Your SlideShare is downloading. ×
Final presentation of IT security project
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Final presentation of IT security project

884
views

Published on

This is final presentation of IT security project. In this project tested terminal server security and built the system. Project consist of : …

This is final presentation of IT security project. In this project tested terminal server security and built the system. Project consist of :
*Build the system
*Try to break
*Detect
*Prevent
So, project is implemented fully and all requirement are done.


0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
884
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
11
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Security test and implementation of terminal computer Authors: Armandas Rokas Andrius Sinkevicius Edvinas ButenasDecember 7, 2011
  • 2. Overview Background story Break­in attacks Risk determination and security control recommendations  for break­in attacks Network attacks Risk determination and security control recommendations  for network attacks Security solutions Questions?
  • 3. Background story XpUnlimited.LT company Software works on all previous Windows OS`s Try the security of terminal server  Built fully protected ( included network security)
  • 4. Network diagram
  • 5. System characterization Hardware:  Acer , i3, 4GB RAM gt320 1GB video Software:  Windows 7 Ultimate SP1 32­bit/Windows Xp SP3  with XPUnlimited Data:  Pictures, Sensitive Documents.
  • 6. System characterization System interfaces  S­ATA2, USB, 802.11b/g/n, HDMI, VGA, Ethernet. Users  Administrator, Remote Users. Services running  Printer, Web Server (IP Consult HTTP server),  Remotes Desktops, Internal Database For ERP.
  • 7. Control analysis Os Security Policies Local Access Policies System Backup Firewall Policies
  • 8. Break-in attacks
  • 9. Exploit (Infection with key logger) Exploited by executing file on victims machine File with payload Meterpreter command line Key log:  On Windows 7 only affected user only affected  On Windows Xp all user all
  • 10. Mail infection External attack Attack was made from BackTrack 5 to infect the  Terminal thin client server with Windows 7  operating system. Exploit which let me break in to victim computer  when he got the infected message to his mail box.
  • 11. Example
  • 12. Some details reverse_tcp payload.  local port 4444(it is vulnerable port) to create active  server which listening when victim click on  message. After victim activate the payload included into  message I open meterpreter.
  • 13. Human ThreatsThreat-Source Motivation Threat ActionComputer Criminal Monetary Gain-my Computer Crime credit card info Fraudulent ActHacker, Cracker Challenge, Ego Hacking, Social Engineering, System Intrusion, Unauthorized System Access.User Negligence Spill Fluids on System Idiocy Drop System
  • 14. Vulnerability IdentificationVulnerability Threat-Source Threat ActionOutdated Software Hacker, Cracker, System File Loss, Computer Criminal. Unauthorized System Accesses.Misconfigured System Users, Computer System Files Loss, Criminal. Hacker, System Failure Cracker.Absence Of Security Hacker, Cracker, System Files Loss,Software Computer Criminal. System Failure.
  • 15. Likelihood DeterminationThreat-Source Vulnerability LikelihoodHacker, Cracker, Outdated Software MediumComputer Criminal.Users, Computer Misconfigured System MediumCriminal.Hacker, Cracker, Absence Of Security HighComputer Criminal. Software
  • 16. Impact AnalysisThreat-Source Loss of Loss of Loss of Integrity Availability Confidentialit yHacker, None High HighCracker.Computer None High HighCriminal.Users Low Low Low
  • 17. Likelihood, Impact Analysis & RiskVulnerability Threat - Likelihood Impact Risk SourceOutdated Hacker, Medium Medium MediumSoftware Cracker, Computer Criminal.Misconfigured Users, High High HighSystem Computer Criminal. Hacker, Cracker.Absence Of Hacker, High Medium MediumSecurity Cracker,Software Computer Criminal.
  • 18. Control RecommendationsRisk Risk Recommended Controls Activity Level PriorityOutdated Software Medium Regularly Updating Software. MediumMisconfigured High Hire Qualified Specialists. HighSystemAbsence Of Security Medium Install legally IPS & IDS. MediumSoftware
  • 19. Network attacks
  • 20. ARP - Man in the middle attack After I broke in through Metasploit exploit to  victim pc I try do more harm to him. I use ARP protocol vulnerability, with which you  are invisible, but same time making damage to  victim. With fake arpsoof regues and response package  sending I make MITM “Man In The Middle”  attack.  
  • 21.  After that I get full information float from router and my selected other  computer. In that information are included logins, emails other sensitive  information. Victim become full infected, he needs get out of this situation and  prevent for another time.
  • 22. Dos attack• Used tools:   Bactrack5 network penetration OS within   Ettercap ­  tool for man­in­the­midlle attack.• Goal:     Make the terminal server unavailable to its intended users
  • 23. DoS
  • 24. TS before DoS attack
  • 25. TS after DoS attack
  • 26. Human ThreatsThreat-Source Motivation Threat ActionComputer Criminal Monetary Gain-my Computer Crime credit card info Fraudulent ActHacker, Cracker Challenge, Ego Hacking, Social Engineering, System Intrusion, Unauthorized System Access.Competitors Injure Company Economic Exploitation, Stability. Compromise System Penetration, Network work. Spoofing/Sniffing of Network. Run Of Company Data.
  • 27. Vulnerability IdentificationVulnerability Threat-Source Threat ActionAbsence Of System Hacker, Cracker System Failure,Security Competitors Connection Damage, Computer Criminal Information Conversion.
  • 28. Likelihood DeterminationThreat-Source Vulnerability LikelihoodHacker, Cracker Absence Of System MediumCompetitors SecurityComputer Criminal
  • 29. Impact AnalysisThreat-Source Loss of Loss of Loss of Integrity Availability Confidentialit yHacker, None High HighCracker.Computer None High HighCriminal.Competitors Medium High High
  • 30. Likelihood, Impact Analysis & RiskVulnerability Threat - Likelihood Impact Risk SourceAbsence Of Hacker, Medium High MediumSystem CrackerSecurity Competitors Computer Criminal
  • 31. Control RecommendationsRisk Risk Recommended Controls Activity Level PriorityAbsence Of System Medium Install legally IPS & IDS. HighSecurity Implement encryption. Users Access Control.
  • 32. Security solutions
  • 33. Terminal server security configurationUser groups:• Administrative Users group – privileges to  configure terminal server• Remote Desktop Users group – privileges only to  connect remote desktop without possibility to  configure it.• All users including administrator have credentials to  login the services, no password less connection  available.
  • 34. Application control for users• The users can use only specified applications by the  system administrator. •  Not active user sessions are terminated according  time limit.• Applications that can be started by other application  are not visible to user.• User attempt to open not assigned application are  restricted by  pop­out message that user have not  privilege to open it.
  • 35. Anti-virus Implement security antivirus, which gives you updated  database and protect from intruders.  Shut down any untruthful connection.  Scanning web pages, your downloads.  Made with reliable Firewall.  Security isn’t about blocking malicious actions, it’s about  keeping your data safe, so arrange the reliable  Encryption software.  Users to upload viruses for future updates.  #1 Bitdefender
  • 36. Security against network attacks● IPS&IDS ● Snort● Firewall ● Ipcop  APF (Advanced Policy Firewall) from rfxnetworks● Optional expensive solutions ● Cisco router ● Paid firewall
  • 37. Questions?

×