1 / 56

Current Threats

Ing. Ondřej Ševeček | GOPAS a.s. | MCM: Directory Services | MVP: Enterprise Security | ondrej@ sevecek.com | www.sevecek.com |. Current Threats. Motto. Thou shalt never assume The Rogue Warrior's Eight Commandment of SpecWar Richard Marcinko US Navy Seal. Current Threats.

ashley
Download Presentation

Current Threats

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Ing. Ondřej Ševeček | GOPAS a.s. | MCM: Directory Services | MVP: Enterprise Security | ondrej@sevecek.com | www.sevecek.com | Current Threats

  2. Motto • Thou shalt never assume The Rogue Warrior's Eight Commandment of SpecWar Richard Marcinko US Navy Seal

  3. Current Threats Threats

  4. Attackers • External • don’t know anything about your environment • can try brute force passwords at most • vulnerability scanning • Internal • most severe threat • know their environment • have already at least some level of access • can steal data they are authorized to read

  5. Protection: External Attackers • Firewalls • Antispam/Antimalware • Software Updates • Account Lockout

  6. Current threats • Assuming • Physical security • computers • data • Passwords • cracking, keyloggers • Eavesdropping • wired/wireless networks • Spam/malware • directed attacks • Remote Access • from unsecure computers • Data theft by authorized readers • currently one of the most underestimated problem

  7. Current Threats Assumptions

  8. Vulnerabilities • Examples: • My wife crossing a road • PKI misconfiguration in a bank • Hidden accounts after virus attack • Malicious mail from home vs. from work

  9. Protection: Assumptions • Never assume anything • Be careful • Know your enemy • Don’t do anything you don’t understand

  10. Current Threats Physical Security

  11. Machines • Servers • rack security • Data storage • Client computers • desktops, notebooks • usually caching data • Peripherals • Remote offices

  12. Network • Wireless • AirPCap • Wired • USB Ethernet switch + netbook

  13. Vulnerabilities • Computers easily accessed by a lot of people • employees • maintenance staff • theft from branch offices • Attacks • stealing the whole machine • stealing the data only • Physical access = local administrator

  14. Protection: Physical access • Limit physical access • Place computers/storage into secure locations • +hardware locks, cables • Define security boundaries • data stolen • passwords compromised • Encryption • BitLocker, TrueCrypt

  15. Protection: BitLocker • Provide password on startup • prevents other from becoming an administrator • Use TPM • Trusted Policy Module • stores the password on mother board • checks signatures of BIOS, CMOS, MBR, Boot Sector, loader etc. • Windows 7 Enterprise/Ultimate

  16. Current Threats Passwords

  17. Vulnerabilities • Keyloggers • software • hardware • Cache • Cracking

  18. Local Password Storage • Full-text passwords • IE autocomplete • password “lockers” • fingerprint readers • service/scheduled-tasks accounts • Password hashes • local user accounts • all domain accounts on Domain Controllers • password caches

  19. Password Cracking • Windows MD4 Hashes • local storage • LAN network capture • PPTP VPN • Offline • Rainbow Tables • severe up to 7 characters (minutes)

  20. Protection: Passwords • Use smart cards vs. fingerprints • convenient (3-5 characters PIN) • still secure than passwords • Require strong passwords • Procedures, policies and audit • Never type sensitive passwords on insecure computers • Training

  21. Protection: Comparable Algorithm Strengths (SP800-57)

  22. Protection: Smart Cards

  23. Protection: Password Policies • For the whole domain only • Windows 2003 Domain Function Level and older • For individual groups/users • Granular Password Policies • Windows 2008 Domain Functional Level and newer • Non-complex password example • login: Ondrej • password: #.J@mES-BonD58

  24. Current Threats Eavesdropping

  25. Vulnerabilities • Free network access • No network traffic encryption • People ignore warnings • ARP poisoning

  26. Protection: Eavesdropping • Implement IPSec/SSL encryption • Always encrypt WiFi • not only require authentication • Implement 802.1x for network access • Implement ARP protection • Train people

  27. Protection: 802.1x PC PC PC PC Switch PC Switch Switch PC PC Printer PC

  28. Current Threats Secure Socket Layer

  29. SecureSocketLayer / IPSec Certificate Public key Client WebServer Private key

  30. SecureSocketLayer Certificate Client WebServer Public key Public key Random Private key Random Data

  31. Attacking SSL False Certificate Certificate Public key Public key Client Attacker WebServer Private key Private key

  32. SSL Certificate prices • Verisign – 1999 • 300$ year • Thawte – 2003 • 150$ year • Go Daddy – 2005 • 30$ year • GlobalSign – 2006 • 250$ year • StartCom – 2009 • free

  33. SSL Assurance • Email loopback confirmation • Requires just a valid email address • No assurance about the target identity

  34. EV browsers

  35. EV Certificate prices • Verisign – 1999 • 1500$ year • Thawte – 2003 • 600$ year • Go Daddy – 2005 • 100$ year • GlobalSign – 2006 • 900$ year • StartCom – 2009 • 50$ year

  36. TMG Forward SSL Inspection

  37. No SSL Inspection

  38. TMG CA Not Trusted

  39. TMG CA Not Trusted

  40. Web Server Certificate

  41. TMG CA Trusted on the Client

  42. Current Threats Spam/Malware

  43. Vulnerabilities • No real prevention against spam • Spam created anonymously • no traces/auditing • Directed attacks cannot be automatically recognized • Users tend to use same passwords for more services • Stability and performance

  44. Spam Threats • Phishing • Hoax • think something • do something online • do something physically! • Personal reputation after forwarding

  45. Malware Threats • Virus must be first detected after infection! • Backdoors just download the real infection • does antimalware know what exactly it was? • Reinstallation of the whole environment!

  46. Protection: Spam and malware • Train people • Implement antispam/antimalware • Words/Open Relay Lists etc. • SenderID

  47. Current Threats Remote Access

  48. Vulnerabilities • Prone to keylogger attacks • when used with passwords • Can be connected from quite anywhere • insecure home computers, internet cafes • Some protocols not secure • PPTP – passwords hashes offline cracking

  49. Client VPN Comparison

  50. Protection: Remote Access • Use RDP when possible • sends only keystrokes and mouse • receives only pictures • Use L2TP or SSTP • IPSec or SSL • encrypts the channel with strong random private keys (2048 bit etc.) • IPSec requires and limits connection to those who have client computer certificate • Implement VPN Quarantine

More Related