logging in or signing up Ethical Hacking qualitya Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINT lite Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: Embed: Flash iPad Copy Does not support media & animations WordPress Embed Customize Embed URL: Copy Thumbnail: Copy The presentation is successfully added In Your Favorites. Views: 13096 Category: Science & Tech.. License: Some Rights Reserved Like it (9) Dislike it (2) Added: October 23, 2009 This Presentation is Public Favorites: 5 Presentation Description No description available. Comments Posting comment... By: ru23_pamsrvstv (7 month(s) ago) please sened this ppt on hacking at awantika.malhotra@gmail.com.... Saving..... Post Reply Close Saving..... Edit Comment Close By: preetijadoun (14 month(s) ago) please send this ppt to preeti.jadoun@gmail.com Saving..... Post Reply Close Saving..... Edit Comment Close By: sumit.panchal89 (17 month(s) ago) please send this ppt to sumit.panchal89@gmail.com Saving..... Post Reply Close Saving..... Edit Comment Close By: sencetouch (21 month(s) ago) please send this presentation to sence1touch@gmail.com Saving..... Post Reply Close Saving..... Edit Comment Close By: bishnushre (22 month(s) ago) very nice Saving..... Post Reply Close Saving..... Edit Comment Close loading.... See all Premium member Presentation Transcript Some “Ethical Hacking”Case Studies : Some “Ethical Hacking”Case Studies Peter Wood First•BaseTechnologies How much damagecan a security breach cause? : How much damagecan a security breach cause? 44% of UK businesses suffered at least one malicious security breach in 2002 The average cost was £30,000 Several cost more than £500,000 and these are just the reported incidents …! Source: The DTI Information Security Breaches survey The External Hacker : The External Hacker Slide 5: Secure the desktop Secure the network Secure third-party connections Secure Internet connections The Inside Hacker : The Inside Hacker Plug and go : Plug and go Ethernet ports are never disabled …. … or just steal a connection from a desktop NetBIOS tells you lots and lots …… …. And you don’t need to be logged on Get yourself an IP address : Get yourself an IP address Use DHCP since almost everyone does! Or … use a sniffer to see broadcast packets (even in a switched network) and try some suitable addresses Browse the network : Browse the network Pick a target machine : Pick a target machine Pick a target Try null sessions ... : Try null sessions ... List privileged users : List privileged users Typical passwords : Typical passwords administrator arcserve test username backup tivoli backupexec smsservice … any service account null, password, administrator arcserve, backup test, password password, monday, football backup tivoli backup smsservice … same as account name Game over! : Game over! The Inside-Out Hacker : The Inside-Out Hacker Senior person - laptop at home : Senior person - laptop at home … opens attachment : … opens attachment Trojan software now silently installed … takes laptop to work : … takes laptop to work … trojan sees what they see : … trojan sees what they see Information flows out of the organisation : Information flows out of the organisation Physical Attacks : Physical Attacks What NT password? : What NT password? NTFSDOS : NTFSDOS Keyghost : Keyghost KeyGhost - keystroke capture : KeyGhost - keystroke capture Keystrokes recorded so far is 2706 out of 107250 ... <PWR><CAD>fsmith<tab><tab>arabella xxxxxxx <tab><tab> None<tab><tab> None<tab><tab> None<tab><tab> <CAD> arabella <CAD> <CAD> arabella <CAD> <CAD> arabella exit tracert 192.168.137.240 telnet 192.168.137.240 cisco Viewing Password-Protected Files : Viewing Password-Protected Files Office Documents : Office Documents Zip Files : Zip Files Plain Text Passwords : Plain Text Passwords Netlogon : Netlogon In the unprotected netlogon share on a server: logon scripts can contain:net use \\server\share “password” /u:“user” Registry scripts : Registry scripts In shared directories you may find.reg files like this: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]"DefaultUserName"="username""DefaultPassword"="password""AutoAdminLogon"="1" Passwords inprocedures & documents : Passwords inprocedures & documents Packet sniffing : Packet sniffing Generated by : TCP.demux V1.02 Input File: carol.cap Output File: TB000463.txt Summary File: summary.txt Date Generated: Thu Jan 27 08:43:08 2000 10.1.1.82 1036 10.1.2.205 23 (telnet) UnixWare 2.1.3 (mikew) (pts/31). login: cl_Carol Password: carol1zz UnixWare 2.1.3. mikew. Copyright 1996 The Santa Cruz Operation, Inc. All Rights Reserved.. Copyright 1984-1995 Novell, Inc. All Rights Reserved.. Copyright 1987, 1988 Microsoft Corp. All Rights Reserved.. U.S. Pat. No. 5,349,642. Leave the sniffer running Capture all packets to port 23 or 21 The result ... Port scan : Port scan Brutus dictionary attack : Brutus dictionary attack NT Password Cracking : NT Password Cracking How to get the NT SAM : How to get the NT SAM On any NT/W2K machine: In memory (registry) c:\winnt\repair\sam (invoke rdisk?) Emergency Repair Disk Backup tapes Sniffing (L0phtcrack) Run L0phtcrack on the SAM …. End of part one! : End of part one! And how to prevent it! : And how to prevent it! Peter Wood First•BaseTechnologies Prevention is better ... : Prevention is better ... Harden the servers Monitor alerts (e.g. www.sans.org) Scan, test and apply patches Monitor logs Good physical security Intrusion detection systems Train the technical staff on security Serious policy and procedures! Server hardening : Server hardening HardNT40rev1.pdf (www.fbtechies.co.uk) HardenW2K101.pdf (www.fbtechies.co.uk) FAQ for How to Secure Windows NT (www.sans.org) Fundamental Steps to Harden Windows NT 4_0 (www.sans.org) ISF NT Checklist v2 (www.securityforum.org) http://www.microsoft.com/technet/security/bestprac/default.asp Lockdown.pdf (www.iss.net) Windows NT Security Guidelines (nsa1.www.conxion.com) NTBugtraq FAQs (http://ntbugtraq.ntadvice.com/default.asp?pid=37&sid=1) Securing Windows 2000 (www.sans.org) Securing Windows 2000 Server (www.sans.org) Windows 2000 Known Vulnerabilities and Their Fixes (www.sans.org) SANS step-by-step guides Alerts : Alerts www.sans.org www.cert.org www.microsoft.com/security www.ntbugtraq.com www.winnetmag.com razor.bindview.com eeye.com Security Pro News (ientrymail.com) Scan and apply patches : Scan and apply patches Monitor logs : Monitor logs Good physical security : Good physical security Perimeter security Computer room security Desktop security Close monitoring of admin’s work areas No floppy drives? No bootable CDs? Intrusion detection : Intrusion detection RealSecure Tripwire Dragon Snort www.networkintrusion.co.uk for guidance Security Awareness : Security Awareness Sharing admin accounts Service accounts Account naming conventions Server naming conventions Hardening Passwords (understand NT passwords!) Two-factor authentication? Serious Policy & Procedures : Serious Policy & Procedures Top-down commitment Investment Designed-in security Regular audits Regular penetration testing Education & awareness Need more information? : Peter Wood peterw@firstbase.co.uk www.fbtechies.co.uk Need more information? You do not have the permission to view this presentation. In order to view it, please contact the author of the presentation.
Ethical Hacking qualitya Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINT lite Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: Embed: Flash iPad Copy Does not support media & animations WordPress Embed Customize Embed URL: Copy Thumbnail: Copy The presentation is successfully added In Your Favorites. Views: 13096 Category: Science & Tech.. License: Some Rights Reserved Like it (9) Dislike it (2) Added: October 23, 2009 This Presentation is Public Favorites: 5 Presentation Description No description available. Comments Posting comment... By: ru23_pamsrvstv (7 month(s) ago) please sened this ppt on hacking at awantika.malhotra@gmail.com.... Saving..... Post Reply Close Saving..... Edit Comment Close By: preetijadoun (14 month(s) ago) please send this ppt to preeti.jadoun@gmail.com Saving..... Post Reply Close Saving..... Edit Comment Close By: sumit.panchal89 (17 month(s) ago) please send this ppt to sumit.panchal89@gmail.com Saving..... Post Reply Close Saving..... Edit Comment Close By: sencetouch (21 month(s) ago) please send this presentation to sence1touch@gmail.com Saving..... Post Reply Close Saving..... Edit Comment Close By: bishnushre (22 month(s) ago) very nice Saving..... Post Reply Close Saving..... Edit Comment Close loading.... See all Premium member Presentation Transcript Some “Ethical Hacking”Case Studies : Some “Ethical Hacking”Case Studies Peter Wood First•BaseTechnologies How much damagecan a security breach cause? : How much damagecan a security breach cause? 44% of UK businesses suffered at least one malicious security breach in 2002 The average cost was £30,000 Several cost more than £500,000 and these are just the reported incidents …! Source: The DTI Information Security Breaches survey The External Hacker : The External Hacker Slide 5: Secure the desktop Secure the network Secure third-party connections Secure Internet connections The Inside Hacker : The Inside Hacker Plug and go : Plug and go Ethernet ports are never disabled …. … or just steal a connection from a desktop NetBIOS tells you lots and lots …… …. And you don’t need to be logged on Get yourself an IP address : Get yourself an IP address Use DHCP since almost everyone does! Or … use a sniffer to see broadcast packets (even in a switched network) and try some suitable addresses Browse the network : Browse the network Pick a target machine : Pick a target machine Pick a target Try null sessions ... : Try null sessions ... List privileged users : List privileged users Typical passwords : Typical passwords administrator arcserve test username backup tivoli backupexec smsservice … any service account null, password, administrator arcserve, backup test, password password, monday, football backup tivoli backup smsservice … same as account name Game over! : Game over! The Inside-Out Hacker : The Inside-Out Hacker Senior person - laptop at home : Senior person - laptop at home … opens attachment : … opens attachment Trojan software now silently installed … takes laptop to work : … takes laptop to work … trojan sees what they see : … trojan sees what they see Information flows out of the organisation : Information flows out of the organisation Physical Attacks : Physical Attacks What NT password? : What NT password? NTFSDOS : NTFSDOS Keyghost : Keyghost KeyGhost - keystroke capture : KeyGhost - keystroke capture Keystrokes recorded so far is 2706 out of 107250 ... <PWR><CAD>fsmith<tab><tab>arabella xxxxxxx <tab><tab> None<tab><tab> None<tab><tab> None<tab><tab> <CAD> arabella <CAD> <CAD> arabella <CAD> <CAD> arabella exit tracert 192.168.137.240 telnet 192.168.137.240 cisco Viewing Password-Protected Files : Viewing Password-Protected Files Office Documents : Office Documents Zip Files : Zip Files Plain Text Passwords : Plain Text Passwords Netlogon : Netlogon In the unprotected netlogon share on a server: logon scripts can contain:net use \\server\share “password” /u:“user” Registry scripts : Registry scripts In shared directories you may find.reg files like this: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]"DefaultUserName"="username""DefaultPassword"="password""AutoAdminLogon"="1" Passwords inprocedures & documents : Passwords inprocedures & documents Packet sniffing : Packet sniffing Generated by : TCP.demux V1.02 Input File: carol.cap Output File: TB000463.txt Summary File: summary.txt Date Generated: Thu Jan 27 08:43:08 2000 10.1.1.82 1036 10.1.2.205 23 (telnet) UnixWare 2.1.3 (mikew) (pts/31). login: cl_Carol Password: carol1zz UnixWare 2.1.3. mikew. Copyright 1996 The Santa Cruz Operation, Inc. All Rights Reserved.. Copyright 1984-1995 Novell, Inc. All Rights Reserved.. Copyright 1987, 1988 Microsoft Corp. All Rights Reserved.. U.S. Pat. No. 5,349,642. Leave the sniffer running Capture all packets to port 23 or 21 The result ... Port scan : Port scan Brutus dictionary attack : Brutus dictionary attack NT Password Cracking : NT Password Cracking How to get the NT SAM : How to get the NT SAM On any NT/W2K machine: In memory (registry) c:\winnt\repair\sam (invoke rdisk?) Emergency Repair Disk Backup tapes Sniffing (L0phtcrack) Run L0phtcrack on the SAM …. End of part one! : End of part one! And how to prevent it! : And how to prevent it! Peter Wood First•BaseTechnologies Prevention is better ... : Prevention is better ... Harden the servers Monitor alerts (e.g. www.sans.org) Scan, test and apply patches Monitor logs Good physical security Intrusion detection systems Train the technical staff on security Serious policy and procedures! Server hardening : Server hardening HardNT40rev1.pdf (www.fbtechies.co.uk) HardenW2K101.pdf (www.fbtechies.co.uk) FAQ for How to Secure Windows NT (www.sans.org) Fundamental Steps to Harden Windows NT 4_0 (www.sans.org) ISF NT Checklist v2 (www.securityforum.org) http://www.microsoft.com/technet/security/bestprac/default.asp Lockdown.pdf (www.iss.net) Windows NT Security Guidelines (nsa1.www.conxion.com) NTBugtraq FAQs (http://ntbugtraq.ntadvice.com/default.asp?pid=37&sid=1) Securing Windows 2000 (www.sans.org) Securing Windows 2000 Server (www.sans.org) Windows 2000 Known Vulnerabilities and Their Fixes (www.sans.org) SANS step-by-step guides Alerts : Alerts www.sans.org www.cert.org www.microsoft.com/security www.ntbugtraq.com www.winnetmag.com razor.bindview.com eeye.com Security Pro News (ientrymail.com) Scan and apply patches : Scan and apply patches Monitor logs : Monitor logs Good physical security : Good physical security Perimeter security Computer room security Desktop security Close monitoring of admin’s work areas No floppy drives? No bootable CDs? Intrusion detection : Intrusion detection RealSecure Tripwire Dragon Snort www.networkintrusion.co.uk for guidance Security Awareness : Security Awareness Sharing admin accounts Service accounts Account naming conventions Server naming conventions Hardening Passwords (understand NT passwords!) Two-factor authentication? Serious Policy & Procedures : Serious Policy & Procedures Top-down commitment Investment Designed-in security Regular audits Regular penetration testing Education & awareness Need more information? : Peter Wood peterw@firstbase.co.uk www.fbtechies.co.uk Need more information?