940 likes | 959 Views
Explore cloud computing, information warfare, and cloud forensics in this insightful presentation by Manu Zacharia, an expert in information security fields and author of "Intrusion Alert." Learn about information warfare strategies and the recent cyber incidents between India and Pakistan.
E N D
A CLOUD BASED AND CONVENTIONAL APPROACH IW - byManu Zacharia MVP (Enterprise Security), ISLA-2010 (ISC)² C|HFI , C|EH, CCNA, MCP, AFCEH, Certified ISO 27001:2005 Lead Auditor Director – Information Security Millennium Consultants “Aut viam inveniam aut faciam ” Hannibal Barca
#whoami • I am an Information Security Evangelist • For paying my bills – I work as Director – Information Security – US Based Consultants. • Awards • Information Security Leadership Achievement Award from International Information Systems Security Certification Consortium - (ISC)² • Microsoft Most Valuable Professional (Enterprise Security) • Author of a Book – Intrusion Alert – An Ethical Hacker’s Guide to Intrusion Detection Systems
#whoami • Developed an Operating System from Linux kernel – Matriux – (www.matriux.com) - Asia’s First OS for Hacking, Forensics and Security testing – Open Source & Free • Some certifications: • Certified Ethical Hacker (C|EH) • Certified Hacking Forensics Investigator (C|HFI) • Cisco Certified Network Associate • Microsoft Certified Professional • Certified ISO 27001:2005 Information Security Management Systems Lead Auditor • Extend service to police force as Cyber Forensics Consultant
#whoami • Teaching?? – no!!!!! – I don’t teach, I just train and preach: • Indian Navy - Signal School , Centre for Defense Communication and Electronic and Information / Cyber Warfare • Centre for Police Research, Pune • Institute of Management Technology (IMT) – Ghaziabad • IGNOU M-Tech (Information Systems Security) – and also an Expert Member – Curriculum Review Committee • C-DAC, ACTS (DISCS (the tiger team) & DSSD (hard core guys)) • Other International Assignments & Hacking Conferences
Disclaimer(s) • The opinion here represented are my personal ones and do not necessary reflect my employers views. • Registered brands belong to their legitimate owners. • The information contained in this presentation does not break any intellectual property, nor does it provide detailed information that may be in conflict with actual Indian laws (hopefully...) :)
Question • So what is Cloud Computing? • Do you know what is EC2 and S3? • How these services could be exploited?
contents INTRODUCTION UNDERSTANDING IW EXPLOITING THE CLOUD CLOUD FORENSICS CONCLUSION
INFORMATION WARFARE • Clue: • Kendo (kumdo in korean)
INFORMATION WARFARE • 風- Swift as the wind • 林- Quiet as the forest • 火- Conquer like the fire • 山- Steady as the mountain
INFORMATION WARFARE • Battle strategy and motto of Japanese feudal lord Takeda Shingen( 武田信玄 )(1521–1573 A.D.). • Twenty-Four Generals - famous groupings of battle commanders • (Takeda Nijūshi-shō )武田二十四将
INFORMATION WARFARE • Came from the Art of War by Chinese strategist and tactician Sun Tzu (Sunzi) • A sort of abbreviation to remind officers and troops how to conduct battle
INFORMATION WARFARE • This is what we need in information warfare
INFORMATION WARFARE • “actions taken to achieve information superiority by affecting adversary information, information-based processes, information systems, and computer based networks while defending one's own” • The U.S. Joint Chiefs of Staff
INFORMATION WARFARE • “ Information warfare is the use and management of information in pursuit of a competitive advantage over an opponent. ” • WIKIPEDIA
TWO SCHOOLS • Two schools of thoughts exists: • Military business • By some other agencies with the involvement of military
FORMS OF IW • Bringing down of financial infrastructure like banks and stock exchange • Enemy communication network spoofing and disabling • Jamming of TV / Radio • Hijacking of TV / radio for disinformation campaign
TYPES OF PLAYERS • State • State sponsored agencies / groups • Terrorists • Underground war-lords and groups • Individuals ‘n’ script kiddies
What’s the latest happening? • What’s happening in the Indian Web Space – last 45 days? • 14 Aug–Independence day of Pakistan • Underground cracking groups • http://www.pakcyberarmy.net/ • http://www.pakhaxors.com/forum.php
What’s the latest happening? • The Two Pakistani Cracker Groups reportedly attacked & defaced a dozen of Indian Websites including: • http://mallyainparliament.in/ and • http://malegaonkahero.com/
What’s the latest happening? • On 15 Aug – In return an Indian underground group called as Indian Cyber Army (http://indishell.in) attacked & defaced around 1226 websites of Pakistan.
MISSION STATEMENT • Mission Statement - IN • “Naval orientation and training of recruits to enable accomplishment of their immediate task with self-assurance”.
MISSION STATEMENT • Mission statement – IAF • “The mission of the Flight Safety organization of the IAF is to ensure operational capability by conserving human and material resources through prevention of aircraft accidents.”
LOOK AROUND? • UK CyberSafe Command • PLA – Chinese PLA • What happened last December – Jan?
what is cloud computing? • Cloud computing is Internet-based computing, whereby shared resources, software and information are provided to computers and other devices on-demand, like a public utility.
cloud in simple terms • Uses the internet and central remote servers to maintain data and applications. • Allows consumers and businesses to use applications without installation and access their personal files at any computer with internet access.
3 types of cloud services • IaaS - Infrastructure-as-a-Service • PaaS - Platform-as-a-Service • SaaS - Software-as-a-Service
THE CLOUD • Five essential characteristics: • on-demand self-service, • broad network access, • resource pooling, • rapid elasticity, and • measured service
EC2 • Amazon Elastic Compute Cloud (Amazon EC2) • A web service that provides resizable compute capacity in the cloud
EC2 - wikipedia • Allows users to rent computers on which to run their own computer applications. • A user can boot an Amazon Machine Image (AMI) to create a virtual machine, which Amazon calls an "instance", containing any software desired.
EC2 - wikipedia • A user can create, launch, and terminate server instances as needed, paying by the hour for active servers, hence the term "elastic".
S3 • Amazon S3 (Simple Storage Service) is an online storage web service offered by Amazon Web Services. • Provides unlimited storage through a simple web services interface
S3 • $0.15 per gigabyte-month • 102 billion objects as of March 2010
POWER OF CLOUD • The New York Times used Amazon EC2 and S3 to create PDF's of 15M scanned news articles. • NASDAQ uses Amazon S3 to deliver historical stock information.
EXPLOITING CLOUD • Sample Task • Break PGP passphrases • Solution • Brute forcing PGP passphrases
EXPLOITING CLOUD • Try – ElcomSoft Distributed Password Recovery (with some patches to handle PGP ZIP) • Two elements - EDPR Managers & EDPR Agents
EXPLOITING CLOUD • On a fast dual core Win7 box - 2100 days for a complex passphrase. • Not acceptable – too long • Lets exploit the cloud.
EXPLOITING CLOUD • First things first – Create an Account on Amazon. Credit Card Required • Install Amazon EC2 API Tools on your linux box. • sudo apt-get install ec2-api-tools
EXPLOITING CLOUD • Select an AMI (Amazon Machine Image) • Example - use a 32 bit Windows AMI - ami-df20c3b6-g
EXPLOITING CLOUD • Start an instance from the Linux shell as follows: • ec2-run-instances -k ssh-keypair ami-df20c3b6-g default
EXPLOITING CLOUD • Once the instance is up and running, we enumeratedthe instance ID and public IP address of the running instance with the command • ec2-describe-instances
EXPLOITING CLOUD • Wait for the instance status has to change from “pending” to “running” • Extract the admin password for the instance • ec2-get-password -k ssh-keypair.pem $instanceID
EXPLOITING CLOUD • Configure EC2 firewall to permit inbound RDP traffic to the instance. • ec2-authorize default -p 3389 -s $trusted_ip_address/32
EXPLOITING CLOUD • Configure the firewall in front of the EDPR manager system to permit TCP/12121 from anywhere. • RDP into the instance & configure EDPR
EXPLOITING CLOUD • Use the administrator password obtained from the ec2-get-password command to login to the instance.
EXPLOITING CLOUD • Install EDPR Agent, • Configure the Agent to connect to the Manager. • 3 points to configure mainly