Партньорска ценова листа IP видеонаблюдение · НОВИ ТЕХНОЛОГИИ И ПРОДУКТИ В СИСТЕМИТЕ ЗА СИГУРНОСТ
Асоциация за информационна сигурност Мрежова...
-
Upload
sheila-floyd -
Category
Documents
-
view
227 -
download
0
description
Transcript of Асоциация за информационна сигурност Мрежова...
Асоциация за информационна
сигурност www.iseca.org
Мрежова сигурност 1
изборен курс във ФМИ на СУпонеделник , зала 325, ФМИ, 19:00четвъртък, зала 200, ФМИ, 19:00
Лекция 3.11 :-)Windows
Windows General Windows User roles Type of targets Type of attacks Example attacks Attack prevention Hardening Windows
Windows general Windows role Windows and the others Patch management Today role of the security
User Roles Local System Administrator User Special Roles
Type of targets Services Applications Registry Users Permissions Passwords
Type of attacks Information gathering
Error messages enumerations
Programming errors Buffer overflows Format strings Other
Type of attacks DoS
resource consume Others
Misconfiguration Privileges
More privileges Not dropped privileges
Type of attacks User
Lack of security knowledge Misleading Boredom
Local attacks On site
Password dumping Off site
Type of attacks Hiding
Root Kits NTFS Registry
Example attacks Information gathering
Snmpwalk Path disclosure Banner matching
Programming errors Code red – IIS /default.ida?
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a
Example attacks SASSER Local Security Authority Subsystem Service - Lsasrv.dll RPC buffer overflow allows remote attackers to execute arbitrary code via a packet that causes the
DsRolerUpgradeDownlevelServer function to create long debug entries for the DCPROMO.LOG log file
Windows WMF The vulnerability is caused due to an error in the handling of Windows Metafile
files (‘.wmf’) containing specially crafted SETABORTPROC ‘Escape’ records. Such records allow arbitrary user-defined function to be executed when the rendering of a WMF file fails.” According to the Windows 3.1 SDK docs, the SETABORTPROC escape was obsoleted and replaced by the function of the same name in Windows 3.1, long before the WMF vulnerability took advantage of it
Local privileges escalation attacks
Example attacks Microsoft Word document handling
buffer overflow A memory corruption vulnerability in Microsoft Word could allow a remote attacker to execute
arbitrary code with the privileges of the user running Word.
Example attacks DoS
TCP/IP Microsoft Windows 2000 empty TCP packet denial of service
Microsoft Windows 2000 is vulnerable to a denial of service attack. A remote attacker can send a stream of empty TCP packets to the NetBIOS port (TCP port 139) to consume all available system memory
Applications IIS DOS
POST /_vti_bin/shtml.dll HTTP/1.0Host: [32762 '/' characters]Content-length: 22This will cause the web service to consume 99% of the CPU for about 35 seconds. During this time, no other HTTP requests will be serviced.
Example attacks Enumerations
Shares Netbios Auditing Tool
Accounts @stake LC 5
Other bindview enum
enum is a console-based Win32 information enumeration utility. Using null sessions, enum can retrieve userlists, machine lists, sharelists, namelists, group and member lists, password and LSA policy information. enum is also capable of a rudimentary brute force dictionary attack on individual accounts.
Example attacks Misconfiguration
Registry permissions Files / Directory permissions
Privileges Higher privileges than needed
Example attacks Hiding
Root kits Trojans
Attack prevention OS side
DEP – Data Execution Prevention Randomization Safe libs Registry tweaks
IDS Deep packet inspection Honeypots
Updates
Hardening Safe coding Best practices Lock tools Education of users Good security polices
Password polices Access polices