PPT - Security Science

Document Sample
PPT - Security Science Powered By Docstoc
					    Hackers are here…
                       …where are you?

Arnel C. Reyes
Chief Technology Officer
Global Content & Research Ltd.

                                 September 8, 2010
Hacking Defense
You may watch this video clip at:

Download complete [rar file] presentation with video at:
 The Only Way to Stop a
Hacker Is to Think Like One
Hacking, What’s so Ethical
        About It?
You may watch this video clip at:

Download complete [rar file] presentation with video at:
   “The Biggest Military Computer
          Hack of all Time”
 Gary McKinnon, a systems administrator
  gained illegal access and made
  unauthorized modifications to 97 computers
  belonging to the US government, including
  computers from the DoD, NASA and the
  National Security Agency over 12 months
The US government
said McKinnon's
hacking caused
downtime and                 Lethal Weapons -
personnel costs of         software available freely
around $1m (£0.6m)
                            over the internet were
                           used to gain access
                           to computer networks
                           used by the US Army,
                             Navy & Air Force
                 Common Attacks
•   Backdoor                          Replay attack
•   Bacteria                          Script kiddies
•   Buffer overflow/overrun           Security audit tools
•   Compromised system utilities      Shell escapes
•   E-mail forgery                    Shoulder surfing
•   E-mail relay                      Smurfing
•   IP spoofing                       Social engineering
•   Keystroke monitoring              SYN flooding
•   Logic bomb                        Traffic analysis
•   Mail bombing                      Trapdoor
•   Man in the middle                 Trojan horse
•   Masquerade                        van Eck attack
•   Network scanning                  Virus
•   Packet sniffing                   War dialing
•   Password cracking                 Worm
•   Ping flooding
 Is your security skills or talent pool
    on the cutting edge of security
• A recent study identified the following as probable
  reasons behind a hack attack. Predominantly, the cause
  seemed to be personnel related:
• High turnover of administrators and technical staff in the
  IT departments
• Gap in position
• Lack of proper training : How Do We Train Them?
• Poor direction
Normal instances and why you
  should be concerned! - 1
Does this sound familiar?
•   “We have a good firewall, an anti-virus and know the people
    we work with.”
       A good firewall can be mis-configured and turn out to be
       the best thing a hacker can use against you.
       The anti-virus may not be updated and your system can
       be compromised.
       The mail from your friend can turn your machine into a
       zombie for further attacks.
       You could be held responsible for the attack by the law
       enforcement agencies!
Normal instances and why you
  should be concerned! - 2
Does this sound familiar?
•   “We don’t transact on the Internet, so why would anybody
    hack our systems over the Internet?”
       Your web server can be used as a “warez” house, even
       though you don’t transact? You could be hosting illegal
       files of questionable moral content.
       A poll of more than 150 CIOs by IDG's CIO Magazine
       found that two-thirds felt that information about a hacker
       attack would adversely affect their company's
Normal instances and why you
  should be concerned! - 3
Does this sound familiar?
•   “Our employees are so well connected that we work in real-
       Ever heard of spoofing? Information can be stolen in
       real-time and sold even before you can blink and
       How sure can you be that the access point you have
       logged onto is not a rogue access point? - FAKE
       Are you really sure that you have not let a hacker take
       advantage of your lack of awareness and
       compromised your network?
Normal instances and why you
  should be concerned! - 4
Does this sound familiar?
•   “I just browse and check my mail… I don’t see why or how I
    can be hacked.”
       You can be hacked while simply browsing – you don’t
       have to click or open anything!

       A poll of more than 150 CIOs by IDG's CIO Magazine
       found that 64 percent of senior technology executives are
       worried about hackers stealing their e-mail and
       personal identity.

       Identity theft can even drive you bankrupt!
I.T Audits and Security Policy
Do you SEE what the
    Hacker Sees?

Are you aware of your
   security posture?
               Why Cyber Attacks?
•   The principal motives behind using the Internet for digital attacks include:
        Creating political tension
        Registering protest and digital warfare
        Carrying out espionage, surveillance and reconnaissance
        Causing destruction of competitive advantage or share price
        Outlet for disgruntled or misdirected workforce issues
        Symbolizing anti-globalization and anti-capitalism protest
        Hacktivism: environmental and animal rights activism
        Boredom: intellectual challenge and recreational hacking
        Most Popular: financial gain
        Most Critical: LOSS of HUMAN LIFE
                       Think about it
•   Attackers can potentially:
        Shut off the electricity of a city
        Shut down the phone lines in a given neighborhood
        Cause a dam to release the water it is holding
        Cause two trains to crash into each other
        Many government experts assume that militant operatives will actually
        launch a cyber-attack in conjunction with a more conventional attack.
        For instance, terrorists could blow up a building and then disable the
        phone system in the surrounding area in order to prevent law
        enforcement, medical, and emergency officials from responding to the
Why Terrorists use the Internet
Anonymity - The Internet makes it easier for them to communicate covertly,
preach to the public, and solicit funds.
Location Independence - They can use it to plan and coordinate their
attacks. The launch pad is no longer a runway, but a computer – the
attacker, no longer a combat pilot, but a computer hacker bent on
Lesser tangible armory required as well as lesser skill levels; as tools are
available on the Internet. Example: John, a citizen, cannot go out and buy
an F1-17 or Tornado fighter plane or an attack submarine. But with a
relatively simple computer capability, individuals can do things via the
cyberspace environment that can impact on the national security interests of
actual nation states.
Ease of availing and transferring funds
Extensive Reach of the medium
    EC-Council’s Security Track
•   Defense (Defend your Network)
    – Network Security Course
•   Hacking (Penetration Testing)
    – Ethical Hacking and Countermeasures
•   Incident Handling (Forensics)
    – Computer Hacking Forensics Investigator
•   Prosecute (Legal indictment)
    – Cyber Law
 “SHIP” Approach

Secure your Network          Hack Your Network

1                                     2

4                                      3
Prosecute (Legal)          Investigate (Forensics)
Can you be hacked?

  Hacking DEMO
              Ingenuity of Trojans
  •   Lycos had recently announced the screensaver as a means
      to combat spammers.
  •   John had recently installed the Lycos anti-spam screensaver.
      He had received it over mail as an attachment titled "Lycos
      screensaver to fight"

What John did not know was that - ever since he double clicked on the
attachment, all his keystrokes were being captured unknown to him. Somebody
was stealing his usernames, passwords, credit card details and e-mail
addresses. His system was Trojaned!!

Trojans are malicious code that are executed when the user unwittingly
executes a seemingly benign software / link / mail attachment. They install a
backdoor to the machine and the attacker can have complete access or
“ownership” of information assets or system resources unknown to the user.
Robin is working as a sales executive with a
Drug manufacturing firm. Despite achieving the
set target he fails to get the remuneration he
He feels his loyalty and commitment is not
valued by his superiors. A frustrated Robin
approaches the rival company for the post of
Associate Manager (Sales) that was posted on a
job site he had visited.
The Manager of a rival company agrees to offer
him the job if he could pass them the patent
information related to a particular drug.
Robin agrees to the condition.
      MergeStreams Attack
• Robin , a computer savvy goes back to his
  firm and searches for the required
  document and stores it in a MS Excel file.
• Since use of storage media is restricted in
  his office premises the use of disks was
  not possible to transfer the file.
• He uses a tool “MergeStreams” to send
  the file across through email
              Tool: MergeStreams
•    Steps to use the tool:
    1. Launch the tool.

    2.   Select the respective MS Word file/MS Excel file that needs to be
         merged.Click the browse button to select the respective files
      Tool: MergeStreams
3. Click “Merge” button to merge the files.
         Tool: MergeStreams
• Open the MS Word document. The original content in
  the file would be displayed.
• Try opening the merged MS Word document with MS
  Excel and find the difference.
• Confidential information is at risk !
• Can lead to huge losses if critical business
  information is passed on
• A covert attack that can destabilized the
  victim firm/individual
John is working as a Personal Assistant to his Sales Manager. He is
very eager to know the confidential files stored in his Manager’s
One day the Manager leaves John unattended on his laptop. John
takes advantage of the opportunity and installs a hardware keylogger
without the knowledge of his superior.
After few days similar situation arises and John removes the
hardware keylogger that was installed via keyboard. He goes home
and gets to know the username and password of his superior's official
and personal account.
What do you think John can do?
       Classification: Hardware
• KeyGhost keylogger   KeyKatcher keylogger
•   The device can be installed even when the target computer is logged out,
    has a password, is locked or switched off
•   The device can be unplugged and the keystrokes retrieved on another
•   Over 500,000 keystrokes can be stored with STRONG 128-bit encryption in
    non-volatile flash memory (same as in smart cards) that doesn't need
    batteries to retain storage
•   The device works on any desktop PC & all PC operating systems, including
    Windows 3.1, 95, 98, NT, 2000, Linux, OS/2, DOS, Sun Solaris and BeOS
•   No software installation is needed at all to record or retrieve keystrokes.
    Recorded keystrokes can be played back into any text editor using
    proprietary 'keystroke ghosting' technique
•   The device plugs into computers with a small PS/2 keyboard plug or a large
    DIN plug
•   Unlike software keystroke recorders, KeyGhost records every keystroke,
    even those used to modify the BIOS before boot up
•   It is impossible to detect or disable using software
Keyboard cable with   Keyboard cable with
                      KeyKatcher installed
 KeyGhost installed
      Password information
Password information is recorded in the way presented
below (user keystrokes are in bold):

User activity               Screen information
User types <ctr-alt-del>    <ON><PWR>
User types login            <PWR><ctrl-alt-del>
password                    Wnt24~L4r
A site URL        
User types a user ID        om
User types a password       JohnDoe
The Social Engineering Attack

“The art and science of getting people to comply to your wishes”
• Social engineering has many aspects

      Face to face

      Telephone & email

      Eaves dropping


      Web site surfing
           Part 1
Social Engineering in Action
You may watch this video clip at:

Download complete [rar file] presentation with video at:
• Social Engineering:

  It’s easy

  It’s inexpensive

  It’s successful

  It can happen today, to your organization, for a thousand different reasons
        Common Faults

Keys to Access Classified Information
You may watch this video clip at:

Download complete [rar file] presentation with video at:
           Part 2
Social Engineering in Action
You may watch this video clip at:

Download complete [rar file] presentation with video at:
Myths of Social Engineering
• Myth #1 – Social engineering is tricking
  people into giving up information

• Myth #2 -Social engineering is just
  telling the victim a bunch of lies

• Myth #3 – Social engineering only works
  against the ignorant/uninformed
Realities of Social Engineering
• Social engineering IS a threat
• Most companies ignore the possibility
• Result: Easy entry and a wealth of
  [ A-C-T ]
Keep an “I” ON your network
              Wrap Up
• Different organizations have different
  security problems
• To prevent security problems, you
  must A-C-T, not react
• To mitigate security problems, keep
  an “I” “ON” your network
• Take A-C-T-I-O-N to secure your data
    The Only Way to Stop a
   Hacker Is to Think Like One
    Hope you find this informative…


Shared By: