Lesson 5 Knowing the Threat. Unauthorized use of Computer Systems 2000 CSI/FBI Survey Trend.
-
Upload
chrystal-cunningham -
Category
Documents
-
view
218 -
download
0
Transcript of Lesson 5 Knowing the Threat. Unauthorized use of Computer Systems 2000 CSI/FBI Survey Trend.
![Page 1: Lesson 5 Knowing the Threat. Unauthorized use of Computer Systems 2000 CSI/FBI Survey Trend.](https://reader036.fdocuments.in/reader036/viewer/2022062405/56649ea25503460f94ba62a7/html5/thumbnails/1.jpg)
Lesson 5
Knowing the Threat
![Page 2: Lesson 5 Knowing the Threat. Unauthorized use of Computer Systems 2000 CSI/FBI Survey Trend.](https://reader036.fdocuments.in/reader036/viewer/2022062405/56649ea25503460f94ba62a7/html5/thumbnails/2.jpg)
0
10
20
30
40
50
60
70
Yes No Don'tKnow
19961997199819992000
Unauthorized use of Computer Systems
2000 CSI/FBI Survey
Tren
d
![Page 3: Lesson 5 Knowing the Threat. Unauthorized use of Computer Systems 2000 CSI/FBI Survey Trend.](https://reader036.fdocuments.in/reader036/viewer/2022062405/56649ea25503460f94ba62a7/html5/thumbnails/3.jpg)
0
10
20
30
40
50
60
InternalSystems
RemoteDial-In
Internet
19961997199819992000
Frequency Point of Attack2000 CSI/FBI Survey
TrendTrend
![Page 4: Lesson 5 Knowing the Threat. Unauthorized use of Computer Systems 2000 CSI/FBI Survey Trend.](https://reader036.fdocuments.in/reader036/viewer/2022062405/56649ea25503460f94ba62a7/html5/thumbnails/4.jpg)
0102030405060708090
For
eign
Gov
ernm
ents
For
eign
Cor
pora
tion
s
Inde
pend
ent
Hac
kers
U.S
.C
pmpe
tito
rs
Dis
grun
tled
Em
ploy
ees
1997199819992000
Foreign Corporations
U.S. Corporations
Likely Sources of Attack
2000 CSI/FBI Survey
![Page 5: Lesson 5 Knowing the Threat. Unauthorized use of Computer Systems 2000 CSI/FBI Survey Trend.](https://reader036.fdocuments.in/reader036/viewer/2022062405/56649ea25503460f94ba62a7/html5/thumbnails/5.jpg)
E-Commerce Security Example
Breaking an E-Business
![Page 6: Lesson 5 Knowing the Threat. Unauthorized use of Computer Systems 2000 CSI/FBI Survey Trend.](https://reader036.fdocuments.in/reader036/viewer/2022062405/56649ea25503460f94ba62a7/html5/thumbnails/6.jpg)
WEB Server
DBA Server
Router
Investment App servers
Network
User Clients
Email Server
Consider this Network
How Can A Hacker Attack?
![Page 7: Lesson 5 Knowing the Threat. Unauthorized use of Computer Systems 2000 CSI/FBI Survey Trend.](https://reader036.fdocuments.in/reader036/viewer/2022062405/56649ea25503460f94ba62a7/html5/thumbnails/7.jpg)
ATTACKER
WEB Server
DBA Server
Router
Investment App servers
Network
User Clients
Email Server
Step 1: Attackerexploits weakness inCGI script to break throughfirewall and gain shell privileges on host
![Page 8: Lesson 5 Knowing the Threat. Unauthorized use of Computer Systems 2000 CSI/FBI Survey Trend.](https://reader036.fdocuments.in/reader036/viewer/2022062405/56649ea25503460f94ba62a7/html5/thumbnails/8.jpg)
ATTACKER
WEB Server
DBA Server
Router
Investment App servers
Network
User Clients
Email Server
Step 1: Attackerexploits weakness inCGI script to break throughfirewall and gain shell privileges on host
Step 2: Attacker findsdBase PW in CGI Scriptand downloads allaccount numbers and PWs
![Page 9: Lesson 5 Knowing the Threat. Unauthorized use of Computer Systems 2000 CSI/FBI Survey Trend.](https://reader036.fdocuments.in/reader036/viewer/2022062405/56649ea25503460f94ba62a7/html5/thumbnails/9.jpg)
ATTACKER
WEB Server
DBA Server
Router
Investment App servers
Network
User Clients
Email Server
Step 1: Attackerexploits weakness inCGI script to break throughfirewall and gain shell privileges on host
Step 2: Attacker findsdBase PW in CGI Scriptand downloads allaccount numbers and PWs
Step 3: Attacker installsNetBus and controlsmanager’s terminal
![Page 10: Lesson 5 Knowing the Threat. Unauthorized use of Computer Systems 2000 CSI/FBI Survey Trend.](https://reader036.fdocuments.in/reader036/viewer/2022062405/56649ea25503460f94ba62a7/html5/thumbnails/10.jpg)
Going for the Kill!
Customer Entersaccount ID and PW
Customer is Authenticated andaccess is granted
Customer Checksportfolio performance
Customer updatesportfolio trackingpreferences
Customer buys/sellsshares
Step 4: Attacker creditsaccount under their control
Investment bank debits/creditscustomer’s cash accountand updates portfolios
Investment bank notifiescustomer with confirmationof transaction
![Page 11: Lesson 5 Knowing the Threat. Unauthorized use of Computer Systems 2000 CSI/FBI Survey Trend.](https://reader036.fdocuments.in/reader036/viewer/2022062405/56649ea25503460f94ba62a7/html5/thumbnails/11.jpg)
So What Happens When Computer Security Fails?
Incident Response--A Six Step Process– Preparation: Proactive Computer Security– Identification– Containment– Eradication– Recovery– Hot Wash
![Page 12: Lesson 5 Knowing the Threat. Unauthorized use of Computer Systems 2000 CSI/FBI Survey Trend.](https://reader036.fdocuments.in/reader036/viewer/2022062405/56649ea25503460f94ba62a7/html5/thumbnails/12.jpg)
History LessonThe Art of War, Sun Tzu
Lesson for youKnow the enemyKnow yourself…and in a 100 battles
you will never be defeatedIf ignorant both of your enemy and of
yourself you are certain in every battle to be in peril
![Page 13: Lesson 5 Knowing the Threat. Unauthorized use of Computer Systems 2000 CSI/FBI Survey Trend.](https://reader036.fdocuments.in/reader036/viewer/2022062405/56649ea25503460f94ba62a7/html5/thumbnails/13.jpg)
History LessonThe Art of War, Sun Tzu
Lesson for the HackerProbe him and learn where his strength
is abundant and where deficientTo subdue the enemy without fighting
is the acme of skillOne able to gain victory by modifying
his tactics IAW with enemy situation may be said to be divine
![Page 14: Lesson 5 Knowing the Threat. Unauthorized use of Computer Systems 2000 CSI/FBI Survey Trend.](https://reader036.fdocuments.in/reader036/viewer/2022062405/56649ea25503460f94ba62a7/html5/thumbnails/14.jpg)
Hacker Attacks
Intent is for you to know your enemyNot intended to make you a hackerNeed to know defensive techniquesNeed to know where to start recovery
processNeed to assess extent of
investigative environment
![Page 15: Lesson 5 Knowing the Threat. Unauthorized use of Computer Systems 2000 CSI/FBI Survey Trend.](https://reader036.fdocuments.in/reader036/viewer/2022062405/56649ea25503460f94ba62a7/html5/thumbnails/15.jpg)
Anatomy of a Hack
FOOTPRINTING SCANNING ENUMERATION
GAINING ACCESS ESCALATINGPRIVILEGE
PILFERING
COVERING TRACKS
CREATING BACKDOORSDENIAL
OF SERVICE
Source: Hacking Exposed, McClure, Sacmbray, and Kurtz
![Page 16: Lesson 5 Knowing the Threat. Unauthorized use of Computer Systems 2000 CSI/FBI Survey Trend.](https://reader036.fdocuments.in/reader036/viewer/2022062405/56649ea25503460f94ba62a7/html5/thumbnails/16.jpg)
Anatomy of The Hack
FOOTPRINTING SCANNING ENUMERATION
GAINING ACCESS ESCALATINGPRIVILEGE
PILFERING
COVERING TRACKS
CREATING BACKDOORSDENIAL
OF SERVICE
Source: Hacking Exposed, McClure, Sacmbray, and Kurtz
![Page 17: Lesson 5 Knowing the Threat. Unauthorized use of Computer Systems 2000 CSI/FBI Survey Trend.](https://reader036.fdocuments.in/reader036/viewer/2022062405/56649ea25503460f94ba62a7/html5/thumbnails/17.jpg)
Footprinting
Objective Target Address
Range Acquire
Namespace Information
Gathering Surgical Attack Don’t Miss Details
Technique Open Source
Search whois Web Interface to
whois ARIN whois DNS Zone Transfer
Source: Hacking Exposed, McClure, Sacmbray, and Kurtz
![Page 18: Lesson 5 Knowing the Threat. Unauthorized use of Computer Systems 2000 CSI/FBI Survey Trend.](https://reader036.fdocuments.in/reader036/viewer/2022062405/56649ea25503460f94ba62a7/html5/thumbnails/18.jpg)
Scanning
Objective Bulk target
assessment Determine
Listening Services
Focus attack vector
Technique Ping Sweep TCP/UDP Scan OS Detection
Source: Hacking Exposed, McClure, Sacmbray, and Kurtz
![Page 19: Lesson 5 Knowing the Threat. Unauthorized use of Computer Systems 2000 CSI/FBI Survey Trend.](https://reader036.fdocuments.in/reader036/viewer/2022062405/56649ea25503460f94ba62a7/html5/thumbnails/19.jpg)
Enumeration
Objective Intrusive Probing
Commences Identify valid
accounts Identify poorly
protected shares
Technique List user accounts List file shares Identify
applications
Source: Hacking Exposed, McClure, Sacmbray, and Kurtz
![Page 20: Lesson 5 Knowing the Threat. Unauthorized use of Computer Systems 2000 CSI/FBI Survey Trend.](https://reader036.fdocuments.in/reader036/viewer/2022062405/56649ea25503460f94ba62a7/html5/thumbnails/20.jpg)
Gaining Access
Objective Informed attempt
to access target
Typically User level access
Technique Password sniffing File share brute
forcing Password file grab Buffer overflows
Source: Hacking Exposed, McClure, Sacmbray, and Kurtz
![Page 21: Lesson 5 Knowing the Threat. Unauthorized use of Computer Systems 2000 CSI/FBI Survey Trend.](https://reader036.fdocuments.in/reader036/viewer/2022062405/56649ea25503460f94ba62a7/html5/thumbnails/21.jpg)
Escalating Privilege
Objective Gain Root level
access
Technique Password cracking
Known exploits
Source: Hacking Exposed, McClure, Sacmbray, and Kurtz
![Page 22: Lesson 5 Knowing the Threat. Unauthorized use of Computer Systems 2000 CSI/FBI Survey Trend.](https://reader036.fdocuments.in/reader036/viewer/2022062405/56649ea25503460f94ba62a7/html5/thumbnails/22.jpg)
Pilfering
Objective Info gathering to
access trusted systems
Technique Evaluate trusts
Search for cleartext passwords
Source: Hacking Exposed, McClure, Sacmbray, and Kurtz
![Page 23: Lesson 5 Knowing the Threat. Unauthorized use of Computer Systems 2000 CSI/FBI Survey Trend.](https://reader036.fdocuments.in/reader036/viewer/2022062405/56649ea25503460f94ba62a7/html5/thumbnails/23.jpg)
Cover Tracks
Objective Ensure highest
access
Hide access from system administrator or owner
Technique Clear logs
Hide tools
Source: Hacking Exposed, McClure, Sacmbray, and Kurtz
![Page 24: Lesson 5 Knowing the Threat. Unauthorized use of Computer Systems 2000 CSI/FBI Survey Trend.](https://reader036.fdocuments.in/reader036/viewer/2022062405/56649ea25503460f94ba62a7/html5/thumbnails/24.jpg)
Creating Back Doors
Objective Deploy trap
doors
Ensure easy return access
Technique Create rogue user
accounts Schedule batch jobs Infect startup files Plant remote control
services Install monitors Trojanize
Source: Hacking Exposed, McClure, Sacmbray, and Kurtz
![Page 25: Lesson 5 Knowing the Threat. Unauthorized use of Computer Systems 2000 CSI/FBI Survey Trend.](https://reader036.fdocuments.in/reader036/viewer/2022062405/56649ea25503460f94ba62a7/html5/thumbnails/25.jpg)
Denial of Service
Objective If unable to
escalate privilege then kill
Build DDOS network
Technique SYN Flood ICMP Attacks Identical src/dst
SYN requests Out of bounds TCP
options DDOS
Source: Hacking Exposed, McClure, Sacmbray, and Kurtz
![Page 26: Lesson 5 Knowing the Threat. Unauthorized use of Computer Systems 2000 CSI/FBI Survey Trend.](https://reader036.fdocuments.in/reader036/viewer/2022062405/56649ea25503460f94ba62a7/html5/thumbnails/26.jpg)
Hacker Exploits per SANS
RECONNAISSANCE SCANNING
EXPLOIT SYSTEMS KEEPING ACCESS
COVERTRACKS
Source: SANs Institute
![Page 27: Lesson 5 Knowing the Threat. Unauthorized use of Computer Systems 2000 CSI/FBI Survey Trend.](https://reader036.fdocuments.in/reader036/viewer/2022062405/56649ea25503460f94ba62a7/html5/thumbnails/27.jpg)
Hacking Summary
Hacking on the riseHacktivismNew crime vectorLoose international laws
Tools automated and readily availableBlended Threats
Multi-axis attacksAutomated Zombies