An introduction to paranoia. - PowerPoint PPT Presentation

1 / 15
About This Presentation
Title:

An introduction to paranoia.

Description:

Set computers for auto-logout. Apply policies to limit access. Don't let ... Password protect the CMOS. Consider computers without CD-ROM and floppy drives ... – PowerPoint PPT presentation

Number of Views:360
Avg rating:3.0/5.0
Slides: 16
Provided by: bem8
Category:

less

Transcript and Presenter's Notes

Title: An introduction to paranoia.


1
Network Security
rewt_at_linuxbox mkdir . rewt_at_linuxbox cd
. rewt_at_linuxbox ftp 125.68.13.1 connected to
125.68.13.1 ftpgt get sploit.sh 200 PORT command
successful. 150 Opening ASCII mode data
connection for 'sploit.sh' (1720320 bytes). 226
Transfer complete. local sploit.sh remote
sploit.sh 1727580 bytes received in 2.4e02
seconds (6.90 Kbytes/s) ftpgt quit goodbye rewt_at_li
nuxbox sploit.sh gtall your base gtare belong to
us.
  • An introduction to paranoia.

2
Outline of Presentation
  • Common Misconceptions
  • (they really are out to get you)
  • How systems are cracked
  • (it's not as hard as it sounds)
  • The most common mistakes
  • (how we make it easy for crackers)
  • Preparing for attacks
  • (since you can't avoid them)
  • Resources and Notes
  • (because knowledge is power)

3
Common Misconceptions
  • My network is not interesting enough to be
    attacked.
  • If the system is working fine, we have not been
    cracked yet.
  • Installing (insert panacea here) will solve all
    our problems.
  • We can't afford the investments to properly
    secure our systems.
  • Crackers are very skilled, and to thwart them I
    will have to learn more than they know.

4
A Script Kiddie Attack
  • 1337 hax0r learns about a neat new exploit. He
    downloads the exploit script and reads the
    directions on how to run it.
  • Before going to bed, he sets up his port scanner
    to find any computers that are vulnerable to this
    attack.
  • The next afternoon, he checks the scan results to
    find systems that he can compromise.
  • He selects an available target, runs the exploit
    and gains root access.
  • As root, he creates a back door to the system,
    then runs a script to cover his tracks.
  • Using the compromised system, he runs the exploit
    on another system.

5
Social Engineering Attacks
  • Discredit the Source
  • Student wants to stop email going to parents
    about bad conduct.
  • She gets a copy of the bad conduct email.
  • Spoofing the school email address, she modifies
    the email and sends to everyone in school for the
    next 3 weeks.
  • Email system is discredited and bad conduct
    emails cease.
  • Ask for Login Rights
  • Student wants to change grades in computer
    system.
  • Pretending to be a new techie, calls office
    secretary and asks for her password.
  • Logs in as secretary (with her privileges) and
    changes grades.

6
Security Checks
rewt_at_linuxbox mkdir . rewt_at_linuxbox cd
. rewt_at_linuxbox ftp 125.68.13.1 connected to
125.68.13.1 ftpgt get sploit.sh 200 PORT command
successful. 150 Opening ASCII mode data
connection for 'sploit.sh' (1720320 bytes). 226
Transfer complete. local sploit.sh remote
sploit.sh 1727580 bytes received in 2.4e02
seconds (6.90 Kbytes/s) ftpgt quit goodbye rewt_at_li
nuxbox sploit.sh gtall your base gtare belong to
us.
  • Preparing for the inevitable.

7
The Most Common Mistakes
  • Vulnerable CGI scripts on web servers
  • Weak or blank passwords
  • User and administrative accounts have weak
    passwords
  • Using default passwords
  • Using the same administrative password for
    everything
  • Not applying patches
  • Don't keep up with vulnerability announcements
  • Don't apply patches
  • Running unnecessary services
  • Not having a security plan

Based on SANS Institute / FBI top 20
vulnerabilities list. www.sans.org/top20/
8
Preparing Desktops
  • Require logins for all users
  • Keep computers logged out
  • Set computers for auto-logout
  • Apply policies to limit access
  • Don't let users install software
  • Lock users out of sensitive directories
  • Prohibit booting from CD-ROM and floppy
  • Password protect the CMOS
  • Consider computers without CD-ROM and floppy
    drives
  • Test security features on desktop

9
Preparing Servers
  • Keep software updated (patches, virus
    definitions, etc.)
  • Remove all unnecessary software and services
  • Keep server physically secure
  • Do not leave server logged in
  • Close all unused ports
  • Run and monitor an intrusion detection system
  • Keep good backups
  • Run network scans to assess vulnerability
  • Keep network information private

10
Preparing Users
  • Keep user accounts up-to-date
  • Make sure they are in correct groups, OU, etc.
  • Disable or remove accounts for users who leave
  • Use auditing to require strong passwords
  • Educate users on basic security
  • Never sharing password (even to admins who ask
    for it)
  • Logging out when finished
  • Concepts of having a strong password

11
To Do When You Get Home
  • Establish and implement a security plan
  • Designate people responsible for security
  • Provide time and materials for training
  • Create an incident recovery team
  • Install necessary tools to implement plan
  • Sign up for vulnerability email lists
  • Remove unnecessary services
  • Patch all applications
  • Scan yourself
  • Run a port scan on your network
  • With permission, run a password audit

12
Resources
rewt_at_linuxbox mkdir . rewt_at_linuxbox cd
. rewt_at_linuxbox ftp 125.68.13.1 connected to
125.68.13.1 ftpgt get sploit.sh 200 PORT command
successful. 150 Opening ASCII mode data
connection for 'sploit.sh' (1720320 bytes). 226
Transfer complete. local sploit.sh remote
sploit.sh 1727580 bytes received in 2.4e02
seconds (6.90 Kbytes/s) ftpgt quit goodbye rewt_at_li
nuxbox sploit.sh gtall your base gtare belong to
us.
  • Where to go to get prepared.

13
Tools
  • Snort
  • Open source intrusion detection system.
  • www.snort.org
  • John the Ripper
  • Password auditing program
  • www.openwall.com/john/
  • Nmap
  • Port scanner
  • www.insecure.org/nmap
  • Ethereal
  • Packet capture tool for reading binary logs
  • www.ethereal.com
  • Tripwire
  • File integrety tool. Identifies files that have
    changed.
  • www.tripwire.com
  • More tools
  • www.insecure.org/tools.html

14
Education and News
  • SANS Institute
  • Articles, resources, and vulnerability listings.
  • www.sans.org
  • Honeynet Project
  • Whitepapers, challenges, and detailed analysis
    from a honeypot project.
  • www.honeynet.org
  • Security Focus
  • Vulnerability listings and home of the Bugtraq
    mailing list.
  • www.securityfocus.com
  • CERT
  • Vulnerability advisories and security articles.
  • www.cert.org

15
Practical Help
  • Mission Critical Security Planner
  • Book by Eric Greenberg
  • Focuses on balancing security with business
    needs. Includes worksheets.
  • www.criticalsecurity.com
  • SANS Essential Security Actions
  • Steps for attaining three levels of security
  • www.sans.org/resources/esa.php
  • Security Testing Methodology
  • A long paper on the methodology for securing
    networks.
  • www.isecom.org/projects/osstmm.htm
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2025 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "An introduction to paranoia." is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!