are your students ready to play the (ethical) hacking game?

Are Your Students Ready To Play The (Ethical) Hacking Game?

Welcome!

Presenter: Steven Graham | Senior Director, EC-Council

> About EC-Council> Global, Member Based Information Security Certification

Body> 320+ partners in over 70 Countries> 60,000 Trained Professionals over 21,000 Certified

> Primary Certifications:> Network Security Administrator (E|NSA)> Certified Ethical Hacker (C|EH)> Computer Hacking Forensic Investigator (C|HFI)> Certified Security Analyst/ Licensed Penetration Tester (E|

CSA/L|PT)> 27 total industry certifications. More info at www.eccouncil.org

Agenda

> Why Information Security is Important> Oops, I gave my Visa to a Hacker! (Heartland Breach)> Cyber War on our own soil? Is it Possible? (Bot-Nets)> Individual Responsibilities tied to National Security and our

responsibility as educators (DOD-National Strategy to Secure Cyberspace)

> Understanding IT Security Roles and Responsibilities, and educating to them.

> Incorporating Information Security into existing Education programs with the EC-Council | Press

> The Ethical Hacking Game – and introduction to Ethical Hacking – overview & Phase 1 - Reconnaissance

> Discussion

Why Information Security is Important

> Oops, I gave my Visa to a Hacker! (the Heartland Breach Exposed)> January of 2009 Heartland Payment Systems,

responsible for the processing of 100 Million Credit Card Transactions for 175,000 unique Merchants every month, announced their compromise.

> Bob Carr, CEO sells 80,000 Shares for 1.4 million right before public announcement of the breach

> Stock Plummets


> Oops, I gave my Visa to a Hacker! (the Heartland Breach Exposed)

January 6th, 2009Price: 18.83Volume: 329k January 21st, 2009

Price: 14.11Volume: 839k

January 22nd, 2009Price: 8.18Volume: 4 Million

1 day marked a 43% Drop in Stock Value with SharesJumping from 839K To over 4 million


> Oops, I gave my Visa to a Hacker! (the Heartland Breach Exposed)> In a recent USA TODAY interview, Heartland’s

President and CFO, Robert Baldwin Noted, in late 2008, hackers had access for “longer than weeks”, no specific information was released.

> Visa & MasterCard Notified Heartland of suspicious transactions stemming from their accounts, then investigators found a “Data-Stealing” program.

> 3 weeks access, potentially 750 million credit card transactions exposed!


> Oops, I gave my Visa to a Hacker! (the Heartland Breach Exposed)> Lessons Learned

> End-to-end encryption was not in place> Intrusion Detection, Intrusion Prevention systems were

insufficient> Proactive Scanning for anomalies failed or was not present.> Cyber criminals Exploited Vulnerabilities in Heartland Systems

compromising the financial Data of millions of customers. > Preventative security measures were insufficient despite best

efforts and compliance to standard industry regulations.


> Cyber War on our own soil? Is it Possible? (Bot-Nets)> The simple answer, YES AND IT’S HAPPENING NOW!> 2008 attacks against SecureWorks managed clients

originating countries:> #10 Canada originated 107,483 Attacks> #9 Germany originated 110,493 Attacks> #8 Taiwan originated 124,997 Attacks> #7 Russia originated 130,572 Attacks> #6 Japan originated 142,346 Attacks> #5 Poland originated 153,205 Attacks> #4 South Korea originated 162,289 Attacks> #3 Brazil originated 166,987 Attacks


> Cyber War on our own soil? Is it Possible? (Bot-Nets)> The simple answer, YES AND IT’S HAPPENING NOW!> 2008 attacks against SecureWorks managed clients originating

countries:

>#2 China originated 7,700,000 Attacks

>#1 United States of America originated 20,600,000 Attacks emanating from Computers inside US Borders


> Cyber War on our own soil? Is it Possible? (Bot-Nets)> What is prompting these attacks?> “Owned computers” by large become a part of various

“BotNets” and can be remotely controlled.> Hackers gain access to combined computing resources

through distribution of passive Malware, Virus’, and Trojans.

> Compromised/unprotected Personal Computers, Library Networks, School Networks, Govt. Networks, and Corporate Networks contribute to the proliferation of BotNets.

Example Workings of a BotNet• Stage 1, Stage 2:

The Bot Master sends malicious trojan/botnet client over the Internet and infects a victim

• Stage 3:

The bot client connects to the Command Centre( Malicious Server)and informs the status of being infected

• Stage4:

Command Centre informs the Bot Master about the victim

• Stage 5:

The attacker sends attack information to the command centre

• Stage6,

The command centre triggers the victim with the set of instructions sent by the Bot Master to search for other victim computers with similar vulnerabilities

• Stage 7:

The compromised computer scans the Internet for other similar systems and infects them with malicious code

• Stage 8:

This way the attacker creates a huge network of bots that are ready to act based on the instructions sent by the attacker.

The network of bots is referred to as botnet

Example Workings of a BotNet

INTERNET

1 Creates a vicious Trojan/ Bot Client

Bot Master

Victim

2

Command Centre

3

4

5

6

Victim

Victim

Victim

Victim

7

7

7

7

8

8

88

EC-Council


> How does this apply to me as an educator?– According to the DOD’s National Strategy to Secure Cyber

Space: “Each American who depends on cyberspace, the network of information networks, must secure the part that they own or for which they are responsible.”

– To further explain, Threats & Vulnerabilities a 5 Level Problem. Consider where your graduates go.

1. Home Users/Small Business

2. Large Enterprises

3. Critical Sectors/Infrastructures

4. National Issues

5. Global

Typical Security Job Roles and responsibilities

Job Level Typical Roles Corresponding EC-Council Certifications & Designations

IT/IS Executive

Information Assurance, Design, and Compliance

MSS/ECSO (Coming Soon)

IT/IS Manager

Information Assurance

oversight and Personnel

management

IT/IS Specialist

Specialization roles including Pen Testing, Forensics,

Disaster Recover, Voice over IP,

Secure Programming,

etc.

Penetration Testing Specialist

Forensics SpecialistDisaster Recovery

SpecialistVOIP Specialist

Secure Programmer

IT/IS Admin

Network Installation,

Configuration, maintenance, Information Assurance

IT/IS Technician

Standard Network installation & configuration

Information Worker

Access to Computing

systems


> Information Security Job Roles/Responsibilities.> Front Line (Receptionist, secretaries, Information Workers, HR,

Accounting, Non-IT personnel)> Responsibilities – Protect Corporate information

> Vulnerable to – Social Engineering attacks leaking sensitive information, or portions of the “big Picture” allowing attackers to gain access. Computer Virus/Worms/Trojans, Etc.

> 1st Level IT, Help Desk, Support Specialists, Network Administrators.> Responsibilities – Adhere to Security/General IT Policy. Standard

Configurations and supporting roles to superiors, internal and external clients.> Vulnerable to – Social Engineering, Mis-configurations, Common mistakes

exposing serious vulnerability


> Information Security Job Roles/Responsibilities.> 2nd Level IT Network Engineers, Managers, Auditors,

Specialists> Responsibility – System Design and maintenance, constant

assessment, Security Patching, Hardware/software break-fix upgrade. Typically first line contact with outsourced firms/consultants. E-Discovery/Preservation. DR/BC

> Vulnerabilities – Mis-configuration, Policy Gaps, Outsource mistakes/decisions/assessment. Admin Level Access.

> Executives – Director of IT, CIO, CISO, CEO> Responsibility – Compliance, Compliance, Compliance

> Vulnerability - ALL VULNERABILITIES END UP HERE.

Incorporating Information Security Titles in existing Education Programs.

EC-Council | PressSecurity Fundamentals – General Education – entry level Computer ScienceSecurity | 5 Titles

• Social Site and Online Behavior• Cyber Dangers• ID Theft

Security Essentials – Entry Level Computer ScienceE|NSA Network Defense Titles:

• Network fundamentals and protocols • Network threats and security policy • Perimeter defense mechanisms • Securing network devices, operating system and troubleshooting • Patch Management and Log Analysis


EC-Council | PressEthical Hacking & Counter Measures – Computer

Science/Security – entry level to advanced Computer ScienceC|EH Ethical Hacking Titles

• The CEH Hacking cycle and Penetration Testing • Threats and defensive mechanisms • Hacking Web applications • Securing Linux and Defense against Buffer Overflows

• Securing Network Infrastructure


EC-Council | PressComputer Forensics – Computer Science/Security – entry level to

advanced Computer ScienceC|HFI Computer Forensics Titles:

• Investigating procedures and role of an expert witness • Computer Forensic Lab Requirements Ethical Hacking: Hacking Web

applications • Investigating file systems, hard disks and operating systems for evidence • Investigating data and image files for evidence • Investigating network intrusions and cyber attacks • Investigating attacks on wireless network and devices


EC-Council | PressPenetration Testing – Computer Science/Security – Advanced

Computer Science

E|CSA Computer Security Analyst/ Advanced Penetration Testing Titles:

• Security analysis and advanced tools • Customer agreements and reporting procedures Penetration Testing

Methodologies • Network Perimeter Testing Procedures • Communication Media Testing Procedures • Network Threat Testing Procedures

Now, It’s time to play!

EC-Council

Slides extracted from EC-Council’s Intro to Ethical Hacking

Here comes the part you all came for

Copyright © by EC-Council All rights reserved. Reproduction is strictly

prohibited.

ECC Fulfills the Need

• Ethical Hacking and Countermeasures (C|EH)– CEH understand tools and techniques

used• Attack tools – by those outside the network• Compromise tools – by those inside the

network

– “Thinking like a hacker”


prohibited.

Problem Definition – Why Security?


prohibited.

What Does a Malicious Hacker Do?

Clearing Tracks

Maintaining Access

Gaining Access

Scanning

Reconnaissance


prohibited.

Phase 1 - Reconnaissance


prohibited.

Reconnaissance Types


prohibited.

Step 1: Reconnaissance


prohibited.

Part 1: Footprinting


prohibited.

Revisiting Reconnaissance


prohibited.

Defining Footprinting


prohibited.

Why is Footprinting Necessary


prohibited.

Unearthing Initial Information


prohibited.

Finding a Company’s URL


prohibited.

Tool: WebFerret


prohibited.

Extracting Archive 0f a Website


prohibited.

www.archive.org


prohibited.

www.archive.org (cont’d)


prohibited.

Anonymity with Caches


prohibited.

Yahoo People Search


prohibited.

Footprinting Through Job Sites


prohibited.

• Industry trade associations may provide information about the target network as well

Footprinting Through Industry Sites


prohibited.

Passive Information Gathering


prohibited.

Competitive Intelligence Gathering


prohibited.

Tool: HTTrack Web Site Copier


prohibited.

Tool: SpiderFoot


prohibited.

Tool: Expired Domains


prohibited.

Tool: Maltego


prohibited.

E-Mail Spiders


prohibited.

Part 2: Google Hacking


prohibited.

What is Google Hacking


prohibited.

What a Hacker Can Find With Google Hacking


prohibited.

SiteDigger Tool


prohibited.

C|EH Cont.


prohibited.

Source Decks continue on with complete presentations of:

•Scanning

•Gaining Access

•Maintaining Access

•Covering Your Tracks

Over 3500 Tools, virus;, malware, robo-demo videos recorded in our advanced hacking lab, and examples included in curriculum.

Conclusion

Thank you for your Time. Discussion is now open.

Contact:

EC-Council:

Steven GrahamSenior Director | [email protected] Osuna NE,Albuquerque, NM 87109Web: http://iclass.eccouncil.org/US Office: 505.341.3228 x102

Presentation Sources:EC-Councilwww.eccouncil.orgiclass.eccouncil.orgUSA Today:http://www.usatoday.com/money/perfi/credit/2009-01-20-heartland-credit-card-security-breach_N.htmHeartland Processing Systemswww.2008breach.comSecure Workshttp://www.secureworks.com/media/press_releases/20080922-attacks/EC-CouncilCertified Ethical Hacker Curriculum Version 6.0 – BotnetsDepartment of Defense (US)http://www.dhs.gov/xlibrary/assets/National_Cyberspace_Strategy.pdf

Cengage:

Elizabeth SuggSenior Curriculum Services Manager, Digital Solutions GroupCengage LearningPO Box 563, Nyack, New York 10960 c 845-337-0253(o) 845-358-4836| (e) [email protected] | www.cengage.com

http://iclass.eccouncil.org/

mailto:[email protected]

http://www.cengage.com/

are your students ready to play the (ethical) hacking game?

Documents

national security

security roles

heartland systems

preventative security

specific information

heartland breach cyber

heartland payment systems

important cyber war