1 / 25

Taking away the easy target…

Taking away the easy target…. Michael Warren, CISSP-ISSEP, CEH. Who Am I. Graduated from James Madison High School Member of the Texas A&M Corps of Cadets Active Duty Air Force Officer for 8 years Network Ops Security Center Crew Commander Information Warfare Aggressor

missy
Download Presentation

Taking away the easy target…

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Taking away the easy target… Michael Warren, CISSP-ISSEP, CEH

  2. Who Am I • Graduated from James Madison High School • Member of the Texas A&M Corps of Cadets • Active Duty Air Force Officer for 8 years • Network Ops Security Center Crew Commander • Information Warfare Aggressor • Texas ANG Officer for past ~2.5 years • Assist Active Duty in improving Cyber Tactics • Senior Consultant for Delta Risk LLC

  3. Overview • Why I pick on my Grandma • Change the Password • Turn on the Firewall • Microsoft Update • Install Anti-Virus • Download and Run a Malware Scanner • Turn off Unused Services • Secure Web/Email Practices • Encrypt your valuables • Rebuild your system…as needed

  4. Why I pick on my Grandma • Because my Grandma: • Buys a new computer • Plugs it directly into “The Internet” • Clicks on everything • Asks me to fix her computer that stopped working for the 15th time Fake Anti-Virus Program for Macs, called SCAREWARE

  5. Why I pick on my Grandma (cont.) Grandma’s box is now known as an agent, zombie, or a bot. A hacker who controls many unwitting hosts is called a Bot Herder. A collection of bots is called a botnet. BotNetscan perform many functions: • Spamming • Spreading malware • Impersonating large numbers of “individuals” (e.g., for online polls, fraudulent advertising “clicks”, etc) • Distributed Denial of Service (DDos) - DoSattacks which originate from multiple sources

  6. BotNets Bot Herder Establishes a Presence

  7. BotNets Bot Herder Creates a Delivery System - Delivers “BotNet” Payload to Hosts

  8. BotNets • Bot Herder Creates DNS Control Server • Issues Commands to Bots • Receives Data From Bots

  9. BotNets • Bot Herder Identifies Candidate Hosts • Sends Baited Email to Hosts • Hosts Download Bot Malware from Server • Hosts Become Zombies

  10. BotNets 01 01 01 01 • Bot Herder Identifies Target • Issues Command via Control Server • Zombies Receive Command from Server • Zombies Locate Target • Zombies Report Back to Server

  11. Denial of Service – BotNets Grandma’s Box 01 01 01 01 • Bot Herder Launches Attack at Target • Issues Command via Control Server • Zombies Attack Target • Bot Herder Issues Stop Command

  12. Change the PASSWORD!!!! • Default Passwords • If you know it, everyone else does too • Linksys, Netgear, iPhone, etc. • Windows 2000 and XP installed with 500 account named: • Administrator with No Password • Dictionary Words • If its found in the book…see above • They don’t call it a dictionary attack for nothing • Keyboard Progressions • Everyone’s doing it, its now in the book…see above • Very long phrase with no spaces, 14 characters with character substitutions, upper and lower case $umm3rT1m31$H3r3!

  13. Turn on the Firewall Host based vs Network based • Network Based Firewall protects an entire enterprise network… … or your home network. • Host Based Firewall protects a single computer • Starting with Windows XP Service Pack 2 all new OS’es had their own host based firewall • Unix/Linux has had IPTables • Macs don’t need firewalls, joking see slide 4 Don’t talk to strangers, unless you started the conversation • Stateful packet inspection Ensure you put exceptions in to allow remote management of the host…if needed

  14. Check for Updates • Operating System • Usually updates once a month (patch Tuesday) • Applications • If Adobe or Java, twice daily (not really, but it feels like it) • Hardware Drivers • Fastest way to SYSTEM level access, updates are usually not automated

  15. Install an Anti-Virus Program Scans file-system for “known” bads • Keep the Virus Database/Signatures up to date • You are only protect from what you know Only install one, they usually don’t play well with others • Anti-Virus programs “hook” certain OS function calls, installing more than one may brick your OS

  16. Run an Anti-Malware Program • Anti-Virus doesn’t catch everything • Products like: • Spybot - Search and Destroy • Malwarebytes • Super Anti-Spyware Scanner • AdWare SE …. helps protect against other forms of Spyware, Adware, and Scareware that AV doesn’t always check for • Usually ran as a manual scan, with some products providing Real-time Registry Protection (Spybot – TeaTimer) • Available from Microsoft: • Windows Defender • Malicious Software Removal Tool

  17. Turn off Unused Services • Build your system with the concept of Least Functionality in mind • …if you don’t need it, don’t run it! • Windows 7 – Windows Media Player Network Sharing Service • “I’ve found a new media share, would you like me to share your music with host H@x0r” – no thank you • Skype will listen on ports 80 and 443 • It did this to help you, now you’re a webserver

  18. Turn off Unused Services (cont.) • Turn off unused services: • Run: services.msc • Sort list by status (click the status column) • Review all services that are “started” • Stop any service you feel is not required – careful what you turn off • Ensure “Remote Registry” is off and set to manual • From the command line • C:\net start –Lists running services • C:\net stop “server” – Stops the named service • Look for connected hosts • C:\netstat –ano | find /I “established” • Kill associated process (must have admin privs) • C:\tasklist /FI "PID eq 3342" • C:\taskkill /F /PID 3342 • The PID is the last number on the right from the netstat output

  19. Use Encrypted Management Protocols Abandon FTP and Telnet from the start Where possible use SSH version 2 or 3 for remote management – learn your command line syntax • If you need to copy files us Secure FTP or Secure Copy (SCP) • In Windows, installing the Putty tool suite will get you a GUI SSH client • WinSCP for Windows Secure Copy

  20. Secure Web/Email Practices • Use HTTPS when logging into a website and/or viewing webmail, especially at the airport or on the road • Never use the same password for your online accounts: • Email, Facebook, Banking, Buying, Playstation Network….. Phishing Protection • Never open unsolicited email, if you do ensure your email client is set to not render images when opening • If you must visit a link from an email, always copy and paste the link, especially if the email is HTML based • You never know what's hiding in the code

  21. Encrypt Your Valuables • Encrypt your data at rest • Truecrypt – creates an encrypted “partition” • Ironkey – Encrypted USB key with “cloud” services • If hacker does get on your box, don’t leave your valuables lying around for them • If you create a document with all your passwords in it, encrypt it!!!

  22. Create a Non-Admin Account • Last steps once your box is secure: • Create a Non-Administrator account for each user of the system • Use the Non-Administrator account you just created • Don’t browse the internet with an administrator account • Just asking for trouble

  23. Rebuild as needed • If your installed security services alert you to malicious activity on your computer….be prepared to rebuild from a known good source • Windows backup….could be infected • Windows source disk….very unlikely to be infected…if original disk

  24. What We Talked About • Help those like my Grandma • Change the default password • Run a firewall, anti-virus, and anti-malware • Turn off unused services • Use encrypted management protocols • If its important, encrypt it • Create a Non-Admin account for everyday use

  25. Questions?

More Related