250 likes | 386 Views
Taking away the easy target…. Michael Warren, CISSP-ISSEP, CEH. Who Am I. Graduated from James Madison High School Member of the Texas A&M Corps of Cadets Active Duty Air Force Officer for 8 years Network Ops Security Center Crew Commander Information Warfare Aggressor
E N D
Taking away the easy target… Michael Warren, CISSP-ISSEP, CEH
Who Am I • Graduated from James Madison High School • Member of the Texas A&M Corps of Cadets • Active Duty Air Force Officer for 8 years • Network Ops Security Center Crew Commander • Information Warfare Aggressor • Texas ANG Officer for past ~2.5 years • Assist Active Duty in improving Cyber Tactics • Senior Consultant for Delta Risk LLC
Overview • Why I pick on my Grandma • Change the Password • Turn on the Firewall • Microsoft Update • Install Anti-Virus • Download and Run a Malware Scanner • Turn off Unused Services • Secure Web/Email Practices • Encrypt your valuables • Rebuild your system…as needed
Why I pick on my Grandma • Because my Grandma: • Buys a new computer • Plugs it directly into “The Internet” • Clicks on everything • Asks me to fix her computer that stopped working for the 15th time Fake Anti-Virus Program for Macs, called SCAREWARE
Why I pick on my Grandma (cont.) Grandma’s box is now known as an agent, zombie, or a bot. A hacker who controls many unwitting hosts is called a Bot Herder. A collection of bots is called a botnet. BotNetscan perform many functions: • Spamming • Spreading malware • Impersonating large numbers of “individuals” (e.g., for online polls, fraudulent advertising “clicks”, etc) • Distributed Denial of Service (DDos) - DoSattacks which originate from multiple sources
BotNets Bot Herder Establishes a Presence
BotNets Bot Herder Creates a Delivery System - Delivers “BotNet” Payload to Hosts
BotNets • Bot Herder Creates DNS Control Server • Issues Commands to Bots • Receives Data From Bots
BotNets • Bot Herder Identifies Candidate Hosts • Sends Baited Email to Hosts • Hosts Download Bot Malware from Server • Hosts Become Zombies
BotNets 01 01 01 01 • Bot Herder Identifies Target • Issues Command via Control Server • Zombies Receive Command from Server • Zombies Locate Target • Zombies Report Back to Server
Denial of Service – BotNets Grandma’s Box 01 01 01 01 • Bot Herder Launches Attack at Target • Issues Command via Control Server • Zombies Attack Target • Bot Herder Issues Stop Command
Change the PASSWORD!!!! • Default Passwords • If you know it, everyone else does too • Linksys, Netgear, iPhone, etc. • Windows 2000 and XP installed with 500 account named: • Administrator with No Password • Dictionary Words • If its found in the book…see above • They don’t call it a dictionary attack for nothing • Keyboard Progressions • Everyone’s doing it, its now in the book…see above • Very long phrase with no spaces, 14 characters with character substitutions, upper and lower case $umm3rT1m31$H3r3!
Turn on the Firewall Host based vs Network based • Network Based Firewall protects an entire enterprise network… … or your home network. • Host Based Firewall protects a single computer • Starting with Windows XP Service Pack 2 all new OS’es had their own host based firewall • Unix/Linux has had IPTables • Macs don’t need firewalls, joking see slide 4 Don’t talk to strangers, unless you started the conversation • Stateful packet inspection Ensure you put exceptions in to allow remote management of the host…if needed
Check for Updates • Operating System • Usually updates once a month (patch Tuesday) • Applications • If Adobe or Java, twice daily (not really, but it feels like it) • Hardware Drivers • Fastest way to SYSTEM level access, updates are usually not automated
Install an Anti-Virus Program Scans file-system for “known” bads • Keep the Virus Database/Signatures up to date • You are only protect from what you know Only install one, they usually don’t play well with others • Anti-Virus programs “hook” certain OS function calls, installing more than one may brick your OS
Run an Anti-Malware Program • Anti-Virus doesn’t catch everything • Products like: • Spybot - Search and Destroy • Malwarebytes • Super Anti-Spyware Scanner • AdWare SE …. helps protect against other forms of Spyware, Adware, and Scareware that AV doesn’t always check for • Usually ran as a manual scan, with some products providing Real-time Registry Protection (Spybot – TeaTimer) • Available from Microsoft: • Windows Defender • Malicious Software Removal Tool
Turn off Unused Services • Build your system with the concept of Least Functionality in mind • …if you don’t need it, don’t run it! • Windows 7 – Windows Media Player Network Sharing Service • “I’ve found a new media share, would you like me to share your music with host H@x0r” – no thank you • Skype will listen on ports 80 and 443 • It did this to help you, now you’re a webserver
Turn off Unused Services (cont.) • Turn off unused services: • Run: services.msc • Sort list by status (click the status column) • Review all services that are “started” • Stop any service you feel is not required – careful what you turn off • Ensure “Remote Registry” is off and set to manual • From the command line • C:\net start –Lists running services • C:\net stop “server” – Stops the named service • Look for connected hosts • C:\netstat –ano | find /I “established” • Kill associated process (must have admin privs) • C:\tasklist /FI "PID eq 3342" • C:\taskkill /F /PID 3342 • The PID is the last number on the right from the netstat output
Use Encrypted Management Protocols Abandon FTP and Telnet from the start Where possible use SSH version 2 or 3 for remote management – learn your command line syntax • If you need to copy files us Secure FTP or Secure Copy (SCP) • In Windows, installing the Putty tool suite will get you a GUI SSH client • WinSCP for Windows Secure Copy
Secure Web/Email Practices • Use HTTPS when logging into a website and/or viewing webmail, especially at the airport or on the road • Never use the same password for your online accounts: • Email, Facebook, Banking, Buying, Playstation Network….. Phishing Protection • Never open unsolicited email, if you do ensure your email client is set to not render images when opening • If you must visit a link from an email, always copy and paste the link, especially if the email is HTML based • You never know what's hiding in the code
Encrypt Your Valuables • Encrypt your data at rest • Truecrypt – creates an encrypted “partition” • Ironkey – Encrypted USB key with “cloud” services • If hacker does get on your box, don’t leave your valuables lying around for them • If you create a document with all your passwords in it, encrypt it!!!
Create a Non-Admin Account • Last steps once your box is secure: • Create a Non-Administrator account for each user of the system • Use the Non-Administrator account you just created • Don’t browse the internet with an administrator account • Just asking for trouble
Rebuild as needed • If your installed security services alert you to malicious activity on your computer….be prepared to rebuild from a known good source • Windows backup….could be infected • Windows source disk….very unlikely to be infected…if original disk
What We Talked About • Help those like my Grandma • Change the default password • Run a firewall, anti-virus, and anti-malware • Turn off unused services • Use encrypted management protocols • If its important, encrypt it • Create a Non-Admin account for everyday use