6. • HTTPS (보안웹서버) 중에서
• 취약한버전의openssl을 사용하는 경우
• 특정정보가노출될수있는 취약점
무슨취약점이길래?
6
7. Ransomware의 진화 : 관리상의 취약점 악용, DB데이터 암호화
1만2천대에서 2만7천대 정도 피해 받았을 것으로. 0.1 BTC ~1 BTC 요구
27017번 포트 접근을 차단하거나, 서버에 접근을 제한하기 위해 로컬 IP 주소 바인딩을설정
MongoDB hacked..
7
11. • SHE (Security Hole Examiner)
• LOOKER
• ILVA (Integrated Log Analysis Tool)
History: SHE & .. (1997)
11
12. KANE(KAIST Anti-Network Epidemic Framework)
12
계층적 구조를 갖는 대규모 네트워크에서의 협력적인 침입 탐지 및 대응 프레임워크
(WISC 2001에서 발표)
인간 의학의 전염병 대응 체계(방역)과 유사하게 사이버 침해를 다루자는 아이디어
History : KANE(2001)
Cooperative and Autonomous Methodologies
KAIST domain specific
Prevention : Vulnerability Scanning and Patching
Detection : Real time Intrusion Detection Recover
y : Restore before-the-attack system state Investi
gation : TraceAttacker
Isolation : Isolate Attacked system to investigate and prevent from re-intrusion
Similar to medical epidemic control process
Network-based Anomaly Detection
Detect anomalous or malicious network packets
Focus on unknown or modified attacks
Investigation of protocol or program specification Applicatio
n IDS for Web server in INTRANET Environments Attack C
ategorization on detection attacks
13. • SAD (Session Anomaly Detection)
• Web Session Anomaly Detection
• Computing the degree of anomaly compared to established usage PatternsUsing
Web Sessions from raw Web Log data
• SAD Viewer
• Visualization for Web Usage Pattern
• Visualization for Anomaly and Misuse Detection in Web
• Visually flag suspicious sessions using yellow or red flags
• Real Time Monitoring of Web Session
History : SAD(2003)
13
23. Bug Hunter, 프리랜서(pen-tester)
보안 업체 : 보안 컨설턴트, 보안솔루션개발자
일반 기업 : 보안실무자
공무원 : 행정자치부, 미래부,국정원
학계 : 대학, 대학원생,교수
연구자 : KISA, 금융보안원, 국가보안기술연구소, ETRI등등
23
무궁무진해요
42. Penetration Test(pen-test)
-is an attack on a computer system with the
intention of finding security weaknesses, pot
entially gaining access to it, its functionality a
nd data
42
Promising Security Area
43. Determining the feasibility of a particular set of attack vectors
Identifying higher-risk vulnerabilities that result from a combination of
lower-risk vulnerabilities exploited in a particular sequence
Identifying vulnerabilities that may be difficult or impossible to detect with
automated network or application vulnerability scanning software
Assessing the magnitude of potential business and operational impacts of
successful attacks
Testing the ability of network defenders to successfully detect and
respond to the attacks
Providing evidence to support increased investments in security personnel
and technology
43
Penetration Testing