Security test and                      implementation                   of terminal computer                              ...
Overview   Background story   Break­in attacks   Risk determination and security control recommendations      for break...
Background story   XpUnlimited.LT company   Software works on all previous Windows OS`s   Try the security of terminal ...
Network diagram
System characterization   Hardware:           Acer , i3, 4GB RAM gt320 1GB video   Software:           Windows 7 Ultim...
System characterization   System interfaces          S­ATA2, USB, 802.11b/g/n, HDMI, VGA, Ethernet.   Users          A...
Control analysis   Os Security Policies   Local Access Policies   System Backup   Firewall Policies
Break-in attacks
Exploit     (Infection with key logger)   Exploited by executing file on victims machine   File with payload   Meterpre...
Mail infection   External attack   Attack was made from BackTrack 5 to infect the      Terminal thin client server with ...
Example
Some details   reverse_tcp payload.    local port 4444(it is vulnerable port) to create active       server which listen...
Human ThreatsThreat-Source       Motivation         Threat ActionComputer Criminal   Monetary Gain-my   Computer Crime    ...
Vulnerability IdentificationVulnerability          Threat-Source        Threat ActionOutdated Software      Hacker, Cracke...
Likelihood DeterminationThreat-Source        Vulnerability          LikelihoodHacker, Cracker,     Outdated Software      ...
Impact AnalysisThreat-Source Loss of     Loss of        Loss of              Integrity   Availability   Confidentialit    ...
Likelihood, Impact Analysis &             RiskVulnerability Threat -      Likelihood   Impact   Risk              SourceOu...
Control RecommendationsRisk                Risk     Recommended Controls           Activity                    Level      ...
Network attacks
ARP - Man in the middle              attack   After I broke in through Metasploit exploit to      victim pc I try do more...
   After that I get full information float from router and my selected other      computer.   In that information are in...
Dos attack• Used tools:   Bactrack5 network penetration OS within   Ettercap ­  tool for man­in­the­midlle attack.• Goal: ...
DoS
TS before DoS attack
TS after DoS attack
Human ThreatsThreat-Source       Motivation              Threat ActionComputer Criminal   Monetary Gain-my        Computer...
Vulnerability IdentificationVulnerability       Threat-Source       Threat ActionAbsence Of System   Hacker, Cracker     S...
Likelihood DeterminationThreat-Source       Vulnerability       LikelihoodHacker, Cracker     Absence Of System   MediumCo...
Impact AnalysisThreat-Source Loss of     Loss of        Loss of              Integrity   Availability   Confidentialit    ...
Likelihood, Impact Analysis &             RiskVulnerability   Threat -      Likelihood   Impact   Risk                Sour...
Control RecommendationsRisk                Risk     Recommended Controls          Activity                    Level       ...
Security solutions
Terminal server security           configurationUser groups:• Administrative Users group – privileges to   configure termi...
Application control for users• The users can use only specified applications by the   system administrator. •  Not active ...
Anti-virus   Implement security antivirus, which gives you updated       database and protect from intruders.          S...
Security against network              attacks●   IPS&IDS       ●   Snort●   Firewall       ●   Ipcop          APF (Advanc...
Questions?
Upcoming SlideShare
Loading in …5
×

Final presentation of IT security project

1,481 views

Published on

This is final presentation of IT security project. In this project tested terminal server security and built the system. Project consist of :
*Build the system
*Try to break
*Detect
*Prevent
So, project is implemented fully and all requirement are done.

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,481
On SlideShare
0
From Embeds
0
Number of Embeds
180
Actions
Shares
0
Downloads
13
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Final presentation of IT security project

  1. 1. Security test and implementation of terminal computer Authors: Armandas Rokas Andrius Sinkevicius Edvinas ButenasDecember 7, 2011
  2. 2. Overview Background story Break­in attacks Risk determination and security control recommendations  for break­in attacks Network attacks Risk determination and security control recommendations  for network attacks Security solutions Questions?
  3. 3. Background story XpUnlimited.LT company Software works on all previous Windows OS`s Try the security of terminal server  Built fully protected ( included network security)
  4. 4. Network diagram
  5. 5. System characterization Hardware:  Acer , i3, 4GB RAM gt320 1GB video Software:  Windows 7 Ultimate SP1 32­bit/Windows Xp SP3  with XPUnlimited Data:  Pictures, Sensitive Documents.
  6. 6. System characterization System interfaces  S­ATA2, USB, 802.11b/g/n, HDMI, VGA, Ethernet. Users  Administrator, Remote Users. Services running  Printer, Web Server (IP Consult HTTP server),  Remotes Desktops, Internal Database For ERP.
  7. 7. Control analysis Os Security Policies Local Access Policies System Backup Firewall Policies
  8. 8. Break-in attacks
  9. 9. Exploit (Infection with key logger) Exploited by executing file on victims machine File with payload Meterpreter command line Key log:  On Windows 7 only affected user only affected  On Windows Xp all user all
  10. 10. Mail infection External attack Attack was made from BackTrack 5 to infect the  Terminal thin client server with Windows 7  operating system. Exploit which let me break in to victim computer  when he got the infected message to his mail box.
  11. 11. Example
  12. 12. Some details reverse_tcp payload.  local port 4444(it is vulnerable port) to create active  server which listening when victim click on  message. After victim activate the payload included into  message I open meterpreter.
  13. 13. Human ThreatsThreat-Source Motivation Threat ActionComputer Criminal Monetary Gain-my Computer Crime credit card info Fraudulent ActHacker, Cracker Challenge, Ego Hacking, Social Engineering, System Intrusion, Unauthorized System Access.User Negligence Spill Fluids on System Idiocy Drop System
  14. 14. Vulnerability IdentificationVulnerability Threat-Source Threat ActionOutdated Software Hacker, Cracker, System File Loss, Computer Criminal. Unauthorized System Accesses.Misconfigured System Users, Computer System Files Loss, Criminal. Hacker, System Failure Cracker.Absence Of Security Hacker, Cracker, System Files Loss,Software Computer Criminal. System Failure.
  15. 15. Likelihood DeterminationThreat-Source Vulnerability LikelihoodHacker, Cracker, Outdated Software MediumComputer Criminal.Users, Computer Misconfigured System MediumCriminal.Hacker, Cracker, Absence Of Security HighComputer Criminal. Software
  16. 16. Impact AnalysisThreat-Source Loss of Loss of Loss of Integrity Availability Confidentialit yHacker, None High HighCracker.Computer None High HighCriminal.Users Low Low Low
  17. 17. Likelihood, Impact Analysis & RiskVulnerability Threat - Likelihood Impact Risk SourceOutdated Hacker, Medium Medium MediumSoftware Cracker, Computer Criminal.Misconfigured Users, High High HighSystem Computer Criminal. Hacker, Cracker.Absence Of Hacker, High Medium MediumSecurity Cracker,Software Computer Criminal.
  18. 18. Control RecommendationsRisk Risk Recommended Controls Activity Level PriorityOutdated Software Medium Regularly Updating Software. MediumMisconfigured High Hire Qualified Specialists. HighSystemAbsence Of Security Medium Install legally IPS & IDS. MediumSoftware
  19. 19. Network attacks
  20. 20. ARP - Man in the middle attack After I broke in through Metasploit exploit to  victim pc I try do more harm to him. I use ARP protocol vulnerability, with which you  are invisible, but same time making damage to  victim. With fake arpsoof regues and response package  sending I make MITM “Man In The Middle”  attack.  
  21. 21.  After that I get full information float from router and my selected other  computer. In that information are included logins, emails other sensitive  information. Victim become full infected, he needs get out of this situation and  prevent for another time.
  22. 22. Dos attack• Used tools:   Bactrack5 network penetration OS within   Ettercap ­  tool for man­in­the­midlle attack.• Goal:     Make the terminal server unavailable to its intended users
  23. 23. DoS
  24. 24. TS before DoS attack
  25. 25. TS after DoS attack
  26. 26. Human ThreatsThreat-Source Motivation Threat ActionComputer Criminal Monetary Gain-my Computer Crime credit card info Fraudulent ActHacker, Cracker Challenge, Ego Hacking, Social Engineering, System Intrusion, Unauthorized System Access.Competitors Injure Company Economic Exploitation, Stability. Compromise System Penetration, Network work. Spoofing/Sniffing of Network. Run Of Company Data.
  27. 27. Vulnerability IdentificationVulnerability Threat-Source Threat ActionAbsence Of System Hacker, Cracker System Failure,Security Competitors Connection Damage, Computer Criminal Information Conversion.
  28. 28. Likelihood DeterminationThreat-Source Vulnerability LikelihoodHacker, Cracker Absence Of System MediumCompetitors SecurityComputer Criminal
  29. 29. Impact AnalysisThreat-Source Loss of Loss of Loss of Integrity Availability Confidentialit yHacker, None High HighCracker.Computer None High HighCriminal.Competitors Medium High High
  30. 30. Likelihood, Impact Analysis & RiskVulnerability Threat - Likelihood Impact Risk SourceAbsence Of Hacker, Medium High MediumSystem CrackerSecurity Competitors Computer Criminal
  31. 31. Control RecommendationsRisk Risk Recommended Controls Activity Level PriorityAbsence Of System Medium Install legally IPS & IDS. HighSecurity Implement encryption. Users Access Control.
  32. 32. Security solutions
  33. 33. Terminal server security configurationUser groups:• Administrative Users group – privileges to  configure terminal server• Remote Desktop Users group – privileges only to  connect remote desktop without possibility to  configure it.• All users including administrator have credentials to  login the services, no password less connection  available.
  34. 34. Application control for users• The users can use only specified applications by the  system administrator. •  Not active user sessions are terminated according  time limit.• Applications that can be started by other application  are not visible to user.• User attempt to open not assigned application are  restricted by  pop­out message that user have not  privilege to open it.
  35. 35. Anti-virus Implement security antivirus, which gives you updated  database and protect from intruders.  Shut down any untruthful connection.  Scanning web pages, your downloads.  Made with reliable Firewall.  Security isn’t about blocking malicious actions, it’s about  keeping your data safe, so arrange the reliable  Encryption software.  Users to upload viruses for future updates.  #1 Bitdefender
  36. 36. Security against network attacks● IPS&IDS ● Snort● Firewall ● Ipcop  APF (Advanced Policy Firewall) from rfxnetworks● Optional expensive solutions ● Cisco router ● Paid firewall
  37. 37. Questions?

×