Ec-council: Ethical Hacking Workshop
This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA
Overview
Download & View Ec-council: Ethical Hacking Workshop as PDF for free.
More details
- Words: 2,593
- Pages: 48
Ethical Hacking Workshop Your name
EC-Council
Presentation Goals
• Provide a framework for understanding security • Present best practices for – – –
Protecting against attacks from the Internet Locking down clients and servers Developing an ongoing security strategy
• Discuss primary and emerging technologies – – – –
Encryption Biometrics Smart Cards Trustworthy Computing
• Listen to your concerns • Questions and Answers 2
EC-Council
The Challenge of Security
Internet-enabled businesses face challenges ensuring their technologies for computing and information assets are secure, fast and easy with which to interact
The right access to the right content by the right people
3
EC-Council
Business Impact •
•
According to the Computer Crime and Security Survey 2002 by the Computer Security Institute (CSI) and the FBI:
– – – –
90% detected computer security breaches
–
85% detected computer viruses
80% acknowledged financial losses due to computer breaches 40% of respondents quantified financial losses at $456 million, or $2 million per respondent 40% detected system penetration from the outside; up from 25% in 2000
InformationWeek estimates:
– – –
Security breaches cost businesses $1.4 trillion worldwide this year 2/3 of companies have experienced viruses, worms, or Trojan Horses 15% have experienced Denial of Service attacks
Security Breaches Have Real Costs Source: Computer Security Institute (CSI) Computer Crime and Security Survey 2002 Source: InformationWeek.com, 10/15/01 4
EC-Council
Evaluating Security Threats
The The Security Security Puzzle Puzzle
5
EC-Council
Evaluating Security Threats Attackers Misfeasors
–Authorized users who abuse their privileges –“Insiders” Masqueraders
–Unauthorized persons posing as an authorized user –“Outsiders” Clandestine Users –Unauthorized persons who appear to be authorized –“Insiders” or “Outsiders”
6
EC-Council
Evaluating Security Threats Attackers Who is doing it?
• Misfeasors • Masqueraders • Clandestine Users
7
EC-Council
Evaluating Security Threats Attackers
Goals
Who is doing it?
Trophy
Grabbing • Misfeasors –Hacker “badge of honor” • Masqueraders Information Theft • Clandestine Users –Learning something meant to be secret Service Theft –Using computer services without paying for them Identity Theft –Acquiring things through masquerading Tampering and Vandalism –Changing information Denial of Service –Hampering the access of legitimate users
8
EC-Council
Evaluating Security Threats
9
Attackers
Goals
Who is doing it?
Why are they doing it?
• Misfeasors • Masqueraders • Clandestine Users
• Trophy Grabbing • Information Theft • Service Theft • Identity Theft • Tampering and Vandalism • Denial of Service
EC-Council
Evaluating Security Threats Attackers
Goals
Who is doing it?
Why are they doing it?
• Misfeasors • Masqueraders • Clandestine Users Vulnerabilities
• Trophy Grabbing • Information Theft • Service Theft • Identity Theft Implicit Trust • Tampering and Vandalism –Assuming you can trust someone or something • Denial of Service Configuration Error –Relying on default configurations, improper configuration Public Information –Exploiting easily obtainable non-secret data Weak Design –Exploiting systems not designed with security in mind Carelessness –Sloppy execution or inattentiveness to details
10
EC-Council
Evaluating Security Threats Attackers
Goals
Who is doing it?
Why are they doing it?
• Misfeasors • Masqueraders • Clandestine Users
• Trophy Grabbing • Information Theft • Service Theft • Identity Theft • Tampering and Vandalism • Denial of Service
Vulnerabilities What enables the attack?
• Implicit Trust • Configuration Error • Public Information • Weak Design • Carelessness
11
EC-Council
Evaluating Security Threats Attackers
Goals
Who is doing it?
Why are they doing it?
• Misfeasors • Trophy Grabbing • Masqueraders • Information Theft Defenses • Clandestine • Service Theft Users • Identity Theft Obfuscation • Tampering and Vandalism –Hiding information • Denial of Service Authentication and Authorization –Verifying identity, then using it to regulate access Monitoring and Auditing Vulnerabilities What enables the attack? –Keeping an eye out, tracking suspicious activity Currency • Implicit Trust –Keeping systems up-to-date with patches and updates • Configuration Error Education and Enforcement • Public Information • Weak Design –Training users, then making sure they use that • Carelessness knowledge
12
EC-Council
Evaluating Security Threats
13
Attackers
Goals
Who is doing it?
Why are they doing it?
• Misfeasors • Masqueraders • Clandestine Users
• Trophy Grabbing • Information Theft • Service Theft • Identity Theft • Tampering and Vandalism • Denial of Service
Vulnerabilities
Defenses
What enables the attack?
How do you stop them?
• Implicit Trust • Configuration Error • Public Information • Weak Design • Carelessness
• Obfuscation • Authentication and Authorization • Monitoring and Auditing • Currency • Education and Enforcement
EC-Council
Common Attacks • • • • • • • • • • • • • • • •
14
Backdoor Bacteria Buffer overflow/overrun Compromised system utilities E-mail forgery E-mail relay IP spoofing Keystroke monitoring Logic bomb Mail bombing Man in the middle Masquerade Network scanning Packet sniffing Password cracking Ping flooding
• • • • • • • • • • • • • • •
Replay attack Script kiddies Security audit tools Shell escapes Shoulder surfing Smurfing Social engineering SYN flooding Traffic analysis Trapdoor Trojan horse van Eck attack Virus War dialing Worm EC-Council
Example #1 Attack: Buffer Overflow
• Goals – All
• Vulnerabilities – Weak design (designer) – Carelessness (customer not patching)
• Defenses – Peer review (designer) – Patching (customer)
• Examples – Code Red – Internet Worm of ‘88
15
EC-Council
Example #2 Attack: E-Mail Forgery
• Goals – Trophy grabbing – Identity theft
• Vulnerabilities – Implicit trust – Public information – Weak design
• Defenses – Public key cryptography – Training
• Examples – Good Times – Free Windows – Penpal Greetings
16
EC-Council
Example #3 Attack: Social Engineering
• Goals – All
• Vulnerabilities – Implicit trust
• Defenses – Training – Process review
• Examples – IRQ downloads – Attachment viruses – Password elicitation
17
EC-Council
Example #4 Attack: Virus
• Goals – Trophy grabbing – Tampering and Vandalism – Denial of service
• Vulnerabilities – Implicit trust – Weak design
• Defenses – Virus scanner – Training – Patching
• Examples – Stoned, Michelangelo (true) – Love Bug (macro) – Melissa (macro)
18
EC-Council
Hacking
•
Coordinated series of attacks for gaining control of a computer system
•
Each attack achieves a goal which enables a subsequent, more serious attack
•
Example:
1. 2. 3. 4. 5. 6.
19
Scanning reveals target networks Sniffing on those networks reveals a user password Masquerading as that user, the hacker logs in Exploiting a buffer overflow in a utility yields admin privileges Compromising system utilities helps to hide presence Creating backdoors provides for easier re-entry
EC-Council
Hacking
•
Coordinated series of attacks for gaining control of a computer system
•
Each attack achieves a goal which enables a subsequent, more serious attack
•
Example:
1. 2. 3. 4. 5. 6.
20
Hacking is just one of Scanning reveals target networks Sniffing on those security networks reveals a user password many threats. Masquerading as that user, the hacker logs in Exploiting a buffer overflow in a utility yields admin privileges Compromising system utilities helps to hide presence Creating backdoors provides for easier re-entry
EC-Council
Hacking Lifecycle
Profiling Entering Concealing
Compromising
21
Empowering
EC-Council
10 Steps to Better Security 22
EC-Council
STEP 1: Implement a firewall • Either stateful inspection, a proxy, or hybrid • Create a demilitarized zone and use it properly
23
EC-Council
STEP 2: Filter packets to prevent spoofing • At your gateway • Both incoming and outgoing packets
24
EC-Council
STEP 3: Harden the software
• Patch quickly and routinely • When re-installing an OS, don’t forget to patch • Enable OS features that detect common DoS attacks • Always scrutinize default configurations • Bind interfaces to listen only on networks they will serve • Disable unnecessary services
FIX!
25
EC-Council
Limiting Interface Connections
26
EC-Council
STEP 4: Lock down Web applications • Disable scripting if not needed • Remove sample scripts • Use restricted permission modes of scripting environments • Make use of integrated security features • Be vigilant in preventing replay attacks
27
EC-Council
STEP 5: Always use encryption
• Disable Telnet • Use terminal services or other secure access mechanisms • Consider link-level or OS-supported for high-security apps
28
EC-Council
STEP 6: Defend DNS
• Don’t allow zone transfers to unknown servers • Limit records available to external queries • Be paranoid about registrar records to avoid hijacks
29
EC-Council
STEP 7: Patrol passwords • Train users on good password selection • Enforce good password selection • Outlaw and punish password sharing • Use aging tools • Don’t give in to whining about inconvenience • Prepare for the increased support load
30
EC-Council
STEP 8: Implement auditing and intrusion detection • Watch for suspicious activity • Includes virus scanning software • Keep intrusion detection software up-to-date • Post “No Trespassing” signs and prosecute violators
31
EC-Council
STEP 9: Don’t forget the human factor
• Insure policies are congruent with technical safeguards • Always have checks and balances • Implement peer and process reviews • Re-evaluate policies and processes regularly
32
EC-Council
Security Policy Life Cycle Model
33
EC-Council
STEP 10: Remain diligent
• Develop an “ongoing” mindset – Develop and update organizational security policies and audits – Take advantage of pro-active notification services, such as for patches
• Never done with security • New threats will emerge • Not “if” but “when” • Keep a lookout and be prepared!
34
EC-Council
Networked Storage Security Guidelines
Administration
1 - Compartmentalize Hosts, Volumes and Arrays 2 - Control administrator actions
Host Host Host
Networked Storage
3 – Restrict network access 4 - Physically protect your environment 5 - Optimize security on Hosts and on administration servers
35
EC-Council
Advanced Authentication authentication n. To establish the authenticity of, such as identity
• Authentication methods –
Something you know
•
–
Something you possess
•
–
Passwords A badge or smart card
Something about you
•
Biometrics (fingerprints, retinal scan, etc.)
• Most used/convenient is “something known” • Weakest is “something known” • Strongest authentication combines two or more 36
EC-Council
Advanced Privacy
privacy n. The state of being concealed; secrecy
•
Privacy methods Encryption
– • • •
Steganography (hidden, and not obvious) “Security through obscurity”
Capture prevention
– •
Nearly impossible
Physical proximity
– •
37
Cryptography (its obviously encrypted)
Impractical for network connections
EC-Council
Encryption
Cleartext
Transmit or Store Encryption Function
Cyphertext
Encoding Key
Receive or Retrieve Cyphertext Decryption Function
Cleartext
Decoding Key 38
EC-Council
Symmetric and Public Key Systems
• Symmetric Key – – – – –
A single key is used for both encoding and decoding The key is kept secret “Old” style encryption system Key distribution is a significant problem Examples: DES, AES
• Public (Asymmetric) Key – – – – – –
39
Always two keys (key pair) One private, the other public – anyone can know it Encrypt with either, and decrypt with the other Key distribution easier (new problem – public key disinformation) Provides authentication and privacy Examples: RSA, PGP
EC-Council
More About Public Key Systems • Keys are based on prime numbers and arithmetic operations • “Strength” expressed as size of key (64-bit, 128-bit) • Authentication –
“If my public key turns cyphertext into cleartext, you know it was encoded with my private key, which only I know.”
• Privacy –
“If I encode something with your public key, only you will be able to decode it.”
• Authentication and privacy –
“If I encode something with my private key, then with your public key, you would decode it with your private key, then my public key.”
• Public key systems support “certificate authorities” 40
EC-Council
Hybrid Encryption Systems • Private key systems have key distribution problems • Public key systems are computationally intensive • Best practice combines the two – Use public key to establish authenticity and privacy • A “secure” connection is both private and authenticated – Negotiate a one-time private key using the secure connection • Known as a “session key” – good only for this session – Tear down the public key secure connection • It is too expensive to use for the rest of the conversation – Create new secure connection using private session key • Use this connection for the rest of the conversation
• Example: SSL, VPNs 41
EC-Council
But Encryption Isn’t Enough… • Solely a “what you know” system – –
Keys can be divulged Keys can be guessed or determined
• Combined with “what you have” or “what you are” –
Smart Card
•
–
Biometrics
•
–
Password no good without your badge Password no good without your fingerprint
Platform authentication
•
Private keys stored in silicon, bound to hardware
• Maybe use all three?
42
EC-Council
The Security Challenge
• Products and systems must be designed with security as a goal, not as an afterthought
• System administrators must consider security ramifications of every decision
• Security awareness must infuse every process and policy • Security training and education cannot be skipped • Must do all this while – –
43
Not significantly reducing the benefits of use Not increasing inconvenience beyond users’ toleration
EC-Council
The Future of Security • “Opt-in” configurations instead of “Opt-out” • Security checks at every level • Platform authentication more important • Biometrics and smart cards more prevalent • All-pervasive encryption • Stronger authentication systems • Security an absolute product requirement • Potential for increased hassle • Potential for lost information • Increased litigation surrounding security breaches 44
EC-Council
rosoft heard back ic M s, ck ta at da m Ni d d an “Following the Code Re than anything, it e or M . is th of ck si st ju e from users that they wer d on IIS users. It was ha d Re de Co ct pa im ent,customers was the huge qu e so fre “We will not rest all our s aruntil he tc pa e es th is m le ob ep up with horrendous…The pr u kesecure yo re su e ak m to s ce “I have what they need to get and stay ur t's nreotsothat IIS is poorl Microsoft is adding to its y r." w tte ri aking the product be tten, but it's pretty isatmII e su is or cl secure.” aj ea m r y th m t Bu . S and Microsoft are hu them ge taatrg e s for oret viruses and other malic Valentine Pesc John Brian ious code, pune ins.gco thme firm w CNET tt at risk.” VP, Microsoft ew Gartner Vi point,Senior 9/20/2001
Matt “What we discovered a few months ago is that, while Kesne wer,are Fenwick & West doing a pretty good job providing [security tools and Inte rnetpatches], week.com, 10/4/01 it wasn't easy enough for our customers to roll them out. Because of our position in the industry, we felt it was our “Typically, Microsoft threeastimes to get right. responsibility to maketakes it as easy possible foritthe customer to That's not going to work here.” do what it takes to stay secure.” Dave Thompson William Malik, Gartner VP, Microsoft ZDNet News, 10/22/2001
45
EC-Council
Infamous Bill Gates Trustworthy Computing E-mail
• Year 2002 - Microsoft initiated Trustworthy computing initiative to focus on security on all of its products.
46
EC-Council
Today Security at Microsoft?
• May 9, 2003, 10:45 AM PT • A serious security flaw in Microsoft's Passport service put more than just its 200 million customers' accounts at risk.
• For a company that has publicly made security a priority, the Passport problem was a serious setback. http://news.com.com/2100-1009-1000655.html
47
EC-Council
Questions and Feedback
Please send us your feedback on this workshop to: [email protected]
48
EC-Council
EC-Council
Presentation Goals
• Provide a framework for understanding security • Present best practices for – – –
Protecting against attacks from the Internet Locking down clients and servers Developing an ongoing security strategy
• Discuss primary and emerging technologies – – – –
Encryption Biometrics Smart Cards Trustworthy Computing
• Listen to your concerns • Questions and Answers 2
EC-Council
The Challenge of Security
Internet-enabled businesses face challenges ensuring their technologies for computing and information assets are secure, fast and easy with which to interact
The right access to the right content by the right people
3
EC-Council
Business Impact •
•
According to the Computer Crime and Security Survey 2002 by the Computer Security Institute (CSI) and the FBI:
– – – –
90% detected computer security breaches
–
85% detected computer viruses
80% acknowledged financial losses due to computer breaches 40% of respondents quantified financial losses at $456 million, or $2 million per respondent 40% detected system penetration from the outside; up from 25% in 2000
InformationWeek estimates:
– – –
Security breaches cost businesses $1.4 trillion worldwide this year 2/3 of companies have experienced viruses, worms, or Trojan Horses 15% have experienced Denial of Service attacks
Security Breaches Have Real Costs Source: Computer Security Institute (CSI) Computer Crime and Security Survey 2002 Source: InformationWeek.com, 10/15/01 4
EC-Council
Evaluating Security Threats
The The Security Security Puzzle Puzzle
5
EC-Council
Evaluating Security Threats Attackers Misfeasors
–Authorized users who abuse their privileges –“Insiders” Masqueraders
–Unauthorized persons posing as an authorized user –“Outsiders” Clandestine Users –Unauthorized persons who appear to be authorized –“Insiders” or “Outsiders”
6
EC-Council
Evaluating Security Threats Attackers Who is doing it?
• Misfeasors • Masqueraders • Clandestine Users
7
EC-Council
Evaluating Security Threats Attackers
Goals
Who is doing it?
Trophy
Grabbing • Misfeasors –Hacker “badge of honor” • Masqueraders Information Theft • Clandestine Users –Learning something meant to be secret Service Theft –Using computer services without paying for them Identity Theft –Acquiring things through masquerading Tampering and Vandalism –Changing information Denial of Service –Hampering the access of legitimate users
8
EC-Council
Evaluating Security Threats
9
Attackers
Goals
Who is doing it?
Why are they doing it?
• Misfeasors • Masqueraders • Clandestine Users
• Trophy Grabbing • Information Theft • Service Theft • Identity Theft • Tampering and Vandalism • Denial of Service
EC-Council
Evaluating Security Threats Attackers
Goals
Who is doing it?
Why are they doing it?
• Misfeasors • Masqueraders • Clandestine Users Vulnerabilities
• Trophy Grabbing • Information Theft • Service Theft • Identity Theft Implicit Trust • Tampering and Vandalism –Assuming you can trust someone or something • Denial of Service Configuration Error –Relying on default configurations, improper configuration Public Information –Exploiting easily obtainable non-secret data Weak Design –Exploiting systems not designed with security in mind Carelessness –Sloppy execution or inattentiveness to details
10
EC-Council
Evaluating Security Threats Attackers
Goals
Who is doing it?
Why are they doing it?
• Misfeasors • Masqueraders • Clandestine Users
• Trophy Grabbing • Information Theft • Service Theft • Identity Theft • Tampering and Vandalism • Denial of Service
Vulnerabilities What enables the attack?
• Implicit Trust • Configuration Error • Public Information • Weak Design • Carelessness
11
EC-Council
Evaluating Security Threats Attackers
Goals
Who is doing it?
Why are they doing it?
• Misfeasors • Trophy Grabbing • Masqueraders • Information Theft Defenses • Clandestine • Service Theft Users • Identity Theft Obfuscation • Tampering and Vandalism –Hiding information • Denial of Service Authentication and Authorization –Verifying identity, then using it to regulate access Monitoring and Auditing Vulnerabilities What enables the attack? –Keeping an eye out, tracking suspicious activity Currency • Implicit Trust –Keeping systems up-to-date with patches and updates • Configuration Error Education and Enforcement • Public Information • Weak Design –Training users, then making sure they use that • Carelessness knowledge
12
EC-Council
Evaluating Security Threats
13
Attackers
Goals
Who is doing it?
Why are they doing it?
• Misfeasors • Masqueraders • Clandestine Users
• Trophy Grabbing • Information Theft • Service Theft • Identity Theft • Tampering and Vandalism • Denial of Service
Vulnerabilities
Defenses
What enables the attack?
How do you stop them?
• Implicit Trust • Configuration Error • Public Information • Weak Design • Carelessness
• Obfuscation • Authentication and Authorization • Monitoring and Auditing • Currency • Education and Enforcement
EC-Council
Common Attacks • • • • • • • • • • • • • • • •
14
Backdoor Bacteria Buffer overflow/overrun Compromised system utilities E-mail forgery E-mail relay IP spoofing Keystroke monitoring Logic bomb Mail bombing Man in the middle Masquerade Network scanning Packet sniffing Password cracking Ping flooding
• • • • • • • • • • • • • • •
Replay attack Script kiddies Security audit tools Shell escapes Shoulder surfing Smurfing Social engineering SYN flooding Traffic analysis Trapdoor Trojan horse van Eck attack Virus War dialing Worm EC-Council
Example #1 Attack: Buffer Overflow
• Goals – All
• Vulnerabilities – Weak design (designer) – Carelessness (customer not patching)
• Defenses – Peer review (designer) – Patching (customer)
• Examples – Code Red – Internet Worm of ‘88
15
EC-Council
Example #2 Attack: E-Mail Forgery
• Goals – Trophy grabbing – Identity theft
• Vulnerabilities – Implicit trust – Public information – Weak design
• Defenses – Public key cryptography – Training
• Examples – Good Times – Free Windows – Penpal Greetings
16
EC-Council
Example #3 Attack: Social Engineering
• Goals – All
• Vulnerabilities – Implicit trust
• Defenses – Training – Process review
• Examples – IRQ downloads – Attachment viruses – Password elicitation
17
EC-Council
Example #4 Attack: Virus
• Goals – Trophy grabbing – Tampering and Vandalism – Denial of service
• Vulnerabilities – Implicit trust – Weak design
• Defenses – Virus scanner – Training – Patching
• Examples – Stoned, Michelangelo (true) – Love Bug (macro) – Melissa (macro)
18
EC-Council
Hacking
•
Coordinated series of attacks for gaining control of a computer system
•
Each attack achieves a goal which enables a subsequent, more serious attack
•
Example:
1. 2. 3. 4. 5. 6.
19
Scanning reveals target networks Sniffing on those networks reveals a user password Masquerading as that user, the hacker logs in Exploiting a buffer overflow in a utility yields admin privileges Compromising system utilities helps to hide presence Creating backdoors provides for easier re-entry
EC-Council
Hacking
•
Coordinated series of attacks for gaining control of a computer system
•
Each attack achieves a goal which enables a subsequent, more serious attack
•
Example:
1. 2. 3. 4. 5. 6.
20
Hacking is just one of Scanning reveals target networks Sniffing on those security networks reveals a user password many threats. Masquerading as that user, the hacker logs in Exploiting a buffer overflow in a utility yields admin privileges Compromising system utilities helps to hide presence Creating backdoors provides for easier re-entry
EC-Council
Hacking Lifecycle
Profiling Entering Concealing
Compromising
21
Empowering
EC-Council
10 Steps to Better Security 22
EC-Council
STEP 1: Implement a firewall • Either stateful inspection, a proxy, or hybrid • Create a demilitarized zone and use it properly
23
EC-Council
STEP 2: Filter packets to prevent spoofing • At your gateway • Both incoming and outgoing packets
24
EC-Council
STEP 3: Harden the software
• Patch quickly and routinely • When re-installing an OS, don’t forget to patch • Enable OS features that detect common DoS attacks • Always scrutinize default configurations • Bind interfaces to listen only on networks they will serve • Disable unnecessary services
FIX!
25
EC-Council
Limiting Interface Connections
26
EC-Council
STEP 4: Lock down Web applications • Disable scripting if not needed • Remove sample scripts • Use restricted permission modes of scripting environments • Make use of integrated security features • Be vigilant in preventing replay attacks
27
EC-Council
STEP 5: Always use encryption
• Disable Telnet • Use terminal services or other secure access mechanisms • Consider link-level or OS-supported for high-security apps
28
EC-Council
STEP 6: Defend DNS
• Don’t allow zone transfers to unknown servers • Limit records available to external queries • Be paranoid about registrar records to avoid hijacks
29
EC-Council
STEP 7: Patrol passwords • Train users on good password selection • Enforce good password selection • Outlaw and punish password sharing • Use aging tools • Don’t give in to whining about inconvenience • Prepare for the increased support load
30
EC-Council
STEP 8: Implement auditing and intrusion detection • Watch for suspicious activity • Includes virus scanning software • Keep intrusion detection software up-to-date • Post “No Trespassing” signs and prosecute violators
31
EC-Council
STEP 9: Don’t forget the human factor
• Insure policies are congruent with technical safeguards • Always have checks and balances • Implement peer and process reviews • Re-evaluate policies and processes regularly
32
EC-Council
Security Policy Life Cycle Model
33
EC-Council
STEP 10: Remain diligent
• Develop an “ongoing” mindset – Develop and update organizational security policies and audits – Take advantage of pro-active notification services, such as for patches
• Never done with security • New threats will emerge • Not “if” but “when” • Keep a lookout and be prepared!
34
EC-Council
Networked Storage Security Guidelines
Administration
1 - Compartmentalize Hosts, Volumes and Arrays 2 - Control administrator actions
Host Host Host
Networked Storage
3 – Restrict network access 4 - Physically protect your environment 5 - Optimize security on Hosts and on administration servers
35
EC-Council
Advanced Authentication authentication n. To establish the authenticity of, such as identity
• Authentication methods –
Something you know
•
–
Something you possess
•
–
Passwords A badge or smart card
Something about you
•
Biometrics (fingerprints, retinal scan, etc.)
• Most used/convenient is “something known” • Weakest is “something known” • Strongest authentication combines two or more 36
EC-Council
Advanced Privacy
privacy n. The state of being concealed; secrecy
•
Privacy methods Encryption
– • • •
Steganography (hidden, and not obvious) “Security through obscurity”
Capture prevention
– •
Nearly impossible
Physical proximity
– •
37
Cryptography (its obviously encrypted)
Impractical for network connections
EC-Council
Encryption
Cleartext
Transmit or Store Encryption Function
Cyphertext
Encoding Key
Receive or Retrieve Cyphertext Decryption Function
Cleartext
Decoding Key 38
EC-Council
Symmetric and Public Key Systems
• Symmetric Key – – – – –
A single key is used for both encoding and decoding The key is kept secret “Old” style encryption system Key distribution is a significant problem Examples: DES, AES
• Public (Asymmetric) Key – – – – – –
39
Always two keys (key pair) One private, the other public – anyone can know it Encrypt with either, and decrypt with the other Key distribution easier (new problem – public key disinformation) Provides authentication and privacy Examples: RSA, PGP
EC-Council
More About Public Key Systems • Keys are based on prime numbers and arithmetic operations • “Strength” expressed as size of key (64-bit, 128-bit) • Authentication –
“If my public key turns cyphertext into cleartext, you know it was encoded with my private key, which only I know.”
• Privacy –
“If I encode something with your public key, only you will be able to decode it.”
• Authentication and privacy –
“If I encode something with my private key, then with your public key, you would decode it with your private key, then my public key.”
• Public key systems support “certificate authorities” 40
EC-Council
Hybrid Encryption Systems • Private key systems have key distribution problems • Public key systems are computationally intensive • Best practice combines the two – Use public key to establish authenticity and privacy • A “secure” connection is both private and authenticated – Negotiate a one-time private key using the secure connection • Known as a “session key” – good only for this session – Tear down the public key secure connection • It is too expensive to use for the rest of the conversation – Create new secure connection using private session key • Use this connection for the rest of the conversation
• Example: SSL, VPNs 41
EC-Council
But Encryption Isn’t Enough… • Solely a “what you know” system – –
Keys can be divulged Keys can be guessed or determined
• Combined with “what you have” or “what you are” –
Smart Card
•
–
Biometrics
•
–
Password no good without your badge Password no good without your fingerprint
Platform authentication
•
Private keys stored in silicon, bound to hardware
• Maybe use all three?
42
EC-Council
The Security Challenge
• Products and systems must be designed with security as a goal, not as an afterthought
• System administrators must consider security ramifications of every decision
• Security awareness must infuse every process and policy • Security training and education cannot be skipped • Must do all this while – –
43
Not significantly reducing the benefits of use Not increasing inconvenience beyond users’ toleration
EC-Council
The Future of Security • “Opt-in” configurations instead of “Opt-out” • Security checks at every level • Platform authentication more important • Biometrics and smart cards more prevalent • All-pervasive encryption • Stronger authentication systems • Security an absolute product requirement • Potential for increased hassle • Potential for lost information • Increased litigation surrounding security breaches 44
EC-Council
rosoft heard back ic M s, ck ta at da m Ni d d an “Following the Code Re than anything, it e or M . is th of ck si st ju e from users that they wer d on IIS users. It was ha d Re de Co ct pa im ent,customers was the huge qu e so fre “We will not rest all our s aruntil he tc pa e es th is m le ob ep up with horrendous…The pr u kesecure yo re su e ak m to s ce “I have what they need to get and stay ur t's nreotsothat IIS is poorl Microsoft is adding to its y r." w tte ri aking the product be tten, but it's pretty isatmII e su is or cl secure.” aj ea m r y th m t Bu . S and Microsoft are hu them ge taatrg e s for oret viruses and other malic Valentine Pesc John Brian ious code, pune ins.gco thme firm w CNET tt at risk.” VP, Microsoft ew Gartner Vi point,Senior 9/20/2001
Matt “What we discovered a few months ago is that, while Kesne wer,are Fenwick & West doing a pretty good job providing [security tools and Inte rnetpatches], week.com, 10/4/01 it wasn't easy enough for our customers to roll them out. Because of our position in the industry, we felt it was our “Typically, Microsoft threeastimes to get right. responsibility to maketakes it as easy possible foritthe customer to That's not going to work here.” do what it takes to stay secure.” Dave Thompson William Malik, Gartner VP, Microsoft ZDNet News, 10/22/2001
45
EC-Council
Infamous Bill Gates Trustworthy Computing E-mail
• Year 2002 - Microsoft initiated Trustworthy computing initiative to focus on security on all of its products.
46
EC-Council
Today Security at Microsoft?
• May 9, 2003, 10:45 AM PT • A serious security flaw in Microsoft's Passport service put more than just its 200 million customers' accounts at risk.
• For a company that has publicly made security a priority, the Passport problem was a serious setback. http://news.com.com/2100-1009-1000655.html
47
EC-Council
Questions and Feedback
Please send us your feedback on this workshop to: [email protected]
48
EC-Council
Related Documents
Ec-council: Ethical Hacking Workshop
June 2020 0
Ethical Hacking
May 2020 11
Ethical Hacking
July 2020 6
Ethical Hacking
November 2019 29
Ethical Hacking Rhartley
October 2019 13
Ethical Hacking(2)
July 2020 4More Documents from "theethicalhacker"