the ethical hackeraccessola2.com/images/olita/paulstillwell.pdf · 2017-09-15 · 10 network...
TRANSCRIPT
![Page 1: The Ethical Hackeraccessola2.com/images/olita/PaulStillwell.pdf · 2017-09-15 · 10 Network Solutions Technical Contact: Wilf, Gonen (GWA129) gonenw@CHECKPOINT.COM Check Point Software](https://reader035.vdocuments.us/reader035/viewer/2022080720/5f7a14c28dbcf324806e99d7/html5/thumbnails/1.jpg)
The Ethical Hacker
Paul Stillwell
![Page 2: The Ethical Hackeraccessola2.com/images/olita/PaulStillwell.pdf · 2017-09-15 · 10 Network Solutions Technical Contact: Wilf, Gonen (GWA129) gonenw@CHECKPOINT.COM Check Point Software](https://reader035.vdocuments.us/reader035/viewer/2022080720/5f7a14c28dbcf324806e99d7/html5/thumbnails/2.jpg)
2
Introduction
● Paul Stillwell● GCIA – GIAC Certified Intrusion Analyst● 16 Years of IT Experience● 8 Years designing and implementing large scale
Network Security Architectures
![Page 3: The Ethical Hackeraccessola2.com/images/olita/PaulStillwell.pdf · 2017-09-15 · 10 Network Solutions Technical Contact: Wilf, Gonen (GWA129) gonenw@CHECKPOINT.COM Check Point Software](https://reader035.vdocuments.us/reader035/viewer/2022080720/5f7a14c28dbcf324806e99d7/html5/thumbnails/3.jpg)
3
Outline
● Are YOU Aware?● Security Truths and Fallacies● A Little Healthy Paranoia (goes a long way :)
● Security Components● Bringing It All Together
![Page 4: The Ethical Hackeraccessola2.com/images/olita/PaulStillwell.pdf · 2017-09-15 · 10 Network Solutions Technical Contact: Wilf, Gonen (GWA129) gonenw@CHECKPOINT.COM Check Point Software](https://reader035.vdocuments.us/reader035/viewer/2022080720/5f7a14c28dbcf324806e99d7/html5/thumbnails/4.jpg)
4
Where Do We Start?
● Easily Accessible Public Information● The Telephone Book● Business Cards
– Email Addresses– Domain Names– Telephone Exchanges– Rank Within The Company
● Public Financial Statements
![Page 5: The Ethical Hackeraccessola2.com/images/olita/PaulStillwell.pdf · 2017-09-15 · 10 Network Solutions Technical Contact: Wilf, Gonen (GWA129) gonenw@CHECKPOINT.COM Check Point Software](https://reader035.vdocuments.us/reader035/viewer/2022080720/5f7a14c28dbcf324806e99d7/html5/thumbnails/5.jpg)
5
Step 1● The Internet
– Domain Name– SamSpade.org– Network Solutions Inc.– ARIN – The American Registry of Internet
Numbers– APNIC – Asia Pacific Network Information Centre– Ripe NCC – Reseaux IP Europeens Network
Coordination Centre
![Page 6: The Ethical Hackeraccessola2.com/images/olita/PaulStillwell.pdf · 2017-09-15 · 10 Network Solutions Technical Contact: Wilf, Gonen (GWA129) gonenw@CHECKPOINT.COM Check Point Software](https://reader035.vdocuments.us/reader035/viewer/2022080720/5f7a14c28dbcf324806e99d7/html5/thumbnails/6.jpg)
6
![Page 7: The Ethical Hackeraccessola2.com/images/olita/PaulStillwell.pdf · 2017-09-15 · 10 Network Solutions Technical Contact: Wilf, Gonen (GWA129) gonenw@CHECKPOINT.COM Check Point Software](https://reader035.vdocuments.us/reader035/viewer/2022080720/5f7a14c28dbcf324806e99d7/html5/thumbnails/7.jpg)
7
![Page 8: The Ethical Hackeraccessola2.com/images/olita/PaulStillwell.pdf · 2017-09-15 · 10 Network Solutions Technical Contact: Wilf, Gonen (GWA129) gonenw@CHECKPOINT.COM Check Point Software](https://reader035.vdocuments.us/reader035/viewer/2022080720/5f7a14c28dbcf324806e99d7/html5/thumbnails/8.jpg)
8
![Page 9: The Ethical Hackeraccessola2.com/images/olita/PaulStillwell.pdf · 2017-09-15 · 10 Network Solutions Technical Contact: Wilf, Gonen (GWA129) gonenw@CHECKPOINT.COM Check Point Software](https://reader035.vdocuments.us/reader035/viewer/2022080720/5f7a14c28dbcf324806e99d7/html5/thumbnails/9.jpg)
9
Network SolutionsRegistrant:Check Point Software Technologies (CHECKPOINTDOM) 3A Jabotinsky St. RamatGan, 52520 ISRAEL
Domain Name: CHECKPOINT.COM
Administrative Contact: Dragojevic, Miroslav (FSNVZACZUI) [email protected] Check Point Software Technologies Inc. 3 Lagoon Drive Redwood City, CA 94065 US 6506282026 6506544233
![Page 10: The Ethical Hackeraccessola2.com/images/olita/PaulStillwell.pdf · 2017-09-15 · 10 Network Solutions Technical Contact: Wilf, Gonen (GWA129) gonenw@CHECKPOINT.COM Check Point Software](https://reader035.vdocuments.us/reader035/viewer/2022080720/5f7a14c28dbcf324806e99d7/html5/thumbnails/10.jpg)
10
Network Solutions
Technical Contact: Wilf, Gonen (GWA129) [email protected] Check Point Software Technologies Ltd. 3A Jabotinsky St. RamatGan, 52520 IL +97237534555 (FAX) +97235759256
Record expires on 30Mar2007. Record created on 29Mar1994. Database last updated on 12Sep2002 21:34:40 EDT.
Domain servers in listed order:
NS.CHECKPOINT.COM 199.203.73.197 NS2.CHECKPOINT.COM 206.184.151.195 NS3.CHECKPOINT.COM 204.156.136.26
![Page 11: The Ethical Hackeraccessola2.com/images/olita/PaulStillwell.pdf · 2017-09-15 · 10 Network Solutions Technical Contact: Wilf, Gonen (GWA129) gonenw@CHECKPOINT.COM Check Point Software](https://reader035.vdocuments.us/reader035/viewer/2022080720/5f7a14c28dbcf324806e99d7/html5/thumbnails/11.jpg)
11
![Page 12: The Ethical Hackeraccessola2.com/images/olita/PaulStillwell.pdf · 2017-09-15 · 10 Network Solutions Technical Contact: Wilf, Gonen (GWA129) gonenw@CHECKPOINT.COM Check Point Software](https://reader035.vdocuments.us/reader035/viewer/2022080720/5f7a14c28dbcf324806e99d7/html5/thumbnails/12.jpg)
12
![Page 13: The Ethical Hackeraccessola2.com/images/olita/PaulStillwell.pdf · 2017-09-15 · 10 Network Solutions Technical Contact: Wilf, Gonen (GWA129) gonenw@CHECKPOINT.COM Check Point Software](https://reader035.vdocuments.us/reader035/viewer/2022080720/5f7a14c28dbcf324806e99d7/html5/thumbnails/13.jpg)
13
ARIN Whois
Search results for: 199.203.73.197
Elron Technologies ELRONCBLK1 (NET199203001)
199.203.0.0 199.203.255.255
Checkpoint Software Technologies NVCHECKPOINT (NET1992037301)
199.203.73.0 199.203.73.255
# ARIN Whois database, last updated 20020911 19:05
# Enter ? for additional hints on searching ARIN's Whois database.
![Page 14: The Ethical Hackeraccessola2.com/images/olita/PaulStillwell.pdf · 2017-09-15 · 10 Network Solutions Technical Contact: Wilf, Gonen (GWA129) gonenw@CHECKPOINT.COM Check Point Software](https://reader035.vdocuments.us/reader035/viewer/2022080720/5f7a14c28dbcf324806e99d7/html5/thumbnails/14.jpg)
14
Arin Whois Search results for: 206.184.151.195OrgName: Verio, Inc.OrgID: VRIONetRange: 206.184.0.0 206.184.255.255CIDR: 206.184.0.0/16NetName: VRIO206184NetHandle: NET206184001Parent: NET2060000NetType: Direct AllocationNameServer: NS0.VERIO.NETNameServer: NS1.VERIO.NETNameServer: NS2.VERIO.NETComment: ******************************************** Reassignment information for this block is available at rwhois.verio.net port 4321 ********************************************RegDate: 20001115Updated: 20010926TechHandle: VIA4ORGARINTechName: Verio, Inc.TechPhone: +13036451900TechEmail: [email protected]# ARIN Whois database, last updated 20020911 19:05# Enter ? for additional hints on searching ARIN's Whois database.
![Page 15: The Ethical Hackeraccessola2.com/images/olita/PaulStillwell.pdf · 2017-09-15 · 10 Network Solutions Technical Contact: Wilf, Gonen (GWA129) gonenw@CHECKPOINT.COM Check Point Software](https://reader035.vdocuments.us/reader035/viewer/2022080720/5f7a14c28dbcf324806e99d7/html5/thumbnails/15.jpg)
15
Domain Name Servicedigckpoint.com;; global options: printcmd;; Got answer:;; >>HEADER<< opcode: QUERY, status: NOERROR, id: 40908;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3
;; QUESTION SECTION:;checkpoint.com. IN A
;; ANSWER SECTION:checkpoint.com. 172769 IN A 206.86.35.130
;; AUTHORITY SECTION:checkpoint.com. 172769 IN NS NS2.checkpoint.com.checkpoint.com. 172769 IN NS NS3.checkpoint.com.checkpoint.com. 172769 IN NS NS.checkpoint.com.
;; ADDITIONAL SECTION:NS.checkpoint.com. 172769 IN A 199.203.73.197NS2.checkpoint.com. 172769 IN A 206.184.151.195NS3.checkpoint.com. 172769 IN A 204.156.136.26
;; Query time: 39 msec;; SERVER: 192.168.244.2#53(192.168.244.2);; WHEN: Thu Sep 12 21:45:51 2002;; MSG SIZE rcvd: 149
![Page 16: The Ethical Hackeraccessola2.com/images/olita/PaulStillwell.pdf · 2017-09-15 · 10 Network Solutions Technical Contact: Wilf, Gonen (GWA129) gonenw@CHECKPOINT.COM Check Point Software](https://reader035.vdocuments.us/reader035/viewer/2022080720/5f7a14c28dbcf324806e99d7/html5/thumbnails/16.jpg)
16
Domain Name Service
Dig checkpoint.com mxmx1.us.checkpoint.com. 86400 IN A 204.156.136.26mx2.us.checkpoint.com. 86400 IN A 206.184.151.195
![Page 17: The Ethical Hackeraccessola2.com/images/olita/PaulStillwell.pdf · 2017-09-15 · 10 Network Solutions Technical Contact: Wilf, Gonen (GWA129) gonenw@CHECKPOINT.COM Check Point Software](https://reader035.vdocuments.us/reader035/viewer/2022080720/5f7a14c28dbcf324806e99d7/html5/thumbnails/17.jpg)
17
Step 2 – Telnet, A Hacking Tool?
[paul@Pluto paul]$ telnet mx1.checkpoint.com 25
Trying 199.203.73.197...
Connected to mx1.checkpoint.com.
Escape character is '̂]'.
220 cale.checkpoint.com ESMTP Sendmail Fri, 13 Sep 2002 03:49:12 +0200 (IST) Check Point Welcomes!
helo
501 5.0.0 helo requires domain address
helo cyberklix.com
250 cale.checkpoint.com Hello CPE012059940726.cpe.net.cable.rogers.com [24.101.166.122] (may be forged), pleased to meet you
![Page 18: The Ethical Hackeraccessola2.com/images/olita/PaulStillwell.pdf · 2017-09-15 · 10 Network Solutions Technical Contact: Wilf, Gonen (GWA129) gonenw@CHECKPOINT.COM Check Point Software](https://reader035.vdocuments.us/reader035/viewer/2022080720/5f7a14c28dbcf324806e99d7/html5/thumbnails/18.jpg)
18
Telnet
telnet www.microsoft.com 80
Trying 207.46.197.102...
Connected to www.microsoft.com.
Escape character is '̂]'.
get
HTTP/1.1 400 Bad Request
ContentType: text/html
Server: MicrosoftIIS/6.0
Date: Fri, 13 Sep 2002 01:55:13 GMT
Connection: close
ContentLength: 35
<h1>Bad Request (Invalid Verb)</h1>Connection closed by foreign host.
![Page 19: The Ethical Hackeraccessola2.com/images/olita/PaulStillwell.pdf · 2017-09-15 · 10 Network Solutions Technical Contact: Wilf, Gonen (GWA129) gonenw@CHECKPOINT.COM Check Point Software](https://reader035.vdocuments.us/reader035/viewer/2022080720/5f7a14c28dbcf324806e99d7/html5/thumbnails/19.jpg)
19
![Page 20: The Ethical Hackeraccessola2.com/images/olita/PaulStillwell.pdf · 2017-09-15 · 10 Network Solutions Technical Contact: Wilf, Gonen (GWA129) gonenw@CHECKPOINT.COM Check Point Software](https://reader035.vdocuments.us/reader035/viewer/2022080720/5f7a14c28dbcf324806e99d7/html5/thumbnails/20.jpg)
20
![Page 21: The Ethical Hackeraccessola2.com/images/olita/PaulStillwell.pdf · 2017-09-15 · 10 Network Solutions Technical Contact: Wilf, Gonen (GWA129) gonenw@CHECKPOINT.COM Check Point Software](https://reader035.vdocuments.us/reader035/viewer/2022080720/5f7a14c28dbcf324806e99d7/html5/thumbnails/21.jpg)
21
![Page 22: The Ethical Hackeraccessola2.com/images/olita/PaulStillwell.pdf · 2017-09-15 · 10 Network Solutions Technical Contact: Wilf, Gonen (GWA129) gonenw@CHECKPOINT.COM Check Point Software](https://reader035.vdocuments.us/reader035/viewer/2022080720/5f7a14c28dbcf324806e99d7/html5/thumbnails/22.jpg)
22
![Page 23: The Ethical Hackeraccessola2.com/images/olita/PaulStillwell.pdf · 2017-09-15 · 10 Network Solutions Technical Contact: Wilf, Gonen (GWA129) gonenw@CHECKPOINT.COM Check Point Software](https://reader035.vdocuments.us/reader035/viewer/2022080720/5f7a14c28dbcf324806e99d7/html5/thumbnails/23.jpg)
23
![Page 24: The Ethical Hackeraccessola2.com/images/olita/PaulStillwell.pdf · 2017-09-15 · 10 Network Solutions Technical Contact: Wilf, Gonen (GWA129) gonenw@CHECKPOINT.COM Check Point Software](https://reader035.vdocuments.us/reader035/viewer/2022080720/5f7a14c28dbcf324806e99d7/html5/thumbnails/24.jpg)
24
Step 3 – Google, A Hacking Tool?
![Page 25: The Ethical Hackeraccessola2.com/images/olita/PaulStillwell.pdf · 2017-09-15 · 10 Network Solutions Technical Contact: Wilf, Gonen (GWA129) gonenw@CHECKPOINT.COM Check Point Software](https://reader035.vdocuments.us/reader035/viewer/2022080720/5f7a14c28dbcf324806e99d7/html5/thumbnails/25.jpg)
25
![Page 26: The Ethical Hackeraccessola2.com/images/olita/PaulStillwell.pdf · 2017-09-15 · 10 Network Solutions Technical Contact: Wilf, Gonen (GWA129) gonenw@CHECKPOINT.COM Check Point Software](https://reader035.vdocuments.us/reader035/viewer/2022080720/5f7a14c28dbcf324806e99d7/html5/thumbnails/26.jpg)
26
![Page 27: The Ethical Hackeraccessola2.com/images/olita/PaulStillwell.pdf · 2017-09-15 · 10 Network Solutions Technical Contact: Wilf, Gonen (GWA129) gonenw@CHECKPOINT.COM Check Point Software](https://reader035.vdocuments.us/reader035/viewer/2022080720/5f7a14c28dbcf324806e99d7/html5/thumbnails/27.jpg)
27
Fallacies
● Hacking Is Hard– Code Kiddies or Script Kiddies
![Page 28: The Ethical Hackeraccessola2.com/images/olita/PaulStillwell.pdf · 2017-09-15 · 10 Network Solutions Technical Contact: Wilf, Gonen (GWA129) gonenw@CHECKPOINT.COM Check Point Software](https://reader035.vdocuments.us/reader035/viewer/2022080720/5f7a14c28dbcf324806e99d7/html5/thumbnails/28.jpg)
28
![Page 29: The Ethical Hackeraccessola2.com/images/olita/PaulStillwell.pdf · 2017-09-15 · 10 Network Solutions Technical Contact: Wilf, Gonen (GWA129) gonenw@CHECKPOINT.COM Check Point Software](https://reader035.vdocuments.us/reader035/viewer/2022080720/5f7a14c28dbcf324806e99d7/html5/thumbnails/29.jpg)
29
![Page 30: The Ethical Hackeraccessola2.com/images/olita/PaulStillwell.pdf · 2017-09-15 · 10 Network Solutions Technical Contact: Wilf, Gonen (GWA129) gonenw@CHECKPOINT.COM Check Point Software](https://reader035.vdocuments.us/reader035/viewer/2022080720/5f7a14c28dbcf324806e99d7/html5/thumbnails/30.jpg)
30
Fallacies
● Hacking Is Hard– Code Kiddies or Script Kiddies
● It Won’ t Happen To Me
![Page 31: The Ethical Hackeraccessola2.com/images/olita/PaulStillwell.pdf · 2017-09-15 · 10 Network Solutions Technical Contact: Wilf, Gonen (GWA129) gonenw@CHECKPOINT.COM Check Point Software](https://reader035.vdocuments.us/reader035/viewer/2022080720/5f7a14c28dbcf324806e99d7/html5/thumbnails/31.jpg)
31
September, 2002
![Page 32: The Ethical Hackeraccessola2.com/images/olita/PaulStillwell.pdf · 2017-09-15 · 10 Network Solutions Technical Contact: Wilf, Gonen (GWA129) gonenw@CHECKPOINT.COM Check Point Software](https://reader035.vdocuments.us/reader035/viewer/2022080720/5f7a14c28dbcf324806e99d7/html5/thumbnails/32.jpg)
32
September, 2002
![Page 33: The Ethical Hackeraccessola2.com/images/olita/PaulStillwell.pdf · 2017-09-15 · 10 Network Solutions Technical Contact: Wilf, Gonen (GWA129) gonenw@CHECKPOINT.COM Check Point Software](https://reader035.vdocuments.us/reader035/viewer/2022080720/5f7a14c28dbcf324806e99d7/html5/thumbnails/33.jpg)
33
Sunday, April 9th
![Page 34: The Ethical Hackeraccessola2.com/images/olita/PaulStillwell.pdf · 2017-09-15 · 10 Network Solutions Technical Contact: Wilf, Gonen (GWA129) gonenw@CHECKPOINT.COM Check Point Software](https://reader035.vdocuments.us/reader035/viewer/2022080720/5f7a14c28dbcf324806e99d7/html5/thumbnails/34.jpg)
34
Sunday, April 9th
![Page 35: The Ethical Hackeraccessola2.com/images/olita/PaulStillwell.pdf · 2017-09-15 · 10 Network Solutions Technical Contact: Wilf, Gonen (GWA129) gonenw@CHECKPOINT.COM Check Point Software](https://reader035.vdocuments.us/reader035/viewer/2022080720/5f7a14c28dbcf324806e99d7/html5/thumbnails/35.jpg)
35
Monday, April 3rd
![Page 36: The Ethical Hackeraccessola2.com/images/olita/PaulStillwell.pdf · 2017-09-15 · 10 Network Solutions Technical Contact: Wilf, Gonen (GWA129) gonenw@CHECKPOINT.COM Check Point Software](https://reader035.vdocuments.us/reader035/viewer/2022080720/5f7a14c28dbcf324806e99d7/html5/thumbnails/36.jpg)
36
Monday, April 3rd
![Page 37: The Ethical Hackeraccessola2.com/images/olita/PaulStillwell.pdf · 2017-09-15 · 10 Network Solutions Technical Contact: Wilf, Gonen (GWA129) gonenw@CHECKPOINT.COM Check Point Software](https://reader035.vdocuments.us/reader035/viewer/2022080720/5f7a14c28dbcf324806e99d7/html5/thumbnails/37.jpg)
37
Fallacies
● Hacking Is Hard– Code Kiddies or Script Kiddies
● It Won’ t Happen To Me● I Can’ t Do Anything About This
![Page 38: The Ethical Hackeraccessola2.com/images/olita/PaulStillwell.pdf · 2017-09-15 · 10 Network Solutions Technical Contact: Wilf, Gonen (GWA129) gonenw@CHECKPOINT.COM Check Point Software](https://reader035.vdocuments.us/reader035/viewer/2022080720/5f7a14c28dbcf324806e99d7/html5/thumbnails/38.jpg)
38
Polls Indicate Fear
Poll: Security Officers Fear CyberAttack
Date: Fri Aug 30 @ 15:41
Source: CNN.com
Nearly half of corporate security officers expect terrorists to launch a major strike through computer networks in the next 12 months, a poll released on Thursday showed. A total of 49 percent of 1,009 subscribers to CSO Magazine said they feared a major cyber attack in the coming year by a group like al Qaeda, blamed for the Sept. 11 attacks by four hijacked airplanes that killed more than 3,000 people in the United States.
The poll was carried out between July 19 and August 1 by Framingham, Massachusettsbased CSO, whose first edition will appear next month. To help protect cyberspace, U.S. President George W. Bush will roll out a blueprint next month calling on people from personal computer users to U.S. rocket scientists to do their share, including installing antivirus software, White House officials said on Wednesday. The goal is to prevent such things as "denialofservice" attacks in which hijacked computing power could be collected and used to attack electricity grids, telecommunications and other critical infrastructure.
![Page 39: The Ethical Hackeraccessola2.com/images/olita/PaulStillwell.pdf · 2017-09-15 · 10 Network Solutions Technical Contact: Wilf, Gonen (GWA129) gonenw@CHECKPOINT.COM Check Point Software](https://reader035.vdocuments.us/reader035/viewer/2022080720/5f7a14c28dbcf324806e99d7/html5/thumbnails/39.jpg)
39
Hackers Only Exist On The Internet
Do Firewalls and IDS Create a False Sense of Internal Security?Date: Fri Aug 30 @ 15:43Source: SC Magazine
In an effort to boost sales and generate revenue, one U.S. multinational energy company recently embraced the Internet to bolster external communication and internal collaboration. In addition to creating a corporate web site, the firm deployed hundreds of intranet applications for procurement, expense reporting and other processes. Numerous departments and branch offices worldwide also set up specialized web sites for partners, customers and even project management. Though the company has achieved its strategic goals for the web, by leveraging valuable communication and management tools that lower costs and streamline processes, it has, unwittingly, set itself up for malicious intrusion. The decentralized and ad hoc intranet application deployment has created a fragmented, multiplatform mosaic that raises important security questions (see boxout below).
Clearly for internal or external web applications, security is the biggest concern today. The dramatic number of attacks is expected by CERT to double again this year to almost 100,000. It is estimated by Gartner Group that as many as 70 to 80 percent of these attacks are coming in through ports 80 and 443, commonly used by web applications. Such attacks can be costly and detrimental to corporate credibility. Privileged customer, financial and operational information or valuable intellectual property can be damaged or stolen during the average hacker intrusion of 15 minutes or less. The average loss is more than $2 million among those willing to quantify losses, according to an FBI/CSI survey. Downtime alone can potentially cost tens of thousands of dollars per minute. "There is much more illegal and unauthorized activity going on in cyberspace than corporations admit to their clients, stockholders and business partners or report to law enforcement. Incidents are widespread, costly and commonplace," the survey concluded.
![Page 40: The Ethical Hackeraccessola2.com/images/olita/PaulStillwell.pdf · 2017-09-15 · 10 Network Solutions Technical Contact: Wilf, Gonen (GWA129) gonenw@CHECKPOINT.COM Check Point Software](https://reader035.vdocuments.us/reader035/viewer/2022080720/5f7a14c28dbcf324806e99d7/html5/thumbnails/40.jpg)
40
A Little Paranoia Goes A Long Way
● Now You Know There Is A Problem– “ And knowing is half the battle”
● Thirst for knowledge● Subscribe to the CERT Alerts mailing List
– http://www.cert.org● Subscribe to the ISS Xforce Alerts Mailing List– http://www.iss.net/security_center/maillists/
● The more you learn the better prepared your organization will be
![Page 41: The Ethical Hackeraccessola2.com/images/olita/PaulStillwell.pdf · 2017-09-15 · 10 Network Solutions Technical Contact: Wilf, Gonen (GWA129) gonenw@CHECKPOINT.COM Check Point Software](https://reader035.vdocuments.us/reader035/viewer/2022080720/5f7a14c28dbcf324806e99d7/html5/thumbnails/41.jpg)
41
Let’ s Do Something!
● What You Need– Support– Knowledge– Teamwork
![Page 42: The Ethical Hackeraccessola2.com/images/olita/PaulStillwell.pdf · 2017-09-15 · 10 Network Solutions Technical Contact: Wilf, Gonen (GWA129) gonenw@CHECKPOINT.COM Check Point Software](https://reader035.vdocuments.us/reader035/viewer/2022080720/5f7a14c28dbcf324806e99d7/html5/thumbnails/42.jpg)
42
Where Do I Start?
● Network Security Components
![Page 43: The Ethical Hackeraccessola2.com/images/olita/PaulStillwell.pdf · 2017-09-15 · 10 Network Solutions Technical Contact: Wilf, Gonen (GWA129) gonenw@CHECKPOINT.COM Check Point Software](https://reader035.vdocuments.us/reader035/viewer/2022080720/5f7a14c28dbcf324806e99d7/html5/thumbnails/43.jpg)
43
Network Security Components
● Security Policy● Firewalls● Network Based IDS● Host Based IDS● Encryption ● Virtual Private Networks VPN● Authentication ● Vulnerability Assessment Tools● AntiVirus
![Page 44: The Ethical Hackeraccessola2.com/images/olita/PaulStillwell.pdf · 2017-09-15 · 10 Network Solutions Technical Contact: Wilf, Gonen (GWA129) gonenw@CHECKPOINT.COM Check Point Software](https://reader035.vdocuments.us/reader035/viewer/2022080720/5f7a14c28dbcf324806e99d7/html5/thumbnails/44.jpg)
44
Security Policy
● The Guiding Light For Security Professionals● Reference Document
![Page 45: The Ethical Hackeraccessola2.com/images/olita/PaulStillwell.pdf · 2017-09-15 · 10 Network Solutions Technical Contact: Wilf, Gonen (GWA129) gonenw@CHECKPOINT.COM Check Point Software](https://reader035.vdocuments.us/reader035/viewer/2022080720/5f7a14c28dbcf324806e99d7/html5/thumbnails/45.jpg)
45
Policy Do’ s And Don’ ts
● Do Make It Simple– A Policy is a shell that refers to other documents
● It is easier to get buyin from management on changes to a single smaller document than it is for a huge one!
● Management Signoff Required– Senior Executive and Board of Directors too
● Don’ t Overcomplicate– It can be a long process
![Page 46: The Ethical Hackeraccessola2.com/images/olita/PaulStillwell.pdf · 2017-09-15 · 10 Network Solutions Technical Contact: Wilf, Gonen (GWA129) gonenw@CHECKPOINT.COM Check Point Software](https://reader035.vdocuments.us/reader035/viewer/2022080720/5f7a14c28dbcf324806e99d7/html5/thumbnails/46.jpg)
46
What’ s In A Policy?
● Data Classification Guidelines● Authentication Guidelines● Network Security Guidelines● Server Security Guidelines
– Internet– Intranet– Etc.
● Portable Computer (Laptop) Security Guidelines
![Page 47: The Ethical Hackeraccessola2.com/images/olita/PaulStillwell.pdf · 2017-09-15 · 10 Network Solutions Technical Contact: Wilf, Gonen (GWA129) gonenw@CHECKPOINT.COM Check Point Software](https://reader035.vdocuments.us/reader035/viewer/2022080720/5f7a14c28dbcf324806e99d7/html5/thumbnails/47.jpg)
47
What’ s In A Policy
● Disaster Recovery Guidelines● Security Incident Response Guidelines● AntiVirus Guidelines● The List Goes On…
![Page 48: The Ethical Hackeraccessola2.com/images/olita/PaulStillwell.pdf · 2017-09-15 · 10 Network Solutions Technical Contact: Wilf, Gonen (GWA129) gonenw@CHECKPOINT.COM Check Point Software](https://reader035.vdocuments.us/reader035/viewer/2022080720/5f7a14c28dbcf324806e99d7/html5/thumbnails/48.jpg)
48
Firewalls
● A Firewall is a traffic cop● A Crude Device that implements brute force
access control on an IP network● For a firewall to be effective all network traffic
in and out of the protected network must flow through it– No back doors allowed!
![Page 49: The Ethical Hackeraccessola2.com/images/olita/PaulStillwell.pdf · 2017-09-15 · 10 Network Solutions Technical Contact: Wilf, Gonen (GWA129) gonenw@CHECKPOINT.COM Check Point Software](https://reader035.vdocuments.us/reader035/viewer/2022080720/5f7a14c28dbcf324806e99d7/html5/thumbnails/49.jpg)
49
Firewalls
● There are 3 types of firewalls● Packet Filter● Stateful Packet Filter● Proxy or Application Gateway
![Page 50: The Ethical Hackeraccessola2.com/images/olita/PaulStillwell.pdf · 2017-09-15 · 10 Network Solutions Technical Contact: Wilf, Gonen (GWA129) gonenw@CHECKPOINT.COM Check Point Software](https://reader035.vdocuments.us/reader035/viewer/2022080720/5f7a14c28dbcf324806e99d7/html5/thumbnails/50.jpg)
50
Firewalls
● Placement is all important– At The Perimeter
● Protection for Web Servers, BusinesstoBusiness Applications etc.
– Internal● Protection for sensitive internal departments
– Finance, R&D, Security, Human Resources
![Page 51: The Ethical Hackeraccessola2.com/images/olita/PaulStillwell.pdf · 2017-09-15 · 10 Network Solutions Technical Contact: Wilf, Gonen (GWA129) gonenw@CHECKPOINT.COM Check Point Software](https://reader035.vdocuments.us/reader035/viewer/2022080720/5f7a14c28dbcf324806e99d7/html5/thumbnails/51.jpg)
51
Intrusion Detection
● Network Based IDS● Host Based IDS● Similar to Antivirus Software
![Page 52: The Ethical Hackeraccessola2.com/images/olita/PaulStillwell.pdf · 2017-09-15 · 10 Network Solutions Technical Contact: Wilf, Gonen (GWA129) gonenw@CHECKPOINT.COM Check Point Software](https://reader035.vdocuments.us/reader035/viewer/2022080720/5f7a14c28dbcf324806e99d7/html5/thumbnails/52.jpg)
52
Intrusion Detection
● Network Based IDS– Uses Network IDS Sensors (network sniffers)– Analyzes every packet it sees– Matches sniffed packets against known attack signature lists– Sends detects to a central console
● Brands– Cisco, ISS, NFR, Dragon, Snort
![Page 53: The Ethical Hackeraccessola2.com/images/olita/PaulStillwell.pdf · 2017-09-15 · 10 Network Solutions Technical Contact: Wilf, Gonen (GWA129) gonenw@CHECKPOINT.COM Check Point Software](https://reader035.vdocuments.us/reader035/viewer/2022080720/5f7a14c28dbcf324806e99d7/html5/thumbnails/53.jpg)
53
Intrusion Detection
● Host Based IDS– Watches system logs– Watches key system files– Matches system activity to known attack patterns– Sends detects to central console
● Brands– Cisco, ISS, Tripwire, Symantec ITA, Swatch
![Page 54: The Ethical Hackeraccessola2.com/images/olita/PaulStillwell.pdf · 2017-09-15 · 10 Network Solutions Technical Contact: Wilf, Gonen (GWA129) gonenw@CHECKPOINT.COM Check Point Software](https://reader035.vdocuments.us/reader035/viewer/2022080720/5f7a14c28dbcf324806e99d7/html5/thumbnails/54.jpg)
54
Intrusion Detection
● All this stuff is supposed to happen in REAL TIME!
Event
Time
Detect
Analyze RespondProblem Fixed
![Page 55: The Ethical Hackeraccessola2.com/images/olita/PaulStillwell.pdf · 2017-09-15 · 10 Network Solutions Technical Contact: Wilf, Gonen (GWA129) gonenw@CHECKPOINT.COM Check Point Software](https://reader035.vdocuments.us/reader035/viewer/2022080720/5f7a14c28dbcf324806e99d7/html5/thumbnails/55.jpg)
55
Intrusion Prevention
● Network Based IPS– Similar to Intrusion Detection
● Matches packets against known patterns
– Device placed inline on the wire– Can create a point of failure– Doesn't just detect, but blocks and drops too!– Sends alerts to central console
● Vendors– NAI, Tipping Point
![Page 56: The Ethical Hackeraccessola2.com/images/olita/PaulStillwell.pdf · 2017-09-15 · 10 Network Solutions Technical Contact: Wilf, Gonen (GWA129) gonenw@CHECKPOINT.COM Check Point Software](https://reader035.vdocuments.us/reader035/viewer/2022080720/5f7a14c28dbcf324806e99d7/html5/thumbnails/56.jpg)
56
Intrusion Prevention
● Host Based IPS– Similar to Intrusion Detection
● Matches activities against known patterns
– Places a shim between the O/S and the kernel● Any attempt at a buffer overflow can be blocked!
– Doesn't just detect, but blocks too!– Sends alerts to central console
● Vendors– NAI, Cisco
![Page 57: The Ethical Hackeraccessola2.com/images/olita/PaulStillwell.pdf · 2017-09-15 · 10 Network Solutions Technical Contact: Wilf, Gonen (GWA129) gonenw@CHECKPOINT.COM Check Point Software](https://reader035.vdocuments.us/reader035/viewer/2022080720/5f7a14c28dbcf324806e99d7/html5/thumbnails/57.jpg)
57
Encryption
● Caesar Cipher● Substitution Ciphers● Symmetric Key Cryptography● Asymmetric Key Cryptography● PGP
![Page 58: The Ethical Hackeraccessola2.com/images/olita/PaulStillwell.pdf · 2017-09-15 · 10 Network Solutions Technical Contact: Wilf, Gonen (GWA129) gonenw@CHECKPOINT.COM Check Point Software](https://reader035.vdocuments.us/reader035/viewer/2022080720/5f7a14c28dbcf324806e99d7/html5/thumbnails/58.jpg)
58
Virtual Private Networks
● Secure network communication over insecure networks– Not necessarily the Internet
● Devices use cryptography to “ scramble” the data
● Only devices/persons possessing the correct “ keys” can read the data
![Page 59: The Ethical Hackeraccessola2.com/images/olita/PaulStillwell.pdf · 2017-09-15 · 10 Network Solutions Technical Contact: Wilf, Gonen (GWA129) gonenw@CHECKPOINT.COM Check Point Software](https://reader035.vdocuments.us/reader035/viewer/2022080720/5f7a14c28dbcf324806e99d7/html5/thumbnails/59.jpg)
59
Virtual Private Networks
● What constitutes a VPN?● TLS/SSL?● SSH (SecureShell)?● IPSec
![Page 60: The Ethical Hackeraccessola2.com/images/olita/PaulStillwell.pdf · 2017-09-15 · 10 Network Solutions Technical Contact: Wilf, Gonen (GWA129) gonenw@CHECKPOINT.COM Check Point Software](https://reader035.vdocuments.us/reader035/viewer/2022080720/5f7a14c28dbcf324806e99d7/html5/thumbnails/60.jpg)
60
Authentication● Protection against unauthorized access to data and/or
network resources● Logon ID + Password
– Telnet vs. SSH● X.509 certificates● Kerberos● SKey● SecureID● Secure Shell● PGP
![Page 61: The Ethical Hackeraccessola2.com/images/olita/PaulStillwell.pdf · 2017-09-15 · 10 Network Solutions Technical Contact: Wilf, Gonen (GWA129) gonenw@CHECKPOINT.COM Check Point Software](https://reader035.vdocuments.us/reader035/viewer/2022080720/5f7a14c28dbcf324806e99d7/html5/thumbnails/61.jpg)
61
Vulnerability Assessment Tools
● The automated hacker● Check for 2000+ vulnerabilities● Network and host based tools are available● Network tools
– Eeye Retina, Nessus, nmap, ISS● Host Tools
– Symantec ESM (Enterprise Security Manager)– CIS (Center for Internet Security)
![Page 62: The Ethical Hackeraccessola2.com/images/olita/PaulStillwell.pdf · 2017-09-15 · 10 Network Solutions Technical Contact: Wilf, Gonen (GWA129) gonenw@CHECKPOINT.COM Check Point Software](https://reader035.vdocuments.us/reader035/viewer/2022080720/5f7a14c28dbcf324806e99d7/html5/thumbnails/62.jpg)
62
AntiVirus / AntiMalware
● Watches for patterns and activities● Signature based pattern matching● Heuristics
![Page 63: The Ethical Hackeraccessola2.com/images/olita/PaulStillwell.pdf · 2017-09-15 · 10 Network Solutions Technical Contact: Wilf, Gonen (GWA129) gonenw@CHECKPOINT.COM Check Point Software](https://reader035.vdocuments.us/reader035/viewer/2022080720/5f7a14c28dbcf324806e99d7/html5/thumbnails/63.jpg)
63
Malware Propagation Strategies
Malware Type Characteristic Analagy ExamplesDirect Installation
Virus
Worm
Malicious Mobile Code
Malware installed by hand or by script
Barbarians walk into the village
Rootkit installation scripts
Self-replicating code that infects a host file
Barbarians infect normal villagers
Thousands of examples
Self-replicating code that spreads across a network
Barbarians parachute into the village
Thousands of examples
Lightweight program spread via web browser or e-mail
Barbarians teleport into the village
Brown Orifice and various exploits that open a remote command shell
![Page 64: The Ethical Hackeraccessola2.com/images/olita/PaulStillwell.pdf · 2017-09-15 · 10 Network Solutions Technical Contact: Wilf, Gonen (GWA129) gonenw@CHECKPOINT.COM Check Point Software](https://reader035.vdocuments.us/reader035/viewer/2022080720/5f7a14c28dbcf324806e99d7/html5/thumbnails/64.jpg)
64
Bringing It All Together
● No single component will do● Take a Layered Approach● Monitor everything
– But… how?
![Page 65: The Ethical Hackeraccessola2.com/images/olita/PaulStillwell.pdf · 2017-09-15 · 10 Network Solutions Technical Contact: Wilf, Gonen (GWA129) gonenw@CHECKPOINT.COM Check Point Software](https://reader035.vdocuments.us/reader035/viewer/2022080720/5f7a14c28dbcf324806e99d7/html5/thumbnails/65.jpg)
65
Event Consolidation Tools
● New breed of security tool● Brings all security events together in one place
for consolidated monitoring and reporting● Tools
– Network Intelligence Engine, netForensics, eSecurity
![Page 66: The Ethical Hackeraccessola2.com/images/olita/PaulStillwell.pdf · 2017-09-15 · 10 Network Solutions Technical Contact: Wilf, Gonen (GWA129) gonenw@CHECKPOINT.COM Check Point Software](https://reader035.vdocuments.us/reader035/viewer/2022080720/5f7a14c28dbcf324806e99d7/html5/thumbnails/66.jpg)
66
What are you protecting?
● Before you can protect it, you must have some idea of what it is and, more importantly, what it is worth to your company.
![Page 67: The Ethical Hackeraccessola2.com/images/olita/PaulStillwell.pdf · 2017-09-15 · 10 Network Solutions Technical Contact: Wilf, Gonen (GWA129) gonenw@CHECKPOINT.COM Check Point Software](https://reader035.vdocuments.us/reader035/viewer/2022080720/5f7a14c28dbcf324806e99d7/html5/thumbnails/67.jpg)
67
What are you protecting?
● Data Classification– Public Data
● Email addresses● Public info websites● Phone numbers● Email
![Page 68: The Ethical Hackeraccessola2.com/images/olita/PaulStillwell.pdf · 2017-09-15 · 10 Network Solutions Technical Contact: Wilf, Gonen (GWA129) gonenw@CHECKPOINT.COM Check Point Software](https://reader035.vdocuments.us/reader035/viewer/2022080720/5f7a14c28dbcf324806e99d7/html5/thumbnails/68.jpg)
68
What are you protecting?
● Data Classification– Sensitive Data
● Not necessarily damaging (on it’ s own)● Not public● Internal phone numbers● Internal organization charts● Internal DNS entries● Web Server software● Public Web Applications
![Page 69: The Ethical Hackeraccessola2.com/images/olita/PaulStillwell.pdf · 2017-09-15 · 10 Network Solutions Technical Contact: Wilf, Gonen (GWA129) gonenw@CHECKPOINT.COM Check Point Software](https://reader035.vdocuments.us/reader035/viewer/2022080720/5f7a14c28dbcf324806e99d7/html5/thumbnails/69.jpg)
69
What are you protecting?
● Data Classification– Private Data
● Could cause financial damage if made public● Internal security issues● Hiring of employees from competition● Private Web Applications
![Page 70: The Ethical Hackeraccessola2.com/images/olita/PaulStillwell.pdf · 2017-09-15 · 10 Network Solutions Technical Contact: Wilf, Gonen (GWA129) gonenw@CHECKPOINT.COM Check Point Software](https://reader035.vdocuments.us/reader035/viewer/2022080720/5f7a14c28dbcf324806e99d7/html5/thumbnails/70.jpg)
70
What are you protecting?
● Data Classification– Secret Data
● Could ruin the company if made public– Source code– “ The Coke Formula”
● Human Resources Data● Customer Credit Card Data● Financial Data
![Page 71: The Ethical Hackeraccessola2.com/images/olita/PaulStillwell.pdf · 2017-09-15 · 10 Network Solutions Technical Contact: Wilf, Gonen (GWA129) gonenw@CHECKPOINT.COM Check Point Software](https://reader035.vdocuments.us/reader035/viewer/2022080720/5f7a14c28dbcf324806e99d7/html5/thumbnails/71.jpg)
71
Zones of Trust
● Zones correspond to classification of data
![Page 72: The Ethical Hackeraccessola2.com/images/olita/PaulStillwell.pdf · 2017-09-15 · 10 Network Solutions Technical Contact: Wilf, Gonen (GWA129) gonenw@CHECKPOINT.COM Check Point Software](https://reader035.vdocuments.us/reader035/viewer/2022080720/5f7a14c28dbcf324806e99d7/html5/thumbnails/72.jpg)
72
Zones of Trust
PublicSensitive
Private
Secret
![Page 73: The Ethical Hackeraccessola2.com/images/olita/PaulStillwell.pdf · 2017-09-15 · 10 Network Solutions Technical Contact: Wilf, Gonen (GWA129) gonenw@CHECKPOINT.COM Check Point Software](https://reader035.vdocuments.us/reader035/viewer/2022080720/5f7a14c28dbcf324806e99d7/html5/thumbnails/73.jpg)
73
Zones of Trust
● Back to the real world● Data exists on our networks in pockets● Security concerns are relatively new for
commercial & public sector entities● Security is often “ bolted on” as an afterthought.
![Page 74: The Ethical Hackeraccessola2.com/images/olita/PaulStillwell.pdf · 2017-09-15 · 10 Network Solutions Technical Contact: Wilf, Gonen (GWA129) gonenw@CHECKPOINT.COM Check Point Software](https://reader035.vdocuments.us/reader035/viewer/2022080720/5f7a14c28dbcf324806e99d7/html5/thumbnails/74.jpg)
74
Zones of Trust
● Compartmentalization– Place appropriate protection around appropriate
pockets of the network (data classification)– HR applications– Development labs– Executive LAN– Security Dept LAN
![Page 75: The Ethical Hackeraccessola2.com/images/olita/PaulStillwell.pdf · 2017-09-15 · 10 Network Solutions Technical Contact: Wilf, Gonen (GWA129) gonenw@CHECKPOINT.COM Check Point Software](https://reader035.vdocuments.us/reader035/viewer/2022080720/5f7a14c28dbcf324806e99d7/html5/thumbnails/75.jpg)
75
Zones of Trust
Web Site
Human Resources
Executive LAN
Development Lab
Sales
![Page 76: The Ethical Hackeraccessola2.com/images/olita/PaulStillwell.pdf · 2017-09-15 · 10 Network Solutions Technical Contact: Wilf, Gonen (GWA129) gonenw@CHECKPOINT.COM Check Point Software](https://reader035.vdocuments.us/reader035/viewer/2022080720/5f7a14c28dbcf324806e99d7/html5/thumbnails/76.jpg)
76
The Last Word
● Security Definition of a Web Server– Anonymous, unauthenticated access to your
computing resources!