Presentation is loading. Please wait.

Presentation is loading. Please wait.

FORESEC Academy FORESEC Academy Security Essentials (III)

Published byEmory Martin Modified over 9 years ago

Similar presentations

Presentation on theme: "FORESEC Academy FORESEC Academy Security Essentials (III)"— Presentation transcript:

1 FORESEC Academy FORESEC Academy Security Essentials (III)

2 FORESEC Academy Agenda  Threat vectors  Social Engineering  Bypassing the firewall  Tools that may be visiting your DMZ  Network Mapping Tools and Vulnerability Scanners

3 FORESEC Academy Primary Threat Vectors  Outsider attack from network  Outsider attack from telephone  Insider attack from local network  Insider attack from local system  Attack from malicious code

4 FORESEC Academy KaZaA  Designed for peer-to-peer file sharing on the Internet  Introduces security weaknesses - Hole in a firewall - Users give away network information - A possible annoyance or DDoS tool

5 FORESEC Academy KaZaA - Firewall Subversion 1) A and b set up KaZaA Net 2) Firewall denies inbound TCP request 1) C connects to KaZaA Net 2) C’s request relayed to A 3) A connects to C through wall

6 FORESEC Academy Firewalls, Wireless Connections, and Modems

7 FORESEC Academy Firewalls, Wireless Connections, and Modems

8 FORESEC Academy Social Engineering  Attempt to manipulate or trick a person into providing information or access  Bypass network security by exploiting human vulnerabilities  Vector is often outside attack by telephone or a visitor inside your facility

9 FORESEC Academy Social Engineering (2)  Human-based - Urgency - Third-person authorization  Computer-based - Popup windows - Mail attachments

10 FORESEC Academy Social Engineering Defense  Develop appropriate security policies  Establish procedures for granting access, etc., and reporting violations  Educate users about vulnerabilities and how to report suspicious activity

11 FORESEC Academy Tools that may be Visiting Your DMZ  3 famous Windows Trojans  Open share scanners  Jackal, Queso, and SYN/FIN  Nmap and Hping  Worms

12 FORESEC Academy Trojans

13 FORESEC Academy Trojans (2)

14 FORESEC Academy SubSeven Client

15 FORESEC Academy SubSeven EditServer

16 FORESEC Academy Trojans Review  Trojans can penetrate firewalls as email attachments  SubSeven is still one of the most common  Protective tools include: All major anti-virus tools, firewalls, personal firewalls

17 FORESEC Academy Network Mapping Tools  Open share scanners – Legion  Network Scanners – Jackal  TCP Fingerprinting - Queso, and SYN/FIN  Port Scanners - Nmap and Hping

18 FORESEC Academy Finding Unprotected Shares - Legion

19 FORESEC Academy Enter the Jackal 1997

20 FORESEC Academy Sons of Jackal Continue to be Seen Source Port 0 and 65535

21 FORESEC Academy Queso and Friends http://www.securityfocus.com/tools/144 Queso sends packets with unexpected code bit combinations to determine the operating system of the remote computer. Currently, they claim to be able to distinguish over 100 OSes and OS states. Queso pattern is shown on notes page

22 FORESEC Academy Spoofed NetBIOS  06:49:55 proberA.4197 > 172.20.139.137.139: S 596843772:596843772(0) win 8192 (DF)  06:49:58 proberA.4197 > 172.20.139.137.139: S 596843772:596843772(0) win 8192 (DF)  06:50:04 proberA.4197 > 172.20.139.137.139: S 596843772:596843772(0) win 8192 (DF)  06:50:16 proberA.4197 > 172.20.139.137.139: S 596843772:596843772(0) win 8192 (DF)  12:57:56 proberE.2038 > 172.20.216.29.139: S 294167370:294167370(0) win 8192 (DF)  12:57:59 proberE.2038 > 172.20.216.29.139: S 294167370:294167370(0) win 8192 (DF)  12:58:05 proberE.2038 > 172.20.216.29.139: S 294167370:294167370(0) win 8192 (DF)  12:58:41 proberE.2039 > 172.20.216.29.139: S 294212415:294212415(0) win 8192 (DF)

23 FORESEC Academy TTL In the notes pages are the Time To Live fields from the traces in the previous slide. Notice how they cluster around 120. This is not expected behavior. This is also fixed in the Nmap 2.08 release that has a decoy function so that the decoy TTLs are random. Analysis credit to Army Research Lab

24 FORESEC Academy Nmap - Network Mapper  Freeware award winning network scanner.  Supports a large number of scanning techniques.  Numerous other features supported. - Remote Operating System Detection - Application Detection

25 FORESEC Academy nmapwin - Windows port

26 FORESEC Academy Hping - Spoofing Port Scanner  Conceptually, a TCP version of.Ping.  Sends custom TCP packets to a host and listens for replies  Enables port scanning and spoofing simultaneously, by crafting packets and analyzing the return

27 FORESEC Academy Hping v2.0 - hping Enhanced  Uses hping crafted packets to: - Test firewall rules - Test net performance - Remotely fingerprint OSes - Audit TCP/IP stacks - Transfer files across a firewall - Check if a host is up

28 FORESEC Academy Worms  Attack system through known holes.  Automatically scan for more systems to attack.  Lower system defenses, install a root shell or rootkit, and/or let the attacker know the system has been attacked.

Download ppt "FORESEC Academy FORESEC Academy Security Essentials (III)"

Similar presentations

Lecture slides for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 9 “Firewalls and Intrusion Prevention.

Lecture slides for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 9 “Firewalls and Intrusion Prevention.
 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,

 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,
FIREWALLS Chapter 11.

FIREWALLS Chapter 11.
Firewalls Dr.P.V.Lakshmi Information Technology GIT,GITAM University

Firewalls Dr.P.V.Lakshmi Information Technology GIT,GITAM University
Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning.

Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning.
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.

FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
Winter 20021 CMPE 155 Week 7. Winter 20022 Assignment 6: Firewalls What is a firewall? –Security at the network level. Wide-area network access makes.

Winter CMPE 155 Week 7. Winter Assignment 6: Firewalls What is a firewall? –Security at the network level. Wide-area network access makes.
Fall 2008CS 334: Computer Security1 Firewalls Special Thanks to our friends at The Blekinge Institute of Technology, Sweden for providing the basis for.

Fall 2008CS 334: Computer Security1 Firewalls Special Thanks to our friends at The Blekinge Institute of Technology, Sweden for providing the basis for.
Lecture 14 Firewalls modified from slides of Lawrie Brown.

Lecture 14 Firewalls modified from slides of Lawrie Brown.
System Security Scanning and Discovery Chapter 14.

System Security Scanning and Discovery Chapter 14.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Vulnerability Analysis Borrowed from the CLICS group.

Vulnerability Analysis Borrowed from the CLICS group.
Chapter 10 Firewalls. Introduction seen evolution of information systems now everyone want to be on the Internet and to interconnect networks has persistent.

Chapter 10 Firewalls. Introduction seen evolution of information systems now everyone want to be on the Internet and to interconnect networks has persistent.
5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.

5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
Network and Server Attacks and Penetration Chapter 12.

Network and Server Attacks and Penetration Chapter 12.
Privacy - not readable Permanent - not alterable (can't edit, delete) Reliable - (changes detectable) But the data must be accessible to persons authorized.

Privacy - not readable Permanent - not alterable (can't edit, delete) Reliable - (changes detectable) But the data must be accessible to persons authorized.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
Lesson 19: Configuring Windows Firewall

Lesson 19: Configuring Windows Firewall
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Similar presentations

Ads by Google