Abstract image of a woman sitting on books and studying on a laptop

The Other Side Of The Fence. Dealing With Hackers And Malware

Prasanna V, profile picture
Prasanna V

The document discusses experiences and challenges faced by network administrators dealing with malware and security breaches. It highlights incidents involving the Conficker worm and a rogue DHCP server, emphasizing that effective security requires layered defenses and strong monitoring practices. The author concludes that internal users can pose significant security risks and that information security is reliant on people, processes, and technology.

Technology
Related topics:
IT Security
1 of 25
Downloaded 10 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
The Other Side of the Fence. Dealing with Malware *Hackers Prasanna V http://vprasanna.com
We generally hear about hackers We generally hear about hackers & malware, the damage they create, & malware, the damage they create, the money & data they steal. the money & data they steal. How's it to be on The Other Side? How's it to be on The Other Side?
Episode 1: The Conficker Strikes
Somewhere during November 2008, an enterprise having thousands of systems spread across the world
Holiday season, most of team were on leave
Complaints of network congestion, Domain controller was slow We saw unprecedented network traffic, within LAN & Outbound to unusual IP addresses! Rapid replication of suspicious system behavior across the globe
Antivirus on the systems were generally up-to-date with definitions
Our Network IDS was detecting traffic destined to random global IP addresses on destination ports 445 Turns out that the infected machines were missing patches, most importantly MS08-67 Apparently, these systems were also missing OS hardening that was put in place
We had Failed!
Effective logging and monitoring are like torchlight
Layered defense mechanism and the role of Security Information & Event Management (SIEM)
Security information from hosts & network logs helped identify the infected machines Pivot! Being good in spreadsheet helps the admins  Patch the systems or disable network access
Foolproof security ? Anti-Virus and Firewall are not the ultimate solutions to today’s sophisticated threats.
There is Reasonable Security ……And it is achieved in layers 14
Episode 2 - DHCP Server Goes Rogue An admin’s worst nightmare
Catastrophe Strikes!
1. Logged to gateway / router. Internet is fine. 2. Logged into UTM, sessions have doubled. 3. No malwares reported in the AV manager!
Wireshark is an Admin’s best friend!
“Documentation is your life savior” Was able to identify the offending machine based on a list I had generated earlier
Turns out that a user had set up a server and did not know to disable DHCP functionality!
People are the weakest link Learning's: • Internal users can cause as much trouble as hackers and malware
Information Security is about People, Process & Technology 22 Prx
The Other Side Of The Fence. Dealing With Hackers And Malware
Disclaimer All opinions mentioned here are my personal and not necessarily of my employer, current or previous.
Thank You Prasanna V Cofounder @PacketVerify http://vprasanna.com @terminalfix

More Related Content

PDF
Computer Security and Risks
Miguel Rebollo
 
PPTX
Security concepts
artisriva
 
PPT
Computer security and_privacy_2010-2011
lbcollins18
 
PPTX
Threats to a computer
FCA - Future Chartered Accountants
 
PPTX
Computer security risks
Aasim Mushtaq
 
PPTX
Viruses, worms, and trojan horses
EILLEN IVY PORTUGUEZ
 
PPTX
Network Security
EILLEN IVY PORTUGUEZ
 
PPTX
Computer security basics
Srinu Potnuru
 
Computer Security and Risks
Miguel Rebollo
 
Security concepts
artisriva
 
Computer security and_privacy_2010-2011
lbcollins18
 
Threats to a computer
FCA - Future Chartered Accountants
 
Computer security risks
Aasim Mushtaq
 
Viruses, worms, and trojan horses
EILLEN IVY PORTUGUEZ
 
Network Security
EILLEN IVY PORTUGUEZ
 
Computer security basics
Srinu Potnuru
 

What's hot (20)

PDF
Free Libre Open Source Software Development
Frederik Questier
 
PPTX
Computer Security risks Shelly
Adeel Khurram
 
PPTX
4.2.1 computer security risks
hazirma
 
PPTX
Information Technology - System Threats
Drishti Bhalla
 
PPTX
Computer security threats & prevention
PriSim
 
PPTX
Intrusion detection
CAS
 
PDF
Ch 3: Network and Computer Attacks
Sam Bowne
 
PPT
Ch08 Microsoft Operating System Vulnerabilities
phanleson
 
PPTX
Network security and System Admin
MD SAHABUDDIN
 
PPT
Complete notes security
Kitkat Emoo
 
PPTX
Basic concepts in computer security
Arzath Areeff
 
PPT
3.2.1 computer security risks
hazirma
 
PPTX
Types of Attack in Information and Network Security
padmeshagrekar
 
PPTX
Computer security and
Rana Usman Sattar
 
PPT
Network Security Tools and applications
webhostingguy
 
PPTX
Computer Security
William Mann
 
PPTX
Basic practices for information & computer security
PrajktaGN
 
PPT
Threats and Security Tips of Computer System
Faruk_Hossen
 
PPT
Windows network security
Information Technology
 
PPTX
Computer security ethics_and_privacy
Ardit Meti
 
Free Libre Open Source Software Development
Frederik Questier
 
Computer Security risks Shelly
Adeel Khurram
 
4.2.1 computer security risks
hazirma
 
Information Technology - System Threats
Drishti Bhalla
 
Computer security threats & prevention
PriSim
 
Intrusion detection
CAS
 
Ch 3: Network and Computer Attacks
Sam Bowne
 
Ch08 Microsoft Operating System Vulnerabilities
phanleson
 
Network security and System Admin
MD SAHABUDDIN
 
Complete notes security
Kitkat Emoo
 
Basic concepts in computer security
Arzath Areeff
 
3.2.1 computer security risks
hazirma
 
Types of Attack in Information and Network Security
padmeshagrekar
 
Computer security and
Rana Usman Sattar
 
Network Security Tools and applications
webhostingguy
 
Computer Security
William Mann
 
Basic practices for information & computer security
PrajktaGN
 
Threats and Security Tips of Computer System
Faruk_Hossen
 
Windows network security
Information Technology
 
Computer security ethics_and_privacy
Ardit Meti
 

Viewers also liked (6)

PPTX
how to improve Chateau Martinat as a Ebusiness model ?
IEMI - CMH PARIS
 
PDF
Prune mateo consulting project_report
IEMI - CMH PARIS
 
PPTX
workshop crowdsourcing
IEMI - CMH PARIS
 
PPTX
Tripwolf vs boo
IEMI - CMH PARIS
 
PPTX
Policy and political engagement: Entanglement? Responsibility? Opportunity?
nabo_ghea
 
PDF
Interim results Q4 2009
EDB
 
how to improve Chateau Martinat as a Ebusiness model ?
IEMI - CMH PARIS
 
Prune mateo consulting project_report
IEMI - CMH PARIS
 
workshop crowdsourcing
IEMI - CMH PARIS
 
Tripwolf vs boo
IEMI - CMH PARIS
 
Policy and political engagement: Entanglement? Responsibility? Opportunity?
nabo_ghea
 
Interim results Q4 2009
EDB
 

Similar to The Other Side Of The Fence. Dealing With Hackers And Malware (20)

PPTX
Computing safety
Brulius
 
PDF
Research and discuss an incident where it was discovered that a Remo.pdf
fathimafancy
 
PPTX
Crack the Code
InnoTech
 
PPTX
Ransomeware and malware power point presentation
Parrie Vittiadarane
 
PDF
The Media Access Control Address
Angie Lee
 
PPT
NetWitness
TechBiz Forense Digital
 
PPTX
Lecture about network and host security to NII students
Akiumi Hasegawa
 
PDF
Introduction of hacking and cracking
Harshil Barot
 
PPTX
Network Security.pptx
EdwinGervacio2
 
PPT
CyberSecurity presentation for basic knowledge about this topic
piyushkamble6
 
PPTX
Parag presentation on ethical hacking
parag101
 
PDF
Final presentation of IT security project
Armandas Rokas
 
PPTX
Malware, Hacker Techniques, and Wireshark.pptx
fovoni
 
PPS
Workshop on BackTrack live CD
amiable_indian
 
PPT
Kunal - Introduction to backtrack - ClubHack2008
ClubHack
 
PPT
Kunal - Introduction to BackTrack - ClubHack2008
ClubHack
 
PPTX
PoS Malware and Other Threats to the Retail Industry
Invincea, Inc.
 
PDF
Supply Chain Attack Backdooring Your Networks
Bangladesh Network Operators Group
 
PPTX
Ethical hacking
Institute of Information Security (IIS)
 
PPTX
Basics of System Security and Tools
Karan Bhandari
 
Computing safety
Brulius
 
Research and discuss an incident where it was discovered that a Remo.pdf
fathimafancy
 
Crack the Code
InnoTech
 
Ransomeware and malware power point presentation
Parrie Vittiadarane
 
The Media Access Control Address
Angie Lee
 
NetWitness
TechBiz Forense Digital
 
Lecture about network and host security to NII students
Akiumi Hasegawa
 
Introduction of hacking and cracking
Harshil Barot
 
Network Security.pptx
EdwinGervacio2
 
CyberSecurity presentation for basic knowledge about this topic
piyushkamble6
 
Parag presentation on ethical hacking
parag101
 
Final presentation of IT security project
Armandas Rokas
 
Malware, Hacker Techniques, and Wireshark.pptx
fovoni
 
Workshop on BackTrack live CD
amiable_indian
 
Kunal - Introduction to backtrack - ClubHack2008
ClubHack
 
Kunal - Introduction to BackTrack - ClubHack2008
ClubHack
 
PoS Malware and Other Threats to the Retail Industry
Invincea, Inc.
 
Supply Chain Attack Backdooring Your Networks
Bangladesh Network Operators Group
 
Ethical hacking
Institute of Information Security (IIS)
 
Basics of System Security and Tools
Karan Bhandari
 

Recently uploaded (20)

PDF
A proposed approach for plagiarism detection in Myanmar Unicode text
IAESIJAI
 
PDF
A review of recent deep learning applications in wood surface defect identifi...
IAESIJAI
 
PPTX
Benefits of Physical activity for teenagers.pptx
Nokwanda Thabethe
 
PDF
NewMind AI Weekly Chronicles – August ’25 Week III
NewMind AI
 
PPT
Module 1.ppt Iot fundamentals and Architecture
nanditha7766
 
PPTX
Modernising the Digital Integration Hub
Daniel Toomey
 
PPT
What is a Computer? Input Devices /output devices
GulJan8
 
PPTX
Microsoft Excel 365/2024 Beginner's training
frank yeboah
 
PDF
UiPath Agentic Automation session 1: RPA to Agents
suhanisingh58689
 
PDF
Abstractive summarization using multilingual text-to-text transfer transforme...
IAESIJAI
 
PDF
sustainability-14-14877-v2.pddhzftheheeeee
VenkateshGovindaraja9
 
PDF
Flame analysis and combustion estimation using large language and vision assi...
IAESIJAI
 
PDF
Credit Without Borders: AI and Financial Inclusion in Bangladesh
Ehsan Tanim
 
PDF
From MVP to Full-Scale Product A Startup’s Software Journey.pdf
KodekX
 
PDF
Taming the Chaos: How to Turn Unstructured Data into Decisions
Safe Software
 
PDF
How ambidextrous entrepreneurial leaders react to the artificial intelligence...
IAESIJAI
 
PDF
Two-dimensional Klein-Gordon and Sine-Gordon numerical solutions based on dee...
IAESIJAI
 
PDF
A contest of sentiment analysis: k-nearest neighbor versus neural network
IAESIJAI
 
PDF
Architecture types and enterprise applications.pdf
ChristopherTHyatt
 
PPTX
Final SEM Unit 1 for mit wpu at pune .pptx
anishtilekar08
 
A proposed approach for plagiarism detection in Myanmar Unicode text
IAESIJAI
 
A review of recent deep learning applications in wood surface defect identifi...
IAESIJAI
 
Benefits of Physical activity for teenagers.pptx
Nokwanda Thabethe
 
NewMind AI Weekly Chronicles – August ’25 Week III
NewMind AI
 
Module 1.ppt Iot fundamentals and Architecture
nanditha7766
 
Modernising the Digital Integration Hub
Daniel Toomey
 
What is a Computer? Input Devices /output devices
GulJan8
 
Microsoft Excel 365/2024 Beginner's training
frank yeboah
 
UiPath Agentic Automation session 1: RPA to Agents
suhanisingh58689
 
Abstractive summarization using multilingual text-to-text transfer transforme...
IAESIJAI
 
sustainability-14-14877-v2.pddhzftheheeeee
VenkateshGovindaraja9
 
Flame analysis and combustion estimation using large language and vision assi...
IAESIJAI
 
Credit Without Borders: AI and Financial Inclusion in Bangladesh
Ehsan Tanim
 
From MVP to Full-Scale Product A Startup’s Software Journey.pdf
KodekX
 
Taming the Chaos: How to Turn Unstructured Data into Decisions
Safe Software
 
How ambidextrous entrepreneurial leaders react to the artificial intelligence...
IAESIJAI
 
Two-dimensional Klein-Gordon and Sine-Gordon numerical solutions based on dee...
IAESIJAI
 
A contest of sentiment analysis: k-nearest neighbor versus neural network
IAESIJAI
 
Architecture types and enterprise applications.pdf
ChristopherTHyatt
 
Final SEM Unit 1 for mit wpu at pune .pptx
anishtilekar08
 

The Other Side Of The Fence. Dealing With Hackers And Malware

  • 1. The Other Side of the Fence. Dealing with Malware *Hackers Prasanna V http://vprasanna.com
  • 2. We generally hear about hackers We generally hear about hackers & malware, the damage they create, & malware, the damage they create, the money & data they steal. the money & data they steal. How's it to be on The Other Side? How's it to be on The Other Side?
  • 4. Somewhere during November 2008, an enterprise having thousands of systems spread across the world
  • 5. Holiday season, most of team were on leave
  • 6. Complaints of network congestion, Domain controller was slow We saw unprecedented network traffic, within LAN & Outbound to unusual IP addresses! Rapid replication of suspicious system behavior across the globe
  • 7. Antivirus on the systems were generally up-to-date with definitions
  • 8. Our Network IDS was detecting traffic destined to random global IP addresses on destination ports 445 Turns out that the infected machines were missing patches, most importantly MS08-67 Apparently, these systems were also missing OS hardening that was put in place
  • 10. Effective logging and monitoring are like torchlight
  • 11. Layered defense mechanism and the role of Security Information & Event Management (SIEM)
  • 12. Security information from hosts & network logs helped identify the infected machines Pivot! Being good in spreadsheet helps the admins  Patch the systems or disable network access
  • 13. Foolproof security ? Anti-Virus and Firewall are not the ultimate solutions to today’s sophisticated threats.
  • 14. There is Reasonable Security ……And it is achieved in layers 14
  • 15. Episode 2 - DHCP Server Goes Rogue An admin’s worst nightmare
  • 17. 1. Logged to gateway / router. Internet is fine. 2. Logged into UTM, sessions have doubled. 3. No malwares reported in the AV manager!
  • 18. Wireshark is an Admin’s best friend!
  • 19. “Documentation is your life savior” Was able to identify the offending machine based on a list I had generated earlier
  • 20. Turns out that a user had set up a server and did not know to disable DHCP functionality!
  • 21. People are the weakest link Learning's: • Internal users can cause as much trouble as hackers and malware
  • 22. Information Security is about People, Process & Technology 22 Prx
  • 24. Disclaimer All opinions mentioned here are my personal and not necessarily of my employer, current or previous.
  • 25. Thank You Prasanna V Cofounder @PacketVerify http://vprasanna.com @terminalfix

Editor's Notes

  • #2: www.packetverify.com www.packetverify.com
  • #4: www.packetverify.com www.packetverify.com
  • #6: www.packetverify.com www.packetverify.com
  • #7: www.packetverify.com www.packetverify.com
  • #8: www.packetverify.com www.packetverify.com
  • #9: www.packetverify.com www.packetverify.com
  • #10: www.packetverify.com www.packetverify.com
  • #12: www.packetverify.com www.packetverify.com
  • #13: www.packetverify.com www.packetverify.com
  • #15: www.packetverify.com www.packetverify.com
  • #16: www.packetverify.com www.packetverify.com
  • #17: www.packetverify.com www.packetverify.com
  • #18: www.packetverify.com www.packetverify.com
  • #20: www.packetverify.com www.packetverify.com
  • #21: www.packetverify.com
  • #23: www.packetverify.com www.packetverify.com
  • #25: www.packetverify.com www.packetverify.com