SlideShare una empresa de Scribd logo

IT Infrastrucutre Security

Descargar como PPTX, PDF
S Periyakaruppan CISM,ISO31000,C-EH,ITILF
S Periyakaruppan CISM,ISO31000,C-EH,ITILF

IT infrastructure security

Tecnología
1 de 27
Agenda o Basics – Information Security o Infra Security Threats o Systems Threats & Countermeasures o Database Threats & Countermeasures o Network Threats & Countermeasures o Layered defense o Questions
Basics – Information Security Information Information Information architecture classification assets Data lifecycle Private People Data flow Public Process Data storage Confidential Technology
Infra - Security Threats virus: A program or piece of code that is loaded onto your computer without your knowledge and runs against your wishes. Trojan Horse: A destructive program that masquerades as a benign application. Unlike viruses, Trojan horses do not replicate themselves worm: A program or algorithm that replicates itself over a computer network and usually performs malicious actions
Infra- Security Threats - Contd Adware is considered a legitimate alternative offered to consumers who do not wish to pay for software. Spyware is considered a malicious program and is similar to a Trojan horse in that users unwittingly install the product when they install something else. Adware is considered a legitimate alternative offered to consumers who do not wish to pay for software. Programs, games or utilities can be designed and distributed as freeware Malware is short form of malicious software, consists of programming (code, scripts, active content, and other software) designed to disrupt or deny operation, gather information that leads to loss of privacy or exploitation, gain unauthorized access to system resources, and other abusive behaviour. root kit is software that enables continued privileged access to a computer while actively hiding its presence from administrators by subverting standard operating system functionality or other applications.
System Threats & Countermeasures  SMB relay – MITM  FTP bouncing  DNS Cache Poisoning  Insider threat – Windows environment
SMB Relay Attack - Explained A SMB Relay attack is a type of man-in-the-middle attack where the attacker asks the victim to authenticate to a machine controlled by the attacker, then relays the credentials to the target. The attacker forwards the authentication information both ways, giving him access. Here are the players in this scenario •The attacker is the person trying to break into the target •The victim is the person who has the credentials •The target is the system the attacker wants access to, and that the victim has credentials for And here’s the scenario (see the image at the right for a diagram): 1.Attacker tricks the victim into connecting to him 2.Attacker establishes connection to the target, receives the Counter Measures 8-byte challenge 3.Attacker sends the 8-byte challenge to victim • Preventive : Signed SMBs (NTLM V2) 4.Victim responds to the attacker with the password hash 5.Attacker responds to the target’s challenge with the • Detective : Log monitoring – TCP victim’s hash 139 445 transactions 6.Target grants access to attacker • Compensative : Layered defence
FTP Bouncing - Explained An open port completes the transfer over the specified connection 1. It is a fact that printers are usually installed with all the settings by default. This includes having the A closed port will result with the FTP server informing the default administration password (if any), default source station that the FTP server can't build the connection administrative interfaces enabled, default services running, default SNMP community string, etc. 2. It is interesting to note that some printers run an anonymous FTP server that users (and processes) can use to print documents. A user can upload a document to the FTP server running on the printer and it will be printed. Things get worse when you discover that the FTP server supports the PORT Counter Measures command. 3. The PORT command is sent by the FTP client to • Preventive : Deny FTP establish a secondary channel for data to travel over. Passive, Avoid FTP arbitrary connections. This command can be abused by attacker to network • Detective : IDS Log monitoring scan other hosts on your network, as shown in the • Compensative : Layered defense next
DNS Cache Poisoning DNS cache poisoning is a maliciously created or unintended situation that provides data to a Domain Name Server that did not originate from authoritative DNS sources
DNS Cache Poisoning - Explained 1. A request is sent to the authoritative server for companyA.com. This is identical to the standard process for an iterative query – with one exception. 2. A cracker has decided to poison the internal DNS server‘s cache. In order to intercept a query and return malicious information, the cracker must know the transaction ID. Once the transaction ID is known, the attacker‘s DNS server can respond as the authoritative server for companyA.com. Although this would be a simple matter with older DNS software (e.g. BIND 4 and earlier), newer DNS systems have built-in safeguards. In our example, the transaction ID used to identify each query instance is randomized. But figuring out the transaction ID is not impossible. 3. All that‘s required is time. To slow the response of the real authoritative server, cracker uses a botnet to initiate a Denial of Service (DoS) attack. While the authoritative Counter Measures server struggles to deal with the attack, the attacker‘s DNS server has time to determine the transaction ID. 4. Once the ID is determined, a query response is sent to the • Preventive : Latest version of internal DNS server. But the IP address for DNS software BIND 9.3 Win 2003, DNSSEC farpoint.companyA.com in the response is actually the IP • Detective : IDS log analysis address of the attacker‘s site. The response is placed into • Compensative : Layered defense the server‘s cache
Insider Threat – Unpatched application
Insider Threat – Backdoor & Password crack
Insider Threat – Misuse of Admin privilege Counter Measures • Preventive : Proper Patch updates , Least user privilege, Role based access. • Detective : IDS ,File integrity monitors • Compensative : Layered defense
Database Threats & Countermeasures  Disparate Attack vectors  SQL Injection  XSS Cross Site Scripting  Buffer Overflow  Top 5 Process Gaps
Database Attack Vectors & Vulnerabilities
SQL Injection – Attack Explained 1. SQL Injection is an attack method that targets the data residing in a database through the firewall that shields it. 2. It attempts to modify the parameters of a Web-based application in order to alter the SQL statements that are parsed to retrieve data from the database. 3. Enter the string as both user name and password in the frame on the right. This should get you logged in as a user (jake happens to be the first user in the table). This tells you that Jake is a user and it allows you to access his account. Privilege Escalation using SQL injection The GRANTEE parameter used in procedures of SYS.DBMS_STREAMS_AUTH PL/SQL Package is vulnerable to SQL injection. Exploitation of this vulnerability allows an attacker to execute arbitrary PL/SQL under the elevated privileges of the SYS user Counter Measures • Preventive : Input Validation/ Proper Patch management • Detective : Audit log monitoring of high privilege grants • Compensative : Layered defence
XSS – Cross Site Scripting Basics Counter Measures • Preventive : HTTP Post method, URL randomization • Detective : IDS • Compensative : Layered Defence
Buffer Overflow – Concept Explained Buffer overflow occurs when data is input or written beyond the allocated bounds of an buffer, array, or other object causing 1. SYS.OLAPIMPL_T.ODCITABLESTART Procedure in sys a program crash or a vulnerability that hackers might exploit. package with Execute privilege has Buffer Overflow in Oracle 9iR1 and 9iR2 2. EXECUTE privilege on DBMS_AQELM : Any Oracle database user with EXECUTE privilege on the package DBMS_AQELM can execute arbitrary code under the security context of the database server. 3. IBM Lotus Domino IMAP Cram-MD5 Buffer Overflow: It is prone to a remote buffer-overflow vulnerability because it fails to properly bounds- check user-supplied data before copying it to an insufficiently sized memory buffer. Counter Measures • Preventive : Input Validation/ Patch updates • Detective : Log monitoring • Compensative : Layered defence
Top 5 Database Security Process Gaps  Poor Privilege management  Poor Patch Management  Lack of SOD  Insecure communication protocol – TNS listener/DB links  Lack of powerful grants audit trigger
Network Threats & Countermeasures  Network Re-direction  Arp-Cache poisoning  Connection Hijacking  SYN flooding  Denial of Services  Distributed Denial of Services
Network Re-direction 1. A port redirection attack is a trust exploitation-based attack that uses a compromised host to pass traffic through a firewall that the firewall would otherwise drop. 2. As an example the diagram ,shows a firewall with three interfaces: Inside, Outside, and DMZ, with Host A on the DMZ interface. A host located on the outside interface can reach Host A, but cannot reach the host on the inside, Host B. Host A can reach both the host on the outside and Host B. 3. If a hacker can compromise Host A, the hacker can install software on the DMZ host that redirects traffic from the outside host directly to the inside host (Host B). Although neither communication violates the rules implemented in the firewall, the outside host now has connectivity to the inside host through the port redirection process on the DMZ host Counter Measures • Preventive : HIPS, Proper Trust model and restricted services • Detective : Log monitoring • Compensative : Layered defence
ARP - Poisoning 1. In normal operation the computers on the LAN use ARP protocol to acquire and memorize each other's NIC MAC address which they use for sending network data to each other. 2. But the ARP protocol provides no protection against misuse. An attacking computer on the same LAN can simply send spoofed ARP Replies to any other computers, telling them that its MAC address should receive the traffic bound for other IP addresses. 3. This "ARP Cache Poisoning" can be used to Counter Measures redirect traffic throughout the LAN, allowing any malicious computer to insert itself into the • Preventive : Use Static IP entries communications stream between any other computers for the purpose of monitoring and even using batch script during login alter the data flowing across the LAN. • Detective : Arp inspection • Compensative : Layered defense
Connection Hijacking 1. The attacker examines the traffic flows with a network monitor and notices traffic from Employee X to a web server. 2. The web server returns or echoes data back to the origination station (Employee X). 3. Employee X acknowledges the packet. 4. The cracker launches a spoofed packet to the server. 5. The web server responds to the cracker. The cracker starts verifying SEQ/ACK numbers to double-check success. At this time, the cracker takes over the session from Employee X, which results in a session hanging for Employee X. 6. The cracker can start sending traffic to the web server. 7. The web server returns the requested data to confirm delivery with the correct ACK number. Counter Measures 8. The cracker can continue to send data (keeping track of the correct SEQ/ACK numbers) until eventually setting the FIN flag to terminate the • Preventive : Anti-Spoofing connection. • Detective : Log monitoring • Compensative : Layered defense
Syn - Flooding Counter Measures • Preventive : Effective Ingress filters. • Detective : IDS • Compensative : Layered defense
DOS & DDOS A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users Counter Measures • Preventive : Threshold/Rate limiting/Peak flow • Detective : IDS/SIEM • Compensative : HA/Load balancers
Layered defense Infrastrucre Layers of Defense Security Tools Network • RSA enVision • Multi Vendor Firewall • Arc Sight • Intrusion Detection System • Log Logic • Monitoring & Management • Log Review • McAfee Suite • Symantec Suite • Trend Micro • CIS – Bench Mark Audit tools System • Computing Environments • WebSense • Server Build Check • Blue Coat • Log Reviews • Tipping Point • FoundStone • Qualysguard Desktop/End Point • AppScan • Desktop Applications • End point Security User Access • User Access Requests • Multiple Applications • Diversified Technology - 26 -
IT Infrastrucutre Security

Recomendados

Cybersecurity Basics - Aravindr.com
Cybersecurity Basics - Aravindr.comCybersecurity Basics - Aravindr.com
Cybersecurity Basics - Aravindr.comAravind R
 
Network Security
Network SecurityNetwork Security
Network SecurityTechknow Book
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentationTayabaZahid
 
Network security
Network securityNetwork security
Network securityEstiak Khan
 
IT Security
IT SecurityIT Security
IT SecurityMohsin Laiq
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to CybersecurityKrutarth Vasavada
 
Cybercrime and Security
Cybercrime and SecurityCybercrime and Security
Cybercrime and SecurityNoushad Hasan
 
Network Security Risk
Network Security RiskNetwork Security Risk
Network Security RiskDedi Dwianto
 

Recomendados

Cybersecurity Basics - Aravindr.com
Cybersecurity Basics - Aravindr.comCybersecurity Basics - Aravindr.com
Cybersecurity Basics - Aravindr.comAravind R
 
Network Security
Network SecurityNetwork Security
Network SecurityTechknow Book
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentationTayabaZahid
 
Network security
Network securityNetwork security
Network securityEstiak Khan
 
IT Security
IT SecurityIT Security
IT SecurityMohsin Laiq
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to CybersecurityKrutarth Vasavada
 
Cybercrime and Security
Cybercrime and SecurityCybercrime and Security
Cybercrime and SecurityNoushad Hasan
 
Network Security Risk
Network Security RiskNetwork Security Risk
Network Security RiskDedi Dwianto
 
Comprehensive plans are in place to improve our institutional cyber security
Comprehensive plans are in place to improve our institutional cyber securityComprehensive plans are in place to improve our institutional cyber security
Comprehensive plans are in place to improve our institutional cyber securityJasonTrinhNguyenTruo
 
Fortinet sandboxing
Fortinet sandboxingFortinet sandboxing
Fortinet sandboxingNick Straughan
 
Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information SecurityDumindu Pahalawatta
 
Network Security Presentation
Network Security PresentationNetwork Security Presentation
Network Security PresentationAllan Pratt MBA
 
Managing Personally Identifiable Information (PII)
Managing Personally Identifiable Information (PII)Managing Personally Identifiable Information (PII)
Managing Personally Identifiable Information (PII)KP Naidu
 
Building An Information Security Awareness Program
Building An Information Security Awareness ProgramBuilding An Information Security Awareness Program
Building An Information Security Awareness ProgramBill Gardner
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITYAhmed Moussa
 
Computer security threats & prevention
Computer security threats & preventionComputer security threats & prevention
Computer security threats & preventionPriSim
 
Cyber security fundamentals
Cyber security fundamentalsCyber security fundamentals
Cyber security fundamentalsCloudflare
 
Cybersecurity
CybersecurityCybersecurity
CybersecurityNebiyeLioul
 
Cyber Security Best Practices
Cyber Security Best PracticesCyber Security Best Practices
Cyber Security Best PracticesEvolve IP
 
Chap 1 Fundamentals of Cyber Security _ Intr to Cyber types.pptx
Chap 1 Fundamentals of Cyber Security _ Intr to Cyber types.pptxChap 1 Fundamentals of Cyber Security _ Intr to Cyber types.pptx
Chap 1 Fundamentals of Cyber Security _ Intr to Cyber types.pptxSharmilaMore5
 
Network Security Threats and Solutions
Network Security Threats and SolutionsNetwork Security Threats and Solutions
Network Security Threats and SolutionsColin058
 
Computer security and
Computer security andComputer security and
Computer security andRana Usman Sattar
 
Cyber security
Cyber securityCyber security
Cyber securityManjushree Mashal
 
Information System Security(lecture 1)
Information System Security(lecture 1)Information System Security(lecture 1)
Information System Security(lecture 1)Ali Habeeb
 
Windows server
Windows serverWindows server
Windows serverHideo Amezawa
 
Network security
Network security Network security
Network security Madhumithah Ilango
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingDaniel P Wallace
 
Computer security
Computer securityComputer security
Computer securityMahesh Singh Madai
 
E payment security – pci dss
E payment security – pci dssE payment security – pci dss
E payment security – pci dssS Periyakaruppan CISM,ISO31000,C-EH,ITILF
 
Information systems risk assessment frame workisraf 130215042410-phpapp01
Information systems risk assessment frame workisraf 130215042410-phpapp01Information systems risk assessment frame workisraf 130215042410-phpapp01
Information systems risk assessment frame workisraf 130215042410-phpapp01S Periyakaruppan CISM,ISO31000,C-EH,ITILF
 

Más contenido relacionado

La actualidad más candente

Comprehensive plans are in place to improve our institutional cyber security
Comprehensive plans are in place to improve our institutional cyber securityComprehensive plans are in place to improve our institutional cyber security
Comprehensive plans are in place to improve our institutional cyber securityJasonTrinhNguyenTruo
 
Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information SecurityDumindu Pahalawatta
 
Network Security Presentation
Network Security PresentationNetwork Security Presentation
Network Security PresentationAllan Pratt MBA
 
Managing Personally Identifiable Information (PII)
Managing Personally Identifiable Information (PII)Managing Personally Identifiable Information (PII)
Managing Personally Identifiable Information (PII)KP Naidu
 
Building An Information Security Awareness Program
Building An Information Security Awareness ProgramBuilding An Information Security Awareness Program
Building An Information Security Awareness ProgramBill Gardner
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITYAhmed Moussa
 
Computer security threats & prevention
Computer security threats & preventionComputer security threats & prevention
Computer security threats & preventionPriSim
 
Cyber security fundamentals
Cyber security fundamentalsCyber security fundamentals
Cyber security fundamentalsCloudflare
 
Cyber Security Best Practices
Cyber Security Best PracticesCyber Security Best Practices
Cyber Security Best PracticesEvolve IP
 
Chap 1 Fundamentals of Cyber Security _ Intr to Cyber types.pptx
Chap 1 Fundamentals of Cyber Security _ Intr to Cyber types.pptxChap 1 Fundamentals of Cyber Security _ Intr to Cyber types.pptx
Chap 1 Fundamentals of Cyber Security _ Intr to Cyber types.pptxSharmilaMore5
 
Network Security Threats and Solutions
Network Security Threats and SolutionsNetwork Security Threats and Solutions
Network Security Threats and SolutionsColin058
 
Information System Security(lecture 1)
Information System Security(lecture 1)Information System Security(lecture 1)
Information System Security(lecture 1)Ali Habeeb
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingDaniel P Wallace
 

La actualidad más candente (20)

Comprehensive plans are in place to improve our institutional cyber security
Comprehensive plans are in place to improve our institutional cyber securityComprehensive plans are in place to improve our institutional cyber security
Comprehensive plans are in place to improve our institutional cyber security
 
Fortinet sandboxing
Fortinet sandboxingFortinet sandboxing
Fortinet sandboxing
 
Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information Security
 
Network Security Presentation
Network Security PresentationNetwork Security Presentation
Network Security Presentation
 
Managing Personally Identifiable Information (PII)
Managing Personally Identifiable Information (PII)Managing Personally Identifiable Information (PII)
Managing Personally Identifiable Information (PII)
 
Building An Information Security Awareness Program
Building An Information Security Awareness ProgramBuilding An Information Security Awareness Program
Building An Information Security Awareness Program
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITY
 
Computer security threats & prevention
Computer security threats & preventionComputer security threats & prevention
Computer security threats & prevention
 
Cyber security fundamentals
Cyber security fundamentalsCyber security fundamentals
Cyber security fundamentals
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
 
Cyber Security Best Practices
Cyber Security Best PracticesCyber Security Best Practices
Cyber Security Best Practices
 
Chap 1 Fundamentals of Cyber Security _ Intr to Cyber types.pptx
Chap 1 Fundamentals of Cyber Security _ Intr to Cyber types.pptxChap 1 Fundamentals of Cyber Security _ Intr to Cyber types.pptx
Chap 1 Fundamentals of Cyber Security _ Intr to Cyber types.pptx
 
Network Security Threats and Solutions
Network Security Threats and SolutionsNetwork Security Threats and Solutions
Network Security Threats and Solutions
 
Computer security and
Computer security andComputer security and
Computer security and
 
Cyber security
Cyber securityCyber security
Cyber security
 
Information System Security(lecture 1)
Information System Security(lecture 1)Information System Security(lecture 1)
Information System Security(lecture 1)
 
Windows server
Windows serverWindows server
Windows server
 
Network security
Network security Network security
Network security
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
 
Computer security
Computer securityComputer security
Computer security
 

Destacado

11th Website Security Statistics -- Presentation Slides (Q1 2011)
11th Website Security Statistics -- Presentation Slides (Q1 2011)11th Website Security Statistics -- Presentation Slides (Q1 2011)
11th Website Security Statistics -- Presentation Slides (Q1 2011)Jeremiah Grossman
 
Statistics - Top Website Vulnerabilities
Statistics - Top Website VulnerabilitiesStatistics - Top Website Vulnerabilities
Statistics - Top Website VulnerabilitiesJeremiah Grossman
 
Risks threats and vulnerabilities
Risks threats and vulnerabilitiesRisks threats and vulnerabilities
Risks threats and vulnerabilitiesManish Chaurasia
 
NIST 800-30 Intro to Conducting Risk Assessments - Part 1
NIST 800-30 Intro to Conducting Risk Assessments - Part 1NIST 800-30 Intro to Conducting Risk Assessments - Part 1
NIST 800-30 Intro to Conducting Risk Assessments - Part 1Denise Tawwab
 
Network infrastructure security management solution - A holistic approach in ...
Network infrastructure security management solution - A holistic approach in ...Network infrastructure security management solution - A holistic approach in ...
Network infrastructure security management solution - A holistic approach in ...Twinkle Sebastian
 
Risk Assessment Process NIST 800-30
Risk Assessment Process NIST 800-30Risk Assessment Process NIST 800-30
Risk Assessment Process NIST 800-30timmcguinness
 
Risk assessment
Risk assessmentRisk assessment
Risk assessmentdoogstone
 
Powerpoint Risk Assessment
Powerpoint Risk AssessmentPowerpoint Risk Assessment
Powerpoint Risk AssessmentSteve Bishop
 
LinkedIn SlideShare: Knowledge, Well-Presented
LinkedIn SlideShare: Knowledge, Well-PresentedLinkedIn SlideShare: Knowledge, Well-Presented
LinkedIn SlideShare: Knowledge, Well-PresentedSlideShare
 

Destacado (15)

E payment security – pci dss
E payment security – pci dssE payment security – pci dss
E payment security – pci dss
 
Information systems risk assessment frame workisraf 130215042410-phpapp01
Information systems risk assessment frame workisraf 130215042410-phpapp01Information systems risk assessment frame workisraf 130215042410-phpapp01
Information systems risk assessment frame workisraf 130215042410-phpapp01
 
11th Website Security Statistics -- Presentation Slides (Q1 2011)
11th Website Security Statistics -- Presentation Slides (Q1 2011)11th Website Security Statistics -- Presentation Slides (Q1 2011)
11th Website Security Statistics -- Presentation Slides (Q1 2011)
 
Statistics - Top Website Vulnerabilities
Statistics - Top Website VulnerabilitiesStatistics - Top Website Vulnerabilities
Statistics - Top Website Vulnerabilities
 
Risks threats and vulnerabilities
Risks threats and vulnerabilitiesRisks threats and vulnerabilities
Risks threats and vulnerabilities
 
NIST 800 30 revision Sep 2012
NIST 800 30 revision Sep 2012NIST 800 30 revision Sep 2012
NIST 800 30 revision Sep 2012
 
NIST SP 800 30 Flow Chart
NIST SP 800 30 Flow ChartNIST SP 800 30 Flow Chart
NIST SP 800 30 Flow Chart
 
NIST 800-30 Intro to Conducting Risk Assessments - Part 1
NIST 800-30 Intro to Conducting Risk Assessments - Part 1NIST 800-30 Intro to Conducting Risk Assessments - Part 1
NIST 800-30 Intro to Conducting Risk Assessments - Part 1
 
Network infrastructure security management solution - A holistic approach in ...
Network infrastructure security management solution - A holistic approach in ...Network infrastructure security management solution - A holistic approach in ...
Network infrastructure security management solution - A holistic approach in ...
 
Risk Assessment Process NIST 800-30
Risk Assessment Process NIST 800-30Risk Assessment Process NIST 800-30
Risk Assessment Process NIST 800-30
 
ISO 27005 Risk Assessment
ISO 27005 Risk AssessmentISO 27005 Risk Assessment
ISO 27005 Risk Assessment
 
Asset, Vulnerability, Threat, Risk & Control
Asset, Vulnerability, Threat, Risk & ControlAsset, Vulnerability, Threat, Risk & Control
Asset, Vulnerability, Threat, Risk & Control
 
Risk assessment
Risk assessmentRisk assessment
Risk assessment
 
Powerpoint Risk Assessment
Powerpoint Risk AssessmentPowerpoint Risk Assessment
Powerpoint Risk Assessment
 
LinkedIn SlideShare: Knowledge, Well-Presented
LinkedIn SlideShare: Knowledge, Well-PresentedLinkedIn SlideShare: Knowledge, Well-Presented
LinkedIn SlideShare: Knowledge, Well-Presented
 

Similar a IT Infrastrucutre Security

Types of Attack in Information and Network Security
Types of Attack in Information and Network SecurityTypes of Attack in Information and Network Security
Types of Attack in Information and Network Securitypadmeshagrekar
 
Network And Application Layer Attacks
Network And Application Layer AttacksNetwork And Application Layer Attacks
Network And Application Layer AttacksArun Modi
 
what is transport layer what are the typical attacks in transport l.pdf
what is transport layer what are the typical attacks in transport l.pdfwhat is transport layer what are the typical attacks in transport l.pdf
what is transport layer what are the typical attacks in transport l.pdfbrijeshagarwa329898l
 
Ids 009 network attacks
Ids 009 network attacksIds 009 network attacks
Ids 009 network attacksjyoti_lakhani
 
Protecting Web Services from DDOS Attack
Protecting Web Services from DDOS AttackProtecting Web Services from DDOS Attack
Protecting Web Services from DDOS AttackPonraj
 
Internet security
Internet securityInternet security
Internet securitygohel
 
Computer Network Case Study - bajju.pptx
Computer Network Case Study - bajju.pptxComputer Network Case Study - bajju.pptx
Computer Network Case Study - bajju.pptxShivamBajaj36
 
DNS Advanced Attacks and Analysis
DNS Advanced Attacks and AnalysisDNS Advanced Attacks and Analysis
DNS Advanced Attacks and AnalysisCSCJournals
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection systemSweta Sharma
 
Security concepts
Security conceptsSecurity concepts
Security conceptsartisriva
 
Bsides-Philly-2016-Finding-A-Companys-BreakPoint
Bsides-Philly-2016-Finding-A-Companys-BreakPointBsides-Philly-2016-Finding-A-Companys-BreakPoint
Bsides-Philly-2016-Finding-A-Companys-BreakPointZack Meyers
 
Day 2 Dns Cert 4c Malicious Use
Day 2 Dns Cert 4c Malicious UseDay 2 Dns Cert 4c Malicious Use
Day 2 Dns Cert 4c Malicious Usevngundi
 
ENHANCING THE IMPREGNABILITY OF LINUX SERVERS
ENHANCING THE IMPREGNABILITY OF LINUX SERVERSENHANCING THE IMPREGNABILITY OF LINUX SERVERS
ENHANCING THE IMPREGNABILITY OF LINUX SERVERSIJNSA Journal
 
Enhancing the impregnability of linux servers
Enhancing the impregnability of linux serversEnhancing the impregnability of linux servers
Enhancing the impregnability of linux serversIJNSA Journal
 
Jesse Burke RDPwned HackMiami7
Jesse Burke RDPwned HackMiami7Jesse Burke RDPwned HackMiami7
Jesse Burke RDPwned HackMiami7Jesse Burke
 

Similar a IT Infrastrucutre Security (20)

Types of Attack in Information and Network Security
Types of Attack in Information and Network SecurityTypes of Attack in Information and Network Security
Types of Attack in Information and Network Security
 
Network And Application Layer Attacks
Network And Application Layer AttacksNetwork And Application Layer Attacks
Network And Application Layer Attacks
 
what is transport layer what are the typical attacks in transport l.pdf
what is transport layer what are the typical attacks in transport l.pdfwhat is transport layer what are the typical attacks in transport l.pdf
what is transport layer what are the typical attacks in transport l.pdf
 
Ids 009 network attacks
Ids 009 network attacksIds 009 network attacks
Ids 009 network attacks
 
Protecting Web Services from DDOS Attack
Protecting Web Services from DDOS AttackProtecting Web Services from DDOS Attack
Protecting Web Services from DDOS Attack
 
Internet security
Internet securityInternet security
Internet security
 
Internet security
Internet securityInternet security
Internet security
 
Computer Network Case Study - bajju.pptx
Computer Network Case Study - bajju.pptxComputer Network Case Study - bajju.pptx
Computer Network Case Study - bajju.pptx
 
DNS Advanced Attacks and Analysis
DNS Advanced Attacks and AnalysisDNS Advanced Attacks and Analysis
DNS Advanced Attacks and Analysis
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
 
Security concepts
Security conceptsSecurity concepts
Security concepts
 
DDoS ATTACKS
DDoS ATTACKSDDoS ATTACKS
DDoS ATTACKS
 
Lecture 2
Lecture 2Lecture 2
Lecture 2
 
Bsides-Philly-2016-Finding-A-Companys-BreakPoint
Bsides-Philly-2016-Finding-A-Companys-BreakPointBsides-Philly-2016-Finding-A-Companys-BreakPoint
Bsides-Philly-2016-Finding-A-Companys-BreakPoint
 
Day 2 Dns Cert 4c Malicious Use
Day 2 Dns Cert 4c Malicious UseDay 2 Dns Cert 4c Malicious Use
Day 2 Dns Cert 4c Malicious Use
 
ENHANCING THE IMPREGNABILITY OF LINUX SERVERS
ENHANCING THE IMPREGNABILITY OF LINUX SERVERSENHANCING THE IMPREGNABILITY OF LINUX SERVERS
ENHANCING THE IMPREGNABILITY OF LINUX SERVERS
 
Enhancing the impregnability of linux servers
Enhancing the impregnability of linux serversEnhancing the impregnability of linux servers
Enhancing the impregnability of linux servers
 
DoS/DDoS
DoS/DDoSDoS/DDoS
DoS/DDoS
 
Botnets Attacks.pptx
Botnets Attacks.pptxBotnets Attacks.pptx
Botnets Attacks.pptx
 
Jesse Burke RDPwned HackMiami7
Jesse Burke RDPwned HackMiami7Jesse Burke RDPwned HackMiami7
Jesse Burke RDPwned HackMiami7
 

Último

Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...panagenda
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationKnoldus Inc.
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterMydbops
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Mark Goldstein
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 

Último (20)

Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog Presentation
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 

IT Infrastrucutre Security

  • 1.
  • 2. Agenda o Basics – Information Security o Infra Security Threats o Systems Threats & Countermeasures o Database Threats & Countermeasures o Network Threats & Countermeasures o Layered defense o Questions
  • 3. Basics – Information Security Information Information Information architecture classification assets Data lifecycle Private People Data flow Public Process Data storage Confidential Technology
  • 4. Infra - Security Threats virus: A program or piece of code that is loaded onto your computer without your knowledge and runs against your wishes. Trojan Horse: A destructive program that masquerades as a benign application. Unlike viruses, Trojan horses do not replicate themselves worm: A program or algorithm that replicates itself over a computer network and usually performs malicious actions
  • 5. Infra- Security Threats - Contd Adware is considered a legitimate alternative offered to consumers who do not wish to pay for software. Spyware is considered a malicious program and is similar to a Trojan horse in that users unwittingly install the product when they install something else. Adware is considered a legitimate alternative offered to consumers who do not wish to pay for software. Programs, games or utilities can be designed and distributed as freeware Malware is short form of malicious software, consists of programming (code, scripts, active content, and other software) designed to disrupt or deny operation, gather information that leads to loss of privacy or exploitation, gain unauthorized access to system resources, and other abusive behaviour. root kit is software that enables continued privileged access to a computer while actively hiding its presence from administrators by subverting standard operating system functionality or other applications.
  • 6. System Threats & Countermeasures  SMB relay – MITM  FTP bouncing  DNS Cache Poisoning  Insider threat – Windows environment
  • 7. SMB Relay Attack - Explained A SMB Relay attack is a type of man-in-the-middle attack where the attacker asks the victim to authenticate to a machine controlled by the attacker, then relays the credentials to the target. The attacker forwards the authentication information both ways, giving him access. Here are the players in this scenario •The attacker is the person trying to break into the target •The victim is the person who has the credentials •The target is the system the attacker wants access to, and that the victim has credentials for And here’s the scenario (see the image at the right for a diagram): 1.Attacker tricks the victim into connecting to him 2.Attacker establishes connection to the target, receives the Counter Measures 8-byte challenge 3.Attacker sends the 8-byte challenge to victim • Preventive : Signed SMBs (NTLM V2) 4.Victim responds to the attacker with the password hash 5.Attacker responds to the target’s challenge with the • Detective : Log monitoring – TCP victim’s hash 139 445 transactions 6.Target grants access to attacker • Compensative : Layered defence
  • 8. FTP Bouncing - Explained An open port completes the transfer over the specified connection 1. It is a fact that printers are usually installed with all the settings by default. This includes having the A closed port will result with the FTP server informing the default administration password (if any), default source station that the FTP server can't build the connection administrative interfaces enabled, default services running, default SNMP community string, etc. 2. It is interesting to note that some printers run an anonymous FTP server that users (and processes) can use to print documents. A user can upload a document to the FTP server running on the printer and it will be printed. Things get worse when you discover that the FTP server supports the PORT Counter Measures command. 3. The PORT command is sent by the FTP client to • Preventive : Deny FTP establish a secondary channel for data to travel over. Passive, Avoid FTP arbitrary connections. This command can be abused by attacker to network • Detective : IDS Log monitoring scan other hosts on your network, as shown in the • Compensative : Layered defense next
  • 9. DNS Cache Poisoning DNS cache poisoning is a maliciously created or unintended situation that provides data to a Domain Name Server that did not originate from authoritative DNS sources
  • 10. DNS Cache Poisoning - Explained 1. A request is sent to the authoritative server for companyA.com. This is identical to the standard process for an iterative query – with one exception. 2. A cracker has decided to poison the internal DNS server‘s cache. In order to intercept a query and return malicious information, the cracker must know the transaction ID. Once the transaction ID is known, the attacker‘s DNS server can respond as the authoritative server for companyA.com. Although this would be a simple matter with older DNS software (e.g. BIND 4 and earlier), newer DNS systems have built-in safeguards. In our example, the transaction ID used to identify each query instance is randomized. But figuring out the transaction ID is not impossible. 3. All that‘s required is time. To slow the response of the real authoritative server, cracker uses a botnet to initiate a Denial of Service (DoS) attack. While the authoritative Counter Measures server struggles to deal with the attack, the attacker‘s DNS server has time to determine the transaction ID. 4. Once the ID is determined, a query response is sent to the • Preventive : Latest version of internal DNS server. But the IP address for DNS software BIND 9.3 Win 2003, DNSSEC farpoint.companyA.com in the response is actually the IP • Detective : IDS log analysis address of the attacker‘s site. The response is placed into • Compensative : Layered defense the server‘s cache
  • 11. Insider Threat – Unpatched application
  • 12. Insider Threat – Backdoor & Password crack
  • 13. Insider Threat – Misuse of Admin privilege Counter Measures • Preventive : Proper Patch updates , Least user privilege, Role based access. • Detective : IDS ,File integrity monitors • Compensative : Layered defense
  • 14. Database Threats & Countermeasures  Disparate Attack vectors  SQL Injection  XSS Cross Site Scripting  Buffer Overflow  Top 5 Process Gaps
  • 15. Database Attack Vectors & Vulnerabilities
  • 16. SQL Injection – Attack Explained 1. SQL Injection is an attack method that targets the data residing in a database through the firewall that shields it. 2. It attempts to modify the parameters of a Web-based application in order to alter the SQL statements that are parsed to retrieve data from the database. 3. Enter the string as both user name and password in the frame on the right. This should get you logged in as a user (jake happens to be the first user in the table). This tells you that Jake is a user and it allows you to access his account. Privilege Escalation using SQL injection The GRANTEE parameter used in procedures of SYS.DBMS_STREAMS_AUTH PL/SQL Package is vulnerable to SQL injection. Exploitation of this vulnerability allows an attacker to execute arbitrary PL/SQL under the elevated privileges of the SYS user Counter Measures • Preventive : Input Validation/ Proper Patch management • Detective : Audit log monitoring of high privilege grants • Compensative : Layered defence
  • 17. XSS – Cross Site Scripting Basics Counter Measures • Preventive : HTTP Post method, URL randomization • Detective : IDS • Compensative : Layered Defence
  • 18. Buffer Overflow – Concept Explained Buffer overflow occurs when data is input or written beyond the allocated bounds of an buffer, array, or other object causing 1. SYS.OLAPIMPL_T.ODCITABLESTART Procedure in sys a program crash or a vulnerability that hackers might exploit. package with Execute privilege has Buffer Overflow in Oracle 9iR1 and 9iR2 2. EXECUTE privilege on DBMS_AQELM : Any Oracle database user with EXECUTE privilege on the package DBMS_AQELM can execute arbitrary code under the security context of the database server. 3. IBM Lotus Domino IMAP Cram-MD5 Buffer Overflow: It is prone to a remote buffer-overflow vulnerability because it fails to properly bounds- check user-supplied data before copying it to an insufficiently sized memory buffer. Counter Measures • Preventive : Input Validation/ Patch updates • Detective : Log monitoring • Compensative : Layered defence
  • 19. Top 5 Database Security Process Gaps  Poor Privilege management  Poor Patch Management  Lack of SOD  Insecure communication protocol – TNS listener/DB links  Lack of powerful grants audit trigger
  • 20. Network Threats & Countermeasures  Network Re-direction  Arp-Cache poisoning  Connection Hijacking  SYN flooding  Denial of Services  Distributed Denial of Services
  • 21. Network Re-direction 1. A port redirection attack is a trust exploitation-based attack that uses a compromised host to pass traffic through a firewall that the firewall would otherwise drop. 2. As an example the diagram ,shows a firewall with three interfaces: Inside, Outside, and DMZ, with Host A on the DMZ interface. A host located on the outside interface can reach Host A, but cannot reach the host on the inside, Host B. Host A can reach both the host on the outside and Host B. 3. If a hacker can compromise Host A, the hacker can install software on the DMZ host that redirects traffic from the outside host directly to the inside host (Host B). Although neither communication violates the rules implemented in the firewall, the outside host now has connectivity to the inside host through the port redirection process on the DMZ host Counter Measures • Preventive : HIPS, Proper Trust model and restricted services • Detective : Log monitoring • Compensative : Layered defence
  • 22. ARP - Poisoning 1. In normal operation the computers on the LAN use ARP protocol to acquire and memorize each other's NIC MAC address which they use for sending network data to each other. 2. But the ARP protocol provides no protection against misuse. An attacking computer on the same LAN can simply send spoofed ARP Replies to any other computers, telling them that its MAC address should receive the traffic bound for other IP addresses. 3. This "ARP Cache Poisoning" can be used to Counter Measures redirect traffic throughout the LAN, allowing any malicious computer to insert itself into the • Preventive : Use Static IP entries communications stream between any other computers for the purpose of monitoring and even using batch script during login alter the data flowing across the LAN. • Detective : Arp inspection • Compensative : Layered defense
  • 23. Connection Hijacking 1. The attacker examines the traffic flows with a network monitor and notices traffic from Employee X to a web server. 2. The web server returns or echoes data back to the origination station (Employee X). 3. Employee X acknowledges the packet. 4. The cracker launches a spoofed packet to the server. 5. The web server responds to the cracker. The cracker starts verifying SEQ/ACK numbers to double-check success. At this time, the cracker takes over the session from Employee X, which results in a session hanging for Employee X. 6. The cracker can start sending traffic to the web server. 7. The web server returns the requested data to confirm delivery with the correct ACK number. Counter Measures 8. The cracker can continue to send data (keeping track of the correct SEQ/ACK numbers) until eventually setting the FIN flag to terminate the • Preventive : Anti-Spoofing connection. • Detective : Log monitoring • Compensative : Layered defense
  • 24. Syn - Flooding Counter Measures • Preventive : Effective Ingress filters. • Detective : IDS • Compensative : Layered defense
  • 25. DOS & DDOS A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users Counter Measures • Preventive : Threshold/Rate limiting/Peak flow • Detective : IDS/SIEM • Compensative : HA/Load balancers
  • 26. Layered defense Infrastrucre Layers of Defense Security Tools Network • RSA enVision • Multi Vendor Firewall • Arc Sight • Intrusion Detection System • Log Logic • Monitoring & Management • Log Review • McAfee Suite • Symantec Suite • Trend Micro • CIS – Bench Mark Audit tools System • Computing Environments • WebSense • Server Build Check • Blue Coat • Log Reviews • Tipping Point • FoundStone • Qualysguard Desktop/End Point • AppScan • Desktop Applications • End point Security User Access • User Access Requests • Multiple Applications • Diversified Technology - 26 -