Scribd Logo
Upload

Welcome to Scribd!

  • #10internet Security Technologies

    Uploaded by

    andy
    31 views19 pages
    The document outlines the agenda for a security academy course on internet security technologies. The agenda covers topics like attack strategies and mitigation, firewalls, vulnerability scanning, intrusion detection, and risk management. One section summarizes the famous hacker attack by Kevin Mitnick against Tsutomu Shimomura, where Mitnick was able to compromise Shimomura's systems by exploiting the trust relationship between them.

    Original Description:

    Original Title

    #10Internet Security Technologies.pptx

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document outlines the agenda for a security academy course on internet security technologies. The agenda covers topics like attack strategies and mitigation, firewalls, vulnerability scanning, intrusion detection, and risk management. One section summarizes the famous hacker attack by Kevin Mitnick against Tsutomu Shimomura, where Mitnick was able to compromise Shimomura's systems by exploiting the trust relationship between them.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    31 views19 pages

    #10internet Security Technologies

    Uploaded by

    andy
    The document outlines the agenda for a security academy course on internet security technologies. The agenda covers topics like attack strategies and mitigation, firewalls, vulnerability scanning, intrusion detection, and risk management. One section summarizes the famous hacker attack by Kevin Mitnick against Tsutomu Shimomura, where Mitnick was able to compromise Shimomura's systems by exploiting the trust relationship between them.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 19

    FORESEC Academy

    FORESEC Academy Security Essentials (III)

    INTERNET SECURITY
    TECHNOLOGIES
    FORESEC Academy

    Internet Security Technologies


    Agenda
    Chapter 13: Attack Strategies and
    Mitigation
    Chapter 14: Firewalls and Honeypots
    Chapter 15: Vulnerability Scanning
    Chapter 16: Host-Based Intrusion
    Detection
    Chapter 17: Network-Based Intrusion
    Detection
    Chapter 18: Risk Management and
    Auditing
    FORESEC Academy

    Attack Strategies and Mitigation


    Chapter Outline
    Mitnick-Shimomura Attack Analysis
    Preventive Techniques
    Methods of Attack
    Chapter Summary
    FORESEC Academy

    K. Mitnick vs. T. Shimomura

    Confidentiality, integrity and availability


    attack
    Reconnaissance probing to determine
    trust relationship (r utilities)
    IP spoofing to act as one side of trust
    relationship
    Lack of site or system perimeter
    defenses to retard or defeat attack
    FORESEC Academy

    Two Systems,
    Trust Relationship

    Unix, Apple Computers, and Windows all


    have built-in trust relationship capabilities.
    If one party in a two- way trust relationship
    is compromised or spoofed, the other party
    is in great danger.
    FORESEC Academy

    Enter the BadGuy(TM)

    Reconnaissance is
    often the first
    phase of an attack
    FORESEC Academy

    Silence B With DoS

    Attacker is going to
    Pretend he is B, so B
    Must be silenced so it
    Cannot signal an alarm SYN Flood Attack to
    B renders B unable
    To reply to A
    FORESEC Academy

    Attacker Probes for a


    Weakness in A.s TCP Stack

    Each time A is
    stimulated, the
    SYN/ACK response
    is predictable.
    FORESEC Academy

    Attacker Pretends to be B

    The attacker,
    pretending to be B,
    uses the predictable
    response to open a
    connection.
    FORESEC Academy

    Make A Defenseless

    Attacker sends
    expected
    ACK with fake SRC
    IP ADDRESS to
    establish a
    connection.
    FORESEC Academy

    Finish the Job


    B sends rshell packet echo ++>/.rhosts to open A to attack

    Attacker uses Attacker


    # rlogin I root
    to takeover A
    FORESEC Academy

    What Common
    Techniques Could Have
    Prevented The Attack?
    FORESEC Academy

    What Risk Management


    Techniques Could Have Detected
    The Attack?
    FORESEC Academy

    Patching Systems

    Although not relevant to Mitnicks


    attack, per se, still very important.
    Timely patching can often prevent the
    majority of attack vectors from being
    successfully executed.
    Patches are often available before or
    very soon after exploits are announced.
    FORESEC Academy

    Disabling Unused Services


    FORESEC Academy

    Host-based Intrusion
    Detection
    FORESEC Academy

    Network-based Intrusion
    Detection
    FORESEC Academy

    Network Vulnerability Scanner

    Scanner Warning:
    A trust B
    A has potential rshell vulnerability
    FORESEC Academy

    Firewalls

    Many attack attempts fail to penetrate well configured


    firewalls, especially if they have a
    deny everything not specifically allowed policy.

    You might also like