|
Information Security Threats and Vulnerabilities
These notes on information security vulnerabilities are based on the
ISC
“Danger, Will Robinson, Danger” —robot in movie "Lost In Space"
|
|
|
Definitions: Risk = Threat X Vulnerability
|
|
Who They Are
|
Hackers congregate on the AntiCode site and Blackhat Conferences. |
Threats to Electronic Data
|
The Five Phases of Attack/Intrusion/Incursion
1. Outside Reconnaissance Probing 2. Penetration - Inside Reconnaissance 3. Escalate Priviledge - Gain Foothold and Pillage 4. Expand Influence - Exploit and Cleanup to cover tracks 5. Profit Network Reconnaissance of the footprint of the target system: Network enumeration - listing domain names and networks related to an organization from: Telecom devices (such as PhoneSweep) programmatically dial large banks of phone numbers, log valid data connections, attempt to identify the system on the other end of the phone, and optionally attempt logon by guessing common usernames and passphrases. DNS Interrogation - If zone transfers are enabled over a network, a hacker can intercept it. OS and Service Detection - Use NMAP from Phrack to determine what OS and services are active on a subnet. IP stack signatures reveal the vendors, each with their own vulnerabilities (exploitable bugs). The LSA secrets hack exploits reg key HKLM\Security\policy\secrets which stores cached credentials, web/ftp passwords, and the machine account password as well as service accts. References include http://razor.bindview.com/tools/desc/lsadump2_readme.html and HEW2K Stealing Passwords from Microsoft Operating Systems by Marcus H. Sachs March 14, 2001 Use techniques which do not harm target machines. Identify which machine names are alive with a ping sweep. Identify which services are available on each machine using a UDP/TCP port scan/strobe. Look for CGI scripts by walking through and capturing web pages. DNS zone transfer Identify which machines have NetBIOS vulnerabilities. Traditionally, attacks against Windows 2000 have been against the SMB service. More recently, is through IIS web service, installed by default.
| vulnerability AdvisoriesCERT from the Software Engineering Institute at the Carnegie Mellon University.NIST Security Guidelines BugNet and BugTraq report bugs and fixes. Securityfocus Neophsis Packetstorm NIPC (National Infrastructure Protection Center) setup mid 1998 by the FBI, publisher of Cybernotes CIAO Penetration Test ToolsTalisker's Network Security Tools is a very complete list. OpenSource security tools eg. nmap, snortArticlesSecurityFocusZDNet article: Denial-of-Service Attacks BooksComputer Security Basics (O'Reilly) by by Deborah Russell and G. T. Gangemi is a good introduction.Top Five Security Tools from Insecure.org
John D. Howard's dissertation for Carnegie Mellon Univ. on the extent of hacking over the Internet Computer Security Instituate surveys about Internet intrusions Mitre's academic concordance of names for Common Vulnerabilities and Exposures (CVE) Windows 2000 Security Little Black Book by Ian McLean Coriolis ISBN 1576103870 Subscribe to the free Information Security magazine bi-weekly eletter. Network Magazine offers occassional articles about infosec. WebWasher is a local proxy to IE filters webbugs. Book recommendation: The Blue Nowhere, a fast-paced cat-and-mouse detective novel that combines the tactics of crackers and homicide detectives against a wizard cracker turned murder. Lots of twists and turns. It's more believable than previous hacker video movies: War Games, Hackers, Sneakers. Figleaf offers security classes on Cold Fusion Cryptography and Network Security by William Stallings. Secret access code to the computer controls of the U.S. nuclear-tipped missile arsenal between 1968 and 1976 : 00000000 [Center for Defense Information (Washington)] — Harpers Index |
Related:
| Your first name: Your family name: Your location (city, country): Your Email address: |
Top of Page
Thank you! |