introduction to ict security audit owasp day malaysia 2011
DESCRIPTION
Introduction To ICT Security Audit OWASP Day Malaysia 2011 by Harisfazillah Jamel or LinuxMalaysia during OWASP Day Malaysia 2011 20 Sept 2011.TRANSCRIPT
![Page 1: Introduction To ICT Security Audit OWASP Day Malaysia 2011](https://reader034.vdocuments.mx/reader034/viewer/2022051209/547b91c8b4af9f881e8b45ae/html5/thumbnails/1.jpg)
Introduction IT Audit & Assessment20 Sept 2011
OWASP Day Malaysia 2011
https://www.owasp.org/index.php/OWASP_Day_KL_2011
![Page 2: Introduction To ICT Security Audit OWASP Day Malaysia 2011](https://reader034.vdocuments.mx/reader034/viewer/2022051209/547b91c8b4af9f881e8b45ae/html5/thumbnails/2.jpg)
Agenda
● Objective of The Day● Identified The Risks● Who should be involved● Where To Starts● What To Audit● When To Audit● How To Do It
![Page 3: Introduction To ICT Security Audit OWASP Day Malaysia 2011](https://reader034.vdocuments.mx/reader034/viewer/2022051209/547b91c8b4af9f881e8b45ae/html5/thumbnails/3.jpg)
Objective
• Harden Our Servers• In Depth Defense
• Find the loophole• Find the zero day
![Page 4: Introduction To ICT Security Audit OWASP Day Malaysia 2011](https://reader034.vdocuments.mx/reader034/viewer/2022051209/547b91c8b4af9f881e8b45ae/html5/thumbnails/4.jpg)
Risk
Only one risk – Human
To Err Is Human
![Page 5: Introduction To ICT Security Audit OWASP Day Malaysia 2011](https://reader034.vdocuments.mx/reader034/viewer/2022051209/547b91c8b4af9f881e8b45ae/html5/thumbnails/5.jpg)
Its our job to find it. :-)
![Page 6: Introduction To ICT Security Audit OWASP Day Malaysia 2011](https://reader034.vdocuments.mx/reader034/viewer/2022051209/547b91c8b4af9f881e8b45ae/html5/thumbnails/6.jpg)
Risks
● Not a latest Patches● Forget my password● Allow all, Deny None● Install everything● Share anything● Phishing● No backup
![Page 7: Introduction To ICT Security Audit OWASP Day Malaysia 2011](https://reader034.vdocuments.mx/reader034/viewer/2022051209/547b91c8b4af9f881e8b45ae/html5/thumbnails/7.jpg)
Not The Latest Patches
● Be alert– http://www.mycert.org.my/en/
– http://www.securityfocus.com/
– http://packetstormsecurity.org/
– http://gcert.mampu.gov.my/
– http://www.cert.org/certcc.html
Internet Storm Center
– http://isc.sans.edu/
Patches Priority One
– http://www.sans.org/top-cyber-security-risks/
![Page 8: Introduction To ICT Security Audit OWASP Day Malaysia 2011](https://reader034.vdocuments.mx/reader034/viewer/2022051209/547b91c8b4af9f881e8b45ae/html5/thumbnails/8.jpg)
Lab One
● Subscribe websites to Google Reader
● http://www.kb.cert.org/vuls/
![Page 9: Introduction To ICT Security Audit OWASP Day Malaysia 2011](https://reader034.vdocuments.mx/reader034/viewer/2022051209/547b91c8b4af9f881e8b45ae/html5/thumbnails/9.jpg)
Forget My Password
● We will use easy password● Password must = Senang nak ingat, susah nak
teka.
● Don't leak the hash● Generate MD5 hash
– http://md5crack.com/crackmd5.php
● Crack MD5– http://isc.sans.edu/tools/reversehash.html
![Page 10: Introduction To ICT Security Audit OWASP Day Malaysia 2011](https://reader034.vdocuments.mx/reader034/viewer/2022051209/547b91c8b4af9f881e8b45ae/html5/thumbnails/10.jpg)
Lab Two
● Crack this– password
– abc123
– haris
– Your own name
– Birthday date in numbers
– Birthday date in any format
![Page 11: Introduction To ICT Security Audit OWASP Day Malaysia 2011](https://reader034.vdocuments.mx/reader034/viewer/2022051209/547b91c8b4af9f881e8b45ae/html5/thumbnails/11.jpg)
Allow All Deny None
● Any ports outbound open● Not proxy between LAN and Internet● Used by BOT to attack and comm with BOSS
![Page 12: Introduction To ICT Security Audit OWASP Day Malaysia 2011](https://reader034.vdocuments.mx/reader034/viewer/2022051209/547b91c8b4af9f881e8b45ae/html5/thumbnails/12.jpg)
Lab Three
● Telnet– Telnet in CMD and Shell
– Port 80 GET /index.htm HTTP/1.1 and enter twice
– Port 25 helo and quit
● Visit this website– http://www.yougetsignal.com/tools/open-ports/
– http://canyouseeme.org/
![Page 13: Introduction To ICT Security Audit OWASP Day Malaysia 2011](https://reader034.vdocuments.mx/reader034/viewer/2022051209/547b91c8b4af9f881e8b45ae/html5/thumbnails/13.jpg)
Install Everything
● To many patches● To many services● Only select what you want
![Page 14: Introduction To ICT Security Audit OWASP Day Malaysia 2011](https://reader034.vdocuments.mx/reader034/viewer/2022051209/547b91c8b4af9f881e8b45ae/html5/thumbnails/14.jpg)
Share Everything
● Windows Share permission “every body”– Don't trust your network
● Putting files in web servers– Google BOT nyum-nyum
![Page 15: Introduction To ICT Security Audit OWASP Day Malaysia 2011](https://reader034.vdocuments.mx/reader034/viewer/2022051209/547b91c8b4af9f881e8b45ae/html5/thumbnails/15.jpg)
Lab Four
● Google own name in PDF files– harisfazillah filetype:pdf
● You own IC numbers (with and without -)– Do this on your own
![Page 16: Introduction To ICT Security Audit OWASP Day Malaysia 2011](https://reader034.vdocuments.mx/reader034/viewer/2022051209/547b91c8b4af9f881e8b45ae/html5/thumbnails/16.jpg)
Phishing
● The most used tactic to gain password– Email
– Phone
![Page 17: Introduction To ICT Security Audit OWASP Day Malaysia 2011](https://reader034.vdocuments.mx/reader034/viewer/2022051209/547b91c8b4af9f881e8b45ae/html5/thumbnails/17.jpg)
Lab Five
● Track your organisation here– http://www.phishtank.com/
● You will never know, you are the target.● Defacement Archive
– http://www.zone-h.org/archive
![Page 18: Introduction To ICT Security Audit OWASP Day Malaysia 2011](https://reader034.vdocuments.mx/reader034/viewer/2022051209/547b91c8b4af9f881e8b45ae/html5/thumbnails/18.jpg)
Break
Jom Minum
![Page 19: Introduction To ICT Security Audit OWASP Day Malaysia 2011](https://reader034.vdocuments.mx/reader034/viewer/2022051209/547b91c8b4af9f881e8b45ae/html5/thumbnails/19.jpg)
?- The Management
- ICT- Me
Everybody need to be involved
Who
![Page 21: Introduction To ICT Security Audit OWASP Day Malaysia 2011](https://reader034.vdocuments.mx/reader034/viewer/2022051209/547b91c8b4af9f881e8b45ae/html5/thumbnails/21.jpg)
Where To Start
● Any servers that have IP address– Public or Internal
– Heavy traffic websites and Email
● LAN– Review firewall and proxy log
– SMTP activities
– IRC bot activities
– HTTP and HTTPS requests
– Minitor network traffic
![Page 22: Introduction To ICT Security Audit OWASP Day Malaysia 2011](https://reader034.vdocuments.mx/reader034/viewer/2022051209/547b91c8b4af9f881e8b45ae/html5/thumbnails/22.jpg)
Lab Seven
● Get the bootable CD● tcpdump● wireshark● Any network analysis tools
![Page 23: Introduction To ICT Security Audit OWASP Day Malaysia 2011](https://reader034.vdocuments.mx/reader034/viewer/2022051209/547b91c8b4af9f881e8b45ae/html5/thumbnails/23.jpg)
When To Do It
● A must every 6 months● Any security warning
![Page 24: Introduction To ICT Security Audit OWASP Day Malaysia 2011](https://reader034.vdocuments.mx/reader034/viewer/2022051209/547b91c8b4af9f881e8b45ae/html5/thumbnails/24.jpg)
Contact
http://green-osstools.blogspot.com/