Final presentation of IT security project

December 7, 2011

Security test and implementation

of terminal computer

Authors:Armandas Rokas

Andrius SinkeviciusEdvinas Butenas

Overview Background story Break­in attacks Risk determination and security control recommendations 

for break­in attacks Network attacks Risk determination and security control recommendations 

for network attacks Security solutions Questions?

Background story

XpUnlimited.LT company Software works on all previous Windows OS`s Try the security of terminal server  Built fully protected ( included network security)

Network diagram

System characterization

Hardware: Acer , i3, 4GB RAM gt320 1GB video

Software: Windows 7 Ultimate SP1 32­bit/Windows Xp SP3 

with XPUnlimited

Data: Pictures, Sensitive Documents.

System characterization

System interfaces S­ATA2, USB, 802.11b/g/n, HDMI, VGA, Ethernet.

Users Administrator, Remote Users.

Services running Printer, Web Server (IP Consult HTTP server), 

Remotes Desktops, Internal Database For ERP.

Control analysis

Os Security Policies Local Access Policies System Backup Firewall Policies

Break-in attacks

Exploit (Infection with key logger)

Exploited by executing file on victims machine File with payload Meterpreter command line Key log:

On Windows 7 only affectedonly affected user On Windows Xp allall user

Mail infection

External attack Attack was made from BackTrack 5 to infect the 

Terminal thin client server with Windows 7 operating system.

Exploit which let me break in to victim computer when he got the infected message to his mail box.

Example

Some details

reverse_tcp payload.  local port 4444(it is vulnerable port) to create active 

server which listening when victim click on message.

After victim activate the payload included into message I open meterpreter.

Human Threats

Threat-Source Motivation Threat Action

Computer Criminal Monetary Gain-my credit card info

Computer CrimeFraudulent Act

Hacker, Cracker Challenge, Ego Hacking, Social Engineering, System Intrusion, Unauthorized System Access.

User NegligenceIdiocy

Spill Fluids on SystemDrop System

Vulnerability Identification

Vulnerability Threat-Source Threat Action

Outdated Software Hacker, Cracker, Computer Criminal.

System File Loss, Unauthorized System Accesses.

Misconfigured System Users, Computer Criminal. Hacker, Cracker.

System Files Loss, System Failure

Absence Of Security Software

Hacker, Cracker, Computer Criminal.

System Files Loss, System Failure.

Likelihood Determination

Threat-Source Vulnerability Likelihood

Hacker, Cracker, Computer Criminal.

Outdated Software Medium

Users, Computer Criminal.

Misconfigured System Medium

Hacker, Cracker, Computer Criminal.

Absence Of Security Software

High

Impact Analysis

Threat-Source Loss of Integrity

Loss of Availability

Loss of Confidentiality

Hacker, Cracker.

None High High

Computer Criminal.

None High High

Users Low Low Low

Likelihood, Impact Analysis & Risk

Vulnerability Threat - Source

Likelihood Impact Risk

Outdated Software

Hacker, Cracker, Computer Criminal.

Medium Medium Medium

Misconfigured System

Users, Computer Criminal. Hacker, Cracker.

High High High

Absence Of Security Software

Hacker, Cracker, Computer Criminal.

High Medium Medium

Control Recommendations

Risk Risk Level

Recommended Controls Activity Priority

Outdated Software Medium Regularly Updating Software. Medium

Misconfigured System

High Hire Qualified Specialists. High

Absence Of Security Software

Medium Install legally IPS & IDS. Medium

Network attacks

ARP - Man in the middle attack

After I broke in through Metasploit exploit to victim pc I try do more harm to him.

I use ARP protocol vulnerability, with which you are invisible, but same time making damage to victim.

With fake arpsoof regues and response package sending I make MITM “Man In The Middle” attack.  

After that I get full information float from router and my selected other computer.

In that information are included logins, emails other sensitive information.

Victim become full infected, he needs get out of this situation and prevent for another time.

• Used tools:   Bactrack5 network penetration OS within   Ettercap ­  tool for man­in­the­midlle attack.• Goal:     Make the terminal server unavailable to its intended users

Dos attack

DoS

TS before DoS attack

TS after DoS attack

Human Threats

Threat-Source Motivation Threat Action

Computer Criminal Monetary Gain-my credit card info

Computer CrimeFraudulent Act

Hacker, Cracker Challenge, Ego Hacking, Social Engineering, System Intrusion, Unauthorized System Access.

Competitors Injure Company Stability. Compromise Network work.

Economic Exploitation, System Penetration, Spoofing/Sniffing of Network. Run Of Company Data.

Vulnerability Identification

Vulnerability Threat-Source Threat Action

Absence Of System Security

Hacker, Cracker CompetitorsComputer Criminal

System Failure, Connection Damage, Information Conversion.

Likelihood Determination

Threat-Source Vulnerability Likelihood

Hacker, Cracker CompetitorsComputer Criminal

Absence Of System Security

Medium

Impact Analysis

Threat-Source Loss of Integrity

Loss of Availability

Loss of Confidentiality

Hacker, Cracker.

None High High

Computer Criminal.

None High High

Competitors Medium High High

Likelihood, Impact Analysis & Risk

Vulnerability Threat - Source

Likelihood Impact Risk

Absence Of System Security

Hacker, Cracker CompetitorsComputer Criminal

Medium High Medium

Control Recommendations

Risk Risk Level

Recommended Controls Activity Priority

Absence Of System Security

Medium Install legally IPS & IDS. Implement encryption. Users Access Control.

High

Security solutions

User groups:• Administrative Users group – privileges to 

configure terminal server• Remote Desktop Users group – privileges only to 

connect remote desktop without possibility to configure it.

• All users including administrator have credentials to login the services, no password less connection available.

Terminal server security configuration

• The users can use only specified applications by the system administrator. 

•  Not active user sessions are terminated according time limit.

• Applications that can be started by other application are not visible to user.

• User attempt to open not assigned application are restricted by  pop­out message that user have not privilege to open it.

Application control for users

Anti-virus

Implement security antivirus, which gives you updated database and protect from intruders.

Shut down any untruthful connection. Scanning web pages, your downloads. Made with reliable Firewall. Security isn’t about blocking malicious actions, it’s about 

keeping your data safe, so arrange the reliable Encryption software.

Users to upload viruses for future updates. #1 Bitdefender

Security against network attacks

● IPS&IDS● Snort

● Firewall● Ipcop APF (Advanced Policy Firewall) from rfxnetworks

● Optional expensive solutions● Cisco router● Paid firewall

Questions?