Superhelt 2013-screen
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

Superhelt 2013-screen

on

  • 383 views

PROSA superheltekursus i Odense 12. april 2013 mixed danish and english slides

PROSA superheltekursus i Odense 12. april 2013 mixed danish and english slides

Statistics

Views

Total Views
383
Views on SlideShare
383
Embed Views
0

Actions

Likes
1
Downloads
1
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Superhelt 2013-screen Presentation Transcript

  • 1. Welcome to IT-sikkerhed 2013 PROSA Superhelteseminar Henrik Lund Kramshøj, internet samurai hlk@solido.net http://www.solidonetworks.comc license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 1
  • 2. Planen idag Don’t Panic!Kl 17:00-19:00Mindre enetale, mere foredrag 2.0 med sociale medier, informationsdeling og interak-tion ˚ Send gerne spørgsmal senere ˚PS er her nogle timer efter foredraget til spørgsmal og snakc license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 2
  • 3. ˚Formal: IT-sikkerhed passwords og dine servicesVores passwords er overaltVi er afhængige af cloud servicesVi er afhængige af netværkVi er afhængige af andres computere - servere og servicesc license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 3
  • 4. ˚Formal: sund paranoia Opbevaring af passwordsc license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 4
  • 5. Superheltegerninger.Backup - jævnligtKryptografi og kryptoværktøjer Sikre protokollerTal frit - Lær og lær fra digFølg med i nyheder, støt det frie internetc license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 5
  • 6. Hackerværktøjer • Nmap, Nping - tester porte, godt til firewall admins http://nmap.org • Metasploit Framework gratis pa http://www.metasploit.com/ ˚ • Wireshark avanceret netværkssniffer - http://http://www.wireshark.org/ • Burpsuite http://portswigger.net/burp/ • Skipfish http://code.google.com/p/skipfish/ • Kali Linux operativsystem med fokus pa sikkerhedstest http://www.kali.org ˚Billede: Angelina Jolie fra Hackers 1995c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 6
  • 7. Evernote password resetSources:http://evernote.com/corp/news/password_reset.phpc license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 7
  • 8. Twitter password resetSources:http://blog.twitter.com/2013/02/keeping-our-users-secure.htmlc license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 8
  • 9. January: Github Public passwords?Sources:https://twitter.com/brianaker/status/294228373377515522http://www.webmonkey.com/2013/01/users-scramble-as-github-search-exposes-passwords-security-dethttp://www.leakedin.com/http://www.offensive-security.com/community-projects/google-hacking-database/c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 9
  • 10. Are passwords dead?google: passwords are deadAbout 6,580,000 results (0.22 seconds)Can we stop using passwords?Muffett on Passwords has a long list of password related information, from the authorof crack http://en.wikipedia.org/wiki/Crack_(password_software)http://dropsafe.crypticide.com/muffett-passwordsc license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 10
  • 11. Opbevaring af passwordsPasswordSafe http://passwordsafe.sourceforge.net/Apple KeychainBrowsere, Firefox Master Passwordc license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 11
  • 12. Google looks to ditch passwords for good”Google is currently running a pilot that uses a YubiKey cryptographic card developedby YubicoThe YubiKey NEO can be tapped on an NFC-enabled smartphone, which reads anencrypted one-time password emitted from the key fob.”Source: http://www.zdnet.com/google-looks-to-ditch-passwords-for-good-with-nfc-based-replacementc license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 12
  • 13. Yubico Yubikey A Yubico OTP is unique sequence of characters generated every time the YubiKey button is touched. The Yubico OTP is comprised of a sequence of 32 Modhex characters representing information encrypted with a 128 bit AES-128 keyhttp://www.yubico.com/products/yubikey-hardware/c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 13
  • 14. DuosecurityVideo https://www.duosecurity.com/duo-pushhttps://www.duosecurity.com/c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 14
  • 15. Low tech 2-step verification Print af koder, low level pragmatiskLogin fra nye enheder kræver ekstra sikkerhedgoogle 2-faktor auth. SMS med backup codesDeveloped at Bellcore in the late 1980s http://en.wikipedia.org/wiki/S/KEYc license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 15
  • 16. Er dine data sikre Lorem ipsum dolor sit amet, consectetur adipiscing elit, set eiusmod tempor incidunt et labore et dolore magna aliquam. Ut enim ad minim veniam, quis nostrud exerc. Irure dolor in reprehend incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse molestaie cillum. Tia non ob ea soluad incommod quae egen ium improb fugiend. Officia deserunt mollit anim id est laborum Et harumd dereud facilis est er expedit distinct. Gothica quam nunc putamus parum claram anteposuerit litterarum formas humanitatis per seacula quarta; modo typi qui nunc nobis videntur parum clari fiant sollemnes in futurum; litterarum formas humanitatis per seacula quarta decima et quinta decima, modo typi qui nunc nobis videntur parum clari fiant sollemnes in futurum, anteposuerit ! Nam liber te conscient to factor tum poen legum odioque civiuda et tam. Neque pecun modut est neque nonor et imper ned libidig met, consectetur adipiscing elit, sed ut labore et dolore magna aliquam is nostrud exercitation ullam mmodo consequet. Duis aute in voluptate velit esse cillum dolore eu fugiat nulla pariatur. At vver eos et accusam dignissum qui blandit est praesent. ˚Stjalet laptopCloud servicesSlettede eller ødelagte data- og hvordan sletter man data? Huskede du mini SD kortet med dine private billeder?c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 16
  • 17. harddisk beskyttelse og data krypteringKryptering findes i alle de gængse klient operativsystemer • Microsoft Windows Bitlocker - kryptering af disken Ultimate eller Enterprise • Apple Mac OS X - krypterer nemt med FileVault og FileVault2 • FreeBSD GEOM og GBDE - giver mulighed for at kryptere enheder generelt • PGP disk - Pretty Good Privacy - laver en virtuel krypteret disk • ˚ Nogle producenter har kodeord pa disken - IBM harddisk BIOS kodeordc license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 17
  • 18. Sikre protokoller som bruger kryptoKryptering af e-mail • Pretty Good Privacy - Phil Zimmermann • PGP = mail sikkerhedKryptering af sessioner SSL/TLS • Secure Sockets Layer SSL / Transport Layer Services TLS • krypterer data der sendes mellem webservere og klienter • SSL kan bruges generelt til mange typer sessioner, eksempelvis POP3S, IMAPS, SSH m.fl.Kryptering af netværkstrafik - Virtual Private Networks VPN • IPsec IP Security Framework, se ogsa L2TP ˚ • PPTP Point to Point Tunneling Protocol - darlig og usikker, brug den ikke mere! ˚ • OpenVPN m.fl.c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 18
  • 19. Enigmail - GPG plugin til Mail • Enigmail er en udvidelse til • mailklienten i Mozilla/Netscape • standalone mailklienten Thunderbird • Billede fra http://enigmail.mozdev.orgc license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 19
  • 20. Enigmail - OpenGPG Key Manager Key Manager funktionaliteten i Enigmail kan anbefalesc license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 20
  • 21. GPGMail plugin til Mac OS X Mail.app • Bruger GPG • kilde: http://www.sente.ch/software/GPGMail/English.lproj/GPGMail.html • Mailserver udvidelser som https://github.com/infertux/zeyplec license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 21
  • 22. VPNVPN http://en.wikipedia.org/wiki/Virtual_private_networkSSL/TLS VPN - Generelt koncept. Adskillige leverandører: Cisco, Juniper, F5 Big IP ˚De snakker ikke ret godt sammen pa tværs. Brug IPSec for dette.IPsec er desværre blokeret mange steder og man skal bruge en klient(I praksis bruger SSL VPN ofte en klient, men den downloades fra web)Open source variant: OpenVPNc license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 22
  • 23. OpenVPN client OpenVPN GUI - easy to usec license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 23
  • 24. Internet sniffing by governmentÆgypten, Sudan, Tunesien, ...Den der kontrollerer ISPerne kontrollerer trafikkenFacebook revolutionerneBlokering er umulig, men det forsøgesSpredning af falsk informationDiginotar Dutch Certificate AuthorityKilde: http://irevolution.net/2011/02/10/facebook-for-repressive-regimes/c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 24
  • 25. HTTPS Everywhere HTTPS Everywhere is a Firefox extension produced as a collaboration between The Tor Project and the Electronic Frontier Foundation. It encrypts your commu- nications with a number of major websites. http://www.eff.org/https-everywherec license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 25
  • 26. CertPatrol - which site uses which certificate An add-on formerly considered paranoid: CertPatrol implements ”pinning” for Firefox/Mozilla/SeaMonkey roughly as now recommended in the User Interface Guidelines of the World Wide Web Consortium (W3C). http://patrol.psyced.org/c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 26
  • 27. Convergence - who do you trust http://convergence.io/ Warning: radical change to how certificates workc license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 27
  • 28. Client side: Flash, PDF, Facebook Kan vi undvære Java, Flash og PDF?Kilde: http://en.wikipedia.org/wiki/Drive-by_downloadc license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 28
  • 29. Flash blockersSafari http://clicktoflash.com/Firefox Extension FlashblockChrome extension called FlashBlockInternet Explorer 8: IE has the Flash block functionality built-in so you don’t need toinstall any additional plugins to be able to block flash on IE 8.FlashBlock for Opera 9 - bruger nogen Opera mere?FlashBlockere til iPad? iPhone? Android? - hvorfor er det ikke default?c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 29
  • 30. Tor project https://www.torproject.org/c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 30
  • 31. Tor project - how it works 1 pictures from https://www.torproject.org/about/overview.html.enc license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 31
  • 32. Tor project - how it works 2 pictures from https://www.torproject.org/about/overview.html.enc license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 32
  • 33. Tor project - how it works 3 pictures from https://www.torproject.org/about/overview.html.enc license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 33
  • 34. Hvordan bliver du sikkerLad være med at bruge een computer til alt ˚Forskellige computere til forskellige formal, webserver vs mailserverBrug en sikker konfiguration, minimumskonfigurationBrug sikre protokoller, kryptering, evt. TOROpsætning af netværk, hvordan? Security Configuration Guides + paranoia • http://csrc.nist.gov/publications/PubsSPs.html • http://www.nsa.gov/research/publications/index.shtml • http://www.nsa.gov/ia/guidance/security_configuration_guides/index.shtmlc license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 34
  • 35. Følg med Twitter newsTwitter has become an important new resource for lots of stuffTwitter has replaced RSS for mec license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 35
  • 36. Følg med Twitter news ˚Exploits og nye sarbarhederc license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 36
  • 37. Checklisten • BIOS kodeord, pin-kode til telefon • Firewall - specielt pa laptops ˚ • Installer anti-virus og anti-spyware hvis det er pa Windows ˚ • Brug to browsere med forskellige indstillinger • Brug evt. PGP til mailkryptering • Brug Password Safe, Keychain Access (OSX) eller tilsvarende • Overvej at bruge harddisk eller filkryptering • Opdatere alle programmer jævnligt • Backup af vigtige data - harddiske i bærbare kan ogsa dø ˚ • Husk: sikker sletning af harddiske, medier osv.c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 37
  • 38. Afbalanceret sikkerhed god sikkerhed dårlig sikkerhed Sikkerheds niveau Prod Test Dev Mail Web Prod Test Dev Mail WebDet er bedre at have et ensartet niveauHvor rammer angreb hvis du har Fort Knox et sted og kaos andre stederHackere vælger ikke med vilje den sværeste vej indc license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 38
  • 39. Part IIc license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 39
  • 40. Fri adgang til hackerværktøjerI 1993 skrev Dan Farmer og Wietse Venema artiklenImproving the Security of Your Site by Breaking Into itI 1995 udgav de softwarepakken SATANSecurity Administrator Tool for Analyzing Networks We realize that SATAN is a two-edged sword - like many tools, it can be used for good and for evil purposes. We also realize that intruders (including wannabees) have much more capable (read intrusive) tools than offered with SATAN.Se http://sectools.org og http://www.packetstormsecurity.org/Kilde: http://www.fish2.com/security/admin-guide-to-cracking.htmlc license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 40
  • 41. Pentest in the newsc license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 41
  • 42. Attack overviewhttp://www.sicherheitstacho.eu/?lang=enc license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 42
  • 43. Carna Botnet Internet Census 2012 Port scanning /0 using insecure embedded devices Abstract While playing around with the Nmap Scripting Engine (NSE) we discov- ered an amazing number of open embedded devices on the Internet. Many of them are based on Linux and allow login to standard BusyBox with empty or de- fault credentials. We used these devices to build a distributed port scanner to scan all IPv4 addresses. These scans include service probes for the most com- mon ports, ICMP ping, reverse DNS and SYN scans. We analyzed some of the data to get an estimation of the IP address usage. Additionally, with one hundred thousand devices scanning at ten probes per sec- ond we would have a distributed port scanner to port scan the entire IPv4 Internet within one hour.Source: http://internetcensus2012.bitbucket.org/paper.htmlhttp://www.theregister.co.uk/2013/03/19/carna_botnet_ipv4_internet_map/c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 43
  • 44. Shodan dark google http://www.shodanhq.com/search?q=Photosmartc license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 44
  • 45. Cisco IOS password Title: Cisco’s new password hashing scheme easily cracked Description: In an astonishing decision that has left crytographic experts scratch- ing their heads, engineer’s for Cisco’s IOS operating system chose to switch to a one-time SHA256 encoding - without salt - for storing passwords on the device. This decision leaves password hashes vulnerable to high-speed cracking - mod- ern graphics cards can compute over 2 billion SHA256 hashes in a second - and is actually considerably less secure than Cisco’s previous implementa- tion. As users cannot downgrade their version of IOS without a complete reinstall, and no fix is yet available, security experts are urging users to avoid upgrades to IOS version 15 at this time.Reference: via SANS @RISK newsletterhttp://arstechnica.com/security/2013/03/cisco-switches-to-weaker-hc license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 45
  • 46. Kali Linux the new backtrackBackTrack http://www.backtrack-linux.orgKali http://www.kali.org/c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 46
  • 47. it’s a Unix system, I know thisSkal du igang med sikkerhed?Installer et netværk, evt. bare en VMware, Virtualbox, Parallels, Xen, GNS3, ...Brug BackTrack, se evt. youtube videoer om programmerneQuote fra Jurassic Park http://www.youtube.com/watch?v=dFUlAQZB9Ngc license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 47
  • 48. Hackerværktøjer • Nmap, Nping - tester porte, godt til firewall admins http://nmap.org • Aircrack-ng http://www.aircrack-ng.org/ • Wireshark netværkssniffer - http://http://www.wireshark.org/ • Burpsuite http://portswigger.net/burp/ • Skipfish http://code.google.com/p/skipfish/ ˚Generelt findes der hackerværktøjer indenfor alle nicheomrader! Listen over de mest anvendte hacker tools http://sectools.org/c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 48
  • 49. Metasploit and Armitage Still rocking the internethttp://www.metasploit.com/Armitage GUI fast and easy hacking for Metasploithttp://www.fastandeasyhacking.com/Kursus Metasploit Unleashedhttp://www.offensive-security.com/metasploit-unleashed/Main_PageBog: Metasploit: The Penetration Tester’s Guide, No Starch PressISBN-10: 159327288Xc license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 49
  • 50. Demo, snak, visning, surfinghackertools, step by step instruktioner, Kali Linux demo osv.c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 50
  • 51. Security Onion securityonion.blogspot.dkc license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 51
  • 52. BRO IDS While focusing on network security monitoring, Bro provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Bro has successfully bridged the traditional gap be- tween academia and operations since its inception.http://www.bro.org/c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 52
  • 53. BRO more than an IDS The key point that helped me understand was the explanation that Bro is a domain-specific language for networking applications and that Bro-IDS (http://bro- ids.org/) is an application written with Bro.Why I think you should try Brohttps://isc.sans.edu/diary.html?storyid=15259c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 53
  • 54. Bro scriptsglobal dns_A_reply_count=0;global dns_AAAA_reply_count=0;...event dns_A_reply(c: connection, msg: dns_msg, ans: dns_answer, a: addr){++dns_A_reply_count;}event dns_AAAA_reply(c: connection, msg: dns_msg, ans: dns_answer, a: addr){++dns_AAAA_reply_count;}source: dns-fire-count.bro fromhttps://github.com/LiamRandall/bro-scripts/tree/master/fire-scriptc license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 54
  • 55. ˚Be careful - spørgsmal? Hey, Lets be careful out there! Henrik Lund Kramshøj, internet samurai hlk@solido.netBillede: Michael Conrad http://www.hillstreetblues.tv/c license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 55
  • 56. VikingScan.org - free portscanningc license CC BY 3.0. 2013 Solido Networks, Henrik Lund Kramshøj 56