Extranet for security professionals intrusion scenarios
Download
1 / 19

Extranet for Security Professionals Intrusion Scenarios - PowerPoint PPT Presentation


  • 144 Views
  • Updated On :

Extranet for Security Professionals Intrusion Scenarios. Heather T. Kowalski Tong Xu Ying Hao Hui Huang Bill Halpin Nov. 14, 2000. Preview. Review of Project Progress Accomplishments Current Status What We Have Learned Today’s Focus: Intrusion Scenarios Future Steps . Review.

Related searches for Extranet for Security Professionals Intrusion Scenarios

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Extranet for Security Professionals Intrusion Scenarios' - bryce


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Extranet for security professionals intrusion scenarios l.jpg

Extranet for Security ProfessionalsIntrusion Scenarios

Heather T. Kowalski

Tong Xu

Ying Hao

Hui Huang

Bill Halpin

Nov. 14, 2000


Preview l.jpg
Preview

  • Review of Project Progress

    • Accomplishments

    • Current Status

    • What We Have Learned

  • Today’s Focus: Intrusion Scenarios

  • Future Steps


Review l.jpg
Review

  • Business Mission

    • Central Repository of Security Information

    • Central Location for Information Sharing

    • Secure Environment, Manageable Resource

  • System Architecture

    • Essential Services/Assets

    • Normal Usage Scenarios


Slide4 l.jpg

Primary Users

DNS

RedHat 6.2

Router (FW1)

Cisco 7200

128.237.144.1

Client WorkStation

IPchains

IDS-1

Windows NT 4.0 (SP6)

Hot Fixes

Firewall-2

Windows NT 4.0 (SP6)

Hot Fixes

IDS-2

Windows NT 4.0 (SP6)

Hot Fixes

RealSecure 3.2

RealSecure 3.2

Guardian

Pro V5

Web Server

Windows NT 4.0 (SP6), Hot Fixes

NES 3.63

Cold Fusion

4.5.1

DNS

RedHat 6.2

Database

IPchains

ActiveState

Perl 5.5

Tripwire

2.2.1

Visual FoxPro


Attackers vs legitimate users l.jpg

Recreational/Casual Hackers

Disgruntled Employee

Organized Criminal Groups

Nation/State

ESP User

VSO & CR Owners

Site Manager

Organizational Manager

Site Administrator

Attackers vs. Legitimate Users


Objectives of attacks l.jpg
Objectives of Attacks

  • Embarrassment of the Target Organization

  • Embarrassment of the Target User

  • Financial Gain by Selling Acquired Information

  • Improve Hacking Skill Set

  • Fun/Vanity

  • Publicity


Attacker profile recreational casual hacker l.jpg
Attacker Profile: Recreational/Casual Hacker

  • Resources: none or limited

  • Time: depends on opportunity

  • Tools: free/cheap and readily available tools

  • Risk attitude: unaware of consequences and risks

  • Access: from outside network

  • Objective: fun, vanity, skill test, or none

  • Damage: limited


Attacker profile disgruntled employee l.jpg
Attacker Profile: Disgruntled Employee

  • Resources: enough to create a significant attack

  • Time: depends on malice

  • Risk Attitude: strongly risk averse

  • Access: from inside

  • Objectives:

    • Revenge through embarrassment

    • Financial gain


Attackers profile organized entity l.jpg
Attackers Profile: Organized Entity

  • Who: organized criminals, fanatics, enemy nations/states, etc

  • Resources and Time: unlimited

  • Risk Attitude: genuine risk seeker

  • Access: external or internal

  • Objectives: Publicity!!! Real Damage!!!


Potential attack pattern l.jpg
Potential Attack Pattern

  • Attack as User

    • Gain the illegal access as end user

    • Gain the illegal access as system administrator

  • Attack on Component

    • Disable or slow down the process ability of a component

  • Attack on Application

    • Induce system crash

    • Induce service failure

    • Induce assets damage


Compromisable components l.jpg

Route

DNS

Firewall

Web Server

Database

IDS

Sniffing, Scans, Enumeration, Malicious Code, Flooding

Malicious Code, Buffer Overflow

Time, Planning, Buffer Overflow, Password

Compromisable Components


More facts l.jpg
More Facts

  • No intrusion in ESP has been reported since date of establishment

  • ESP has strong physical security

    • Multi-layer protection

    • Dedicated room

    • Only few have physical access

  • Other protective efforts

    • Regular reconfiguration of firewall (once/ per month)

    • Virus signature files are updated daily


Slide13 l.jpg

Recreational

Hacker

Router

(FW1)

Firewall-2

IDS

DNS1

Database

Web Server

DNS2

IDS


Slide14 l.jpg

Compromised

User Workstation

Router

(FW1)

Firewall-2

IDS

DNS1

Database

Web Server

DNS2

IDS


Slide15 l.jpg

Router

(FW1)

Firewall-2

IDS

DNS1

Admin Console

Database

Web Server

DNS2

IDS


Future plans l.jpg
Future Plans

  • Regular Saturday Team Meetings

  • Planned Meeting with Client

  • Final Presentation and Report

    • Summary of Findings

    • Recommendations



Type of dos attacks l.jpg
Type of DOS Attacks

  • Bandwidth consumption

  • Resource starvation

  • Programming flaws

  • Router attacks

  • DNS attacks


Examples of dos attacks l.jpg
Examples of DOS Attacks

  • Network based DOS attack

    • ICMP traffics (PING, Echo flood)

    • SYN-flood

  • Windows NT Programming Flaw Attacks

    • Tools: TearDrop, OOB (port 139), Land, Ping of Death

  • Cisco Router Attacking Tools

    • Tool: Land


ad