2016 TTL Security Gap Analysis with Kali Linux
-
Upload
jason-murray -
Category
Technology
-
view
500 -
download
0
Transcript of 2016 TTL Security Gap Analysis with Kali Linux
![Page 1: 2016 TTL Security Gap Analysis with Kali Linux](https://reader035.fdocuments.in/reader035/viewer/2022062900/58ed33241a28abf1438b4581/html5/thumbnails/1.jpg)
Gap Analysis & Security Evaluation
Jason Murray, D.CSCornwall-Lebanon SD
www.slideshare.net/jasonmurray72
![Page 2: 2016 TTL Security Gap Analysis with Kali Linux](https://reader035.fdocuments.in/reader035/viewer/2022062900/58ed33241a28abf1438b4581/html5/thumbnails/2.jpg)
Goals
• Awareness• Information Gathering• Phases of Exploitation– Think like a hacker
• Security Gap Analysis Framework• Demonstrate a few Kali Linux tools
![Page 3: 2016 TTL Security Gap Analysis with Kali Linux](https://reader035.fdocuments.in/reader035/viewer/2022062900/58ed33241a28abf1438b4581/html5/thumbnails/3.jpg)
How vulnerable are you?
![Page 4: 2016 TTL Security Gap Analysis with Kali Linux](https://reader035.fdocuments.in/reader035/viewer/2022062900/58ed33241a28abf1438b4581/html5/thumbnails/4.jpg)
![Page 5: 2016 TTL Security Gap Analysis with Kali Linux](https://reader035.fdocuments.in/reader035/viewer/2022062900/58ed33241a28abf1438b4581/html5/thumbnails/5.jpg)
How easy is it to gather information?
![Page 6: 2016 TTL Security Gap Analysis with Kali Linux](https://reader035.fdocuments.in/reader035/viewer/2022062900/58ed33241a28abf1438b4581/html5/thumbnails/6.jpg)
FireForce
![Page 7: 2016 TTL Security Gap Analysis with Kali Linux](https://reader035.fdocuments.in/reader035/viewer/2022062900/58ed33241a28abf1438b4581/html5/thumbnails/7.jpg)
![Page 8: 2016 TTL Security Gap Analysis with Kali Linux](https://reader035.fdocuments.in/reader035/viewer/2022062900/58ed33241a28abf1438b4581/html5/thumbnails/8.jpg)
sqlmap –u [URL]
![Page 9: 2016 TTL Security Gap Analysis with Kali Linux](https://reader035.fdocuments.in/reader035/viewer/2022062900/58ed33241a28abf1438b4581/html5/thumbnails/9.jpg)
What happens if we become a target?
![Page 10: 2016 TTL Security Gap Analysis with Kali Linux](https://reader035.fdocuments.in/reader035/viewer/2022062900/58ed33241a28abf1438b4581/html5/thumbnails/10.jpg)
5 Phases of Exploitation
1. Reconnaissance2. Scanning3. Gaining Access4. Maintaining Access5. Covering Tracks
![Page 11: 2016 TTL Security Gap Analysis with Kali Linux](https://reader035.fdocuments.in/reader035/viewer/2022062900/58ed33241a28abf1438b4581/html5/thumbnails/11.jpg)
Reconnaissance
• Target– Internal DNS– Private Website– Dumpster Diving– Shoulder Surfing– Eavesdropping
![Page 12: 2016 TTL Security Gap Analysis with Kali Linux](https://reader035.fdocuments.in/reader035/viewer/2022062900/58ed33241a28abf1438b4581/html5/thumbnails/12.jpg)
Reconnaissance – Whiteboarding
• Phone• Network• Websites• Email • Google• WhoIs• AnyWho• DNS• Social Network
• IP Blocks• Net Blocks• Web Server
Content• Source Code• Directories• Databases• Search Engines• URL Analysis
• Google Earth• People Sites• Financial Analysis• Job Sites• Alert Websites• Archive Sites• Web Monitoring• Google Dorking
![Page 13: 2016 TTL Security Gap Analysis with Kali Linux](https://reader035.fdocuments.in/reader035/viewer/2022062900/58ed33241a28abf1438b4581/html5/thumbnails/13.jpg)
Target - Demo
![Page 15: 2016 TTL Security Gap Analysis with Kali Linux](https://reader035.fdocuments.in/reader035/viewer/2022062900/58ed33241a28abf1438b4581/html5/thumbnails/15.jpg)
![Page 16: 2016 TTL Security Gap Analysis with Kali Linux](https://reader035.fdocuments.in/reader035/viewer/2022062900/58ed33241a28abf1438b4581/html5/thumbnails/16.jpg)
Scanning
• Layer 4 – TCP (flags) & UDP• Layer 3 – IP (v4 or v6) & ICMP– Host– Ports & Services– Vulnerabilities– Diagrams
![Page 17: 2016 TTL Security Gap Analysis with Kali Linux](https://reader035.fdocuments.in/reader035/viewer/2022062900/58ed33241a28abf1438b4581/html5/thumbnails/17.jpg)
Scanning - Tools
• DNS Enumeration• nikTo• hping3• NMAP– ZenMap
![Page 18: 2016 TTL Security Gap Analysis with Kali Linux](https://reader035.fdocuments.in/reader035/viewer/2022062900/58ed33241a28abf1438b4581/html5/thumbnails/18.jpg)
Advanced
• Gaining Access• Maintaining Access• Covering Tracks
![Page 19: 2016 TTL Security Gap Analysis with Kali Linux](https://reader035.fdocuments.in/reader035/viewer/2022062900/58ed33241a28abf1438b4581/html5/thumbnails/19.jpg)
Avoid Getting Targeted
![Page 20: 2016 TTL Security Gap Analysis with Kali Linux](https://reader035.fdocuments.in/reader035/viewer/2022062900/58ed33241a28abf1438b4581/html5/thumbnails/20.jpg)
![Page 21: 2016 TTL Security Gap Analysis with Kali Linux](https://reader035.fdocuments.in/reader035/viewer/2022062900/58ed33241a28abf1438b4581/html5/thumbnails/21.jpg)
Security Gap Analysis
![Page 22: 2016 TTL Security Gap Analysis with Kali Linux](https://reader035.fdocuments.in/reader035/viewer/2022062900/58ed33241a28abf1438b4581/html5/thumbnails/22.jpg)
Team
• Considerations– IT staff– Security– End Users• Teachers• Students• Community
– Management– Tech savvy & non-savvy
![Page 23: 2016 TTL Security Gap Analysis with Kali Linux](https://reader035.fdocuments.in/reader035/viewer/2022062900/58ed33241a28abf1438b4581/html5/thumbnails/23.jpg)
Step 1: Policy, Procedure, & Guideline
• Standards– COBIT– ISO 27001
![Page 24: 2016 TTL Security Gap Analysis with Kali Linux](https://reader035.fdocuments.in/reader035/viewer/2022062900/58ed33241a28abf1438b4581/html5/thumbnails/24.jpg)
Step 1: Policy, Procedure, & Guideline
• Pen Testing Standards– Open Web Application Security Project– Penetration Testing Execution Standard– Open Source Security Testing Methodology Manual– Penetration Testing Framework
![Page 25: 2016 TTL Security Gap Analysis with Kali Linux](https://reader035.fdocuments.in/reader035/viewer/2022062900/58ed33241a28abf1438b4581/html5/thumbnails/25.jpg)
Step 1: Policy, Procedure, & Guideline
• Who has access/privileges?– For how long?– Vendors vpn?– Retirees/terminations?– Logging?
• Updates?– Every node?
• Passwords– Saved in browser?– Frequency of changes?
![Page 26: 2016 TTL Security Gap Analysis with Kali Linux](https://reader035.fdocuments.in/reader035/viewer/2022062900/58ed33241a28abf1438b4581/html5/thumbnails/26.jpg)
Step 2: Audit
• Permission• Scope– Physical and/or electronic
• Social engineering– Timetable– Resources (outsourced/in house)
• Review Framework– Following policies (awareness)
• Openings– Ports– Human Factor– Physical equipment
![Page 27: 2016 TTL Security Gap Analysis with Kali Linux](https://reader035.fdocuments.in/reader035/viewer/2022062900/58ed33241a28abf1438b4581/html5/thumbnails/27.jpg)
Step 2: Audit
• Device Security– Encryption– Password– Device storage– Device on a non-secure network
![Page 28: 2016 TTL Security Gap Analysis with Kali Linux](https://reader035.fdocuments.in/reader035/viewer/2022062900/58ed33241a28abf1438b4581/html5/thumbnails/28.jpg)
Step 2: Audit
• Physical Security– Access to infrastructure– Environmental safeguards• Temperature• Humidity
– Protection safeguards• Fire• Water
![Page 29: 2016 TTL Security Gap Analysis with Kali Linux](https://reader035.fdocuments.in/reader035/viewer/2022062900/58ed33241a28abf1438b4581/html5/thumbnails/29.jpg)
Step 2: Audit
• Personnel Security– Staff backgrounds– Security awareness programs that discourage
insider attacks– Protection against terminated staff– Repercussions of malicious violation of
information security
![Page 31: 2016 TTL Security Gap Analysis with Kali Linux](https://reader035.fdocuments.in/reader035/viewer/2022062900/58ed33241a28abf1438b4581/html5/thumbnails/31.jpg)
Step 3: Technical Review
• Up to date– Software/patches– Policies
• Awareness – Justification for openings
• Consistency– OS, antivirus, update procedures
• Vulnerability/risk management• Encryption
![Page 32: 2016 TTL Security Gap Analysis with Kali Linux](https://reader035.fdocuments.in/reader035/viewer/2022062900/58ed33241a28abf1438b4581/html5/thumbnails/32.jpg)
Step 4: Findings & Prioritization Summary
• Review the findings• Organize & arrange tasks to fix gaps– Electronic– Policy, procedures, guidelines– Physical
• Update Risk Management Strategy
![Page 33: 2016 TTL Security Gap Analysis with Kali Linux](https://reader035.fdocuments.in/reader035/viewer/2022062900/58ed33241a28abf1438b4581/html5/thumbnails/33.jpg)
Questions
![Page 34: 2016 TTL Security Gap Analysis with Kali Linux](https://reader035.fdocuments.in/reader035/viewer/2022062900/58ed33241a28abf1438b4581/html5/thumbnails/34.jpg)
Resources
• CIO• Faulkner Information Services• Forbes• Pen Test Frameworks• Tech Target• University of Minnesota• YouSigma
![Page 35: 2016 TTL Security Gap Analysis with Kali Linux](https://reader035.fdocuments.in/reader035/viewer/2022062900/58ed33241a28abf1438b4581/html5/thumbnails/35.jpg)
Kali Resources
• Free Education For All (120 lessons)• JackkTutorials• Royal Hacks• Royal Hacks (advanced)• Kali Linux Tutorials