Your SlideShare is downloading. ×
Unpatched Systems: An Ethical Hacker's View
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Introducing the official SlideShare app

Stunning, full-screen experience for iPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Unpatched Systems: An Ethical Hacker's View

904
views

Published on

Unpatched systems from an ethical hacker's point of view

Unpatched systems from an ethical hacker's point of view

Published in: Technology

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
904
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
21
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Unpatched Systems An Ethical Hacker’s View Peter Wood Chief Executive Officer First•Base Technologies
  • 2. Who is Peter Wood? Worked in computers & electronics since 1969 Founded First Base in 1989 (one of the first ethical hacking firms) CEO First Base Technologies LLP Social engineer & penetration tester Conference speaker and security „expert‟ Member of ISACA Security Advisory Group Vice Chair of BCS Information Risk Management and Audit Group UK Chair, Corporate Executive Programme FBCS, CITP, CISSP, MIEEE, M.Inst.ISP Registered BCS Security Consultant Member of ACM, ISACA, ISSA, MensaSlide 2 © First Base Technologies 2013
  • 3. Hacker thinking • How does this work? • What research is there out there? • What‟s happening under the covers? • What happens if I do this? • What happens if I ignore the instructions? • What if I‟m a “legitimate” user? • Where are the weak points? • Is there another way in?Slide 3 © First Base Technologies 2013
  • 4. Missing Patches – Where? • Internet facing systems - Operating systems, web servers, applications • Internal servers - Operating systems, databases, applications • Workstations & Laptops - Operating systems, browsers, applications • Smartphones, iPads, etc. - Operating systems, browsers, appsSlide 4 © First Base Technologies 2013
  • 5. Slide 5 © First Base Technologies 2013
  • 6. The Attackers • Attacks may be external or internal • Attacks are not limited to „hackers‟ • Attacks can be manual or automatedSlide 6 © First Base Technologies 2013
  • 7. Slide 7 © First Base Technologies 2013
  • 8. Unpatched FTPSlide 8 © First Base Technologies 2013
  • 9. Unpatched SendmailSlide 9 © First Base Technologies 2013
  • 10. Unpatched Router SNMP Read-Write strings revealed. Now we have full control of this deviceSlide 10 © First Base Technologies 2013
  • 11. „Root‟ on a UNIX Host Now we have „root‟ and control the file system Drag and drop an exploit on the target hostSlide 11 © First Base Technologies 2013
  • 12. „System‟ on a Windows Host Now we have „system‟ and control the file system Drag and drop an exploit on the target hostSlide 12 © First Base Technologies 2013
  • 13. Consequences of Missing Patches • Information theft - Reputational loss - Loss of competitive advantage - Legal action • Malware infection - Remediation costs - Participation in botnet • Unauthorised control of systems - Corporate espionage - Corruption of information • Denial of service - Loss of revenue - Remediation costsSlide 13 © First Base Technologies 2013
  • 14. Need more information? Peter Wood Chief Executive Officer First Base Technologies LLP peterw@firstbase.co.uk http://firstbase.co.uk http://white-hats.co.uk http://peterwood.com Twitter: peterwoodxSlide 14 © First Base Technologies 2013