SlideShare ist ein Scribd-Unternehmen logo

Final presentation of IT security project

Armandas Rokas
Armandas Rokas

This is final presentation of IT security project. In this project tested terminal server security and built the system. Project consist of : *Build the system *Try to break *Detect *Prevent So, project is implemented fully and all requirement are done.

1 von 37
Downloaden Sie, um offline zu lesen
Security test and implementation of terminal computer Authors: Armandas Rokas Andrius Sinkevicius Edvinas Butenas December 7, 2011
Overview  Background story  Break­in attacks  Risk determination and security control recommendations  for break­in attacks  Network attacks  Risk determination and security control recommendations  for network attacks  Security solutions  Questions?
Background story  XpUnlimited.LT company  Software works on all previous Windows OS`s  Try the security of terminal server   Built fully protected ( included network security)
Network diagram
System characterization  Hardware:  Acer , i3, 4GB RAM gt320 1GB video  Software:  Windows 7 Ultimate SP1 32­bit/Windows Xp SP3  with XPUnlimited  Data:  Pictures, Sensitive Documents.
System characterization  System interfaces  S­ATA2, USB, 802.11b/g/n, HDMI, VGA, Ethernet.  Users  Administrator, Remote Users.  Services running  Printer, Web Server (IP Consult HTTP server),  Remotes Desktops, Internal Database For ERP.
Control analysis  Os Security Policies  Local Access Policies  System Backup  Firewall Policies
Break-in attacks
Exploit (Infection with key logger)  Exploited by executing file on victims machine  File with payload  Meterpreter command line  Key log:  On Windows 7 only affected user only affected  On Windows Xp all user all
Mail infection  External attack  Attack was made from BackTrack 5 to infect the  Terminal thin client server with Windows 7  operating system.  Exploit which let me break in to victim computer  when he got the infected message to his mail box.
Example
Some details  reverse_tcp payload.   local port 4444(it is vulnerable port) to create active  server which listening when victim click on  message.  After victim activate the payload included into  message I open meterpreter.
Human Threats Threat-Source Motivation Threat Action Computer Criminal Monetary Gain-my Computer Crime credit card info Fraudulent Act Hacker, Cracker Challenge, Ego Hacking, Social Engineering, System Intrusion, Unauthorized System Access. User Negligence Spill Fluids on System Idiocy Drop System
Vulnerability Identification Vulnerability Threat-Source Threat Action Outdated Software Hacker, Cracker, System File Loss, Computer Criminal. Unauthorized System Accesses. Misconfigured System Users, Computer System Files Loss, Criminal. Hacker, System Failure Cracker. Absence Of Security Hacker, Cracker, System Files Loss, Software Computer Criminal. System Failure.
Likelihood Determination Threat-Source Vulnerability Likelihood Hacker, Cracker, Outdated Software Medium Computer Criminal. Users, Computer Misconfigured System Medium Criminal. Hacker, Cracker, Absence Of Security High Computer Criminal. Software
Impact Analysis Threat-Source Loss of Loss of Loss of Integrity Availability Confidentialit y Hacker, None High High Cracker. Computer None High High Criminal. Users Low Low Low
Likelihood, Impact Analysis & Risk Vulnerability Threat - Likelihood Impact Risk Source Outdated Hacker, Medium Medium Medium Software Cracker, Computer Criminal. Misconfigured Users, High High High System Computer Criminal. Hacker, Cracker. Absence Of Hacker, High Medium Medium Security Cracker, Software Computer Criminal.
Control Recommendations Risk Risk Recommended Controls Activity Level Priority Outdated Software Medium Regularly Updating Software. Medium Misconfigured High Hire Qualified Specialists. High System Absence Of Security Medium Install legally IPS & IDS. Medium Software
Network attacks
ARP - Man in the middle attack  After I broke in through Metasploit exploit to  victim pc I try do more harm to him.  I use ARP protocol vulnerability, with which you  are invisible, but same time making damage to  victim.  With fake arpsoof regues and response package  sending I make MITM “Man In The Middle”  attack.  
 After that I get full information float from router and my selected other  computer.  In that information are included logins, emails other sensitive  information.  Victim become full infected, he needs get out of this situation and  prevent for another time.
Dos attack • Used tools:    Bactrack5 network penetration OS within    Ettercap ­  tool for man­in­the­midlle attack. • Goal:      Make the terminal server unavailable to its  intended users
DoS
TS before DoS attack
TS after DoS attack
Human Threats Threat-Source Motivation Threat Action Computer Criminal Monetary Gain-my Computer Crime credit card info Fraudulent Act Hacker, Cracker Challenge, Ego Hacking, Social Engineering, System Intrusion, Unauthorized System Access. Competitors Injure Company Economic Exploitation, Stability. Compromise System Penetration, Network work. Spoofing/Sniffing of Network. Run Of Company Data.
Vulnerability Identification Vulnerability Threat-Source Threat Action Absence Of System Hacker, Cracker System Failure, Security Competitors Connection Damage, Computer Criminal Information Conversion.
Likelihood Determination Threat-Source Vulnerability Likelihood Hacker, Cracker Absence Of System Medium Competitors Security Computer Criminal
Impact Analysis Threat-Source Loss of Loss of Loss of Integrity Availability Confidentialit y Hacker, None High High Cracker. Computer None High High Criminal. Competitors Medium High High
Likelihood, Impact Analysis & Risk Vulnerability Threat - Likelihood Impact Risk Source Absence Of Hacker, Medium High Medium System Cracker Security Competitors Computer Criminal
Control Recommendations Risk Risk Recommended Controls Activity Level Priority Absence Of System Medium Install legally IPS & IDS. High Security Implement encryption. Users Access Control.
Security solutions
Terminal server security configuration User groups: • Administrative Users group – privileges to  configure terminal server • Remote Desktop Users group – privileges only to  connect remote desktop without possibility to  configure it. • All users including administrator have credentials to  login the services, no password less connection  available.
Application control for users • The users can use only specified applications by the  system administrator.  •  Not active user sessions are terminated according  time limit. • Applications that can be started by other application  are not visible to user. • User attempt to open not assigned application are  restricted by  pop­out message that user have not  privilege to open it.
Anti-virus  Implement security antivirus, which gives you updated  database and protect from intruders.  Shut down any untruthful connection.  Scanning web pages, your downloads.  Made with reliable Firewall.  Security isn’t about blocking malicious actions, it’s about  keeping your data safe, so arrange the reliable  Encryption software.  Users to upload viruses for future updates.  #1 Bitdefender
Security against network attacks ● IPS&IDS ● Snort ● Firewall ● Ipcop  APF (Advanced Policy Firewall) from rfxnetworks ● Optional expensive solutions ● Cisco router ● Paid firewall
Questions?

Empfohlen

Software Security (Vulnerabilities) And Physical Security
Software Security (Vulnerabilities) And Physical SecuritySoftware Security (Vulnerabilities) And Physical Security
Software Security (Vulnerabilities) And Physical SecurityNicholas Davis
 
Introduction of hacking and cracking
Introduction of hacking and crackingIntroduction of hacking and cracking
Introduction of hacking and crackingHarshil Barot
 
RSA Anatomy of an Attack
RSA Anatomy of an AttackRSA Anatomy of an Attack
RSA Anatomy of an Attackintegritysolutions
 
Dan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hacker
Dan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hackerDan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hacker
Dan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hackerDan Vasile
 
Analysis of RSA Lockheed Martin Attack
Analysis of RSA Lockheed Martin AttackAnalysis of RSA Lockheed Martin Attack
Analysis of RSA Lockheed Martin AttackGavin Davey
 
Malicious software
Malicious softwareMalicious software
Malicious softwareCAS
 
computer security
computer securitycomputer security
computer securityAzhar Akhtar
 
NetWitness
NetWitnessNetWitness
NetWitnessTechBiz Forense Digital
 

Empfohlen

Software Security (Vulnerabilities) And Physical Security
Software Security (Vulnerabilities) And Physical SecuritySoftware Security (Vulnerabilities) And Physical Security
Software Security (Vulnerabilities) And Physical SecurityNicholas Davis
 
Introduction of hacking and cracking
Introduction of hacking and crackingIntroduction of hacking and cracking
Introduction of hacking and crackingHarshil Barot
 
RSA Anatomy of an Attack
RSA Anatomy of an AttackRSA Anatomy of an Attack
RSA Anatomy of an Attackintegritysolutions
 
Dan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hacker
Dan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hackerDan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hacker
Dan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hackerDan Vasile
 
Analysis of RSA Lockheed Martin Attack
Analysis of RSA Lockheed Martin AttackAnalysis of RSA Lockheed Martin Attack
Analysis of RSA Lockheed Martin AttackGavin Davey
 
Malicious software
Malicious softwareMalicious software
Malicious softwareCAS
 
computer security
computer securitycomputer security
computer securityAzhar Akhtar
 
NetWitness
NetWitnessNetWitness
NetWitnessTechBiz Forense Digital
 
Ch04 Network Vulnerabilities and Attacks
Ch04 Network Vulnerabilities and AttacksCh04 Network Vulnerabilities and Attacks
Ch04 Network Vulnerabilities and AttacksInformation Technology
 
Computer security ethics_and_privacy
Computer security ethics_and_privacyComputer security ethics_and_privacy
Computer security ethics_and_privacyArdit Meti
 
Virus and its CounterMeasures -- Pruthvi Monarch
Virus and its CounterMeasures -- Pruthvi Monarch Virus and its CounterMeasures -- Pruthvi Monarch
Virus and its CounterMeasures -- Pruthvi Monarch Pruthvi Monarch
 
Threats to a computer
Threats to a computer Threats to a computer
Threats to a computer FCA - Future Chartered Accountants
 
Security Attack Analysis for Finding and Stopping Network Attacks
Security Attack Analysis for Finding and Stopping Network AttacksSecurity Attack Analysis for Finding and Stopping Network Attacks
Security Attack Analysis for Finding and Stopping Network AttacksSavvius, Inc
 
The use of honeynet to detect exploited systems (basic version)
The use of honeynet to detect exploited systems (basic version)The use of honeynet to detect exploited systems (basic version)
The use of honeynet to detect exploited systems (basic version)amar koppal
 
Computer security risks
Computer security risksComputer security risks
Computer security risksAasim Mushtaq
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detectionCAS
 
Network security and viruses
Network security and virusesNetwork security and viruses
Network security and virusesAamlan Saswat Mishra
 
Security threats explained
Security threats explained Security threats explained
Security threats explained Abhijeet Karve
 
Intruders detection
Intruders detectionIntruders detection
Intruders detectionEhtisham Ali
 
Combating Advanced Persistent Threats with Flow-based Security Monitoring
Combating Advanced Persistent Threats with Flow-based Security MonitoringCombating Advanced Persistent Threats with Flow-based Security Monitoring
Combating Advanced Persistent Threats with Flow-based Security MonitoringLancope, Inc.
 
Intrusion detection system
Intrusion detection system Intrusion detection system
Intrusion detection system gaurav koriya
 
Advanced persistent threat (apt)
Advanced persistent threat (apt)Advanced persistent threat (apt)
Advanced persistent threat (apt)mmubashirkhan
 
Intrusion Detection and Prevention System in an Enterprise Network
Intrusion Detection and Prevention System in an Enterprise NetworkIntrusion Detection and Prevention System in an Enterprise Network
Intrusion Detection and Prevention System in an Enterprise NetworkOkehie Collins
 
Web backdoors attacks, evasion, detection
Web backdoors attacks, evasion, detectionWeb backdoors attacks, evasion, detection
Web backdoors attacks, evasion, detectionn|u - The Open Security Community
 
Introduction to the advanced persistent threat and hactivism
Introduction to the advanced persistent threat and hactivismIntroduction to the advanced persistent threat and hactivism
Introduction to the advanced persistent threat and hactivismGlobal Micro Solutions
 
IRJET- Study of Hacking and Ethical Hacking
IRJET- Study of Hacking and Ethical HackingIRJET- Study of Hacking and Ethical Hacking
IRJET- Study of Hacking and Ethical HackingIRJET Journal
 
Chapter 2 program-security
Chapter 2 program-securityChapter 2 program-security
Chapter 2 program-securityVamsee Krishna Kiran
 
Penetration testing
Penetration testing Penetration testing
Penetration testing PTC
 
System tThreats
System tThreatsSystem tThreats
System tThreatsSunipa Bera
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingKeith Brooks
 

Weitere ähnliche Inhalte

Was ist angesagt?

Ch04 Network Vulnerabilities and Attacks
Ch04 Network Vulnerabilities and AttacksCh04 Network Vulnerabilities and Attacks
Ch04 Network Vulnerabilities and AttacksInformation Technology
 
Computer security ethics_and_privacy
Computer security ethics_and_privacyComputer security ethics_and_privacy
Computer security ethics_and_privacyArdit Meti
 
Virus and its CounterMeasures -- Pruthvi Monarch
Virus and its CounterMeasures -- Pruthvi Monarch Virus and its CounterMeasures -- Pruthvi Monarch
Virus and its CounterMeasures -- Pruthvi Monarch Pruthvi Monarch
 
Security Attack Analysis for Finding and Stopping Network Attacks
Security Attack Analysis for Finding and Stopping Network AttacksSecurity Attack Analysis for Finding and Stopping Network Attacks
Security Attack Analysis for Finding and Stopping Network AttacksSavvius, Inc
 
The use of honeynet to detect exploited systems (basic version)
The use of honeynet to detect exploited systems (basic version)The use of honeynet to detect exploited systems (basic version)
The use of honeynet to detect exploited systems (basic version)amar koppal
 
Computer security risks
Computer security risksComputer security risks
Computer security risksAasim Mushtaq
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detectionCAS
 
Security threats explained
Security threats explained Security threats explained
Security threats explained Abhijeet Karve
 
Intruders detection
Intruders detectionIntruders detection
Intruders detectionEhtisham Ali
 
Combating Advanced Persistent Threats with Flow-based Security Monitoring
Combating Advanced Persistent Threats with Flow-based Security MonitoringCombating Advanced Persistent Threats with Flow-based Security Monitoring
Combating Advanced Persistent Threats with Flow-based Security MonitoringLancope, Inc.
 
Intrusion detection system
Intrusion detection system Intrusion detection system
Intrusion detection system gaurav koriya
 
Advanced persistent threat (apt)
Advanced persistent threat (apt)Advanced persistent threat (apt)
Advanced persistent threat (apt)mmubashirkhan
 
Intrusion Detection and Prevention System in an Enterprise Network
Intrusion Detection and Prevention System in an Enterprise NetworkIntrusion Detection and Prevention System in an Enterprise Network
Intrusion Detection and Prevention System in an Enterprise NetworkOkehie Collins
 
Introduction to the advanced persistent threat and hactivism
Introduction to the advanced persistent threat and hactivismIntroduction to the advanced persistent threat and hactivism
Introduction to the advanced persistent threat and hactivismGlobal Micro Solutions
 
IRJET- Study of Hacking and Ethical Hacking
IRJET- Study of Hacking and Ethical HackingIRJET- Study of Hacking and Ethical Hacking
IRJET- Study of Hacking and Ethical HackingIRJET Journal
 
Penetration testing
Penetration testing Penetration testing
Penetration testing PTC
 

Was ist angesagt? (20)

Ch04 Network Vulnerabilities and Attacks
Ch04 Network Vulnerabilities and AttacksCh04 Network Vulnerabilities and Attacks
Ch04 Network Vulnerabilities and Attacks
 
Computer security ethics_and_privacy
Computer security ethics_and_privacyComputer security ethics_and_privacy
Computer security ethics_and_privacy
 
Virus and its CounterMeasures -- Pruthvi Monarch
Virus and its CounterMeasures -- Pruthvi Monarch Virus and its CounterMeasures -- Pruthvi Monarch
Virus and its CounterMeasures -- Pruthvi Monarch
 
Threats to a computer
Threats to a computer Threats to a computer
Threats to a computer
 
Security Attack Analysis for Finding and Stopping Network Attacks
Security Attack Analysis for Finding and Stopping Network AttacksSecurity Attack Analysis for Finding and Stopping Network Attacks
Security Attack Analysis for Finding and Stopping Network Attacks
 
The use of honeynet to detect exploited systems (basic version)
The use of honeynet to detect exploited systems (basic version)The use of honeynet to detect exploited systems (basic version)
The use of honeynet to detect exploited systems (basic version)
 
Computer security risks
Computer security risksComputer security risks
Computer security risks
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detection
 
Network security and viruses
Network security and virusesNetwork security and viruses
Network security and viruses
 
Security threats explained
Security threats explained Security threats explained
Security threats explained
 
Intruders detection
Intruders detectionIntruders detection
Intruders detection
 
Combating Advanced Persistent Threats with Flow-based Security Monitoring
Combating Advanced Persistent Threats with Flow-based Security MonitoringCombating Advanced Persistent Threats with Flow-based Security Monitoring
Combating Advanced Persistent Threats with Flow-based Security Monitoring
 
Intrusion detection system
Intrusion detection system Intrusion detection system
Intrusion detection system
 
Advanced persistent threat (apt)
Advanced persistent threat (apt)Advanced persistent threat (apt)
Advanced persistent threat (apt)
 
Intrusion Detection and Prevention System in an Enterprise Network
Intrusion Detection and Prevention System in an Enterprise NetworkIntrusion Detection and Prevention System in an Enterprise Network
Intrusion Detection and Prevention System in an Enterprise Network
 
Web backdoors attacks, evasion, detection
Web backdoors attacks, evasion, detectionWeb backdoors attacks, evasion, detection
Web backdoors attacks, evasion, detection
 
Introduction to the advanced persistent threat and hactivism
Introduction to the advanced persistent threat and hactivismIntroduction to the advanced persistent threat and hactivism
Introduction to the advanced persistent threat and hactivism
 
IRJET- Study of Hacking and Ethical Hacking
IRJET- Study of Hacking and Ethical HackingIRJET- Study of Hacking and Ethical Hacking
IRJET- Study of Hacking and Ethical Hacking
 
Chapter 2 program-security
Chapter 2 program-securityChapter 2 program-security
Chapter 2 program-security
 
Penetration testing
Penetration testing Penetration testing
Penetration testing
 

Ähnlich wie Final presentation of IT security project

Information Security Fundamentals - New Horizons Bulgaria
Information Security Fundamentals - New Horizons BulgariaInformation Security Fundamentals - New Horizons Bulgaria
Information Security Fundamentals - New Horizons BulgariaNew Horizons Bulgaria
 
Cyper security & Ethical hacking
Cyper security & Ethical hackingCyper security & Ethical hacking
Cyper security & Ethical hackingCmano Kar
 
Computer security and_privacy_2010-2011
Computer security and_privacy_2010-2011Computer security and_privacy_2010-2011
Computer security and_privacy_2010-2011lbcollins18
 
Cyber warfare introduction
Cyber warfare introductionCyber warfare introduction
Cyber warfare introductionjagadeesh katla
 
Cyber security-briefing-presentation
Cyber security-briefing-presentationCyber security-briefing-presentation
Cyber security-briefing-presentationsathiyamaha
 
Ethical hacking/ Penetration Testing
Ethical hacking/ Penetration TestingEthical hacking/ Penetration Testing
Ethical hacking/ Penetration TestingANURAG CHAKRABORTY
 
Basics of System Security and Tools
Basics of System Security and ToolsBasics of System Security and Tools
Basics of System Security and ToolsKaran Bhandari
 
Ehical Hacking: Unit no. 1 Information and Network Security
Ehical Hacking: Unit no. 1 Information and Network SecurityEhical Hacking: Unit no. 1 Information and Network Security
Ehical Hacking: Unit no. 1 Information and Network Securityprachi67
 
01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network SecurityHarish Chaudhary
 
Lecture about network and host security to NII students
Lecture about network and host security to NII studentsLecture about network and host security to NII students
Lecture about network and host security to NII studentsAkiumi Hasegawa
 
3.2.1 computer security risks
3.2.1 computer security risks3.2.1 computer security risks
3.2.1 computer security riskshazirma
 
Ethi mini - ethical hacking
Ethi mini - ethical hackingEthi mini - ethical hacking
Ethi mini - ethical hackingBeing Uniq Sonu
 
Cyber crime trends in 2013
Cyber crime trends in 2013 Cyber crime trends in 2013
Cyber crime trends in 2013 The eCore Group
 
Orientation 28 sep education purpose only.pptx
Orientation 28 sep education purpose only.pptxOrientation 28 sep education purpose only.pptx
Orientation 28 sep education purpose only.pptx230405
 

Ähnlich wie Final presentation of IT security project (20)

System tThreats
System tThreatsSystem tThreats
System tThreats
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Information Security Fundamentals - New Horizons Bulgaria
Information Security Fundamentals - New Horizons BulgariaInformation Security Fundamentals - New Horizons Bulgaria
Information Security Fundamentals - New Horizons Bulgaria
 
Cyper security & Ethical hacking
Cyper security & Ethical hackingCyper security & Ethical hacking
Cyper security & Ethical hacking
 
Computer security and_privacy_2010-2011
Computer security and_privacy_2010-2011Computer security and_privacy_2010-2011
Computer security and_privacy_2010-2011
 
Cyber warfare introduction
Cyber warfare introductionCyber warfare introduction
Cyber warfare introduction
 
Cyber security-briefing-presentation
Cyber security-briefing-presentationCyber security-briefing-presentation
Cyber security-briefing-presentation
 
Ethical hacking/ Penetration Testing
Ethical hacking/ Penetration TestingEthical hacking/ Penetration Testing
Ethical hacking/ Penetration Testing
 
Basics of System Security and Tools
Basics of System Security and ToolsBasics of System Security and Tools
Basics of System Security and Tools
 
Ehical Hacking: Unit no. 1 Information and Network Security
Ehical Hacking: Unit no. 1 Information and Network SecurityEhical Hacking: Unit no. 1 Information and Network Security
Ehical Hacking: Unit no. 1 Information and Network Security
 
01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security
 
Lecture about network and host security to NII students
Lecture about network and host security to NII studentsLecture about network and host security to NII students
Lecture about network and host security to NII students
 
3.2.1 computer security risks
3.2.1 computer security risks3.2.1 computer security risks
3.2.1 computer security risks
 
Ethi mini - ethical hacking
Ethi mini - ethical hackingEthi mini - ethical hacking
Ethi mini - ethical hacking
 
Cyber crime trends in 2013
Cyber crime trends in 2013 Cyber crime trends in 2013
Cyber crime trends in 2013
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Introduction to Malwares
Introduction to MalwaresIntroduction to Malwares
Introduction to Malwares
 
Orientation 28 sep education purpose only.pptx
Orientation 28 sep education purpose only.pptxOrientation 28 sep education purpose only.pptx
Orientation 28 sep education purpose only.pptx
 
ETHICAL HACKING
ETHICAL HACKINGETHICAL HACKING
ETHICAL HACKING
 
Security Requirements in eBusiness
Security Requirements in eBusinessSecurity Requirements in eBusiness
Security Requirements in eBusiness
 

Final presentation of IT security project

  • 1. Security test and implementation of terminal computer Authors: Armandas Rokas Andrius Sinkevicius Edvinas Butenas December 7, 2011
  • 2. Overview  Background story  Break­in attacks  Risk determination and security control recommendations  for break­in attacks  Network attacks  Risk determination and security control recommendations  for network attacks  Security solutions  Questions?
  • 3. Background story  XpUnlimited.LT company  Software works on all previous Windows OS`s  Try the security of terminal server   Built fully protected ( included network security)
  • 5. System characterization  Hardware:  Acer , i3, 4GB RAM gt320 1GB video  Software:  Windows 7 Ultimate SP1 32­bit/Windows Xp SP3  with XPUnlimited  Data:  Pictures, Sensitive Documents.
  • 6. System characterization  System interfaces  S­ATA2, USB, 802.11b/g/n, HDMI, VGA, Ethernet.  Users  Administrator, Remote Users.  Services running  Printer, Web Server (IP Consult HTTP server),  Remotes Desktops, Internal Database For ERP.
  • 7. Control analysis  Os Security Policies  Local Access Policies  System Backup  Firewall Policies
  • 9. Exploit (Infection with key logger)  Exploited by executing file on victims machine  File with payload  Meterpreter command line  Key log:  On Windows 7 only affected user only affected  On Windows Xp all user all
  • 10. Mail infection  External attack  Attack was made from BackTrack 5 to infect the  Terminal thin client server with Windows 7  operating system.  Exploit which let me break in to victim computer  when he got the infected message to his mail box.
  • 12. Some details  reverse_tcp payload.   local port 4444(it is vulnerable port) to create active  server which listening when victim click on  message.  After victim activate the payload included into  message I open meterpreter.
  • 13. Human Threats Threat-Source Motivation Threat Action Computer Criminal Monetary Gain-my Computer Crime credit card info Fraudulent Act Hacker, Cracker Challenge, Ego Hacking, Social Engineering, System Intrusion, Unauthorized System Access. User Negligence Spill Fluids on System Idiocy Drop System
  • 14. Vulnerability Identification Vulnerability Threat-Source Threat Action Outdated Software Hacker, Cracker, System File Loss, Computer Criminal. Unauthorized System Accesses. Misconfigured System Users, Computer System Files Loss, Criminal. Hacker, System Failure Cracker. Absence Of Security Hacker, Cracker, System Files Loss, Software Computer Criminal. System Failure.
  • 15. Likelihood Determination Threat-Source Vulnerability Likelihood Hacker, Cracker, Outdated Software Medium Computer Criminal. Users, Computer Misconfigured System Medium Criminal. Hacker, Cracker, Absence Of Security High Computer Criminal. Software
  • 16. Impact Analysis Threat-Source Loss of Loss of Loss of Integrity Availability Confidentialit y Hacker, None High High Cracker. Computer None High High Criminal. Users Low Low Low
  • 17. Likelihood, Impact Analysis & Risk Vulnerability Threat - Likelihood Impact Risk Source Outdated Hacker, Medium Medium Medium Software Cracker, Computer Criminal. Misconfigured Users, High High High System Computer Criminal. Hacker, Cracker. Absence Of Hacker, High Medium Medium Security Cracker, Software Computer Criminal.
  • 18. Control Recommendations Risk Risk Recommended Controls Activity Level Priority Outdated Software Medium Regularly Updating Software. Medium Misconfigured High Hire Qualified Specialists. High System Absence Of Security Medium Install legally IPS & IDS. Medium Software
  • 20. ARP - Man in the middle attack  After I broke in through Metasploit exploit to  victim pc I try do more harm to him.  I use ARP protocol vulnerability, with which you  are invisible, but same time making damage to  victim.  With fake arpsoof regues and response package  sending I make MITM “Man In The Middle”  attack.  
  • 21. After that I get full information float from router and my selected other  computer.  In that information are included logins, emails other sensitive  information.  Victim become full infected, he needs get out of this situation and  prevent for another time.
  • 23. DoS
  • 24. TS before DoS attack
  • 25. TS after DoS attack
  • 26. Human Threats Threat-Source Motivation Threat Action Computer Criminal Monetary Gain-my Computer Crime credit card info Fraudulent Act Hacker, Cracker Challenge, Ego Hacking, Social Engineering, System Intrusion, Unauthorized System Access. Competitors Injure Company Economic Exploitation, Stability. Compromise System Penetration, Network work. Spoofing/Sniffing of Network. Run Of Company Data.
  • 27. Vulnerability Identification Vulnerability Threat-Source Threat Action Absence Of System Hacker, Cracker System Failure, Security Competitors Connection Damage, Computer Criminal Information Conversion.
  • 28. Likelihood Determination Threat-Source Vulnerability Likelihood Hacker, Cracker Absence Of System Medium Competitors Security Computer Criminal
  • 29. Impact Analysis Threat-Source Loss of Loss of Loss of Integrity Availability Confidentialit y Hacker, None High High Cracker. Computer None High High Criminal. Competitors Medium High High
  • 30. Likelihood, Impact Analysis & Risk Vulnerability Threat - Likelihood Impact Risk Source Absence Of Hacker, Medium High Medium System Cracker Security Competitors Computer Criminal
  • 31. Control Recommendations Risk Risk Recommended Controls Activity Level Priority Absence Of System Medium Install legally IPS & IDS. High Security Implement encryption. Users Access Control.
  • 33. Terminal server security configuration User groups: • Administrative Users group – privileges to  configure terminal server • Remote Desktop Users group – privileges only to  connect remote desktop without possibility to  configure it. • All users including administrator have credentials to  login the services, no password less connection  available.
  • 34. Application control for users • The users can use only specified applications by the  system administrator.  •  Not active user sessions are terminated according  time limit. • Applications that can be started by other application  are not visible to user. • User attempt to open not assigned application are  restricted by  pop­out message that user have not  privilege to open it.
  • 35. Anti-virus  Implement security antivirus, which gives you updated  database and protect from intruders.  Shut down any untruthful connection.  Scanning web pages, your downloads.  Made with reliable Firewall.  Security isn’t about blocking malicious actions, it’s about  keeping your data safe, so arrange the reliable  Encryption software.  Users to upload viruses for future updates.  #1 Bitdefender
  • 36. Security against network attacks ● IPS&IDS ● Snort ● Firewall ● Ipcop  APF (Advanced Policy Firewall) from rfxnetworks ● Optional expensive solutions ● Cisco router ● Paid firewall