SlideShare a Scribd company logo

Low Hanging Fruit from Penetration Testing

Download as PPTX, PDF
S
syrinxtech

The document outlines a presentation on penetration testing and security issues, defining terms like vulnerability assessment, penetration testing, and social engineering. It discusses common security problems organizations face like weak passwords, default security settings, and missing patches. It also provides examples of tools that can be used for self-auditing like port scanners, web application scanners, and tools to check SSL configurations.

1 of 50
VA SCAN 2012: Securing the Future: BYOD and Beyond The Low Hanging Fruit of Penetration Testing Bryan Miller Computer Science & Information Systems Virginia Commonwealth University
VA SCAN 2012: Securing the Future: BYOD and Beyond Agenda  Speaker Introduction  What’s the Problem?  Definitions  Security Testing Issues  Lessons Learned  Self-Audit Tools  Wrap Up The Low Hanging Fruit of Penetration Testing 10/9/2012 2
VA SCAN 2012: Securing the Future: BYOD and Beyond Speaker Introduction  B.S. ISY, M.S. CS – VCU  VCU Network Engineer for 5 years  CISSP, former Cisco CCIE in R/S  FTEMS, ISSA, ISACA, IALR, VA SCAN lecturer  Penetration testing for 11 years  Formed Syrinx Technologies in 2007  Published author with 25 years in I.T. The Low Hanging Fruit of Penetration Testing 10/9/2012 3
VA SCAN 2012: Securing the Future: BYOD and Beyond What’s the Problem? The Low Hanging Fruit of Penetration Testing 10/9/2012 4
VA SCAN 2012: Securing the Future: BYOD and Beyond  In many organizations security is seen as a nuisance – a “must do” but not a “must have.”  Despite everything we know about securing systems and applications, there are new data breaches announced every week.  Organizations of every size and complexity are affected, including the government, military, commercial, R&D, banking and education. The Low Hanging Fruit of Penetration Testing 10/9/2012 5
VA SCAN 2012: Securing the Future: BYOD and Beyond  Most of the breaches are caused by issues that would never have existed if available best practice rules had been followed.  Hacking has become commercialized.  Exploit “frameworks” lower the bar in regards to knowledge required to compromise systems. The Low Hanging Fruit of Penetration Testing 10/9/2012 6
VA SCAN 2012: Securing the Future: BYOD and Beyond Definitions The Low Hanging Fruit of Penetration Testing 10/9/2012 7
VA SCAN 2012: Securing the Future: BYOD and Beyond  Vulnerability Assessment  Penetration Testing  Social Engineering  Wardialing/Wardriving The Low Hanging Fruit of Penetration Testing 10/9/2012 8
VA SCAN 2012: Securing the Future: BYOD and Beyond  Vulnerability Assessment  “jiggling the handle”  Often required for compliance  Sometimes confused with a risk assessment The Low Hanging Fruit of Penetration Testing 10/9/2012 9
VA SCAN 2012: Securing the Future: BYOD and Beyond  Penetration Testing  External vs. internal  Goal is to simulate a real attacker, but with limits  How do those limits affect the testing?  How do you measure success? The Low Hanging Fruit of Penetration Testing 10/9/2012 10
VA SCAN 2012: Securing the Future: BYOD and Beyond  Social Engineering  Three easy words: Hacking the Human  Easy to talk about, extremely difficult to prevent  Policies and education are the front line of defense The Low Hanging Fruit of Penetration Testing 10/9/2012 11
VA SCAN 2012: Securing the Future: BYOD and Beyond  Wardialing/Wardriving  Wardialing – dialing phone numbers to look for modems  Wardriving – scanning for wireless access points  Includes 802.11, Bluetooth, Zigbee, X.10  Legal to scan but not to associate to an AP  Includes warwalking and warchalking The Low Hanging Fruit of Penetration Testing 10/9/2012 12
VA SCAN 2012: Securing the Future: BYOD and Beyond Security Testing Issues The Low Hanging Fruit of Penetration Testing 10/9/2012 13
VA SCAN 2012: Securing the Future: BYOD and Beyond  Penetration Testing vs. Vulnerability Assessments  Is one “better” than the other?  Which one is right for my situation?  Thorough requirements definition  Rules of engagement  What constitutes success?  Deliverables The Low Hanging Fruit of Penetration Testing 10/9/2012 14
VA SCAN 2012: Securing the Future: BYOD and Beyond  Why should we test?  FERPA, PCI, HIPAA, SOX, FFIEC, NCUA, FIPS  Internal Audit requirements  Baseline the security posture for new management  Mergers & acquisitions  Natural complement to risk assessments The Low Hanging Fruit of Penetration Testing 10/9/2012 15
VA SCAN 2012: Securing the Future: BYOD and Beyond  Why should we NOT test?  If you consider security a waste of good money  If you don’t want to know the answers  If you can’t or aren’t going to fix anything  If you really want to be on the local news or have someone write a magazine article about you The Low Hanging Fruit of Penetration Testing 10/9/2012 16
VA SCAN 2012: Securing the Future: BYOD and Beyond  Why don’t we test?  Our employees don’t know how to do bad things.  We already know what’s broken.  We don’t have anything hackers want.  If you tell us what’s wrong, we’ll have to fix it.  We haven’t fixed the things you found last time. The Low Hanging Fruit of Penetration Testing 10/9/2012 17
VA SCAN 2012: Securing the Future: BYOD and Beyond  In-house or outsource?  The first question you have to answer is, “Do I have the staff with the relevant skills/tools/time?”  You might not have a choice due to auditing standards.  A good compromise is to perform internal self-tests followed by a review from a 3rd party.  Knowing something about the process makes you a better consumer. The Low Hanging Fruit of Penetration Testing 10/9/2012 18
VA SCAN 2012: Securing the Future: BYOD and Beyond Lessons Learned The Low Hanging Fruit of Penetration Testing 10/9/2012 19
VA SCAN 2012: Securing the Future: BYOD and Beyond  So, having said all that, what have we learned about data breaches?  They happen to organizations of all sizes and complexity.  Many of them can be prevented using best practice methods.  Many can be categorized as “low hanging fruit.”  The larger your organization, the more LHF. The Low Hanging Fruit of Penetration Testing 10/9/2012 20
VA SCAN 2012: Securing the Future: BYOD and Beyond  The Low Hanging Fruit Top Ten (1-5) 1. Bad password management 2. Default security controls 3. Incorrect permissions on files, directories, databases, etc. 4. Missing OS and application patches 5. SQL Injection, XSS, cookie, state and URL issues on web sites The Low Hanging Fruit of Penetration Testing 10/9/2012 21
VA SCAN 2012: Securing the Future: BYOD and Beyond  The Low Hanging Fruit Top Ten (6-10) 6. Lack of security awareness 7. Access to internal systems from the Internet 8. Insecure wireless access points/modems 9. Lack of encryption (laptops, sensitive data & emails) 10. Weak physical security The Low Hanging Fruit of Penetration Testing 10/9/2012 22
VA SCAN 2012: Securing the Future: BYOD and Beyond  #1 – Bad password management The Low Hanging Fruit of Penetration Testing 10/9/2012 23
VA SCAN 2012: Securing the Future: BYOD and Beyond  #2 – Default security controls The Low Hanging Fruit of Penetration Testing 10/9/2012 24
VA SCAN 2012: Securing the Future: BYOD and Beyond  #2 – Default security controls The Low Hanging Fruit of Penetration Testing 10/9/2012 25
VA SCAN 2012: Securing the Future: BYOD and Beyond  #3 – Incorrect permissions on web directory This is how web defacements happen. The Low Hanging Fruit of Penetration Testing 10/9/2012 26
VA SCAN 2012: Securing the Future: BYOD and Beyond  #4 - Missing OS and application patches The Low Hanging Fruit of Penetration Testing 10/9/2012 27
VA SCAN 2012: Securing the Future: BYOD and Beyond  #5 – Cross Site Scripting (XSS) The Low Hanging Fruit of Penetration Testing 10/9/2012 28
VA SCAN 2012: Securing the Future: BYOD and Beyond  #6 – Social Engineering This is what you can access by pretending to be the “Verizon guy.” The Low Hanging Fruit of Penetration Testing 10/9/2012 29
VA SCAN 2012: Securing the Future: BYOD and Beyond  #7 – Access to internal systems from the Internet The Low Hanging Fruit of Penetration Testing 10/9/2012 30
VA SCAN 2012: Securing the Future: BYOD and Beyond  #8 - Insecure wireless access points/modems The Low Hanging Fruit of Penetration Testing 10/9/2012 31
VA SCAN 2012: Securing the Future: BYOD and Beyond  #8 - Insecure wireless access points/modems The Low Hanging Fruit of Penetration Testing 10/9/2012 32
VA SCAN 2012: Securing the Future: BYOD and Beyond  #9 – Lack of encryption with sensitive script The Low Hanging Fruit of Penetration Testing 10/9/2012 33
VA SCAN 2012: Securing the Future: BYOD and Beyond  The real magic occurs when you get creative  Access the Registry via a blank SA password and run the reg query command to display the VNC password  Use the osql command to turn on Telnet and remotely access the server  Use the osql command to turn on xp_cmdshell  Watch keystrokes remotely via X-Windows with xspy  Download and compile a password cracking program and then run it to crack the machine’s passwords  Spoof a wireless access point and execute a MITM attack The Low Hanging Fruit of Penetration Testing 10/9/2012 34
VA SCAN 2012: Securing the Future: BYOD and Beyond Self-Audit Tools The Low Hanging Fruit of Penetration Testing 10/9/2012 35
VA SCAN 2012: Securing the Future: BYOD and Beyond  Port Scanners  Nmap  Nessus  SuperScan 3,4  RAPS (Remote Access Perimeter Scanner)  GFI The Low Hanging Fruit of Penetration Testing 10/9/2012 36
VA SCAN 2012: Securing the Future: BYOD and Beyond RAPS Output: 192.168.0.187 Port 5900 - VNC, Version 3.8 192.168.0.187 Port 5900 - VNC, NO LOGIN REQUIRED, Version 3.8 192.168.0.9 Port 3389 - Terminal Server 192.168.10.57 Port 5631 - pcAnywhere, Host: A1 192.168.10.56 Port 1720 - NetMeeting 10.2.0.139 Port 1494 – Citrix Server 10.2.1.20 Port 6000 – X Server, Version 11.0 10.2.1.21 Port 6000 – X Server, NO LOGIN REQUIRED, Version 11.0 The Low Hanging Fruit of Penetration Testing 10/9/2012 37
VA SCAN 2012: Securing the Future: BYOD and Beyond  IPSec Configuration  IPSecScan  Identify open IPSec endpoints  IKE-Scan  Display configuration parameters  With “aggressive mode”, dump PSK and brute force The Low Hanging Fruit of Penetration Testing 10/9/2012 15
VA SCAN 2012: Securing the Future: BYOD and Beyond IKE-Scan Output: 192.168.1.254 Aggressive Mode Handshake HDR=(CKY-R=509ca66bcabbcc3a) SA=(Enc=DES Hash=MD5 Group=1:modp768 Auth=PSK LifeType=Seconds ) VID=12f5f2887f768a9702d9fe274cc0100 VID=afcad713a12d96b8696fc77570100 VID=a55b0176cabacc3a52207fea2babaa9 VID=0900299bcfd6b712 (XAUTH) KeyExchange(128 bytes) ID(Type=ID_IPV4_ADDR, Value=192.168.1.254) Nonce(20 bytes) Hash(20 bytes) What 3 items are not best practice? The Low Hanging Fruit of Penetration Testing 10/9/2012 15
VA SCAN 2012: Securing the Future: BYOD and Beyond  Web Applications  Proxies  Burp Suite  Paros  Scanners  Acunetix  Nikto  Nessus  HP WebInspect The Low Hanging Fruit of Penetration Testing 10/9/2012 15
VA SCAN 2012: Securing the Future: BYOD and Beyond  SSL Cipher Strength  SSLDigger  THCSSLCheck  OpenSSL The Low Hanging Fruit of Penetration Testing 10/9/2012 41
VA SCAN 2012: Securing the Future: BYOD and Beyond SSLDigger Output: 192.168.1.1: EXP-RC2-CBC-MD5 – (40) EXP-RC4-MD5 – (40) EXP1024-DES-CBC-SHA – (56) EXP1024-RC4-SHA – (56) DES-CBC-SHA – (56) (X) – Number of bits of encryption This tool is great for checking PCI compliance The Low Hanging Fruit of Penetration Testing 10/9/2012 42
VA SCAN 2012: Securing the Future: BYOD and Beyond  Dial-In  PhoneSweep  Commercial “wardialer” – can identify modems/architecture and perform dictionary-based attacks on accounts  Wireless  802.11  Aircrack-ng  Kismet  Bluetooth  Bluesnarf  BlueAuditor The Low Hanging Fruit of Penetration Testing 10/9/2012 43
VA SCAN 2012: Securing the Future: BYOD and Beyond Why do vendors insist on making it easy for attackers? The Low Hanging Fruit of Penetration Testing 10/9/2012 44
VA SCAN 2012: Securing the Future: BYOD and Beyond The Low Hanging Fruit of Penetration Testing 10/9/2012 45
VA SCAN 2012: Securing the Future: BYOD and Beyond The Low Hanging Fruit of Penetration Testing 10/9/2012 46
VA SCAN 2012: Securing the Future: BYOD and Beyond Rule #1 in Security Ease of Secure Use The Low Hanging Fruit of Penetration Testing 10/9/2012 47
VA SCAN 2012: Securing the Future: BYOD and Beyond Wrap-Up The Low Hanging Fruit of Penetration Testing 10/9/2012 48
VA SCAN 2012: Securing the Future: BYOD and Beyond  Data breaches affect your organization’s reputation and can cost you significant money.  Software is becoming more complex while attacker tools are becoming easier to use.  The majority of data breaches can be prevented by following simple, best practice rules to eliminate low hanging fruit. The Low Hanging Fruit of Penetration Testing 10/9/2012 49
VA SCAN 2012: Securing the Future: BYOD and Beyond Q&A Bryan Miller bryan@syrinxtech.com www.syrinxtech.com 804-539-9154 The Low Hanging Fruit of Penetration Testing 10/9/2012 50

Recommended

AI in Education must be an opportunity for all
AI in Education must be an opportunity for allAI in Education must be an opportunity for all
AI in Education must be an opportunity for all
Marco Neves
 
[GDSC-GNIOT] Google Cloud Study Jams Day 2- Cloud AI GenAI Overview.pptx
[GDSC-GNIOT] Google Cloud Study Jams Day 2- Cloud AI GenAI Overview.pptx[GDSC-GNIOT] Google Cloud Study Jams Day 2- Cloud AI GenAI Overview.pptx
[GDSC-GNIOT] Google Cloud Study Jams Day 2- Cloud AI GenAI Overview.pptx
OWAISSALAUDDINKHAN
 
Augmented reality vs. virtual reality differences and similarities
Augmented reality vs. virtual reality differences and similaritiesAugmented reality vs. virtual reality differences and similarities
Augmented reality vs. virtual reality differences and similarities
GlobalTechCouncil
 
Stanford AI Report 2023
Stanford AI Report 2023Stanford AI Report 2023
Stanford AI Report 2023
Kapil Khandelwal (KK)
 
Generative AI at the edge.pdf
Generative AI at the edge.pdfGenerative AI at the edge.pdf
Generative AI at the edge.pdf
Qualcomm Research
 
What is ai ?
What is ai ?What is ai ?
What is ai ?
Arunabh Mishra
 
Intelligent Avatars in the Metaverse.pptx
Intelligent Avatars in the Metaverse.pptxIntelligent Avatars in the Metaverse.pptx
Intelligent Avatars in the Metaverse.pptx
Aboul Ella Hassanien
 
Extended reality
Extended realityExtended reality
Extended reality
Netcetera
 

Recommended

AI in Education must be an opportunity for all
AI in Education must be an opportunity for allAI in Education must be an opportunity for all
AI in Education must be an opportunity for all
Marco Neves
 
[GDSC-GNIOT] Google Cloud Study Jams Day 2- Cloud AI GenAI Overview.pptx
[GDSC-GNIOT] Google Cloud Study Jams Day 2- Cloud AI GenAI Overview.pptx[GDSC-GNIOT] Google Cloud Study Jams Day 2- Cloud AI GenAI Overview.pptx
[GDSC-GNIOT] Google Cloud Study Jams Day 2- Cloud AI GenAI Overview.pptx
OWAISSALAUDDINKHAN
 
Augmented reality vs. virtual reality differences and similarities
Augmented reality vs. virtual reality differences and similaritiesAugmented reality vs. virtual reality differences and similarities
Augmented reality vs. virtual reality differences and similarities
GlobalTechCouncil
 
Stanford AI Report 2023
Stanford AI Report 2023Stanford AI Report 2023
Stanford AI Report 2023
Kapil Khandelwal (KK)
 
Generative AI at the edge.pdf
Generative AI at the edge.pdfGenerative AI at the edge.pdf
Generative AI at the edge.pdf
Qualcomm Research
 
What is ai ?
What is ai ?What is ai ?
What is ai ?
Arunabh Mishra
 
Intelligent Avatars in the Metaverse.pptx
Intelligent Avatars in the Metaverse.pptxIntelligent Avatars in the Metaverse.pptx
Intelligent Avatars in the Metaverse.pptx
Aboul Ella Hassanien
 
Extended reality
Extended realityExtended reality
Extended reality
Netcetera
 
Artificial Intelligence in Life Sciences and Agriculture.
Artificial Intelligence in Life Sciences and Agriculture.Artificial Intelligence in Life Sciences and Agriculture.
Artificial Intelligence in Life Sciences and Agriculture.
Yannick Djoumbou
 
Audition ChatGPT Mission IA Commission des Lois
Audition ChatGPT Mission IA Commission des LoisAudition ChatGPT Mission IA Commission des Lois
Audition ChatGPT Mission IA Commission des Lois
Alain Goudey
 
Artificial intelligence
Artificial intelligenceArtificial intelligence
Artificial intelligence
Devanand Sharma
 
Virtual reality
Virtual realityVirtual reality
Virtual reality
miranteogbonna
 
Demystifying Artificial Intelligence
Demystifying Artificial IntelligenceDemystifying Artificial Intelligence
Demystifying Artificial Intelligence
Scopernia
 
UXPA 2015 UX Strategy Tutorial
UXPA 2015 UX Strategy TutorialUXPA 2015 UX Strategy Tutorial
UXPA 2015 UX Strategy Tutorial
Stephen Denning
 
Onderzoeksrapport Bachelor Thesis Oncology
Onderzoeksrapport Bachelor Thesis OncologyOnderzoeksrapport Bachelor Thesis Oncology
Onderzoeksrapport Bachelor Thesis Oncology
FemkeTerpstra
 
AI, Creativity and Generative Art
AI, Creativity and Generative ArtAI, Creativity and Generative Art
AI, Creativity and Generative Art
Eelco den Heijer
 
How to implement camera recording for USB webcam or IP camera in C#.NET
How to implement camera recording for USB webcam or IP camera in C#.NETHow to implement camera recording for USB webcam or IP camera in C#.NET
How to implement camera recording for USB webcam or IP camera in C#.NET
Ozeki Informatics Ltd.
 
AWS-IoT-工業智造
AWS-IoT-工業智造 AWS-IoT-工業智造
AWS-IoT-工業智造
Amazon Web Services
 
AI for Metaverse x Web3 Overview
AI for Metaverse x Web3 OverviewAI for Metaverse x Web3 Overview
AI for Metaverse x Web3 Overview
Alex G. Lee, Ph.D. Esq. CLP
 
Generative AI: Redefining Creativity and Transforming Corporate Landscape
Generative AI: Redefining Creativity and Transforming Corporate LandscapeGenerative AI: Redefining Creativity and Transforming Corporate Landscape
Generative AI: Redefining Creativity and Transforming Corporate Landscape
Osaka University
 
Implementing Ethics in AI
Implementing Ethics in AIImplementing Ethics in AI
Implementing Ethics in AI
Pekka Abrahamsson / Tampere University
 
Megatrends: Shaping the Future
Megatrends: Shaping the FutureMegatrends: Shaping the Future
Megatrends: Shaping the Future
Digital October
 
Generative AI Art - The Dark Side
Generative AI Art - The Dark SideGenerative AI Art - The Dark Side
Generative AI Art - The Dark Side
Abhinav Gupta
 
Augmented Reality
Augmented Reality Augmented Reality
Augmented Reality
Rumana Afrose
 
Augmented Reality in Education
Augmented Reality in Education Augmented Reality in Education
Augmented Reality in Education
K3 Hamilton
 
Industrial Revolution 4.0 & 5.0
Industrial Revolution 4.0 & 5.0Industrial Revolution 4.0 & 5.0
Industrial Revolution 4.0 & 5.0
Ahmad Manzoor
 
Artificial intelligence and ethics
Artificial intelligence and ethicsArtificial intelligence and ethics
Artificial intelligence and ethics
Mia Eaker
 
PPT ON ARTIFICIAL INTELLIGENCE
PPT ON ARTIFICIAL INTELLIGENCEPPT ON ARTIFICIAL INTELLIGENCE
PPT ON ARTIFICIAL INTELLIGENCE
ManviKadam1
 
BYOD Trends, Challenges, Pitfalls and Tips
BYOD Trends, Challenges, Pitfalls and TipsBYOD Trends, Challenges, Pitfalls and Tips
BYOD Trends, Challenges, Pitfalls and Tips
Axios Systems
 
Innovate your Planning Process
Innovate your Planning ProcessInnovate your Planning Process
Innovate your Planning Process
Steve Johnson
 

More Related Content

What's hot

Artificial Intelligence in Life Sciences and Agriculture.
Artificial Intelligence in Life Sciences and Agriculture.Artificial Intelligence in Life Sciences and Agriculture.
Artificial Intelligence in Life Sciences and Agriculture.
Yannick Djoumbou
 
Audition ChatGPT Mission IA Commission des Lois
Audition ChatGPT Mission IA Commission des LoisAudition ChatGPT Mission IA Commission des Lois
Audition ChatGPT Mission IA Commission des Lois
Alain Goudey
 
Artificial intelligence
Artificial intelligenceArtificial intelligence
Artificial intelligence
Devanand Sharma
 
Virtual reality
Virtual realityVirtual reality
Virtual reality
miranteogbonna
 
Demystifying Artificial Intelligence
Demystifying Artificial IntelligenceDemystifying Artificial Intelligence
Demystifying Artificial Intelligence
Scopernia
 
UXPA 2015 UX Strategy Tutorial
UXPA 2015 UX Strategy TutorialUXPA 2015 UX Strategy Tutorial
UXPA 2015 UX Strategy Tutorial
Stephen Denning
 
Onderzoeksrapport Bachelor Thesis Oncology
Onderzoeksrapport Bachelor Thesis OncologyOnderzoeksrapport Bachelor Thesis Oncology
Onderzoeksrapport Bachelor Thesis Oncology
FemkeTerpstra
 
AI, Creativity and Generative Art
AI, Creativity and Generative ArtAI, Creativity and Generative Art
AI, Creativity and Generative Art
Eelco den Heijer
 
How to implement camera recording for USB webcam or IP camera in C#.NET
How to implement camera recording for USB webcam or IP camera in C#.NETHow to implement camera recording for USB webcam or IP camera in C#.NET
How to implement camera recording for USB webcam or IP camera in C#.NET
Ozeki Informatics Ltd.
 
AWS-IoT-工業智造
AWS-IoT-工業智造 AWS-IoT-工業智造
AWS-IoT-工業智造
Amazon Web Services
 
AI for Metaverse x Web3 Overview
AI for Metaverse x Web3 OverviewAI for Metaverse x Web3 Overview
AI for Metaverse x Web3 Overview
Alex G. Lee, Ph.D. Esq. CLP
 
Generative AI: Redefining Creativity and Transforming Corporate Landscape
Generative AI: Redefining Creativity and Transforming Corporate LandscapeGenerative AI: Redefining Creativity and Transforming Corporate Landscape
Generative AI: Redefining Creativity and Transforming Corporate Landscape
Osaka University
 
Implementing Ethics in AI
Implementing Ethics in AIImplementing Ethics in AI
Implementing Ethics in AI
Pekka Abrahamsson / Tampere University
 
Megatrends: Shaping the Future
Megatrends: Shaping the FutureMegatrends: Shaping the Future
Megatrends: Shaping the Future
Digital October
 
Generative AI Art - The Dark Side
Generative AI Art - The Dark SideGenerative AI Art - The Dark Side
Generative AI Art - The Dark Side
Abhinav Gupta
 
Augmented Reality
Augmented Reality Augmented Reality
Augmented Reality
Rumana Afrose
 
Augmented Reality in Education
Augmented Reality in Education Augmented Reality in Education
Augmented Reality in Education
K3 Hamilton
 
Industrial Revolution 4.0 & 5.0
Industrial Revolution 4.0 & 5.0Industrial Revolution 4.0 & 5.0
Industrial Revolution 4.0 & 5.0
Ahmad Manzoor
 
Artificial intelligence and ethics
Artificial intelligence and ethicsArtificial intelligence and ethics
Artificial intelligence and ethics
Mia Eaker
 
PPT ON ARTIFICIAL INTELLIGENCE
PPT ON ARTIFICIAL INTELLIGENCEPPT ON ARTIFICIAL INTELLIGENCE
PPT ON ARTIFICIAL INTELLIGENCE
ManviKadam1
 

What's hot (20)

Artificial Intelligence in Life Sciences and Agriculture.
Artificial Intelligence in Life Sciences and Agriculture.Artificial Intelligence in Life Sciences and Agriculture.
Artificial Intelligence in Life Sciences and Agriculture.
 
Audition ChatGPT Mission IA Commission des Lois
Audition ChatGPT Mission IA Commission des LoisAudition ChatGPT Mission IA Commission des Lois
Audition ChatGPT Mission IA Commission des Lois
 
Artificial intelligence
Artificial intelligenceArtificial intelligence
Artificial intelligence
 
Virtual reality
Virtual realityVirtual reality
Virtual reality
 
Demystifying Artificial Intelligence
Demystifying Artificial IntelligenceDemystifying Artificial Intelligence
Demystifying Artificial Intelligence
 
UXPA 2015 UX Strategy Tutorial
UXPA 2015 UX Strategy TutorialUXPA 2015 UX Strategy Tutorial
UXPA 2015 UX Strategy Tutorial
 
Onderzoeksrapport Bachelor Thesis Oncology
Onderzoeksrapport Bachelor Thesis OncologyOnderzoeksrapport Bachelor Thesis Oncology
Onderzoeksrapport Bachelor Thesis Oncology
 
AI, Creativity and Generative Art
AI, Creativity and Generative ArtAI, Creativity and Generative Art
AI, Creativity and Generative Art
 
How to implement camera recording for USB webcam or IP camera in C#.NET
How to implement camera recording for USB webcam or IP camera in C#.NETHow to implement camera recording for USB webcam or IP camera in C#.NET
How to implement camera recording for USB webcam or IP camera in C#.NET
 
AWS-IoT-工業智造
AWS-IoT-工業智造 AWS-IoT-工業智造
AWS-IoT-工業智造
 
AI for Metaverse x Web3 Overview
AI for Metaverse x Web3 OverviewAI for Metaverse x Web3 Overview
AI for Metaverse x Web3 Overview
 
Generative AI: Redefining Creativity and Transforming Corporate Landscape
Generative AI: Redefining Creativity and Transforming Corporate LandscapeGenerative AI: Redefining Creativity and Transforming Corporate Landscape
Generative AI: Redefining Creativity and Transforming Corporate Landscape
 
Implementing Ethics in AI
Implementing Ethics in AIImplementing Ethics in AI
Implementing Ethics in AI
 
Megatrends: Shaping the Future
Megatrends: Shaping the FutureMegatrends: Shaping the Future
Megatrends: Shaping the Future
 
Generative AI Art - The Dark Side
Generative AI Art - The Dark SideGenerative AI Art - The Dark Side
Generative AI Art - The Dark Side
 
Augmented Reality
Augmented Reality Augmented Reality
Augmented Reality
 
Augmented Reality in Education
Augmented Reality in Education Augmented Reality in Education
Augmented Reality in Education
 
Industrial Revolution 4.0 & 5.0
Industrial Revolution 4.0 & 5.0Industrial Revolution 4.0 & 5.0
Industrial Revolution 4.0 & 5.0
 
Artificial intelligence and ethics
Artificial intelligence and ethicsArtificial intelligence and ethics
Artificial intelligence and ethics
 
PPT ON ARTIFICIAL INTELLIGENCE
PPT ON ARTIFICIAL INTELLIGENCEPPT ON ARTIFICIAL INTELLIGENCE
PPT ON ARTIFICIAL INTELLIGENCE
 

Similar to Low Hanging Fruit from Penetration Testing

BYOD Trends, Challenges, Pitfalls and Tips
BYOD Trends, Challenges, Pitfalls and TipsBYOD Trends, Challenges, Pitfalls and Tips
BYOD Trends, Challenges, Pitfalls and Tips
Axios Systems
 
Innovate your Planning Process
Innovate your Planning ProcessInnovate your Planning Process
Innovate your Planning Process
Steve Johnson
 
Mobile Workplace Risks
Mobile Workplace RisksMobile Workplace Risks
Mobile Workplace Risks
Parag Deodhar
 
Security initiatives here and down under
Security initiatives here and down underSecurity initiatives here and down under
Security initiatives here and down under
Roger Hagedorn
 
The Difference Between Being Secure And Being Compliant
The Difference Between Being Secure And Being CompliantThe Difference Between Being Secure And Being Compliant
The Difference Between Being Secure And Being Compliant
John Bedrick
 
It's About the Data, Stupid: Mobile Security and BYOD for Healthcare
It's About the Data, Stupid: Mobile Security and BYOD for HealthcareIt's About the Data, Stupid: Mobile Security and BYOD for Healthcare
It's About the Data, Stupid: Mobile Security and BYOD for Healthcare
Marie-Michelle Strah, PhD
 
Humans Are The Weakest Link – How DLP Can Help
Humans Are The Weakest Link – How DLP Can HelpHumans Are The Weakest Link – How DLP Can Help
Humans Are The Weakest Link – How DLP Can Help
Valery Boronin
 
Isaca e symposium understanding your data flow jul 6
Isaca e symposium understanding your data flow jul 6Isaca e symposium understanding your data flow jul 6
Isaca e symposium understanding your data flow jul 6
Ulf Mattsson
 
Coexisting with Vulnerabilities
Coexisting with VulnerabilitiesCoexisting with Vulnerabilities
Coexisting with Vulnerabilities
Dennis Chaupis
 
BYOD = Bring Your Own Device
BYOD = Bring Your Own DeviceBYOD = Bring Your Own Device
BYOD = Bring Your Own Device
GovLoop
 
Key Findings from the World Quality Report 2012-13 at HP Discover
Key Findings from the World Quality Report 2012-13 at HP DiscoverKey Findings from the World Quality Report 2012-13 at HP Discover
Key Findings from the World Quality Report 2012-13 at HP Discover
Capgemini
 
Sunrise Presentation, Company Overview 2012
Sunrise Presentation, Company Overview 2012Sunrise Presentation, Company Overview 2012
Sunrise Presentation, Company Overview 2012
jvangombos
 
Sunrise presentation
Sunrise presentationSunrise presentation
Sunrise presentation
Barbara G Gibney
 
Out With the Old, In With the New – Reinvent and Justify Your 2013 Security S...
Out With the Old, In With the New – Reinvent and Justify Your 2013 Security S...Out With the Old, In With the New – Reinvent and Justify Your 2013 Security S...
Out With the Old, In With the New – Reinvent and Justify Your 2013 Security S...
Skybox Security
 
Online identity management workshop
Online identity management workshopOnline identity management workshop
Online identity management workshop
JISC SSBR
 
IDC Best Practices in Private Sector Cyber Security
IDC Best Practices in Private Sector Cyber SecurityIDC Best Practices in Private Sector Cyber Security
IDC Best Practices in Private Sector Cyber Security
inside-BigData.com
 
Black Hat USA 2015: A Visual Snapshot of Security Threats, Trends and Ideas
Black Hat USA 2015: A Visual Snapshot of Security Threats, Trends and IdeasBlack Hat USA 2015: A Visual Snapshot of Security Threats, Trends and Ideas
Black Hat USA 2015: A Visual Snapshot of Security Threats, Trends and Ideas
Tripwire
 
The year that shook the world
The year that shook the worldThe year that shook the world
The year that shook the world
Trend Micro (EMEA) Limited
 
Cases
CasesCases
Cases
Alexandra
 
Build Automate and Test Strategies - BATMAN
Build Automate and Test Strategies - BATMAN Build Automate and Test Strategies - BATMAN
Build Automate and Test Strategies - BATMAN
Eturnti Consulting Pvt Ltd
 

Similar to Low Hanging Fruit from Penetration Testing (20)

BYOD Trends, Challenges, Pitfalls and Tips
BYOD Trends, Challenges, Pitfalls and TipsBYOD Trends, Challenges, Pitfalls and Tips
BYOD Trends, Challenges, Pitfalls and Tips
 
Innovate your Planning Process
Innovate your Planning ProcessInnovate your Planning Process
Innovate your Planning Process
 
Mobile Workplace Risks
Mobile Workplace RisksMobile Workplace Risks
Mobile Workplace Risks
 
Security initiatives here and down under
Security initiatives here and down underSecurity initiatives here and down under
Security initiatives here and down under
 
The Difference Between Being Secure And Being Compliant
The Difference Between Being Secure And Being CompliantThe Difference Between Being Secure And Being Compliant
The Difference Between Being Secure And Being Compliant
 
It's About the Data, Stupid: Mobile Security and BYOD for Healthcare
It's About the Data, Stupid: Mobile Security and BYOD for HealthcareIt's About the Data, Stupid: Mobile Security and BYOD for Healthcare
It's About the Data, Stupid: Mobile Security and BYOD for Healthcare
 
Humans Are The Weakest Link – How DLP Can Help
Humans Are The Weakest Link – How DLP Can HelpHumans Are The Weakest Link – How DLP Can Help
Humans Are The Weakest Link – How DLP Can Help
 
Isaca e symposium understanding your data flow jul 6
Isaca e symposium understanding your data flow jul 6Isaca e symposium understanding your data flow jul 6
Isaca e symposium understanding your data flow jul 6
 
Coexisting with Vulnerabilities
Coexisting with VulnerabilitiesCoexisting with Vulnerabilities
Coexisting with Vulnerabilities
 
BYOD = Bring Your Own Device
BYOD = Bring Your Own DeviceBYOD = Bring Your Own Device
BYOD = Bring Your Own Device
 
Key Findings from the World Quality Report 2012-13 at HP Discover
Key Findings from the World Quality Report 2012-13 at HP DiscoverKey Findings from the World Quality Report 2012-13 at HP Discover
Key Findings from the World Quality Report 2012-13 at HP Discover
 
Sunrise Presentation, Company Overview 2012
Sunrise Presentation, Company Overview 2012Sunrise Presentation, Company Overview 2012
Sunrise Presentation, Company Overview 2012
 
Sunrise presentation
Sunrise presentationSunrise presentation
Sunrise presentation
 
Out With the Old, In With the New – Reinvent and Justify Your 2013 Security S...
Out With the Old, In With the New – Reinvent and Justify Your 2013 Security S...Out With the Old, In With the New – Reinvent and Justify Your 2013 Security S...
Out With the Old, In With the New – Reinvent and Justify Your 2013 Security S...
 
Online identity management workshop
Online identity management workshopOnline identity management workshop
Online identity management workshop
 
IDC Best Practices in Private Sector Cyber Security
IDC Best Practices in Private Sector Cyber SecurityIDC Best Practices in Private Sector Cyber Security
IDC Best Practices in Private Sector Cyber Security
 
Black Hat USA 2015: A Visual Snapshot of Security Threats, Trends and Ideas
Black Hat USA 2015: A Visual Snapshot of Security Threats, Trends and IdeasBlack Hat USA 2015: A Visual Snapshot of Security Threats, Trends and Ideas
Black Hat USA 2015: A Visual Snapshot of Security Threats, Trends and Ideas
 
The year that shook the world
The year that shook the worldThe year that shook the world
The year that shook the world
 
Cases
CasesCases
Cases
 
Build Automate and Test Strategies - BATMAN
Build Automate and Test Strategies - BATMAN Build Automate and Test Strategies - BATMAN
Build Automate and Test Strategies - BATMAN
 

More from syrinxtech

Security In an IoT World
Security In an IoT WorldSecurity In an IoT World
Security In an IoT World
syrinxtech
 
Infrastructure Auditing
Infrastructure AuditingInfrastructure Auditing
Infrastructure Auditing
syrinxtech
 
Virtual CSO
Virtual CSOVirtual CSO
Virtual CSO
syrinxtech
 
Remote Access Security
Remote Access SecurityRemote Access Security
Remote Access Security
syrinxtech
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing Security
syrinxtech
 
Virtualization Security
Virtualization SecurityVirtualization Security
Virtualization Security
syrinxtech
 
Focus Your Business
Focus Your BusinessFocus Your Business
Focus Your Business
syrinxtech
 
Penetration Testing as an auditing tool
Penetration Testing as an auditing toolPenetration Testing as an auditing tool
Penetration Testing as an auditing tool
syrinxtech
 
PCI Compliance - What does it mean to me?
PCI Compliance - What does it mean to me?PCI Compliance - What does it mean to me?
PCI Compliance - What does it mean to me?
syrinxtech
 
Web Database Server Best Practices
Web Database Server Best PracticesWeb Database Server Best Practices
Web Database Server Best Practices
syrinxtech
 

More from syrinxtech (10)

Security In an IoT World
Security In an IoT WorldSecurity In an IoT World
Security In an IoT World
 
Infrastructure Auditing
Infrastructure AuditingInfrastructure Auditing
Infrastructure Auditing
 
Virtual CSO
Virtual CSOVirtual CSO
Virtual CSO
 
Remote Access Security
Remote Access SecurityRemote Access Security
Remote Access Security
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing Security
 
Virtualization Security
Virtualization SecurityVirtualization Security
Virtualization Security
 
Focus Your Business
Focus Your BusinessFocus Your Business
Focus Your Business
 
Penetration Testing as an auditing tool
Penetration Testing as an auditing toolPenetration Testing as an auditing tool
Penetration Testing as an auditing tool
 
PCI Compliance - What does it mean to me?
PCI Compliance - What does it mean to me?PCI Compliance - What does it mean to me?
PCI Compliance - What does it mean to me?
 
Web Database Server Best Practices
Web Database Server Best PracticesWeb Database Server Best Practices
Web Database Server Best Practices
 

Low Hanging Fruit from Penetration Testing

  • 1. VA SCAN 2012: Securing the Future: BYOD and Beyond The Low Hanging Fruit of Penetration Testing Bryan Miller Computer Science & Information Systems Virginia Commonwealth University
  • 2. VA SCAN 2012: Securing the Future: BYOD and Beyond Agenda  Speaker Introduction  What’s the Problem?  Definitions  Security Testing Issues  Lessons Learned  Self-Audit Tools  Wrap Up The Low Hanging Fruit of Penetration Testing 10/9/2012 2
  • 3. VA SCAN 2012: Securing the Future: BYOD and Beyond Speaker Introduction  B.S. ISY, M.S. CS – VCU  VCU Network Engineer for 5 years  CISSP, former Cisco CCIE in R/S  FTEMS, ISSA, ISACA, IALR, VA SCAN lecturer  Penetration testing for 11 years  Formed Syrinx Technologies in 2007  Published author with 25 years in I.T. The Low Hanging Fruit of Penetration Testing 10/9/2012 3
  • 4. VA SCAN 2012: Securing the Future: BYOD and Beyond What’s the Problem? The Low Hanging Fruit of Penetration Testing 10/9/2012 4
  • 5. VA SCAN 2012: Securing the Future: BYOD and Beyond  In many organizations security is seen as a nuisance – a “must do” but not a “must have.”  Despite everything we know about securing systems and applications, there are new data breaches announced every week.  Organizations of every size and complexity are affected, including the government, military, commercial, R&D, banking and education. The Low Hanging Fruit of Penetration Testing 10/9/2012 5
  • 6. VA SCAN 2012: Securing the Future: BYOD and Beyond  Most of the breaches are caused by issues that would never have existed if available best practice rules had been followed.  Hacking has become commercialized.  Exploit “frameworks” lower the bar in regards to knowledge required to compromise systems. The Low Hanging Fruit of Penetration Testing 10/9/2012 6
  • 7. VA SCAN 2012: Securing the Future: BYOD and Beyond Definitions The Low Hanging Fruit of Penetration Testing 10/9/2012 7
  • 8. VA SCAN 2012: Securing the Future: BYOD and Beyond  Vulnerability Assessment  Penetration Testing  Social Engineering  Wardialing/Wardriving The Low Hanging Fruit of Penetration Testing 10/9/2012 8
  • 9. VA SCAN 2012: Securing the Future: BYOD and Beyond  Vulnerability Assessment  “jiggling the handle”  Often required for compliance  Sometimes confused with a risk assessment The Low Hanging Fruit of Penetration Testing 10/9/2012 9
  • 10. VA SCAN 2012: Securing the Future: BYOD and Beyond  Penetration Testing  External vs. internal  Goal is to simulate a real attacker, but with limits  How do those limits affect the testing?  How do you measure success? The Low Hanging Fruit of Penetration Testing 10/9/2012 10
  • 11. VA SCAN 2012: Securing the Future: BYOD and Beyond  Social Engineering  Three easy words: Hacking the Human  Easy to talk about, extremely difficult to prevent  Policies and education are the front line of defense The Low Hanging Fruit of Penetration Testing 10/9/2012 11
  • 12. VA SCAN 2012: Securing the Future: BYOD and Beyond  Wardialing/Wardriving  Wardialing – dialing phone numbers to look for modems  Wardriving – scanning for wireless access points  Includes 802.11, Bluetooth, Zigbee, X.10  Legal to scan but not to associate to an AP  Includes warwalking and warchalking The Low Hanging Fruit of Penetration Testing 10/9/2012 12
  • 13. VA SCAN 2012: Securing the Future: BYOD and Beyond Security Testing Issues The Low Hanging Fruit of Penetration Testing 10/9/2012 13
  • 14. VA SCAN 2012: Securing the Future: BYOD and Beyond  Penetration Testing vs. Vulnerability Assessments  Is one “better” than the other?  Which one is right for my situation?  Thorough requirements definition  Rules of engagement  What constitutes success?  Deliverables The Low Hanging Fruit of Penetration Testing 10/9/2012 14
  • 15. VA SCAN 2012: Securing the Future: BYOD and Beyond  Why should we test?  FERPA, PCI, HIPAA, SOX, FFIEC, NCUA, FIPS  Internal Audit requirements  Baseline the security posture for new management  Mergers & acquisitions  Natural complement to risk assessments The Low Hanging Fruit of Penetration Testing 10/9/2012 15
  • 16. VA SCAN 2012: Securing the Future: BYOD and Beyond  Why should we NOT test?  If you consider security a waste of good money  If you don’t want to know the answers  If you can’t or aren’t going to fix anything  If you really want to be on the local news or have someone write a magazine article about you The Low Hanging Fruit of Penetration Testing 10/9/2012 16
  • 17. VA SCAN 2012: Securing the Future: BYOD and Beyond  Why don’t we test?  Our employees don’t know how to do bad things.  We already know what’s broken.  We don’t have anything hackers want.  If you tell us what’s wrong, we’ll have to fix it.  We haven’t fixed the things you found last time. The Low Hanging Fruit of Penetration Testing 10/9/2012 17
  • 18. VA SCAN 2012: Securing the Future: BYOD and Beyond  In-house or outsource?  The first question you have to answer is, “Do I have the staff with the relevant skills/tools/time?”  You might not have a choice due to auditing standards.  A good compromise is to perform internal self-tests followed by a review from a 3rd party.  Knowing something about the process makes you a better consumer. The Low Hanging Fruit of Penetration Testing 10/9/2012 18
  • 19. VA SCAN 2012: Securing the Future: BYOD and Beyond Lessons Learned The Low Hanging Fruit of Penetration Testing 10/9/2012 19
  • 20. VA SCAN 2012: Securing the Future: BYOD and Beyond  So, having said all that, what have we learned about data breaches?  They happen to organizations of all sizes and complexity.  Many of them can be prevented using best practice methods.  Many can be categorized as “low hanging fruit.”  The larger your organization, the more LHF. The Low Hanging Fruit of Penetration Testing 10/9/2012 20
  • 21. VA SCAN 2012: Securing the Future: BYOD and Beyond  The Low Hanging Fruit Top Ten (1-5) 1. Bad password management 2. Default security controls 3. Incorrect permissions on files, directories, databases, etc. 4. Missing OS and application patches 5. SQL Injection, XSS, cookie, state and URL issues on web sites The Low Hanging Fruit of Penetration Testing 10/9/2012 21
  • 22. VA SCAN 2012: Securing the Future: BYOD and Beyond  The Low Hanging Fruit Top Ten (6-10) 6. Lack of security awareness 7. Access to internal systems from the Internet 8. Insecure wireless access points/modems 9. Lack of encryption (laptops, sensitive data & emails) 10. Weak physical security The Low Hanging Fruit of Penetration Testing 10/9/2012 22
  • 23. VA SCAN 2012: Securing the Future: BYOD and Beyond  #1 – Bad password management The Low Hanging Fruit of Penetration Testing 10/9/2012 23
  • 24. VA SCAN 2012: Securing the Future: BYOD and Beyond  #2 – Default security controls The Low Hanging Fruit of Penetration Testing 10/9/2012 24
  • 25. VA SCAN 2012: Securing the Future: BYOD and Beyond  #2 – Default security controls The Low Hanging Fruit of Penetration Testing 10/9/2012 25
  • 26. VA SCAN 2012: Securing the Future: BYOD and Beyond  #3 – Incorrect permissions on web directory This is how web defacements happen. The Low Hanging Fruit of Penetration Testing 10/9/2012 26
  • 27. VA SCAN 2012: Securing the Future: BYOD and Beyond  #4 - Missing OS and application patches The Low Hanging Fruit of Penetration Testing 10/9/2012 27
  • 28. VA SCAN 2012: Securing the Future: BYOD and Beyond  #5 – Cross Site Scripting (XSS) The Low Hanging Fruit of Penetration Testing 10/9/2012 28
  • 29. VA SCAN 2012: Securing the Future: BYOD and Beyond  #6 – Social Engineering This is what you can access by pretending to be the “Verizon guy.” The Low Hanging Fruit of Penetration Testing 10/9/2012 29
  • 30. VA SCAN 2012: Securing the Future: BYOD and Beyond  #7 – Access to internal systems from the Internet The Low Hanging Fruit of Penetration Testing 10/9/2012 30
  • 31. VA SCAN 2012: Securing the Future: BYOD and Beyond  #8 - Insecure wireless access points/modems The Low Hanging Fruit of Penetration Testing 10/9/2012 31
  • 32. VA SCAN 2012: Securing the Future: BYOD and Beyond  #8 - Insecure wireless access points/modems The Low Hanging Fruit of Penetration Testing 10/9/2012 32
  • 33. VA SCAN 2012: Securing the Future: BYOD and Beyond  #9 – Lack of encryption with sensitive script The Low Hanging Fruit of Penetration Testing 10/9/2012 33
  • 34. VA SCAN 2012: Securing the Future: BYOD and Beyond  The real magic occurs when you get creative  Access the Registry via a blank SA password and run the reg query command to display the VNC password  Use the osql command to turn on Telnet and remotely access the server  Use the osql command to turn on xp_cmdshell  Watch keystrokes remotely via X-Windows with xspy  Download and compile a password cracking program and then run it to crack the machine’s passwords  Spoof a wireless access point and execute a MITM attack The Low Hanging Fruit of Penetration Testing 10/9/2012 34
  • 35. VA SCAN 2012: Securing the Future: BYOD and Beyond Self-Audit Tools The Low Hanging Fruit of Penetration Testing 10/9/2012 35
  • 36. VA SCAN 2012: Securing the Future: BYOD and Beyond  Port Scanners  Nmap  Nessus  SuperScan 3,4  RAPS (Remote Access Perimeter Scanner)  GFI The Low Hanging Fruit of Penetration Testing 10/9/2012 36
  • 37. VA SCAN 2012: Securing the Future: BYOD and Beyond RAPS Output: 192.168.0.187 Port 5900 - VNC, Version 3.8 192.168.0.187 Port 5900 - VNC, NO LOGIN REQUIRED, Version 3.8 192.168.0.9 Port 3389 - Terminal Server 192.168.10.57 Port 5631 - pcAnywhere, Host: A1 192.168.10.56 Port 1720 - NetMeeting 10.2.0.139 Port 1494 – Citrix Server 10.2.1.20 Port 6000 – X Server, Version 11.0 10.2.1.21 Port 6000 – X Server, NO LOGIN REQUIRED, Version 11.0 The Low Hanging Fruit of Penetration Testing 10/9/2012 37
  • 38. VA SCAN 2012: Securing the Future: BYOD and Beyond  IPSec Configuration  IPSecScan  Identify open IPSec endpoints  IKE-Scan  Display configuration parameters  With “aggressive mode”, dump PSK and brute force The Low Hanging Fruit of Penetration Testing 10/9/2012 15
  • 39. VA SCAN 2012: Securing the Future: BYOD and Beyond IKE-Scan Output: 192.168.1.254 Aggressive Mode Handshake HDR=(CKY-R=509ca66bcabbcc3a) SA=(Enc=DES Hash=MD5 Group=1:modp768 Auth=PSK LifeType=Seconds ) VID=12f5f2887f768a9702d9fe274cc0100 VID=afcad713a12d96b8696fc77570100 VID=a55b0176cabacc3a52207fea2babaa9 VID=0900299bcfd6b712 (XAUTH) KeyExchange(128 bytes) ID(Type=ID_IPV4_ADDR, Value=192.168.1.254) Nonce(20 bytes) Hash(20 bytes) What 3 items are not best practice? The Low Hanging Fruit of Penetration Testing 10/9/2012 15
  • 40. VA SCAN 2012: Securing the Future: BYOD and Beyond  Web Applications  Proxies  Burp Suite  Paros  Scanners  Acunetix  Nikto  Nessus  HP WebInspect The Low Hanging Fruit of Penetration Testing 10/9/2012 15
  • 41. VA SCAN 2012: Securing the Future: BYOD and Beyond  SSL Cipher Strength  SSLDigger  THCSSLCheck  OpenSSL The Low Hanging Fruit of Penetration Testing 10/9/2012 41
  • 42. VA SCAN 2012: Securing the Future: BYOD and Beyond SSLDigger Output: 192.168.1.1: EXP-RC2-CBC-MD5 – (40) EXP-RC4-MD5 – (40) EXP1024-DES-CBC-SHA – (56) EXP1024-RC4-SHA – (56) DES-CBC-SHA – (56) (X) – Number of bits of encryption This tool is great for checking PCI compliance The Low Hanging Fruit of Penetration Testing 10/9/2012 42
  • 43. VA SCAN 2012: Securing the Future: BYOD and Beyond  Dial-In  PhoneSweep  Commercial “wardialer” – can identify modems/architecture and perform dictionary-based attacks on accounts  Wireless  802.11  Aircrack-ng  Kismet  Bluetooth  Bluesnarf  BlueAuditor The Low Hanging Fruit of Penetration Testing 10/9/2012 43
  • 44. VA SCAN 2012: Securing the Future: BYOD and Beyond Why do vendors insist on making it easy for attackers? The Low Hanging Fruit of Penetration Testing 10/9/2012 44
  • 45. VA SCAN 2012: Securing the Future: BYOD and Beyond The Low Hanging Fruit of Penetration Testing 10/9/2012 45
  • 46. VA SCAN 2012: Securing the Future: BYOD and Beyond The Low Hanging Fruit of Penetration Testing 10/9/2012 46
  • 47. VA SCAN 2012: Securing the Future: BYOD and Beyond Rule #1 in Security Ease of Secure Use The Low Hanging Fruit of Penetration Testing 10/9/2012 47
  • 48. VA SCAN 2012: Securing the Future: BYOD and Beyond Wrap-Up The Low Hanging Fruit of Penetration Testing 10/9/2012 48
  • 49. VA SCAN 2012: Securing the Future: BYOD and Beyond  Data breaches affect your organization’s reputation and can cost you significant money.  Software is becoming more complex while attacker tools are becoming easier to use.  The majority of data breaches can be prevented by following simple, best practice rules to eliminate low hanging fruit. The Low Hanging Fruit of Penetration Testing 10/9/2012 49
  • 50. VA SCAN 2012: Securing the Future: BYOD and Beyond Q&A Bryan Miller bryan@syrinxtech.com www.syrinxtech.com 804-539-9154 The Low Hanging Fruit of Penetration Testing 10/9/2012 50