1 / 19

Extranet for Security Professionals Intrusion Scenarios

Extranet for Security Professionals Intrusion Scenarios. Heather T. Kowalski Tong Xu Ying Hao Hui Huang Bill Halpin Nov. 14, 2000. Preview. Review of Project Progress Accomplishments Current Status What We Have Learned Today’s Focus: Intrusion Scenarios Future Steps . Review.

bryce
Download Presentation

Extranet for Security Professionals Intrusion Scenarios

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Extranet for Security ProfessionalsIntrusion Scenarios Heather T. Kowalski Tong Xu Ying Hao Hui Huang Bill Halpin Nov. 14, 2000

  2. Preview • Review of Project Progress • Accomplishments • Current Status • What We Have Learned • Today’s Focus: Intrusion Scenarios • Future Steps

  3. Review • Business Mission • Central Repository of Security Information • Central Location for Information Sharing • Secure Environment, Manageable Resource • System Architecture • Essential Services/Assets • Normal Usage Scenarios

  4. Primary Users DNS RedHat 6.2 Router (FW1) Cisco 7200 128.237.144.1 Client WorkStation IPchains IDS-1 Windows NT 4.0 (SP6) Hot Fixes Firewall-2 Windows NT 4.0 (SP6) Hot Fixes IDS-2 Windows NT 4.0 (SP6) Hot Fixes RealSecure 3.2 RealSecure 3.2 Guardian Pro V5 Web Server Windows NT 4.0 (SP6), Hot Fixes NES 3.63 Cold Fusion 4.5.1 DNS RedHat 6.2 Database IPchains ActiveState Perl 5.5 Tripwire 2.2.1 Visual FoxPro

  5. Recreational/Casual Hackers Disgruntled Employee Organized Criminal Groups Nation/State ESP User VSO & CR Owners Site Manager Organizational Manager Site Administrator Attackers vs. Legitimate Users

  6. Objectives of Attacks • Embarrassment of the Target Organization • Embarrassment of the Target User • Financial Gain by Selling Acquired Information • Improve Hacking Skill Set • Fun/Vanity • Publicity

  7. Attacker Profile: Recreational/Casual Hacker • Resources: none or limited • Time: depends on opportunity • Tools: free/cheap and readily available tools • Risk attitude: unaware of consequences and risks • Access: from outside network • Objective: fun, vanity, skill test, or none • Damage: limited

  8. Attacker Profile: Disgruntled Employee • Resources: enough to create a significant attack • Time: depends on malice • Risk Attitude: strongly risk averse • Access: from inside • Objectives: • Revenge through embarrassment • Financial gain

  9. Attackers Profile: Organized Entity • Who: organized criminals, fanatics, enemy nations/states, etc • Resources and Time: unlimited • Risk Attitude: genuine risk seeker • Access: external or internal • Objectives: Publicity!!! Real Damage!!!

  10. Potential Attack Pattern • Attack as User • Gain the illegal access as end user • Gain the illegal access as system administrator • Attack on Component • Disable or slow down the process ability of a component • Attack on Application • Induce system crash • Induce service failure • Induce assets damage

  11. Route DNS Firewall Web Server Database IDS Sniffing, Scans, Enumeration, Malicious Code, Flooding Malicious Code, Buffer Overflow Time, Planning, Buffer Overflow, Password Compromisable Components

  12. More Facts • No intrusion in ESP has been reported since date of establishment • ESP has strong physical security • Multi-layer protection • Dedicated room • Only few have physical access • Other protective efforts • Regular reconfiguration of firewall (once/ per month) • Virus signature files are updated daily

  13. Recreational Hacker Router (FW1) Firewall-2 IDS DNS1 Database Web Server DNS2 IDS

  14. Compromised User Workstation Router (FW1) Firewall-2 IDS DNS1 Database Web Server DNS2 IDS

  15. Router (FW1) Firewall-2 IDS DNS1 Admin Console Database Web Server DNS2 IDS

  16. Future Plans • Regular Saturday Team Meetings • Planned Meeting with Client • Final Presentation and Report • Summary of Findings • Recommendations

  17. Questions?

  18. Type of DOS Attacks • Bandwidth consumption • Resource starvation • Programming flaws • Router attacks • DNS attacks

  19. Examples of DOS Attacks • Network based DOS attack • ICMP traffics (PING, Echo flood) • SYN-flood • Windows NT Programming Flaw Attacks • Tools: TearDrop, OOB (port 139), Land, Ping of Death • Cisco Router Attacking Tools • Tool: Land

More Related