Presentation is loading. Please wait.

Presentation is loading. Please wait.

Common System Exploits Tom Chothia Computer Security, Lecture 17.

Published byAudrey Harris Modified over 8 years ago

Similar presentations

Presentation on theme: "Common System Exploits Tom Chothia Computer Security, Lecture 17."— Presentation transcript:

1 Common System Exploits Tom Chothia Computer Security, Lecture 17

2 This talk: Common Remote Exploitation Techniques How does an attacker end up running the metsploit attack we sure last week against your system? Footprinting Scanning and Enumeration Exploiting services After gaining access

3 Wi-Fi A Typical Business Network WebServer Comp1 DataBase … E-mail Server SSH/RDP Web Proxy … Comp2

4 Wi-Fi What are the attack vectors? WebServer Comp1 DataBase … E-mail Server SSH/RDP Web Proxy … Comp2

5 Footprinting Find out as much as possible about the business’s footprint. –What does it do? –What does it provide for its employees? –What IP addresses does it use? –How does user contact support? Lots of this information is on a companies website.

6 Footprinting Web searchers for the company can also provide a lot of information. WHOIS and DNS lookup will tell an attacker all the IP address range used by a business. traceroute may reveal the IP address of routers. –These routers may use default passwords

7 Scanning and Enumeration Find out what services are running What version of each services. What operating system.

8 nmap nmap is a network mapping tool. It can tell you want ports are open. It will try to guess the service. By default does TCP on low ports only. –Can also do UDP and any ports.

9 The Internet Protocol Packet

10 Nmap nmap a

11 The Internet Protocol Packet

12 Fingerprint What is the OS? Different OS will set different values in the IP &TCP packets. –TCP sequence number –IP packet time to live. Find OS with nmap –A or namp -O

13 Nmap o

14 Check for default logins Are any services using the default passwords? e.g. ssh is used for remote login (port 22) Default password for jail broken iPhones was “alpine” (big attack on iPhones this time last year).

15 Footprinting and Scanning Ensure that as little information about the company appears publically. –Password protect parts of the website External attacker can always find the IPs and open ports on the public computers. In the worst case they can find the entire network architecture. Internal attackers are harder to stop

16 Check for Public Files NetBios: Network Basic Input/Output System For sharing files across a network. Does the user have any public readable files? smbclient -L host -I IP address

17 Search for Known Exploits There are many databases of vulnerabilities on the web e.g. http://cve.mitre.org/ http://nvd.nist.gov/ http://metasploit.com/modules/

18 http://nvd.nist.gov/ e.g. tomcat.

19 Search for Known Exploits Finding and “weaponizing” a buffer overflow can take 6 months for a team of experts. So most hacker “script kiddies” use exploit code someone else has written. You are much more likely to be attacked via a known exploit, than a new one.

20 Metasploit Metaspliot is a framework to perform memory attacks and deliver payloads –You select the module for the exploit. –The payload is the “arbitrary code” the victim system will run. The legitimate use of Metasploit is to test your own system for weaknesses. Never run it against a system you don’t own, without written permission.

21 Metasploit attack demo Metasploit scan Metainterpter.

22 What an attack might do once they have access. Steal password file. Create new user accounts and back doors. Replace existing libraries and application with malware. Log key strokes. Send Spam Performs DoS attacks …

23 Defenses: Intrusion Detection Systems A good system administrators will monitor their network. IDSs look at all packets (like wireshark) and report suspicious behavior. Can catch nmap and metasploit. E.g. Snort: www.snort.org

24 Anti-Virus Anti-Virus products scan the computer for known malware. Can also scan e-mail. Only as good as the last update. Can be disabled by an attacker with admin access.

25 Defenses: Firewalls Firewalls can block most Internet traffic. May be on the computer or built into a router. Could for example block all traffic not on port 80. –Would stop the attack in this talk. Can’t firewall services used by outside world.

26 Defenses: Fast Patches Most importantly of all Make sure all security patches are installed immediately. There is almost always a patch to stop any well known exploit.

27 Top Defenses: 1.Apply patches 2.Firewall 3.Anti-Virus 4.Intrusion Detection Systems 5.Check file hashes 6.Good password and user policies First 2 should be fine for Linux or Mac, first 3 for windows. All 6 if you are a sys. admin.

28 Conclusion Attackers will: Scan your machines, Identify the services running, Try to use known exploits against these services. Defend the system: Monitor for attacks, e.g. Anti-virus, Firewall to block unused ports, Apply Security Patches a.s.a.p

29 Next Lecture: Trusted Computing: Using hardware to provide security and control remote computers.

Download ppt "Common System Exploits Tom Chothia Computer Security, Lecture 17."

Similar presentations

Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)

Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)
 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,

 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,
Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University.

Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University.
CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.

CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.
Intrusion Detection Systems By: William Pinkerton and Sean Burnside.

Intrusion Detection Systems By: William Pinkerton and Sean Burnside.
System Security Scanning and Discovery Chapter 14.

System Security Scanning and Discovery Chapter 14.
System and Network Security Practices COEN 351 E-Commerce Security.

System and Network Security Practices COEN 351 E-Commerce Security.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.

INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.
Penetration Testing.

Penetration Testing.
Port Knocking Software Project Presentation Paper Study – Part 1 Group member: Liew Jiun Hau (20086034) Lee Shirly (20095815) Ong Ivy (20095040)

Port Knocking Software Project Presentation Paper Study – Part 1 Group member: Liew Jiun Hau ( ) Lee Shirly ( ) Ong Ivy ( )
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
1 Infrastructure Hardening. 2 Objectives Why hardening infrastructure is important? Hardening Operating Systems, Network and Applications.

1 Infrastructure Hardening. 2 Objectives Why hardening infrastructure is important? Hardening Operating Systems, Network and Applications.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
AIS, 20141 Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)

AIS, Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)
Malware  Viruses  E-mail Virus  Worms  Trojan Horses  Spyware –Keystroke Loggers  Adware.

Malware  Viruses  Virus  Worms  Trojan Horses  Spyware –Keystroke Loggers  Adware.
Honeypot and Intrusion Detection System

Honeypot and Intrusion Detection System
Common Cyber Defenses Tom Chothia Computer Security, Lecture 18.

Common Cyber Defenses Tom Chothia Computer Security, Lecture 18.
CIS 450 – Network Security Chapter 3 – Information Gathering.

CIS 450 – Network Security Chapter 3 – Information Gathering.

Similar presentations

Ads by Google