isaca scholarship competition.pptx

ISACA Scholarship Competition

E-SquaredJunho Lee

Jongmin LeeWookyung Youn

Sol Han

Agenda

• Case Analysis 1 – Phishing Attack

• Case Analysis 2 – Metasploit Attack

• Recommendation

Case Analysis 1

• The hackers obtained ABC company’s Windows server’s Admin

Password by Phishing Attack (Possibility 1)

Problem & Suggestion

• Problem-Based on the security assessment report:

• Security awareness training for employees is outdated

• Suggestion-Updating Information Awareness Training (User education)

+ Additional Suggestion - SPF (Sender Policy Framework)

• Hackers gain an access to ABC company’s internal network using Airmon-ng

• Hackers scanned ABC company’s Windows server’s IP Address by nmap

• Hackers exploit Hash table in order to snatch Admin Password by Metasploit

• Hackers accessed ABC company’s admin user account through remote desktop

• Hackers exploit Hash table again in order to snatch SQL server’s password

• Hacked ABC company’s database to compromise information

Case Analysis 2

Proof

Hackers access internal network by using Airmon-ng

Proof

Hackers scan Window Server’s IP Address by using nmap

Proof

Hackers snatched Windows Server admin password by using Metasploit

Proof

Hackers access Admin user account through remote desktop

Problem & Suggestion• Problem

• The security assessment report indicates that the company does not keep eyes on the network for malicious activities

• Suggestion •Human Resource

The system administrators should be informed of the specific tasks which they should carry out.

• Vulnerability Testing• Back up Procedures• Configuration Documentation• Monitoring the systems

:

Problem & Suggestion

Additional Suggestion• Prevent Password Cracking

• Disable LM password hashes - Make the password at least 15 characters long

• Enable Account Lockouts - Set the account lockout threshold - Set the account lockout counter after - Set the account lockout duration

• Disable LAN Manager / NTLM authentication

Disaster Recovery Plan

• Based on the security assessment report:• Disaster recovery plan has been provided but not tested yet

• Solutions•Prepare contingency organization chart, showing the name of the contingency manager and coordinator

• Develop customized up-to-date recovery plan and test it• Provide security copies of vital records and store these off-site• Nurture the ability to restore critical information within acceptable time period