some “ethical hacking” case studies peter wood firstbase technologies
TRANSCRIPT
![Page 1: Some “Ethical Hacking” Case Studies Peter Wood FirstBase Technologies](https://reader036.vdocuments.mx/reader036/viewer/2022062304/56649d215503460f949f638b/html5/thumbnails/1.jpg)
Some “Ethical Hacking”Case Studies
Peter WoodFirst•Base
Technologies
![Page 2: Some “Ethical Hacking” Case Studies Peter Wood FirstBase Technologies](https://reader036.vdocuments.mx/reader036/viewer/2022062304/56649d215503460f949f638b/html5/thumbnails/2.jpg)
Slide 2 © First Base Technologies 2003
How much damagecan a security breach cause?
• 44% of UK businesses suffered at least one malicious security breach in 2002
• The average cost was £30,000
• Several cost more than £500,000
• and these are just the reported incidents …!
Source: The DTI Information Security Breaches survey
![Page 3: Some “Ethical Hacking” Case Studies Peter Wood FirstBase Technologies](https://reader036.vdocuments.mx/reader036/viewer/2022062304/56649d215503460f949f638b/html5/thumbnails/3.jpg)
Slide 3 © First Base Technologies 2003
The External Hacker
![Page 4: Some “Ethical Hacking” Case Studies Peter Wood FirstBase Technologies](https://reader036.vdocuments.mx/reader036/viewer/2022062304/56649d215503460f949f638b/html5/thumbnails/4.jpg)
Slide 4 © First Base Technologies 2003
Desktop PC
Client's business partnerMy Client
Bridge Bridge
Dia
l-in
from
hom
e Dial-up ISDN connection
Internet
Firewall
Leas
ed lin
e
Web Developer
![Page 5: Some “Ethical Hacking” Case Studies Peter Wood FirstBase Technologies](https://reader036.vdocuments.mx/reader036/viewer/2022062304/56649d215503460f949f638b/html5/thumbnails/5.jpg)
Slide 5 © First Base Technologies 2003
Desktop PC
Client's business partnerMy Client
Bridge Bridge
Dia
l-in
from
hom
e Dial-up ISDN connection
Internet
Firewall
Leas
ed lin
e
Web Developer
Secure the
desktop
Secure the
network
Secure third-party connections
Secure Internet
connections
![Page 6: Some “Ethical Hacking” Case Studies Peter Wood FirstBase Technologies](https://reader036.vdocuments.mx/reader036/viewer/2022062304/56649d215503460f949f638b/html5/thumbnails/6.jpg)
Slide 6 © First Base Technologies 2003
The Inside Hacker
![Page 7: Some “Ethical Hacking” Case Studies Peter Wood FirstBase Technologies](https://reader036.vdocuments.mx/reader036/viewer/2022062304/56649d215503460f949f638b/html5/thumbnails/7.jpg)
Slide 7 © First Base Technologies 2003
Plug and go
Ethernet ports are never disabled ….
… or just steal a connection from a desktop
NetBIOS tells you lots and lots ……
…. And you don’t need to be logged on
![Page 8: Some “Ethical Hacking” Case Studies Peter Wood FirstBase Technologies](https://reader036.vdocuments.mx/reader036/viewer/2022062304/56649d215503460f949f638b/html5/thumbnails/8.jpg)
Slide 8 © First Base Technologies 2003
Get yourself an IP address
• Use DHCP since almost everyone does!
• Or … use a sniffer to see broadcast packets (even in a switched network) and try some suitable addresses
![Page 9: Some “Ethical Hacking” Case Studies Peter Wood FirstBase Technologies](https://reader036.vdocuments.mx/reader036/viewer/2022062304/56649d215503460f949f638b/html5/thumbnails/9.jpg)
Slide 9 © First Base Technologies 2003
Browse the network
![Page 10: Some “Ethical Hacking” Case Studies Peter Wood FirstBase Technologies](https://reader036.vdocuments.mx/reader036/viewer/2022062304/56649d215503460f949f638b/html5/thumbnails/10.jpg)
Slide 10 © First Base Technologies 2003
Pick a target machine
Pick a target
![Page 11: Some “Ethical Hacking” Case Studies Peter Wood FirstBase Technologies](https://reader036.vdocuments.mx/reader036/viewer/2022062304/56649d215503460f949f638b/html5/thumbnails/11.jpg)
Slide 11 © First Base Technologies 2003
Try null sessions ...
![Page 12: Some “Ethical Hacking” Case Studies Peter Wood FirstBase Technologies](https://reader036.vdocuments.mx/reader036/viewer/2022062304/56649d215503460f949f638b/html5/thumbnails/12.jpg)
Slide 12 © First Base Technologies 2003
List privileged users
![Page 13: Some “Ethical Hacking” Case Studies Peter Wood FirstBase Technologies](https://reader036.vdocuments.mx/reader036/viewer/2022062304/56649d215503460f949f638b/html5/thumbnails/13.jpg)
Slide 13 © First Base Technologies 2003
Typical passwords
• administrator
• arcserve
• test
• username
• backup
• tivoli
• backupexec
• smsservice
• … any service account
null, password, administrator
arcserve, backup
test, password
password, monday, football
backup
tivoli
backup
smsservice
… same as account name
![Page 14: Some “Ethical Hacking” Case Studies Peter Wood FirstBase Technologies](https://reader036.vdocuments.mx/reader036/viewer/2022062304/56649d215503460f949f638b/html5/thumbnails/14.jpg)
Slide 14 © First Base Technologies 2003
Game over!
![Page 15: Some “Ethical Hacking” Case Studies Peter Wood FirstBase Technologies](https://reader036.vdocuments.mx/reader036/viewer/2022062304/56649d215503460f949f638b/html5/thumbnails/15.jpg)
Slide 15 © First Base Technologies 2003
The Inside-Out Hacker
![Page 16: Some “Ethical Hacking” Case Studies Peter Wood FirstBase Technologies](https://reader036.vdocuments.mx/reader036/viewer/2022062304/56649d215503460f949f638b/html5/thumbnails/16.jpg)
Slide 16 © First Base Technologies 2003
Senior person - laptop at home
Laptop
Internet
![Page 17: Some “Ethical Hacking” Case Studies Peter Wood FirstBase Technologies](https://reader036.vdocuments.mx/reader036/viewer/2022062304/56649d215503460f949f638b/html5/thumbnails/17.jpg)
Slide 17 © First Base Technologies 2003
… opens attachment
Laptop
Internet
Trojan software now silently
installed
![Page 18: Some “Ethical Hacking” Case Studies Peter Wood FirstBase Technologies](https://reader036.vdocuments.mx/reader036/viewer/2022062304/56649d215503460f949f638b/html5/thumbnails/18.jpg)
Slide 18 © First Base Technologies 2003
… takes laptop to work
Corporate NetworkLaptop Laptop
Firewall
Internet
![Page 19: Some “Ethical Hacking” Case Studies Peter Wood FirstBase Technologies](https://reader036.vdocuments.mx/reader036/viewer/2022062304/56649d215503460f949f638b/html5/thumbnails/19.jpg)
Slide 19 © First Base Technologies 2003
… trojan sees what they see
Corporate NetworkLaptop
Firewall
Internet
Finance Server HR Server
![Page 20: Some “Ethical Hacking” Case Studies Peter Wood FirstBase Technologies](https://reader036.vdocuments.mx/reader036/viewer/2022062304/56649d215503460f949f638b/html5/thumbnails/20.jpg)
Slide 20 © First Base Technologies 2003
Information flows out of the organisation
Corporate NetworkLaptop
Firewall
Internet
Finance Server HR Server
Evil server
![Page 21: Some “Ethical Hacking” Case Studies Peter Wood FirstBase Technologies](https://reader036.vdocuments.mx/reader036/viewer/2022062304/56649d215503460f949f638b/html5/thumbnails/21.jpg)
Slide 21 © First Base Technologies 2003
Physical Attacks
![Page 22: Some “Ethical Hacking” Case Studies Peter Wood FirstBase Technologies](https://reader036.vdocuments.mx/reader036/viewer/2022062304/56649d215503460f949f638b/html5/thumbnails/22.jpg)
Slide 22 © First Base Technologies 2003
What NT password?
![Page 23: Some “Ethical Hacking” Case Studies Peter Wood FirstBase Technologies](https://reader036.vdocuments.mx/reader036/viewer/2022062304/56649d215503460f949f638b/html5/thumbnails/23.jpg)
Slide 23 © First Base Technologies 2003
NTFSDOS
![Page 24: Some “Ethical Hacking” Case Studies Peter Wood FirstBase Technologies](https://reader036.vdocuments.mx/reader036/viewer/2022062304/56649d215503460f949f638b/html5/thumbnails/24.jpg)
Slide 24 © First Base Technologies 2003
Keyghost
![Page 25: Some “Ethical Hacking” Case Studies Peter Wood FirstBase Technologies](https://reader036.vdocuments.mx/reader036/viewer/2022062304/56649d215503460f949f638b/html5/thumbnails/25.jpg)
Slide 25 © First Base Technologies 2003
KeyGhost - keystroke capture
Keystrokes recorded so far is 2706 out of 107250 ...
<PWR><CAD>fsmith<tab><tab>arabella xxxxxxx <tab><tab> None<tab><tab> None<tab><tab> None<tab><tab> <CAD> arabella<CAD><CAD> arabella<CAD><CAD> arabellaexittracert 192.168.137.240telnet 192.168.137.240cisco
![Page 26: Some “Ethical Hacking” Case Studies Peter Wood FirstBase Technologies](https://reader036.vdocuments.mx/reader036/viewer/2022062304/56649d215503460f949f638b/html5/thumbnails/26.jpg)
Slide 26 © First Base Technologies 2003
Viewing Password-Protected Files
![Page 27: Some “Ethical Hacking” Case Studies Peter Wood FirstBase Technologies](https://reader036.vdocuments.mx/reader036/viewer/2022062304/56649d215503460f949f638b/html5/thumbnails/27.jpg)
Slide 27 © First Base Technologies 2003
Office Documents
![Page 28: Some “Ethical Hacking” Case Studies Peter Wood FirstBase Technologies](https://reader036.vdocuments.mx/reader036/viewer/2022062304/56649d215503460f949f638b/html5/thumbnails/28.jpg)
Slide 28 © First Base Technologies 2003
Zip Files
![Page 29: Some “Ethical Hacking” Case Studies Peter Wood FirstBase Technologies](https://reader036.vdocuments.mx/reader036/viewer/2022062304/56649d215503460f949f638b/html5/thumbnails/29.jpg)
Slide 29 © First Base Technologies 2003
Plain Text Passwords
![Page 30: Some “Ethical Hacking” Case Studies Peter Wood FirstBase Technologies](https://reader036.vdocuments.mx/reader036/viewer/2022062304/56649d215503460f949f638b/html5/thumbnails/30.jpg)
Slide 30 © First Base Technologies 2003
Netlogon
In the unprotected netlogon share on a server:
logon scripts can contain:net use \\server\share “password” /u:“user”
![Page 31: Some “Ethical Hacking” Case Studies Peter Wood FirstBase Technologies](https://reader036.vdocuments.mx/reader036/viewer/2022062304/56649d215503460f949f638b/html5/thumbnails/31.jpg)
Slide 31 © First Base Technologies 2003
Registry scripts
In shared directories you may find.reg files like this:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]"DefaultUserName"="username""DefaultPassword"="password""AutoAdminLogon"="1"
![Page 32: Some “Ethical Hacking” Case Studies Peter Wood FirstBase Technologies](https://reader036.vdocuments.mx/reader036/viewer/2022062304/56649d215503460f949f638b/html5/thumbnails/32.jpg)
Slide 32 © First Base Technologies 2003
Passwords inprocedures & documents
![Page 33: Some “Ethical Hacking” Case Studies Peter Wood FirstBase Technologies](https://reader036.vdocuments.mx/reader036/viewer/2022062304/56649d215503460f949f638b/html5/thumbnails/33.jpg)
Slide 33 © First Base Technologies 2003
Packet sniffingGenerated by : TCP.demux V1.02Input File: carol.capOutput File: TB000463.txtSummary File: summary.txtDate Generated: Thu Jan 27 08:43:08 2000
10.1.1.82 103610.1.2.205 23 (telnet)
UnixWare 2.1.3 (mikew) (pts/31).
login:
cl_Carol
Password:
carol1zz
UnixWare 2.1.3.mikew.Copyright 1996 The Santa Cruz Operation, Inc. All Rights Reserved..Copyright 1984-1995 Novell, Inc. All Rights Reserved..Copyright 1987, 1988 Microsoft Corp. All Rights Reserved..U.S. Pat. No. 5,349,642.
• Leave the sniffer running
• Capture all packets to port 23 or 21
• The result ...
![Page 34: Some “Ethical Hacking” Case Studies Peter Wood FirstBase Technologies](https://reader036.vdocuments.mx/reader036/viewer/2022062304/56649d215503460f949f638b/html5/thumbnails/34.jpg)
Slide 34 © First Base Technologies 2003
Port scan
![Page 35: Some “Ethical Hacking” Case Studies Peter Wood FirstBase Technologies](https://reader036.vdocuments.mx/reader036/viewer/2022062304/56649d215503460f949f638b/html5/thumbnails/35.jpg)
Slide 35 © First Base Technologies 2003
Brutus dictionary attack
![Page 36: Some “Ethical Hacking” Case Studies Peter Wood FirstBase Technologies](https://reader036.vdocuments.mx/reader036/viewer/2022062304/56649d215503460f949f638b/html5/thumbnails/36.jpg)
Slide 36 © First Base Technologies 2003
NT Password Cracking
![Page 37: Some “Ethical Hacking” Case Studies Peter Wood FirstBase Technologies](https://reader036.vdocuments.mx/reader036/viewer/2022062304/56649d215503460f949f638b/html5/thumbnails/37.jpg)
Slide 37 © First Base Technologies 2003
How to get the NT SAM
• On any NT/W2K machine:- In memory (registry)- c:\winnt\repair\sam (invoke rdisk?)- Emergency Repair Disk- Backup tapes- Sniffing (L0phtcrack)
• Run L0phtcrack on the SAM ….
![Page 38: Some “Ethical Hacking” Case Studies Peter Wood FirstBase Technologies](https://reader036.vdocuments.mx/reader036/viewer/2022062304/56649d215503460f949f638b/html5/thumbnails/38.jpg)
Slide 38 © First Base Technologies 2003
End of part one!
![Page 39: Some “Ethical Hacking” Case Studies Peter Wood FirstBase Technologies](https://reader036.vdocuments.mx/reader036/viewer/2022062304/56649d215503460f949f638b/html5/thumbnails/39.jpg)
And how to prevent it!
Peter WoodFirst•Base
Technologies
![Page 40: Some “Ethical Hacking” Case Studies Peter Wood FirstBase Technologies](https://reader036.vdocuments.mx/reader036/viewer/2022062304/56649d215503460f949f638b/html5/thumbnails/40.jpg)
Slide 40 © First Base Technologies 2003
Prevention is better ...
• Harden the servers
• Monitor alerts (e.g. www.sans.org)
• Scan, test and apply patches
• Monitor logs
• Good physical security
• Intrusion detection systems
• Train the technical staff on security
• Serious policy and procedures!
![Page 41: Some “Ethical Hacking” Case Studies Peter Wood FirstBase Technologies](https://reader036.vdocuments.mx/reader036/viewer/2022062304/56649d215503460f949f638b/html5/thumbnails/41.jpg)
Slide 41 © First Base Technologies 2003
Server hardening
• HardNT40rev1.pdf (www.fbtechies.co.uk)
• HardenW2K101.pdf (www.fbtechies.co.uk)
• FAQ for How to Secure Windows NT (www.sans.org)
• Fundamental Steps to Harden Windows NT 4_0 (www.sans.org)
• ISF NT Checklist v2 (www.securityforum.org)
• http://www.microsoft.com/technet/security/bestprac/default.asp
• Lockdown.pdf (www.iss.net)
• Windows NT Security Guidelines (nsa1.www.conxion.com)
• NTBugtraq FAQs (http://ntbugtraq.ntadvice.com/default.asp?pid=37&sid=1)
• Securing Windows 2000 (www.sans.org)
• Securing Windows 2000 Server (www.sans.org)
• Windows 2000 Known Vulnerabilities and Their Fixes (www.sans.org)
• SANS step-by-step guides
![Page 42: Some “Ethical Hacking” Case Studies Peter Wood FirstBase Technologies](https://reader036.vdocuments.mx/reader036/viewer/2022062304/56649d215503460f949f638b/html5/thumbnails/42.jpg)
Slide 42 © First Base Technologies 2003
Alerts
• www.sans.org
• www.cert.org
• www.microsoft.com/security
• www.ntbugtraq.com
• www.winnetmag.com
• razor.bindview.com
• eeye.com
• Security Pro News (ientrymail.com)
![Page 43: Some “Ethical Hacking” Case Studies Peter Wood FirstBase Technologies](https://reader036.vdocuments.mx/reader036/viewer/2022062304/56649d215503460f949f638b/html5/thumbnails/43.jpg)
Slide 43 © First Base Technologies 2003
Scan and apply patches
![Page 44: Some “Ethical Hacking” Case Studies Peter Wood FirstBase Technologies](https://reader036.vdocuments.mx/reader036/viewer/2022062304/56649d215503460f949f638b/html5/thumbnails/44.jpg)
Slide 44 © First Base Technologies 2003
Monitor logs
![Page 45: Some “Ethical Hacking” Case Studies Peter Wood FirstBase Technologies](https://reader036.vdocuments.mx/reader036/viewer/2022062304/56649d215503460f949f638b/html5/thumbnails/45.jpg)
Slide 45 © First Base Technologies 2003
Good physical security
• Perimeter security
• Computer room security
• Desktop security
• Close monitoring of admin’s work areas
• No floppy drives?
• No bootable CDs?
![Page 46: Some “Ethical Hacking” Case Studies Peter Wood FirstBase Technologies](https://reader036.vdocuments.mx/reader036/viewer/2022062304/56649d215503460f949f638b/html5/thumbnails/46.jpg)
Slide 46 © First Base Technologies 2003
Intrusion detection
• RealSecure
• Tripwire
• Dragon
• Snort
• www.networkintrusion.co.uk for guidance
![Page 47: Some “Ethical Hacking” Case Studies Peter Wood FirstBase Technologies](https://reader036.vdocuments.mx/reader036/viewer/2022062304/56649d215503460f949f638b/html5/thumbnails/47.jpg)
Slide 47 © First Base Technologies 2003
Security Awareness
• Sharing admin accounts
• Service accounts
• Account naming conventions
• Server naming conventions
• Hardening
• Passwords (understand NT passwords!)
• Two-factor authentication?
![Page 48: Some “Ethical Hacking” Case Studies Peter Wood FirstBase Technologies](https://reader036.vdocuments.mx/reader036/viewer/2022062304/56649d215503460f949f638b/html5/thumbnails/48.jpg)
Slide 48 © First Base Technologies 2003
Serious Policy & Procedures
• Top-down commitment
• Investment
• Designed-in security
• Regular audits
• Regular penetration testing
• Education & awareness
![Page 49: Some “Ethical Hacking” Case Studies Peter Wood FirstBase Technologies](https://reader036.vdocuments.mx/reader036/viewer/2022062304/56649d215503460f949f638b/html5/thumbnails/49.jpg)
Slide 49 © First Base Technologies 2003
Peter Wood
www.fbtechies.co.uk
Need more information?