Ethical Hacking

Views:
 
     
 

Presentation Description

No description available.

Comments

By: ru23_pamsrvstv (18 month(s) ago)

please sened this ppt on hacking at awantika.malhotra@gmail.com....

By: preetijadoun (25 month(s) ago)

please send this ppt to preeti.jadoun@gmail.com

By: sumit.panchal89 (28 month(s) ago)

please send this ppt to sumit.panchal89@gmail.com

By: sencetouch (33 month(s) ago)

please send this presentation to sence1touch@gmail.com

By: bishnushre (33 month(s) ago)

very nice

See all

Presentation Transcript

Some “Ethical Hacking”Case Studies : 

Some “Ethical Hacking”Case Studies Peter Wood First•BaseTechnologies

How much damagecan a security breach cause? : 

How much damagecan a security breach cause? 44% of UK businesses suffered at least one malicious security breach in 2002 The average cost was £30,000 Several cost more than £500,000 and these are just the reported incidents …! Source: The DTI Information Security Breaches survey

The External Hacker : 

The External Hacker

Slide 5: 

Secure the desktop Secure the network Secure third-party connections Secure Internet connections

The Inside Hacker : 

The Inside Hacker

Plug and go : 

Plug and go Ethernet ports are never disabled …. … or just steal a connection from a desktop NetBIOS tells you lots and lots …… …. And you don’t need to be logged on

Get yourself an IP address : 

Get yourself an IP address Use DHCP since almost everyone does! Or … use a sniffer to see broadcast packets (even in a switched network) and try some suitable addresses

Browse the network : 

Browse the network

Pick a target machine : 

Pick a target machine Pick a target

Try null sessions ... : 

Try null sessions ...

List privileged users : 

List privileged users

Typical passwords : 

Typical passwords administrator arcserve test username backup tivoli backupexec smsservice … any service account null, password, administrator arcserve, backup test, password password, monday, football backup tivoli backup smsservice … same as account name

Game over! : 

Game over!

The Inside-Out Hacker : 

The Inside-Out Hacker

Senior person - laptop at home : 

Senior person - laptop at home

… opens attachment : 

… opens attachment Trojan software now silently installed

… takes laptop to work : 

… takes laptop to work

… trojan sees what they see : 

… trojan sees what they see

Information flows out of the organisation : 

Information flows out of the organisation

Physical Attacks : 

Physical Attacks

What NT password? : 

What NT password?

NTFSDOS : 

NTFSDOS

Keyghost : 

Keyghost

KeyGhost - keystroke capture : 

KeyGhost - keystroke capture Keystrokes recorded so far is 2706 out of 107250 ... <PWR><CAD>fsmith<tab><tab>arabella xxxxxxx <tab><tab> None<tab><tab> None<tab><tab> None<tab><tab> <CAD> arabella <CAD> <CAD> arabella <CAD> <CAD> arabella exit tracert 192.168.137.240 telnet 192.168.137.240 cisco

Viewing Password-Protected Files : 

Viewing Password-Protected Files

Office Documents : 

Office Documents

Zip Files : 

Zip Files

Plain Text Passwords : 

Plain Text Passwords

Netlogon : 

Netlogon In the unprotected netlogon share on a server: logon scripts can contain:net use \\server\share “password” /u:“user”

Registry scripts : 

Registry scripts In shared directories you may find.reg files like this: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]"DefaultUserName"="username""DefaultPassword"="password""AutoAdminLogon"="1"

Passwords inprocedures & documents : 

Passwords inprocedures & documents

Packet sniffing : 

Packet sniffing Generated by : TCP.demux V1.02 Input File: carol.cap Output File: TB000463.txt Summary File: summary.txt Date Generated: Thu Jan 27 08:43:08 2000 10.1.1.82 1036 10.1.2.205 23 (telnet) UnixWare 2.1.3 (mikew) (pts/31). login: cl_Carol Password: carol1zz UnixWare 2.1.3. mikew. Copyright 1996 The Santa Cruz Operation, Inc. All Rights Reserved.. Copyright 1984-1995 Novell, Inc. All Rights Reserved.. Copyright 1987, 1988 Microsoft Corp. All Rights Reserved.. U.S. Pat. No. 5,349,642. Leave the sniffer running Capture all packets to port 23 or 21 The result ...

Port scan : 

Port scan

Brutus dictionary attack : 

Brutus dictionary attack

NT Password Cracking : 

NT Password Cracking

How to get the NT SAM : 

How to get the NT SAM On any NT/W2K machine: In memory (registry) c:\winnt\repair\sam (invoke rdisk?) Emergency Repair Disk Backup tapes Sniffing (L0phtcrack) Run L0phtcrack on the SAM ….

End of part one! : 

End of part one!

And how to prevent it! : 

And how to prevent it! Peter Wood First•BaseTechnologies

Prevention is better ... : 

Prevention is better ... Harden the servers Monitor alerts (e.g. www.sans.org) Scan, test and apply patches Monitor logs Good physical security Intrusion detection systems Train the technical staff on security Serious policy and procedures!

Server hardening : 

Server hardening HardNT40rev1.pdf (www.fbtechies.co.uk) HardenW2K101.pdf (www.fbtechies.co.uk) FAQ for How to Secure Windows NT (www.sans.org) Fundamental Steps to Harden Windows NT 4_0 (www.sans.org) ISF NT Checklist v2 (www.securityforum.org) http://www.microsoft.com/technet/security/bestprac/default.asp Lockdown.pdf (www.iss.net) Windows NT Security Guidelines (nsa1.www.conxion.com) NTBugtraq FAQs (http://ntbugtraq.ntadvice.com/default.asp?pid=37&sid=1) Securing Windows 2000 (www.sans.org) Securing Windows 2000 Server (www.sans.org) Windows 2000 Known Vulnerabilities and Their Fixes (www.sans.org) SANS step-by-step guides

Alerts : 

Alerts www.sans.org www.cert.org www.microsoft.com/security www.ntbugtraq.com www.winnetmag.com razor.bindview.com eeye.com Security Pro News (ientrymail.com)

Scan and apply patches : 

Scan and apply patches

Monitor logs : 

Monitor logs

Good physical security : 

Good physical security Perimeter security Computer room security Desktop security Close monitoring of admin’s work areas No floppy drives? No bootable CDs?

Intrusion detection : 

Intrusion detection RealSecure Tripwire Dragon Snort www.networkintrusion.co.uk for guidance

Security Awareness : 

Security Awareness Sharing admin accounts Service accounts Account naming conventions Server naming conventions Hardening Passwords (understand NT passwords!) Two-factor authentication?

Serious Policy & Procedures : 

Serious Policy & Procedures Top-down commitment Investment Designed-in security Regular audits Regular penetration testing Education & awareness

Need more information? : 

Peter Wood peterw@firstbase.co.uk www.fbtechies.co.uk Need more information?