Escolar Documentos
Profissional Documentos
Cultura Documentos
Case Studies
Peter Wood
First•Base
Technologies
How much damage
can a security breach cause?
Di
n fro
al-
up
Dial-i
e IS
DN
lin
d co
a se nn
ec
Le tio
n
Desktop PC Firewall
Bridge Bridge
Secure
home m
Di
n fro
the al-
up
Secure
Dial-i
e IS
DN
desktop d
lin
co
se
Le
a Internet nn
ec
tio
n
Desktop PC Firewall connections
Bridge Bridge
Secure Secure
My Client Client's business partner
the third-party
Slide 5 network connections
© First Base Technologies 2003
The Inside Hacker
Pick a target
Internet
mail
e-
Laptop
Internet
mail
e-
Trojan software
Laptop now silently
installed
Internet
Firewall
Laptop Laptop
Corporate Network
Internet
Firewall
Evil server
Internet
Firewall
<PWR><CAD>fsmith<tab><tab>arabella
xxxxxxx <tab><tab> None<tab><tab> None<tab><tab> None<tab><tab>
<CAD> arabella
<CAD>
<CAD> arabella
<CAD>
<CAD> arabella
exit
tracert 192.168.137.240
telnet 192.168.137.240
cisco
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon]
"DefaultUserName"="username"
"DefaultPassword"="password"
"AutoAdminLogon"="1"
Password:
UnixWare 2.1.3.
mikew.
Copyright 1996 The Santa Cruz Operation, Inc. All Rights Reserved..
Copyright 1984-1995 Novell, Inc. All Rights Reserved..
Copyright 1987, 1988 Microsoft Corp. All Rights Reserved..
U.S. Pat. No. 5,349,642.
Peter Wood
First•Base
Technologies
Prevention is better ...
• Harden the servers
• Monitor alerts (e.g. www.sans.org)
• Scan, test and apply patches
• Monitor logs
• Good physical security
• Intrusion detection systems
• Train the technical staff on security
• Serious policy and procedures!
Slide 40 © First Base Technologies 2003
Server hardening
• HardNT40rev1.pdf • Windows NT Security Guidelines
(www.fbtechies.co.uk) (nsa1.www.conxion.com)
• HardenW2K101.pdf • NTBugtraq FAQs
(www.fbtechies.co.uk) (http://ntbugtraq.ntadvice.com/defa
• FAQ for How to Secure Windows ult.asp?pid=37&sid=1)
NT (www.sans.org) • Securing Windows 2000
• Fundamental Steps to Harden (www.sans.org)
Windows NT 4_0 (www.sans.org) • Securing Windows 2000 Server
• ISF NT Checklist v2 (www.sans.org)
(www.securityforum.org) • Windows 2000 Known
• http://www.microsoft.com/technet/ Vulnerabilities and Their Fixes
security/bestprac/default.asp (www.sans.org)
• Lockdown.pdf (www.iss.net) • SANS step-by-step guides
• www.sans.org
• www.cert.org
• www.microsoft.com/security
• www.ntbugtraq.com
• www.winnetmag.com
• razor.bindview.com
• eeye.com
• Security Pro News (ientrymail.com)
• Perimeter security
• Computer room security
• Desktop security
• Close monitoring of admin’s work areas
• No floppy drives?
• No bootable CDs?
• RealSecure
• Tripwire
• Dragon
• Snort
• www.networkintrusion.co.uk for guidance
• Top-down commitment
• Investment
• Designed-in security
• Regular audits
• Regular penetration testing
• Education & awareness
Peter Wood
peterw@firstbase.co.uk
www.fbtechies.co.uk