hacking process is similar to other hacking – Footprint, scan, enumerate, exploit – Automated by tools: wardialer or demo dialer Phone number footprinting: identify blocks of phone numbers to load into a wardialer – Phone directories, target websites, Internet name registration database, manual dialing, etc. – Countermeasures: require a password to make account inquiries; sanitize sensitive information; educate employees 3

Dial-up Hacking Wardialing Hardware – Important as the software, greatly affect efficiency The number of modems, high-quality modems Legal issues – Laws about wardialing activities Identify phone lines, record calls, spoof phone numbers, etc. Peripheral costs – Long distance, international or nominal charges Software – Automated scheduling, ease of setup, and accuracy – Tools: WarVOX, TeleSweep, PhoneSweep 4

Dial-up Hacking Brute-Force Scripting - The Homegrown way Categorize the connections into penetration domains – Based on wardialing results – Experience with a large variety of dial-up servers and OS Brute-force scripting attack: ZOC, Procomm Plus, and ASPECT scripting language 5 DomainsAttacking remarks Low Hanging FruitEasily guessed or commonly used passwords Single Authentication, Unlimited AttemptsONE type of authentication (password or ID) NOT disconnect after a number of failed attempts Single Authentication, Limited AttemptsONE type of authentication (password or ID) Disconnect after a number of failed attempts Dual Authentication, Unlimited AttemptsTWO type of authentication (password and ID) NOT disconnect after a number of failed attempts Dual Authentication, Limited AttemptsTWO type of authentication (password and ID) Disconnect after a number of failed attempts

Dial-up Hacking Dial-up Security Measures 1.Inventory existing dial-up lines 2.Consolidate all dial-up connectivity to a central modem bank – Position as an untrusted connection off the internal network 3.Make analog lines harder to find 4.Verify that telecommunications equipment closets are physically secure 5.Regularly monitor existing log features within dial-up software 6.For business serving lines, do not disclose any identifying information 7.Require multi-factor authentication systems for all remote access 8.Require dial-back authentication 9.Ensure the corporate help desk is aware of the sensitivity of giving out or resetting remote access credentials 10.Centralize the provisioning of dial-up connectivity 11.Establish firm policies 12.Back to step 1 6

PBX (Private Branch Exchange) Hacking Dial-up connections to PBXes still exist – Managing method, especially by PBX vendors Hacking PBXes takes the same route as typical dial-up hacking Countermeasures: reduce the time when modems turned on; deploy multiple forms of authentication 7 PBX SystemsAttacking remarks Octel Voice Network LoginPassword is a number; by default 9999 Williams/Northern Telecom PBXRequire a user number/ four-digit numeric-only access code Meridian LinksThere are some default user IDs/passwords (e.g. maint/maint) Rolm Phon There are some default user IDs/passwords (e.g. sysadmin/sysadmin) PBX Protected by RSA SecurIDTake a peek and leave; cannot defeat

Voic Hacking Brute-force Voic Hacking – In similar fashion to dial-up hacking methods – Required components: phone number to access voic ; target voic box (3~5 digits); educated guess about voic box password (typically only numbers) – Tools: Voic Box Hacker 3.0 and VrACK 0.51 (for old/less-secure system), ASPECT scripting language Countermeasures: deploy a lockout on failed attempts; log/observe voic connections 8

VPN Hacking Google Hacking for VPN VPN has replaced dial-up as the remote access mechanism Google hacking – Using filetype:pcf to find profile setting files for Cisco VPN client (PCF file) – Download, import the file; connect to target network, launch further attacks – Passwords stored in PCF file can be used for password reuse attacks (tools: Cain, etc.) – Countermeasures: user awareness; sanitize sensitive information on websites; use Google Alerts service 9

VPN Hacking Probing IPsec VPN Servers Check if service’s corresponding port is available (UDP 500) Perform IPsec VPN identification and gateway fingerprinting Identify the IKE Phase 1 mode and remote server hardware Tools: Nmap, NTA Monitor, IKEProber Countermeasures: cannot do much to prevent the attack 10

VPN Hacking Attacking IKE Aggressive Mode IKE Phase 1-Aggressive mode does not provide a secure channel – Eavesdropping attacks to authentication information First, identify whether target server supports aggressive mode (tool: IKEProbe) Then, initiate connection and capture authentication messages (tool: IKECrack, Cain) Countermeasures: discontinue IKE Aggressive mode use; use token-based authentication scheme 11

VPN Hacking Hacking the Citrix VPN Solution Client-to-site VPN solution provides access to remote desktops and applications – A full-fledged remote desktop (Microsoft Windows) – Commercial off-the-shelf (COTS) application – Custom application Typical attack is to spawn to another process in a remote Citrix environment (i.e. explorer.exe, cmd.exe, PowerShell, etc.) Ten most popular categories for attacking published applications: Help, Microsoft Office, Internet Explorer, Microsoft Games and Calculator, Task Manager, Printing, Hyperlinks, Internet Access, EULAs Text Editor, Save As/File System Access Countermeasures: place Citrix instance into segmented, monitored and limited environment; multifactor authentication; assess the system 12

VoIP Attacks SIP Scanning The transport of voice on top of an IP network – Signaling protocols: H.323 and SIP SIP scanning: discover SIP proxies and other devices – Tools: SiVuS, SIPVicious – Countermeasures: network segmentation between VoIP network and user access segment 13

VoIP Attacks Pillaging TFTP for VoIP Treasures Many SIP phones rely on a TFTP server to retrieve configuration settings – May contain user name/password for administrative functionality Firstly, locate TFTP server (tools: Nmap) Then, attempt to guess the configuration file’s name (tools: TFTP brute-force) Countermeasures: access restriction to TFTP 14

VoIP Attacks Enumerating VoIP Users Traditional manual and automated wardialing methods Observe servers’ responses – SIP is a human-readable protocol Cisco Directory Services Automated user enumeration tools: SIPVicious (svwar.py), SIPScan, Sipsak Countermeasures: segmenting VoIP and user networks; deploy IDS/IPS systems 15

VoIP Attacks Interception Attack First, intercept the signaling protocol (SIP, SKINNY, UNIStim) and media RTP stream – ARP spoofing attack (tools: dsniff, arp-sk) – Sniff VoIP datastream (tools: tcpdum, Wireshark) Next, identify the codec (Payload Type field or Media Format field) Then, convert datastream to popular file types (tools: vomit, scapy) GUI and all-in-one tools: UCSniff Offline analysis and attack tools: Wireshark (RTP, Cisco’s SKINNY dissectors), SIPdump and SIPcrack 16

VoIP Attacks Denial of Service DoS the infrastructure or a single phone – Sending a large volume of fake call setup signaling traffic (SIP INVITE) – Flooding the phone with unwanted traffic (unicast or multicast) Tools: Inviteflood, hack_library Countermeasures: network segment between voice and data VLANs; authentication and encryption for all SIP communication; deploy IDS/IPS system 17

Summary Remote access security tips: – Password policy is even more critical – Consider two-factor authentication – Develop provisioning policies for any type of remote access – Eliminate unsanctioned use of remote control software – Be aware PBXes, fax servers, voic systems, etc., besides modems – Educate support personnel and end users – Be extremely skeptical of vendor security claims – Develop a strict use policy and audit compliance 18

Exercises 1.Google and download a PCF file. Then, use Cain for password decoding attack. Screen dump results and explain. 2.Use Nmap, NTA Monitor, IKEProbe to identify whether a target VPN server supports Aggressive mode. Screen dump “useful” results and explain. 3.Use SiVuS, SIPVicious to scan a public SIP server. Screen dump “useful” results and explain. 19

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.