1 / 166

Welcome to All Participants

Welcome to All Participants. Prof NB Venkateswarlu HOD, IT, GVPCOE Visakhapatnam venkat_ritch@yahoo.com. Let Me first Congratulate all the Organizers. First, You may have to Excuse me!!. May be, I am the only odd man out!.

holli
Download Presentation

Welcome to All Participants

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Welcome to All Participants Prof NB Venkateswarlu HOD, IT, GVPCOE Visakhapatnam venkat_ritch@yahoo.com

  2. Let Me first Congratulate all the Organizers

  3. First, You may have to Excuse me!!. May be, I am the only odd man out!.

  4. However, I am helpless. My Talk is a last minute adjustment. Neverthless, I am sure you will Enjoy.

  5. Penetration Testing Tools: Linux Perspective

  6. What I am going to Cover? • Briefing general security threats SQL Injections Physhing DNS hacking SPAMS BOTNETS • Linux Security Aspects • CERT-In Initiation under Ministry of Information Technology, Govt of India.

  7. Most Noted Reasons • Buffer overflows • Format String problems • Integer Overflows • SQL Injections • Command Injection • Failure to handle errors • Cross-site scripting

  8. Most Noted Reasons - Cont • Failure to protect network traffic • Use of magic URL’s and hidden forms • Improper use of SSL • Use of weak password based systems • Failure to store and protect data securely • Information leakage • Trusting network address resolution

  9. Most Noted Reasons - Cont • Improper file access • Race conditions • Unauthorised key exchange • Failure to use cryptographically strng random numbers • Poor usability

  10. Defacement Statistics, Dec 2006

  11. Cyber Insurance – US Statistics • Premium Paid $100 millions • Claims Paid $14 millions

  12. How did he do it? Social Engineering Ex: Our Mumbai server is down. Please click the standby server

  13. SQL Injections Let us consider the following line in an ASP script Query=“select count(*) from users where UserName=‘” &userName&” ‘ and userPass=‘ “&password&”’”

  14. Let Username as Ram and password as ‘ or 1=1 – Now created SQL statement becomes: Select count(*) from users where userName=‘Ram’ and userPass=‘’ or 1=1 –’ Thus checks for empty password

  15. Similarly let username as: ‘having 1=1 – Dsiplays users.UserName is invalid indicating table name and attribute name

  16. Now username is ‘or users.userName like ‘admin%’ – Now he can login as Admin!!

  17. May give chance to run multiple SQL statements; For example username as: ‘or 1=1; drop table users; -- ‘; shutdown with nowait; -- May give chance to run extended scripts: ‘exec master .. Xp_cmdshell ‘iisreset’; --

  18. SQL Injection through URL

  19. Physhing & Pharming

  20. How Physhing works?

  21. Monitoring bounced emails, account activity, call volumes, password eqnuiries

  22. SPAMS • Search engines • Addresses posted in public areas such as USENET • Email directories, Yellow Pages • Readymade lists (for sale!) • Chat rooms • Bruteforce attacks

  23. Botenets

  24. DDOS Attack

  25. DDOS Attack

  26. Botnets

  27. How to tackle SPAMS • Content based filtering Pattern Matching Hash Matching Bayesian filtering • Source address based filtering

  28. Source Address Filtering • White lists • Block lists • Reputation analysis • Real time block hole lists • Challenge-Response

  29. How to STOP SPAM -Cont • SMTP server Implementing • Should not relay unauthorized mails • Separate ports for submission and relay • Implement client authentication • Disable SMTP commands like VRFY • Prevent remote mails to local groups • Define max no of receipients per message • Reject NULL sender identity • Digital signatures

  30. Educating People

  31. Disable cross-site scripts, stop injected scripts

  32. Mutual Authentication, Data destination block listing

  33. Use trusted path

  34. Password hashing, transaction authentication

  35. Induce delays especially in financial institutions

  36. DNS ATTACKS

  37. DNS Components of DNS • DNS Zones • DNS Name Space • Resource Records • Name Servers

More Related