Ernest Staats Director of Technology and Network Services at GCA

3,378 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
3,378
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
26
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Computer hackers in 2009 showed increasing sophistication Submitted by SHNS on Mon, 12/28/2009 - 15:43 By ALEJANDRO MARTINEZ-CABRERA, San Francisco Chronicle Security experts describe the typical hacker of 2009 as more sophisticated, prolific and craftier than ever. If anything, criminals will be remembered by the sheer number of attacks they unleashed upon the Web. While the year didn't see many technological leaps in the techniques hackers employ, they continued to expand their reach to every corner of the Internet by leveraging social media, infiltrating trusted Web sites, and crafting more convincing and tailored scams. 2009 saw the first iPhone worm -- most attacks in 2009 were near-identical to tactics used in prior years, changing only in the victims they targeted and their level of sophistication. In October, the FBI estimated small and medium businesses have lost at least $40 million to cyber-crime since 2004. Alan Paller, director of research at the SANS Institute, said criminals shifted the focus of their tactics from developing attack techniques to improving the social engineering of their scams. The institute is a computer security training and research outfit. "It's not the tools but the skills. That's a new idea," he said. One example is rogue antivirus schemes, which often trick computer users with a fake infection. Criminals then obtain their victims' credit card information as they pay for a false product, all the while installing the very malicious software they were seeking to repel. Even though these scams have been around for several years, they have become more a popular tactic among criminals because they pressure potential victims into making on-the-spot decisions. "People have been told to look out for viruses and want to do the right thing. There's security awareness now, but the criminals are taking advantage of their limited knowledge," said Mike Dausin, a researcher with network security firm TippingPoint's DVLabs. Chester Wisniewski, senior adviser for software security firm Sophos, said social networks also continued to be an important target for attackers. Despite Facebook and Twitter's efforts to beef up their security, it has become a common tactic for scammers to hijack Facebook accounts and post malicious links on the walls of the victim's friends or distribute harmful content through tweets. "We haven't had this before -- a place where all kinds of people go and dump their information, which makes it very valuable for criminals," Wisniewski said. "It's kind of a gold mine for identity thieves to get on people's Facebook account." Another common ploy was malicious software that piggybacked on common third-party applications like Adobe PDFs and Flash animations. Although Adobe scrambled this year to improve its software update procedures and roll out patches more frequently, criminals have increasingly exploited the coding flaws in Adobe products in particular because of their ubiquity and the abundance of vulnerable old code, said Roel Schouwenberg, senior virus analyst at Kaspersky Lab, an anti-malware company. By using ad networks or taking advantage of exploitable Web programming errors to insert malicious content, criminals cemented their presence in legitimate Web sites and made 2009, according to anti-malware firm Dasient, the year of the "drive-by download," in which users only have to visit a compromised Web site to become infected. Researchers also noted a high volume of attacks disguised as content related to popular news items -- anything from Michael Jackson to the swine flu -- to coax Web users into downloading malicious content. This closing year also saw a handful of notorious politically motivated online attacks, and the issue of national cybersecurity continued to gain prominence. In July, several U.S. and South Korean government Web sites went offline after being hit by a denial-of-service attack that South Korea has attributed to a North Korean ministry. U.S. defense officials revealed in April that hackers have stolen thousands of files on one of the military's most advanced fighter aircrafts. "Now it's in the agenda of every government to pay attention to the cyberworld," Schouwenberg said. E-mail Alejandro Martínez-Cabrera at amartinez-cabrera(at)sfchronicle.com. (Distributed by Scripps Howard News Service, www.scrippsnews.com .) Must credit the San Francisco Chronicle  
  • From 90 to 1998 it took that long to cross the 20,000 malware by 2004 we had just crossed 100,000 mark then by 2007 we were over 1 mil Symantec Statistics and Malware's Mushroom Cloud By Noah Schiffman on Wed, 04/09/08 - 3:17am.   Initially, I set out to write this blog about the security risks involved with the misperception of numerical data, and the problems with conventional wisdom.  However, my internet readings led me slightly off course, in pursuit of understanding some recent malware statistics. Taking a break from exploit analysis and watching TV, I recently found myself surfing the web for some current security statistics, which is something IT managers should probably do, once in awhile.  Typically, reviewing this kind of mundane data is only performed to provide information about various IT trends -common attack vectors, frequent 3rd party exploits-to aid in decision making tasks, such as, security resource allocation.  Should we be concentrating more on UTM, end-point security, or extrusion protection? Although, it is also a good practice for understanding these security statistics. At some point, I will go on one of my rants regarding, "Information is data that is merely viewed , whereas, knowledge is data that is understood ", but for now, I'll only scratch the surface.   Do know that, anyone can memorize and regurgitate numbers, or as often mislabeled, statistics, but far fewer can actually understand their meaning, relevance or truth. This is the point where my train of thought was temporarily derailed.  I was about to give some glorious examples, of misrepresentation of security data, from leading industry resources.  Then I stumbled upon a few articles from Computer World that didn't quite make sense. On April 4th, Computer World reported that, "the total number of viruses will reach 1 million by year's end, according to security experts".  Then, four days later, Computer World stated that, according to Symantec, malware's million mark was reached in the latter portion of 2007.  How does a milestone number like that get overlooked for four months, resulting in a speculative article that is only found to be an editorial error, just four days later? However, a larger question is: What is the true significance of the 1M barrier breakthrough?  Is it, perhaps, just a nice big round number with an extra zero that will make for a good news story?  Will any security strategies or mechanisms change, that wouldn't have, say when malware reached 950,000?  You probably know the answers. On the other hand, it is a milestone, or at least a measurement.  The real significance is the rate of change, and the dramatic increase in malware.  Symantec's, Internet Security Threat Report Volume XIII, just released , gives an in-depth analysis of threat activity for the last six months of 2007.  One of the most significant developments revealed, is its observations of malicious code trends.  The study highlights the exponential growth of malware last year.  With a total of 1.1 million code threats, it reports that 711,912 of them were discovered last year.  This would indicate that 64% of all of these threats were from last year alone.  Has the internet really become that dangerous, in the last year? I don't know.  But I do know that this type of statistical reporting is good for the security vendor's business.  I also know that in the absence of certain variables, that any data set can be skewed to produce favorable results.  After reading their report, I had many unanswered questions.  They state that all previous reports were based upon, "the number of malicious code reports received from enterprise and home users", and that the current report also examines "malicious code according to potential infections".   How does this affect relative data between reports?  When counting malware threats, how many are truly unique? How many are variant strains?  And what are the actual criteria used to discriminate between the two?  How has this discrimination criteria changed over time, in adaptation to the evolving morphing engines, capable of producing polymorphic and metamorphic malware?  What about malware that is now appearing embedded in new devices, such as iPods or USB drives ?   Is there any relative adjustments based on the growth of US Internet usage (currently about 72% of the population )? I'm not challenging the work of Symantec by any means.  I am trying to get people to question numbers and statistics presented by any one vendor.  It is important to question methodologies and inquire about absent variables.  Optimally, having access to raw data, allows one to perform their own statistical analyses, and generate specific custom security metrics, if needed. Although, in the end, I didn't think anyone has to take out their calculator, to mathematically agree, that malware is a growing problem. I can be statistically analyzed at: [email_address]
  • Cain and Abel It can recover passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols.
  • Cain and Abel It can recover passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols. RainbowCrack : An Innovative Password Hash Cracker The RainbowCrack tool is a hash cracker that makes use of a large-scale time-memory trade-off. A traditional brute force cracker tries all possible plaintexts one by one, which can be time consuming for complex passwords. RainbowCrack uses a time-memory trade-off to do all the cracking-time computation in advance and store the results in so-called "rainbow tables". It does take a long time to precompute the tables but RainbowCrack can be hundreds of times faster than a brute force cracker once the precomputation is finished
  • Enumerate Windows Shares Start – Run - \IPC$ Login is administrator Password Start – Run \(server name or IP) Enumerate Windows Directory LDAP query – Dump Accounts and Groups on a 2000/2003 Server Tool is on the Windows 2000/2003 Server CD (LDP.EXE) The Dude http://www.mikrotik.com/thedude.php The Dude is a visual and easy to use network monitoring and management system designed to represent network structure in one or more crosslinked graphical diagrams, allowing you to draw (includes automatic network discovery tool) and monitor your network however complicated it might be. The Dude is capable of monitoring particular services run on the network hosts, and alerting you about any changes in their status. It can read statistics from the device monitored and show you graphs of the monitored values, allows you to test and connect to the devices easily, and provides some very basic RouterOS configuration tools Getif is an excellent SNMP tool that allows you to collect and graph information from SNMP devices.   SoftPerfect Network Scanner is a free multi-threaded IP, NetBIOS and SNMP scanner with a modern interface and several advanced features. It is intended for both system administrators and users who are interested in computer security. The program pings computers, scans for listening TCP ports and shows what types of resources are shared on the network (including system and hidden). Hping2 : A network probing utility like ping on steroids This handy little utility assembles and sends custom ICMP, UDP, or TCP packets and then displays any replies LanSpy —Network security scanner, which gets: Domain and NetBios names, MAC address, Server information, Domain and Domain controller information, Remote control, Time, Discs, Transports, Users, Global and local users groups, Policy settings, Shared resources, Sessions, Open files, Services, Registry and Event log information.
  • Metasploit www.metasploit.org A great tool to exploit those Windows-based vulnerabilities that other tools find
  • Open DNS Ccleaner It removes unused files from your system - allowing Windows to run faster and freeing up valuable hard disk space. It also cleans traces of your online activities such as your Internet history. http://www.ccleaner.com/ PC Decrapifier The PC Decrapifier will uninstall many of the common trialware and annoyances found on many of the PCs from big name OEMs free for personal use 20$ per tech who will use it http://pcdecrapifier.com/features File Shredder File Shredder has been developed as fast, safe and reliable tool to shred company files. http://www.fileshredder.org/ The Dude The Dude is auto network discovery and layout discovers any type or brand of device, device, Link monitoring, and notifications supports SNMP, ICMP, DNS and TCP monitoring for devices that support it http://www.mikrotik.com/thedude.php WinAudit is a software program that audits Windows® based personal computers. Just about every aspect of computer inventory is examined. You can e-mail it to your technical support or even post the audit to a database for archiving. When used in conjunction with its command line functionality, you can automate inventory administration at the network level http://www.pxserver.com/WinAudit.htm SoftPerfect™ Network Scanner A multi-threaded IP, SNMP and NetBIOS scanner. The program pings computers, scans for listening TCP ports and displays which types of resources are shared on the network (including system and hidden). In addition, it allows you to mount shared resources as network drives, browse them using Windows Explorer, filter the results list and more
  • Paid products that are great EnCase and AccessData
  • Ernest Staats Director of Technology and Network Services at GCA

    1. 1. Ernest Staats Director of Technology and Network Services at GCA MS Information Assurance, CISSP, CEH, MCSE, CNA, CWNA, Security+, I-Net+, Network+, Server+, A+ Resources available @ http://es-es.net Hacking High School
    2. 2. CAN’T DEFEND WHAT YOU DON’T KNOW <ul><li>“ Know your enemies & know yourself” <Sun Tzu> </li></ul><ul><li>Hacker Mentality </li></ul><ul><li>Map your network regularly </li></ul><ul><li>Sniff and Baseline your network know what type of data needs to be going across your system </li></ul><ul><li>Know what types of paths are open to your data WIFI, USB, BlueTooth, Remote Acess </li></ul><ul><li>Web 2.0 </li></ul><ul><li>Mobile device access </li></ul>
    3. 3. HACKER MENTALITY <ul><li>Hackers are motivated by various factors: </li></ul><ul><ul><li>Ego </li></ul></ul><ul><ul><li>Curiosity and challenge </li></ul></ul><ul><ul><li>Entertainment </li></ul></ul><ul><ul><li>Political beliefs </li></ul></ul><ul><ul><li>Desire for information </li></ul></ul><ul><ul><li>Thrill of gaining privileged access </li></ul></ul><ul><ul><li>Own the system long term (Trojans, backdoors) </li></ul></ul><ul><ul><li>Attempt to compromise additional systems </li></ul></ul><ul><ul><li>A &quot;trophy&quot; to gain status </li></ul></ul>
    4. 4. Hacker Stratification <ul><li>Tier I </li></ul><ul><ul><li>The best of the best </li></ul></ul><ul><ul><li>Ability to find new vulnerabilities </li></ul></ul><ul><ul><li>Ability to write exploit code and tools </li></ul></ul><ul><ul><li>Motivated by the challenge, and of course, money </li></ul></ul><ul><li>Tier II </li></ul><ul><ul><li>IT savvy </li></ul></ul><ul><ul><li>Ability to program or script </li></ul></ul><ul><ul><li>Understand what the vulnerability is and how it works </li></ul></ul><ul><ul><li>Intelligent enough to use the exploit code and tools with precision </li></ul></ul><ul><ul><li>Motivated by the challenge but primarily curiosity, some ego </li></ul></ul><ul><li>Tier III </li></ul><ul><ul><li>“ Script Kiddies” </li></ul></ul><ul><ul><li>Few real talents </li></ul></ul><ul><ul><li>Ability to download exploit code and tools written by others </li></ul></ul><ul><ul><li>Very little understanding of the actual vulnerability </li></ul></ul><ul><ul><li>Randomly fire off scripts until something works </li></ul></ul><ul><ul><li>Motivated by ego, entertainment, desire to hurt others </li></ul></ul>In the End there can only be 1
    5. 5. LOW HANGING FRUIT <ul><li>Safemode /Hacker Mode : F8 or hold down the CTRL key </li></ul><ul><li>God Mode </li></ul><ul><li>Lab machines that require Admin rights to run software </li></ul><ul><li>IronGeek.com / Youtube “Hack School” lots of step by step videos </li></ul><ul><li>Reamane EXE’s two fun ones netsh.exe utilman.exe </li></ul><ul><ul><li>When using Microsoft GPO’s use hash instead of Path </li></ul></ul><ul><li>Use Windows Run Use MS-Access to make a Macro run CMD </li></ul><ul><li>Use IP Address instead of Name Shutdown –i </li></ul><ul><li>Use U3 Devices or Portable Apps </li></ul><ul><li>Right Click Make shortcut to c drive if you hide C drive </li></ul><ul><li>Use Bluetooth to make file transfers to windows system32 if they have USB access they own it </li></ul>
    6. 6. GOD MODE VISTA / WIN7 <ul><li>GodMode.{ED7BA470-8E54-465E-825C-99712043E01C} </li></ul><ul><li>Other Shot cuts </li></ul><ul><li>{00C6D95F-329C-409a-81D7-C46C66EA7F33}&quot; </li></ul><ul><li>{00C6D95F-329C-409a-81D7-C46C66EA7F33} </li></ul><ul><li>{0142e4d0-fb7a-11dc-ba4a-000ffe7ab428} </li></ul><ul><li>{025A5937-A6BE-4686-A844-36FE4BEC8B6D} </li></ul><ul><li>{05d7b0f4-2121-4eff-bf6b-ed3f69b894d9} </li></ul><ul><li>{1206F5F1-0569-412C-8FEC-3204630DFB70} </li></ul><ul><li>{15eae92e-f17a-4431-9f28-805e482dafd4} </li></ul><ul><li>{17cd9488-1228-4b2f-88ce-4298e93e0966} </li></ul><ul><li>{1D2680C9-0E2A-469d-B787-065558BC7D43} </li></ul><ul><li>{1FA9085F-25A2-489B-85D4-86326EEDCD87} </li></ul><ul><li>{208D2C60-3AEA-1069-A2D7-08002B30309D} </li></ul><ul><li>{20D04FE0-3AEA-1069-A2D8-08002B30309D} </li></ul><ul><li>{2227A280-3AEA-1069-A2DE-08002B30309D} </li></ul><ul><li>{241D7C96-F8BF-4F85-B01F-E2B043341A4B} </li></ul><ul><li>{4026492F-2F69-46B8-B9BF-5654FC07E423} </li></ul><ul><li>{62D8ED13-C9D0-4CE8-A914-47DD628FB1B0} </li></ul><ul><li>{78F3955E-3B90-4184-BD14-5397C15F1EFC} </li></ul>Hiding things will not work
    7. 7. NOT ROCKET SCIENCE <ul><li>2009 saw the first iPhone worm -- most attacks were near-identical to prior years, changing only the victims and the level of sophistication </li></ul><ul><li>FBI estimated small and medium businesses have lost $40 million to cyber-crime since 2004 </li></ul>
    8. 8. VIRUS CREATION <ul><li>Anyone can do it! </li></ul>
    9. 9. MALWARE IS VERY COMMON <ul><li>Malware </li></ul><ul><ul><li>How common? </li></ul></ul><ul><ul><li>Spyware </li></ul></ul><ul><ul><li>Virus </li></ul></ul><ul><ul><li>Worm </li></ul></ul><ul><ul><ul><li>Tracking Map </li></ul></ul></ul><ul><ul><ul><ul><li>http://wtc.trendmicro.com/wtc/default.asp </li></ul></ul></ul></ul><ul><ul><ul><ul><li>http://www.fortiguard.com/map/worldmap.html </li></ul></ul></ul></ul><ul><ul><li>Symantec reported over million malware’s since 2007 </li></ul></ul>
    10. 10. “ WILL VULNERABILITIES EVER GO AWAY?” <ul><li>If, 95-99% of all attacks come from known vulnerabilities and mis-configurations [Carnegie Mellon] </li></ul><ul><li>And, known vulnerabilities and mis-configurations come from human error </li></ul><ul><li>And, for the foreseeable future, humans will be the creators and maintainers of technology </li></ul><ul><li>Then, vulnerabilities (and risk) are here to stay! </li></ul>
    11. 11. MIS-CONFIGURATIONS <ul><li>Easily guessed passwords </li></ul><ul><ul><li>Admin/no password </li></ul></ul><ul><ul><li>Admin/username same as password </li></ul></ul><ul><ul><li>Admin/”password” </li></ul></ul><ul><ul><li>Common user/pass combinations </li></ul></ul><ul><ul><ul><li>oracle/oracle </li></ul></ul></ul><ul><ul><ul><li>Default Password List http ://tinyurl.com/39teob </li></ul></ul></ul><ul><li>Default installed files </li></ul><ul><li>Admin rights for software </li></ul><ul><li>Incorrect permissions </li></ul>
    12. 12. MOBILE DEVICES EXPOSES YOU I’m really an IP connected computer!
    13. 13. USB ADD RISK <ul><li>Flash Memory Devices </li></ul><ul><ul><li>Containing what? </li></ul></ul>
    14. 14. USING REMOTE ACCESS TO HACK <ul><li>BackTrack4 - </li></ul><ul><ul><li>Owning Vista with BackTrack http://www.offensive-security.com/backtrack-tutorials.php </li></ul></ul><ul><ul><li>How to put BT4 on a USB </li></ul></ul><ul><ul><li>http://www.offensive-security.com/backtrack-tutorials.php </li></ul></ul><ul><li>Portable Apps </li></ul><ul><ul><li>http://es-es.net </li></ul></ul><ul><li>Mobile devices </li></ul><ul><ul><li>Iphone I-Touch http:// www.leebaird.com/Me/iPhone.html </li></ul></ul><ul><ul><li>Droid PS2 others </li></ul></ul><ul><li>Metasploit </li></ul>
    15. 15. SILVER BULLET EATER <ul><li>Alternate streamview </li></ul><ul><li>BinText </li></ul><ul><li>BitComet </li></ul><ul><li>CCleaner </li></ul><ul><li>Clam AV </li></ul><ul><li>Convert All Portable </li></ul><ul><li>Cool Player+ Portable </li></ul><ul><li>Defraggler </li></ul><ul><li>Dir html </li></ul><ul><li>File Shredder </li></ul><ul><li>Firefox </li></ul><ul><li>HttTrack </li></ul><ul><li>Links to Portable USB Software </li></ul><ul><li>http://www.portablefreeware.com/all.php </li></ul><ul><li>http://www.makeuseof.com/tag/portable-software-usb/ </li></ul><ul><li>http:// en.wikipedia.org/wiki/List_of_portable_software </li></ul><ul><li>http:// www.portablefreeware.com/index.php?sc=27 </li></ul><ul><li>My Set of Portable apps </li></ul><ul><ul><li>http://es-es.net/resources/Portable_Apps.zip   </li></ul></ul><ul><li>Kee Pass </li></ul><ul><li>LAN Search </li></ul><ul><li>Lsa secrets view </li></ul><ul><li>MAC address View </li></ul><ul><li>MD5Checker </li></ul><ul><li>mRemote </li></ul><ul><li>netcheck </li></ul><ul><li>Netscan </li></ul><ul><li>NMap </li></ul><ul><li>Pidgin Portable </li></ul><ul><li>PortableApps.com </li></ul><ul><li>Portable-Virtual Box </li></ul><ul><li>Process Injection </li></ul><ul><li>Process Killer </li></ul><ul><li>Recuva File Restore </li></ul><ul><li>Sophos Anti-Rootkit </li></ul><ul><li>Stinger </li></ul><ul><li>Sumatra PDF </li></ul><ul><li>Super Scanner </li></ul><ul><li>Sysinternals Suite </li></ul><ul><li>System Info </li></ul><ul><li>Tor </li></ul><ul><li>Win SCP </li></ul><ul><li>Wireless keyview </li></ul><ul><li>Wireshark </li></ul><ul><li>Youtube downloader </li></ul><ul><li>putty.exe </li></ul>
    16. 16. DEMO TIME All resources on my site es-es.net
    17. 17. U3 POCKETKNIFE <ul><li>Steal passwords </li></ul><ul><li>Product keys </li></ul><ul><li>Steal files </li></ul><ul><li>Kill antivirus software </li></ul><ul><li>Turn off the Firewall </li></ul><ul><li>And more… </li></ul><ul><li>For details see http://wapurl.co.uk/?719WZ2T </li></ul>
    18. 18. CUSTOMIZING U3 <ul><li>You can create a custom file to be executed when a U3 drive is plugged in </li></ul><ul><li>The custom U3 launcher runs PocketKnife </li></ul><ul><li>So all those things are stolen and put on the flash drive </li></ul>
    19. 19. BACKTRACK IN VM U3 DEVICE
    20. 20. UBCD IN A VM TRACK THAT ONE….
    21. 21. Cain and Abel Local Passwords
    22. 22. PASSWORDS CRACKING <ul><li>NTPassword RESET any admin pwd to blank </li></ul><ul><ul><li>http://home.eunet.no/pnordahl/ntpasswd/ </li></ul></ul><ul><li>Cain and Able </li></ul><ul><li>Back Track 4 (BT4) http://www.backtrack-linux.org/downloads / </li></ul><ul><li>Default Password List </li></ul><ul><ul><li>http://tinyurl.com/39teob </li></ul></ul><ul><li>Paid Password Tools </li></ul><ul><ul><li>http://www.brothersoft.com/downloads/crack-password.html </li></ul></ul><ul><ul><li>http://www.elcomsoft.com/index.html </li></ul></ul><ul><ul><li>http://www.accessdata.com/ </li></ul></ul>
    23. 23. DEFENSE
    24. 24. IMMEDIATE RISK REDUCTION <ul><li>Disable AutoRun / Keep system patches updated </li></ul><ul><li>Glue USB ports shut </li></ul><ul><li>Install Windows 7 64 bit </li></ul><ul><ul><li>several cracking programs do not work </li></ul></ul><ul><li>Get rid of Admin rights lockdown work stations </li></ul><ul><li>Monitor WIFI access secure your wireless networks http://es-es.net/13.html </li></ul><ul><li>USB Blocking </li></ul><ul><ul><li>Windows Group Policy </li></ul></ul><ul><ul><li>Netwrix http://www.netwrix.com/usb_blocker.html </li></ul></ul><ul><li>Several Vendors on the show floor have options to limit or block USB </li></ul>
    25. 25. BETTER USB SOLUTION: IEEE 1667 <ul><li>Standard Protocol for Authentication in Host Attachments of Transient Storage Devices </li></ul><ul><li>USB devices can be signed and authenticates, so only authorized devices are allowed </li></ul><ul><li>Implemented in Windows 7 </li></ul><ul><ul><li>See http:// tinyurl.com/ybce7z7 </li></ul></ul>
    26. 26. KEEP DATA SECURE WEB 2.0 <ul><li>Continued Education of Computer Users </li></ul><ul><ul><li>Don’t click on strange links (avoid tempt-to-click attacks) </li></ul></ul><ul><ul><li>Do not release personal information online </li></ul></ul><ul><ul><li>Use caution with IM and SMS (short message service) </li></ul></ul><ul><ul><li>Be careful with social networking sites </li></ul></ul><ul><ul><li>Don’t e-mail sensitive information </li></ul></ul><ul><ul><li>Don’t hit “reply” to a received -email containing sensitive information </li></ul></ul><ul><ul><li>Require mandatory VPN (virtual private network) use over wireless networks </li></ul></ul>
    27. 27. ADDRESSING THE THREATS <ul><li>Design/implement widely accepted policies and standards </li></ul><ul><li>Identify the vulnerabilities, mis-configurations, and policy violations </li></ul><ul><li>Apply fixes and patches as quickly as possible </li></ul><ul><li>Mitigating the risk with intrusion prevention </li></ul><ul><li>Log and monitor all critical systems </li></ul><ul><li>Educate yourself & your staff </li></ul><ul><li>Disable Safe mode Lock Systems Steady State, Deep Freeze or others </li></ul><ul><li>Lock Down Windows Group Policies </li></ul><ul><li>Block USB devices </li></ul><ul><li>Secure your WIFI network </li></ul>
    28. 28. THE LIST Tools I use!
    29. 29. PASSWORD RECOVERY TOOLS: <ul><li>Fgdump (Mass password auditing for Windows) </li></ul><ul><ul><li>http://foofus.net/fizzgig/fgdump </li></ul></ul><ul><li>Cain and Abel (password cracker and so much more….) </li></ul><ul><ul><li>http://www.oxid.it/cain.htnl </li></ul></ul><ul><li>John The Ripper (password crackers) </li></ul><ul><ul><li>http://www.openwall.org/john/ </li></ul></ul><ul><li>GUI for John The Ripper FSCracker </li></ul><ul><ul><li>http:// www.foundstone.com/us/resources/proddesc/fscrack.htm </li></ul></ul><ul><li>RainbowCrack : An Innovative Password Hash Cracker tool that makes use of a large-scale time-memory trade-off. </li></ul><ul><ul><li>http://www.rainbowcrack.com/downloads/?PHPSESSID=776fc0bb788953e190cf415e60c781a5 </li></ul></ul>
    30. 30. NETWORKING SCANNING <ul><li>MS Baseline Analyzer 2.1 </li></ul><ul><ul><li>http://www.microsoft.com/downloads/details.aspx?familyid=f32921af-9dbe-4dce-889e-ecf997eb18e9&displaylang=en </li></ul></ul><ul><li>The Dude (Mapper and traffic analyzer great for WIFI) </li></ul><ul><ul><li>http://www.mikrotik.com/thedude.php </li></ul></ul><ul><li>Getif (Network SNMP discovery and exploit tool) </li></ul><ul><ul><li>http://www.wtcs.org/snmp4tpc/getif.htm </li></ul></ul><ul><li>SoftPerfect Network Scanner </li></ul><ul><ul><li>http://www.softperfect.com/ </li></ul></ul><ul><li>HPing2 (Packet assembler/analyzer) </li></ul><ul><ul><li>http://www.hping.org </li></ul></ul><ul><li>ZENOSS (Enterprise Network mapping and monitoring) </li></ul><ul><ul><li>http://www.zenoss.com </li></ul></ul><ul><li>TCPDump (packet sniffers) Linux or Windump for windows </li></ul><ul><ul><li>http://www.tcpdump.org and http://www.winpcap.org/windump/ </li></ul></ul><ul><li>LanSpy (local, Domain, NetBios, and much more) </li></ul><ul><ul><li>http://www.lantricks.com/ </li></ul></ul>
    31. 31. TOOLS TO ASSESS VULNERABILITY <ul><li>Nessus(vulnerability scanners) </li></ul><ul><ul><li>http://www.nessus.org </li></ul></ul><ul><li>Snort (IDS - intrusion detection system) </li></ul><ul><ul><li>http://www.snort.org </li></ul></ul><ul><li>Metasploit Framework (vulnerability exploitation tools) Use with great caution and have permission </li></ul><ul><ul><li>http://www.metasploit.com/projects/Framework/ </li></ul></ul><ul><li>Open VAS (Vulnerability Assessment Systems) Enterprise network security scanner </li></ul><ul><ul><li>http://www.openvas.org </li></ul></ul>
    32. 32. SECURE YOUR PERIMETER: <ul><li>DNS-stuff and DNS-reports </li></ul><ul><ul><ul><li>http://www.dnsstuff.com http://www.dnsreports.com </li></ul></ul></ul><ul><ul><li>Test e-mail & html code </li></ul></ul><ul><li>Web Inspect 15 day http://tinyurl.com/ng6khw </li></ul><ul><li>Security Space </li></ul><ul><ul><li>http://tinyurl.com/cbsr </li></ul></ul><ul><li>Other Firewall options </li></ul><ul><ul><li>Untangle www.untangle.com </li></ul></ul><ul><ul><li>Smooth Wall www.smoothwall.org </li></ul></ul><ul><ul><li>IPCop www.ipcop.org </li></ul></ul>
    33. 33. <ul><li>Soft Perfect Network Scanner </li></ul><ul><ul><li>A multi-threaded IP, SNMP and NetBIOS scanner. Very easy to use; http://tinyurl.com/2kzpss </li></ul></ul><ul><li>WinSCP </li></ul><ul><ul><li>wraps a friendly GUI interface around the command-line switches needed to copy files between Windows and Unix/Linux http://tinyurl.com/yvywqu </li></ul></ul><ul><li>Nagios </li></ul><ul><ul><li>Highly configurable, flexible network resource monitoring tool http://www.nagios.org </li></ul></ul><ul><li>Open DNS-- </li></ul><ul><ul><li>Another layer to block proxies and adult sites; http://www.opendns.com/ </li></ul></ul><ul><li>Ccleaner </li></ul><ul><ul><li>Removes unused files and other software that slows down your PC; http://www.ccleaner.com/ </li></ul></ul><ul><li>File Shredder </li></ul><ul><ul><li>A fast, safe and reliable tool to shred company files; http://www.fileshredder.org/ </li></ul></ul><ul><li>GroundWork (OpenSource) </li></ul><ul><ul><li>Full Enterprise performance and network management software. This is designed for data center and large networks but can be used on for small shops as well. (works with Nagios); http://www.groundworkopensource.com </li></ul></ul>More Tools:
    34. 34. <ul><li>Google (Get Google Hacking book) </li></ul><ul><ul><li>The Google Hacking Database (GHDB) </li></ul></ul><ul><ul><ul><li>http://johnny.ihackstuff.com/modules.php?op=modload&name=Downloads&file=index </li></ul></ul></ul><ul><li>Cain and Abel </li></ul><ul><ul><li>(the Swiss Army knife) Crack passwords crack VOIP and so much more </li></ul></ul><ul><ul><ul><li>http://www.oxid.it/cain.html </li></ul></ul></ul><ul><li>Autoruns / Sysinternals Suite </li></ul><ul><ul><li>shows the programs that run during system boot up or login </li></ul></ul><ul><ul><li>http://tinyurl.com/3adktf </li></ul></ul><ul><li>Iron Geek </li></ul><ul><ul><li>Step by step security training http://tinyurl.com/bzvwx </li></ul></ul><ul><li>SuperScan 4 </li></ul><ul><ul><li>Network Scanner find open ports (I prefer version 3) </li></ul></ul><ul><ul><ul><li>http://www.foundstone.com/index.htm?subnav=resources/navigation.htm&subcontent=/resources/proddesc/superscan.htm </li></ul></ul></ul><ul><li>EventSentry </li></ul><ul><ul><li>Allows you to consolidate and monitor event logs in real-time, http://tinyurl.com/2g64sy </li></ul></ul>
    35. 35. WELL-WORN TOOLS : <ul><li>Wireshark </li></ul><ul><ul><li>Packet sniffer used to find passwords and other important network errors going across network </li></ul></ul><ul><ul><li>SSL Passwords are often sent in clear text before logging on </li></ul></ul><ul><ul><li>http://tinyurl.com/yclvno </li></ul></ul><ul><li>Metasploit </li></ul><ul><ul><li>Hacking/networking security made easy </li></ul></ul><ul><ul><li>http://www.metasploit.com/ </li></ul></ul><ul><li>BackTrack or UBCD4WIN Boot CD </li></ul><ul><ul><li>Cleaning infected PC’s or ultimate hacking environment. Will run from USB </li></ul></ul><ul><ul><li>http://www.backtrack-linux.org/downloads / </li></ul></ul><ul><ul><li>http ://tinyurl.com/38cgd5 </li></ul></ul><ul><li>Read notify </li></ul><ul><ul><li>“ Registered” email </li></ul></ul><ul><ul><li>http://www.readnotify.com/ </li></ul></ul><ul><li>Virtual Machine </li></ul><ul><ul><li>For pen testing </li></ul></ul><ul><ul><li>http://tinyurl.com/2qhs2e </li></ul></ul>
    36. 36. DIGITAL FORENSICS <ul><li>First and foremost: I am not a lawyer . Always consult your local law enforcement agency and legal department first ! </li></ul><ul><li>Digital forensics is SERIOUS BUSINESS </li></ul><ul><ul><li>You can easily shoot yourself in the foot by doing it incorrectly </li></ul></ul><ul><ul><li>Get some in-depth training </li></ul></ul><ul><ul><li>… this is not in-depth training!!! (Nor is it legal advice. Be smart. The job you save may be your own.) </li></ul></ul>
    37. 37. FORENSICS: OPEN SOURCE / FREE TO K-12 <ul><li>Helix (e-fense) </li></ul><ul><ul><li>Customized Knoppix disk that is forensically safe </li></ul></ul><ul><ul><li>Includes improved versions of ‘dd’ </li></ul></ul><ul><ul><li>Terminal windows log everything for good documentation </li></ul></ul><ul><ul><li>Includes Sleuthkit, Autopsy, chkrootkit, and others </li></ul></ul><ul><ul><li>Includes tools that can be used on a live Windows machine, including precompiled binaries and live acquisition tools </li></ul></ul><ul><ul><li>www.e-fense.com </li></ul></ul><ul><li>ProDiscover (free for schools) </li></ul><ul><ul><li>www.techpathways.com </li></ul></ul>
    38. 38. ANTI-FORENSICS <ul><li>Be Aware of activity in the Anti-Forensics area!! There are active efforts to produce tools to thwart your forensic investigation. </li></ul><ul><li>Metasploit’s Anti-Forensic Toolkit*, Defiler’s Toolkit, etc. </li></ul><ul><ul><li>Timestomp </li></ul></ul><ul><ul><li>Transmogrify </li></ul></ul><ul><ul><li>Slacker </li></ul></ul><ul><ul><li>SAM juicer </li></ul></ul>
    39. 39. <ul><li>Sysinternals </li></ul>
    40. 40. EVENT LOG <ul><li>Use to document unauthorized file and folder access </li></ul>Acquire key data
    41. 41. ACCESSCHK* <ul><li>Shows what folder permissions a user has </li></ul><ul><li>Provides evidence that user has opportunity </li></ul>Acquire key data
    42. 42. PSLOGGEDON* <ul><li>Shows if a user is logged onto a computing resource </li></ul>Acquire key data
    43. 43. ROOTKIT REVEALER <ul><li>Reveals rootkits, which take complete control of a computer and conceal their existence from standard diagnostic tools </li></ul>Acquire key data
    44. 44. PSEXEC <ul><li>Allows investigator to remotely obtain information about a user’s computer - without tipping them off or installing any applications on the user’s computer </li></ul>Acquire key data
    45. 45. SYSINTERNALS TOOL: DU* <ul><li>Allows investigator to remotely examine the contents of user’s My Documents folder and any subfolders </li></ul>Acquire key data
    46. 46. FREE SERVER VRTUALIZATION SOFTWARE <ul><li>Some of my favorite free virtualization tools: </li></ul><ul><li>VMware vSphere ESXi Free Edition and VMware Go </li></ul><ul><li>VMware vMA , vCLI (or command-line interface), PowerCLI , and scripts from the vGhetto script repository such as vSphereHealthCheck </li></ul><ul><li>Veeam Monitor (free edition) , FastSCP , and Business View </li></ul><ul><li>Vizioncore Wastefinder , vConvert SC and Virtualization EcoShell </li></ul><ul><li>SolarWinds' VM Monitor </li></ul><ul><li>Trilead VM Explorer </li></ul><ul><li>TripWire ConfigCheck </li></ul><ul><li>ConfigureSoft/EMC Compliance Checker </li></ul><ul><li>ESX Manager 2.3 from ESXGuide (ESX 3i and 4i are not supported) </li></ul><ul><li>vKernel SearchMyVM , SnapshotMyVM , and Modeler </li></ul><ul><li>Hyper9 GuessMyOS Plugin, Search Bar Plugin, and Virtualization Mobile Manager </li></ul><ul><li>XtraVirt vAlarm and vLogView </li></ul>
    47. 47. SHAMELESS PLUG <ul><li>Presentations on my site located at </li></ul><ul><ul><li>www.es-es.net </li></ul></ul><ul><li>Check out the presentation given this morning </li></ul><ul><ul><li>Manage & Secure Your Wireless Connections </li></ul></ul><ul><li>To learn more about GCA (Georgia Cumberland Academy) </li></ul><ul><ul><li>www.gcasda.org </li></ul></ul><ul><li>Face-Saving Tools for Managers </li></ul><ul><ul><li>http://tinyurl.com/y9oywob </li></ul></ul><ul><li>20 great Windows open source projects </li></ul><ul><ul><li>http://tinyurl.com/yfh7d6t </li></ul></ul><ul><li>E-Crime Survey 2009 </li></ul><ul><ul><li>http://tinyurl.com/ygtsgft </li></ul></ul>

    ×