ISM6222 Exam 2
Bastion Host
- A system identified by the firewall administrator as a critical strong point in the network's security - Serves as a platform for an application-level or circuit-level gateway
Disadvantages of Application-Level Gateway
- Additional processing overhead on each connection
Scanning
- After recon - Looks for ways to break in - Relies on automated tools
Buffer Overflows
- Allows hacker to execute arbitrary commands - Take over system - Based on putting to much info than developers allocated for
Application-Level Gateway Firewall
- Also called proxy server - Acts as a relay of application-level traffic - Must be established to an allowable application in order to establish inside connection
Personal Cybersecurity Tips
- Always use multi-factor authentication - Don't reuse passwords (Use a password Manager) - Encrypt your hard drive - Patch your OS Software - Use a VPN when on a public network - Recognize emails are not encrypted by default - Recognize SMS aren't Encrypted - Look for Connected Apps on Email Accounts - Recognize Caller ID can be spoofed - Use a Hardware Firewall System at home - Use antivirus software
Gain Access
- Analyze buffer overflows - Crack passwords - Sniff data - Use netcat
Packet Filtering Firewall
- Applies a set of rules to each incoming IP packet and then forwards or discards packet - Filtered packets going in both directions - Set up as a list of rules - Two default policies (discard or forward)
Gained Access By
- Buffer overflow - Cracking password - Sniffing info - Use netcat
Checksum Utility
- Can confirm the fingerprints of any downloaded program - To confirm authentic program downloaded - Wireshark
Network Map (Part of the Scanning Phase)
- Develop a network map using cheopsng - Linux based, non-windows - Discovers network hosts, traces the network, and draws the network topography
Disadvantages of Packet Filtering
- Difficulty of setting up rules - Lack of authentication
Port Scanning Defenses
- Disable unneeded services - Use services control panel to disable services - Use firewalls
Sniffing Defenses
- Don't use telnet, rsh, rlogin - Use secure shell - Use VPN's (encrypt all data between systems)
Firewall Design Principles
- Firewall is inserted between the premise network and the internet - Establish a controlled link - Protect premise network from internet based attacks - Provide a single choke point
Sniffing Data
- Gather info transmitted across LAN - Hacker can display stolen data or log into file
Covering Tracks
- Hiding files and directories - NTFS supports file streaming (alternate data streams can be created to store data under an original file, , any number of streams can be attached with a file, doesn't show up in windows explorer)
Advantages of Application-Level Gateway
- Higher security than packet filters - Only needs to scrutinize a few allowable applications - Easy to log and audit all incoming traffic
Defenses for Buffer Overflows
- Implement non-executable system stack - Automated code examining tools
Defense Against Recon
- Keep registration up to date - Use organization contact name rather than individual contact info - Don't us OS type and functions in domain names - Use split DNS (external and internal DNS)
Password Cracking Tools
- L0phtCrack for windows - John the ripper
Goal of Scanning
- List of open ports - Map of target network - List of vulnerabilities on target network - Now the hacker can gain access
Defenses Against Application Trojan Horses
- Look for changes in the system (new registry keys, unexpected files) - Anti-virus tools can detect
Recon
- Low tech (social engineering, physical break-ins, dumpster diving) - Search the web - Retrieve useful information - Network tools (ping, DNS lookup, whois info, IP block registration for an organization, traceroute, crawl a website)
Screened-Subnet Firewall System
- Most secure configuration - Two-packet filtering routers are used - Creation of an isolated sub-network
"NotPetya" Attack in 2017
- On June 27, 2017, a suspected Russian threat actor launched a wide-scale attack against Ukraine - True intention was likely to disrupt business operations and impact the way of life in Ukraine - Threat actor compromised the systems of a major provider of tax software and pushed a malicious update
Phases of Hacking
- Reconnaissance - Scanning - Gaining Access - Maintaining Access - Covering Tracks
Advantages of Packet Filtering
- Simplicity - Transparency to users - High speed
Circuit-Level Gateway Firewall
- Stand alone system or specialized function performed by Application-Level Gateway - Sets up two TCP connections - The gateway typically relays TCP segments from one connection to the other without examining the contents - Security function determines which connections will be allowed - Typically use is a situation in which the system administrator trusts the internal users
Crack Passwords
- Steal from: - Crack it (Guess, encrypt, compare with the stolen file, run through a dictionary of common passwords, use automated tools)
Password Cracking Defenses
- Strong password policy - Password filtering s/w to verify complexity of s/w - Use token-based authentication
Do Not Use Telnet/FTP
- Telnet/FTP has inherent security weaknesses - No encryption - Password easily sniffed - Shut it down
Multifaceted Extortion
- The act of leveraging multiple technologies to coerce victims into paying money (Ex: theft of sensitive data, public shaming, physical intimidation)
NetCat
- Tool for hackers - Reads and writes data across networks -Can allow hackers to transfer files -Scan Ports -Create Backdoors -Create Relays (Bounce a connection between systems)
Dual Homed Bastion Host
- Traffic between the Internet andother hosts on the private network HAS to flow through the bastion host
Reverse WWW Shell
- Tunneling used to hide data - Using one protocol to carry another - ex. E-mail carries html - Carries commands over http - Data looks like web traffic
Nmap Port Scanner
- Type of scan (intense, pingm quick, traceroute) - Can generate packets based from decoys (makes finding the hacker more difficult) - OS detection: based on fingerprints - (any open port is a potential entry point for the hacker and this scanner is used to find these entry points)
Defenses Against Reverse WWW Shell
- Use intrusion detection systems - Use anti-virus tools - Know what should be running on each m/c (investigate strange processes)
Maintaining Access
- Utilize Trojan Horses and Backdoors - Application level trojan horses (fool user into installing s/w, attacker can remotely access and control victim m/c, can be used for legitimate remote administration purposes) - Examples: remote desktop, VNC, chrome remote desktop, netcat
Single Homed Bastion Host
-Consists of: -packet-filtering router -Bastion Host -Only packets to and from the bastion host are allowed to pass through the router
Advantages of Single Homed Bastion Host
-Greater Security (an intruder must penetrate the packet-level and application level) -affords flexibility in providing direct internet access
Advantages of Screened Subnet Firewall System
-Three levels of defense to thwart intruders -The outside router advertises only the existence of the screened subnet to theInternet (internal network is invisible to the Internet) -The inside router advertises only the existence of the screened subnet to the internal network (the systems on the inside network cannot construct direct routes to the Internet)
Evil Corp
A cybercriminal group from Russia distributed malware infecting computers around the world
Phase 5 Hacking
Covering Tracks
Firewall Characteristics
Design goals: - all traffic must pass through the firewall - Only authorized traffic is allowed to pass - Immune to penetration (use of trusted system with a secure operating system)
Phase 3 Hacking
Gain access
Phase 4 Hacking
Maintaining Access
Phase 1 Hacking
Recon
Maksim Yakubets
Russian computer expert and alleged computer hacker. He is alleged to have been a member of the Evil Corp, Jabber Zeus Crew, as well as the alleged leader of the Bugat malware conspiracy
Phase 2 Hacking
Scanning
