This is final presentation of IT security project. In this project tested terminal server security and built the system. Project consist of :
*Build the system
*Try to break
*Detect
*Prevent
So, project is implemented fully and all requirement are done.
1. Security test and
implementation
of terminal computer
Authors:
Armandas Rokas
Andrius Sinkevicius
Edvinas Butenas
December 7, 2011
2. Overview
Background story
Breakin attacks
Risk determination and security control recommendations
for breakin attacks
Network attacks
Risk determination and security control recommendations
for network attacks
Security solutions
Questions?
3. Background story
XpUnlimited.LT company
Software works on all previous Windows OS`s
Try the security of terminal server
Built fully protected ( included network security)
9. Exploit
(Infection with key logger)
Exploited by executing file on victims machine
File with payload
Meterpreter command line
Key log:
On Windows 7 only affected user
only affected
On Windows Xp all user
all
10. Mail infection
External attack
Attack was made from BackTrack 5 to infect the
Terminal thin client server with Windows 7
operating system.
Exploit which let me break in to victim computer
when he got the infected message to his mail box.
12. Some details
reverse_tcp payload.
local port 4444(it is vulnerable port) to create active
server which listening when victim click on
message.
After victim activate the payload included into
message I open meterpreter.
13. Human Threats
Threat-Source Motivation Threat Action
Computer Criminal Monetary Gain-my Computer Crime
credit card info Fraudulent Act
Hacker, Cracker Challenge, Ego Hacking, Social
Engineering, System
Intrusion, Unauthorized
System Access.
User Negligence Spill Fluids on System
Idiocy Drop System
14. Vulnerability Identification
Vulnerability Threat-Source Threat Action
Outdated Software Hacker, Cracker, System File Loss,
Computer Criminal. Unauthorized System
Accesses.
Misconfigured System Users, Computer System Files Loss,
Criminal. Hacker, System Failure
Cracker.
Absence Of Security Hacker, Cracker, System Files Loss,
Software Computer Criminal. System Failure.
15. Likelihood Determination
Threat-Source Vulnerability Likelihood
Hacker, Cracker, Outdated Software Medium
Computer Criminal.
Users, Computer Misconfigured System Medium
Criminal.
Hacker, Cracker, Absence Of Security High
Computer Criminal. Software
16. Impact Analysis
Threat-Source Loss of Loss of Loss of
Integrity Availability Confidentialit
y
Hacker, None High High
Cracker.
Computer None High High
Criminal.
Users Low Low Low
17. Likelihood, Impact Analysis &
Risk
Vulnerability Threat - Likelihood Impact Risk
Source
Outdated Hacker, Medium Medium Medium
Software Cracker,
Computer
Criminal.
Misconfigured Users, High High High
System Computer
Criminal.
Hacker,
Cracker.
Absence Of Hacker, High Medium Medium
Security Cracker,
Software Computer
Criminal.
18. Control Recommendations
Risk Risk Recommended Controls Activity
Level Priority
Outdated Software Medium Regularly Updating Software. Medium
Misconfigured High Hire Qualified Specialists. High
System
Absence Of Security Medium Install legally IPS & IDS. Medium
Software
20. ARP - Man in the middle
attack
After I broke in through Metasploit exploit to
victim pc I try do more harm to him.
I use ARP protocol vulnerability, with which you
are invisible, but same time making damage to
victim.
With fake arpsoof regues and response package
sending I make MITM “Man In The Middle”
attack.
21. After that I get full information float from router and my selected other
computer.
In that information are included logins, emails other sensitive
information.
Victim become full infected, he needs get out of this situation and
prevent for another time.
26. Human Threats
Threat-Source Motivation Threat Action
Computer Criminal Monetary Gain-my Computer Crime
credit card info Fraudulent Act
Hacker, Cracker Challenge, Ego Hacking, Social
Engineering, System
Intrusion, Unauthorized
System Access.
Competitors Injure Company Economic Exploitation,
Stability. Compromise System Penetration,
Network work. Spoofing/Sniffing of
Network. Run Of
Company Data.
27. Vulnerability Identification
Vulnerability Threat-Source Threat Action
Absence Of System Hacker, Cracker System Failure,
Security Competitors Connection Damage,
Computer Criminal Information
Conversion.
29. Impact Analysis
Threat-Source Loss of Loss of Loss of
Integrity Availability Confidentialit
y
Hacker, None High High
Cracker.
Computer None High High
Criminal.
Competitors Medium High High
30. Likelihood, Impact Analysis &
Risk
Vulnerability Threat - Likelihood Impact Risk
Source
Absence Of Hacker, Medium High Medium
System Cracker
Security Competitors
Computer
Criminal
31. Control Recommendations
Risk Risk Recommended Controls Activity
Level Priority
Absence Of System Medium Install legally IPS & IDS. High
Security Implement encryption. Users
Access Control.
33. Terminal server security
configuration
User groups:
• Administrative Users group – privileges to
configure terminal server
• Remote Desktop Users group – privileges only to
connect remote desktop without possibility to
configure it.
• All users including administrator have credentials to
login the services, no password less connection
available.
34. Application control for users
• The users can use only specified applications by the
system administrator.
• Not active user sessions are terminated according
time limit.
• Applications that can be started by other application
are not visible to user.
• User attempt to open not assigned application are
restricted by popout message that user have not
privilege to open it.
35. Anti-virus
Implement security antivirus, which gives you updated
database and protect from intruders.
Shut down any untruthful connection.
Scanning web pages, your downloads.
Made with reliable Firewall.
Security isn’t about blocking malicious actions, it’s about
keeping your data safe, so arrange the reliable
Encryption software.
Users to upload viruses for future updates.
#1 Bitdefender