SlideShare a Scribd company logo

Final presentation of IT security project

Armandas Rokas, profile picture
Armandas Rokas

The document outlines a security test performed on the terminal server of the xpunlimited.lt company, detailing break-in attacks, network vulnerabilities, and recommended security controls. It describes specific exploitation methods, including a man-in-the-middle attack and denial of service tactics, while identifying potential threats from human negligence and outdated systems. Control recommendations emphasize the importance of system updates, proper security configurations, and anti-virus implementation to mitigate risks and protect sensitive data.

Related topics:
IT Security Risk Assessment
1 of 37
Downloaded 17 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
Security test and implementation of terminal computer Authors: Armandas Rokas Andrius Sinkevicius Edvinas Butenas December 7, 2011
Overview  Background story  Break­in attacks  Risk determination and security control recommendations  for break­in attacks  Network attacks  Risk determination and security control recommendations  for network attacks  Security solutions  Questions?
Background story  XpUnlimited.LT company  Software works on all previous Windows OS`s  Try the security of terminal server   Built fully protected ( included network security)
Network diagram
System characterization  Hardware:  Acer , i3, 4GB RAM gt320 1GB video  Software:  Windows 7 Ultimate SP1 32­bit/Windows Xp SP3  with XPUnlimited  Data:  Pictures, Sensitive Documents.
System characterization  System interfaces  S­ATA2, USB, 802.11b/g/n, HDMI, VGA, Ethernet.  Users  Administrator, Remote Users.  Services running  Printer, Web Server (IP Consult HTTP server),  Remotes Desktops, Internal Database For ERP.
Control analysis  Os Security Policies  Local Access Policies  System Backup  Firewall Policies
Break-in attacks
Exploit (Infection with key logger)  Exploited by executing file on victims machine  File with payload  Meterpreter command line  Key log:  On Windows 7 only affected user only affected  On Windows Xp all user all
Mail infection  External attack  Attack was made from BackTrack 5 to infect the  Terminal thin client server with Windows 7  operating system.  Exploit which let me break in to victim computer  when he got the infected message to his mail box.
Example
Some details  reverse_tcp payload.   local port 4444(it is vulnerable port) to create active  server which listening when victim click on  message.  After victim activate the payload included into  message I open meterpreter.
Human Threats Threat-Source Motivation Threat Action Computer Criminal Monetary Gain-my Computer Crime credit card info Fraudulent Act Hacker, Cracker Challenge, Ego Hacking, Social Engineering, System Intrusion, Unauthorized System Access. User Negligence Spill Fluids on System Idiocy Drop System
Vulnerability Identification Vulnerability Threat-Source Threat Action Outdated Software Hacker, Cracker, System File Loss, Computer Criminal. Unauthorized System Accesses. Misconfigured System Users, Computer System Files Loss, Criminal. Hacker, System Failure Cracker. Absence Of Security Hacker, Cracker, System Files Loss, Software Computer Criminal. System Failure.
Likelihood Determination Threat-Source Vulnerability Likelihood Hacker, Cracker, Outdated Software Medium Computer Criminal. Users, Computer Misconfigured System Medium Criminal. Hacker, Cracker, Absence Of Security High Computer Criminal. Software
Impact Analysis Threat-Source Loss of Loss of Loss of Integrity Availability Confidentialit y Hacker, None High High Cracker. Computer None High High Criminal. Users Low Low Low
Likelihood, Impact Analysis & Risk Vulnerability Threat - Likelihood Impact Risk Source Outdated Hacker, Medium Medium Medium Software Cracker, Computer Criminal. Misconfigured Users, High High High System Computer Criminal. Hacker, Cracker. Absence Of Hacker, High Medium Medium Security Cracker, Software Computer Criminal.
Control Recommendations Risk Risk Recommended Controls Activity Level Priority Outdated Software Medium Regularly Updating Software. Medium Misconfigured High Hire Qualified Specialists. High System Absence Of Security Medium Install legally IPS & IDS. Medium Software
Network attacks
ARP - Man in the middle attack  After I broke in through Metasploit exploit to  victim pc I try do more harm to him.  I use ARP protocol vulnerability, with which you  are invisible, but same time making damage to  victim.  With fake arpsoof regues and response package  sending I make MITM “Man In The Middle”  attack.  
 After that I get full information float from router and my selected other  computer.  In that information are included logins, emails other sensitive  information.  Victim become full infected, he needs get out of this situation and  prevent for another time.
Dos attack • Used tools:    Bactrack5 network penetration OS within    Ettercap ­  tool for man­in­the­midlle attack. • Goal:      Make the terminal server unavailable to its  intended users
DoS
TS before DoS attack
TS after DoS attack
Human Threats Threat-Source Motivation Threat Action Computer Criminal Monetary Gain-my Computer Crime credit card info Fraudulent Act Hacker, Cracker Challenge, Ego Hacking, Social Engineering, System Intrusion, Unauthorized System Access. Competitors Injure Company Economic Exploitation, Stability. Compromise System Penetration, Network work. Spoofing/Sniffing of Network. Run Of Company Data.
Vulnerability Identification Vulnerability Threat-Source Threat Action Absence Of System Hacker, Cracker System Failure, Security Competitors Connection Damage, Computer Criminal Information Conversion.
Likelihood Determination Threat-Source Vulnerability Likelihood Hacker, Cracker Absence Of System Medium Competitors Security Computer Criminal
Impact Analysis Threat-Source Loss of Loss of Loss of Integrity Availability Confidentialit y Hacker, None High High Cracker. Computer None High High Criminal. Competitors Medium High High
Likelihood, Impact Analysis & Risk Vulnerability Threat - Likelihood Impact Risk Source Absence Of Hacker, Medium High Medium System Cracker Security Competitors Computer Criminal
Control Recommendations Risk Risk Recommended Controls Activity Level Priority Absence Of System Medium Install legally IPS & IDS. High Security Implement encryption. Users Access Control.
Security solutions
Terminal server security configuration User groups: • Administrative Users group – privileges to  configure terminal server • Remote Desktop Users group – privileges only to  connect remote desktop without possibility to  configure it. • All users including administrator have credentials to  login the services, no password less connection  available.
Application control for users • The users can use only specified applications by the  system administrator.  •  Not active user sessions are terminated according  time limit. • Applications that can be started by other application  are not visible to user. • User attempt to open not assigned application are  restricted by  pop­out message that user have not  privilege to open it.
Anti-virus  Implement security antivirus, which gives you updated  database and protect from intruders.  Shut down any untruthful connection.  Scanning web pages, your downloads.  Made with reliable Firewall.  Security isn’t about blocking malicious actions, it’s about  keeping your data safe, so arrange the reliable  Encryption software.  Users to upload viruses for future updates.  #1 Bitdefender
Security against network attacks ● IPS&IDS ● Snort ● Firewall ● Ipcop  APF (Advanced Policy Firewall) from rfxnetworks ● Optional expensive solutions ● Cisco router ● Paid firewall
Questions?

More Related Content

PPT
Software Security (Vulnerabilities) And Physical Security
Nicholas Davis
 
PDF
Introduction of hacking and cracking
Harshil Barot
 
PDF
RSA Anatomy of an Attack
integritysolutions
 
PPTX
Dan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hacker
Dan Vasile
 
PDF
Analysis of RSA Lockheed Martin Attack
Gavin Davey
 
PPTX
Malicious software
CAS
 
PPT
computer security
Azhar Akhtar
 
PPT
NetWitness
TechBiz Forense Digital
 
Software Security (Vulnerabilities) And Physical Security
Nicholas Davis
 
Introduction of hacking and cracking
Harshil Barot
 
RSA Anatomy of an Attack
integritysolutions
 
Dan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hacker
Dan Vasile
 
Analysis of RSA Lockheed Martin Attack
Gavin Davey
 
Malicious software
CAS
 
computer security
Azhar Akhtar
 
NetWitness
TechBiz Forense Digital
 

What's hot (20)

PPT
Ch04 Network Vulnerabilities and Attacks
Information Technology
 
PPTX
Computer security ethics_and_privacy
Ardit Meti
 
PPTX
Virus and its CounterMeasures -- Pruthvi Monarch
Pruthvi Monarch
 
PPTX
Threats to a computer
FCA - Future Chartered Accountants
 
PPTX
Security Attack Analysis for Finding and Stopping Network Attacks
Savvius, Inc
 
PDF
The use of honeynet to detect exploited systems (basic version)
amar koppal
 
PPTX
Computer security risks
Aasim Mushtaq
 
PPTX
Intrusion detection
CAS
 
PPTX
Network security and viruses
Aamlan Saswat Mishra
 
PPTX
Security threats explained
Abhijeet Karve
 
PPTX
Intruders detection
Ehtisham Ali
 
PDF
Combating Advanced Persistent Threats with Flow-based Security Monitoring
Lancope, Inc.
 
PPSX
Intrusion detection system
gaurav koriya
 
PPTX
Advanced persistent threat (apt)
mmubashirkhan
 
PDF
Intrusion Detection and Prevention System in an Enterprise Network
Okehie Collins
 
PDF
Web backdoors attacks, evasion, detection
n|u - The Open Security Community
 
PDF
Introduction to the advanced persistent threat and hactivism
Global Micro Solutions
 
PDF
IRJET- Study of Hacking and Ethical Hacking
IRJET Journal
 
PDF
Chapter 2 program-security
Vamsee Krishna Kiran
 
PPTX
Penetration testing
PTC
 
Ch04 Network Vulnerabilities and Attacks
Information Technology
 
Computer security ethics_and_privacy
Ardit Meti
 
Virus and its CounterMeasures -- Pruthvi Monarch
Pruthvi Monarch
 
Threats to a computer
FCA - Future Chartered Accountants
 
Security Attack Analysis for Finding and Stopping Network Attacks
Savvius, Inc
 
The use of honeynet to detect exploited systems (basic version)
amar koppal
 
Computer security risks
Aasim Mushtaq
 
Intrusion detection
CAS
 
Network security and viruses
Aamlan Saswat Mishra
 
Security threats explained
Abhijeet Karve
 
Intruders detection
Ehtisham Ali
 
Combating Advanced Persistent Threats with Flow-based Security Monitoring
Lancope, Inc.
 
Intrusion detection system
gaurav koriya
 
Advanced persistent threat (apt)
mmubashirkhan
 
Intrusion Detection and Prevention System in an Enterprise Network
Okehie Collins
 
Web backdoors attacks, evasion, detection
n|u - The Open Security Community
 
Introduction to the advanced persistent threat and hactivism
Global Micro Solutions
 
IRJET- Study of Hacking and Ethical Hacking
IRJET Journal
 
Chapter 2 program-security
Vamsee Krishna Kiran
 
Penetration testing
PTC
 
Ad

Similar to Final presentation of IT security project (20)

PPTX
System tThreats
Sunipa Bera
 
PDF
NIS Unit-1(PPT)jbdjjdcbjbchdhbchbjch.pdf
MohdKhalidShaikh2
 
PPT
Ethical Hacking
Keith Brooks
 
PPTX
Information Security Fundamentals - New Horizons Bulgaria
New Horizons Bulgaria
 
PPTX
Cyper security & Ethical hacking
Cmano Kar
 
PPT
Computer security and_privacy_2010-2011
lbcollins18
 
PPTX
Cyber warfare introduction
jagadeesh katla
 
PPTX
Materi Keamanan Siber Prinsip Keamanan Jaringan.pptx
Bernad Bear
 
PPTX
Malware, Hacker Techniques, and Wireshark.pptx
fovoni
 
PDF
Cyber security-briefing-presentation
sathiyamaha
 
PPTX
Ethical hacking/ Penetration Testing
ANURAG CHAKRABORTY
 
PPTX
Basics of System Security and Tools
Karan Bhandari
 
PPTX
Ehical Hacking: Unit no. 1 Information and Network Security
prachi67
 
PDF
01_Metasploit - The Elixir of Network Security
Harish Chaudhary
 
PPTX
Lecture about network and host security to NII students
Akiumi Hasegawa
 
PPT
3.2.1 computer security risks
hazirma
 
PPT
Ethi mini - ethical hacking
Being Uniq Sonu
 
PPTX
Ransomeware and malware power point presentation
Parrie Vittiadarane
 
PPTX
Cyber crime trends in 2013
The eCore Group
 
PPT
Ethical Hacking
aashish2cool4u
 
System tThreats
Sunipa Bera
 
NIS Unit-1(PPT)jbdjjdcbjbchdhbchbjch.pdf
MohdKhalidShaikh2
 
Ethical Hacking
Keith Brooks
 
Information Security Fundamentals - New Horizons Bulgaria
New Horizons Bulgaria
 
Cyper security & Ethical hacking
Cmano Kar
 
Computer security and_privacy_2010-2011
lbcollins18
 
Cyber warfare introduction
jagadeesh katla
 
Materi Keamanan Siber Prinsip Keamanan Jaringan.pptx
Bernad Bear
 
Malware, Hacker Techniques, and Wireshark.pptx
fovoni
 
Cyber security-briefing-presentation
sathiyamaha
 
Ethical hacking/ Penetration Testing
ANURAG CHAKRABORTY
 
Basics of System Security and Tools
Karan Bhandari
 
Ehical Hacking: Unit no. 1 Information and Network Security
prachi67
 
01_Metasploit - The Elixir of Network Security
Harish Chaudhary
 
Lecture about network and host security to NII students
Akiumi Hasegawa
 
3.2.1 computer security risks
hazirma
 
Ethi mini - ethical hacking
Being Uniq Sonu
 
Ransomeware and malware power point presentation
Parrie Vittiadarane
 
Cyber crime trends in 2013
The eCore Group
 
Ethical Hacking
aashish2cool4u
 
Ad

Final presentation of IT security project

  • 1. Security test and implementation of terminal computer Authors: Armandas Rokas Andrius Sinkevicius Edvinas Butenas December 7, 2011
  • 2. Overview  Background story  Break­in attacks  Risk determination and security control recommendations  for break­in attacks  Network attacks  Risk determination and security control recommendations  for network attacks  Security solutions  Questions?
  • 3. Background story  XpUnlimited.LT company  Software works on all previous Windows OS`s  Try the security of terminal server   Built fully protected ( included network security)
  • 5. System characterization  Hardware:  Acer , i3, 4GB RAM gt320 1GB video  Software:  Windows 7 Ultimate SP1 32­bit/Windows Xp SP3  with XPUnlimited  Data:  Pictures, Sensitive Documents.
  • 6. System characterization  System interfaces  S­ATA2, USB, 802.11b/g/n, HDMI, VGA, Ethernet.  Users  Administrator, Remote Users.  Services running  Printer, Web Server (IP Consult HTTP server),  Remotes Desktops, Internal Database For ERP.
  • 7. Control analysis  Os Security Policies  Local Access Policies  System Backup  Firewall Policies
  • 9. Exploit (Infection with key logger)  Exploited by executing file on victims machine  File with payload  Meterpreter command line  Key log:  On Windows 7 only affected user only affected  On Windows Xp all user all
  • 10. Mail infection  External attack  Attack was made from BackTrack 5 to infect the  Terminal thin client server with Windows 7  operating system.  Exploit which let me break in to victim computer  when he got the infected message to his mail box.
  • 12. Some details  reverse_tcp payload.   local port 4444(it is vulnerable port) to create active  server which listening when victim click on  message.  After victim activate the payload included into  message I open meterpreter.
  • 13. Human Threats Threat-Source Motivation Threat Action Computer Criminal Monetary Gain-my Computer Crime credit card info Fraudulent Act Hacker, Cracker Challenge, Ego Hacking, Social Engineering, System Intrusion, Unauthorized System Access. User Negligence Spill Fluids on System Idiocy Drop System
  • 14. Vulnerability Identification Vulnerability Threat-Source Threat Action Outdated Software Hacker, Cracker, System File Loss, Computer Criminal. Unauthorized System Accesses. Misconfigured System Users, Computer System Files Loss, Criminal. Hacker, System Failure Cracker. Absence Of Security Hacker, Cracker, System Files Loss, Software Computer Criminal. System Failure.
  • 15. Likelihood Determination Threat-Source Vulnerability Likelihood Hacker, Cracker, Outdated Software Medium Computer Criminal. Users, Computer Misconfigured System Medium Criminal. Hacker, Cracker, Absence Of Security High Computer Criminal. Software
  • 16. Impact Analysis Threat-Source Loss of Loss of Loss of Integrity Availability Confidentialit y Hacker, None High High Cracker. Computer None High High Criminal. Users Low Low Low
  • 17. Likelihood, Impact Analysis & Risk Vulnerability Threat - Likelihood Impact Risk Source Outdated Hacker, Medium Medium Medium Software Cracker, Computer Criminal. Misconfigured Users, High High High System Computer Criminal. Hacker, Cracker. Absence Of Hacker, High Medium Medium Security Cracker, Software Computer Criminal.
  • 18. Control Recommendations Risk Risk Recommended Controls Activity Level Priority Outdated Software Medium Regularly Updating Software. Medium Misconfigured High Hire Qualified Specialists. High System Absence Of Security Medium Install legally IPS & IDS. Medium Software
  • 20. ARP - Man in the middle attack  After I broke in through Metasploit exploit to  victim pc I try do more harm to him.  I use ARP protocol vulnerability, with which you  are invisible, but same time making damage to  victim.  With fake arpsoof regues and response package  sending I make MITM “Man In The Middle”  attack.  
  • 21. After that I get full information float from router and my selected other  computer.  In that information are included logins, emails other sensitive  information.  Victim become full infected, he needs get out of this situation and  prevent for another time.
  • 23. DoS
  • 24. TS before DoS attack
  • 25. TS after DoS attack
  • 26. Human Threats Threat-Source Motivation Threat Action Computer Criminal Monetary Gain-my Computer Crime credit card info Fraudulent Act Hacker, Cracker Challenge, Ego Hacking, Social Engineering, System Intrusion, Unauthorized System Access. Competitors Injure Company Economic Exploitation, Stability. Compromise System Penetration, Network work. Spoofing/Sniffing of Network. Run Of Company Data.
  • 27. Vulnerability Identification Vulnerability Threat-Source Threat Action Absence Of System Hacker, Cracker System Failure, Security Competitors Connection Damage, Computer Criminal Information Conversion.
  • 28. Likelihood Determination Threat-Source Vulnerability Likelihood Hacker, Cracker Absence Of System Medium Competitors Security Computer Criminal
  • 29. Impact Analysis Threat-Source Loss of Loss of Loss of Integrity Availability Confidentialit y Hacker, None High High Cracker. Computer None High High Criminal. Competitors Medium High High
  • 30. Likelihood, Impact Analysis & Risk Vulnerability Threat - Likelihood Impact Risk Source Absence Of Hacker, Medium High Medium System Cracker Security Competitors Computer Criminal
  • 31. Control Recommendations Risk Risk Recommended Controls Activity Level Priority Absence Of System Medium Install legally IPS & IDS. High Security Implement encryption. Users Access Control.
  • 33. Terminal server security configuration User groups: • Administrative Users group – privileges to  configure terminal server • Remote Desktop Users group – privileges only to  connect remote desktop without possibility to  configure it. • All users including administrator have credentials to  login the services, no password less connection  available.
  • 34. Application control for users • The users can use only specified applications by the  system administrator.  •  Not active user sessions are terminated according  time limit. • Applications that can be started by other application  are not visible to user. • User attempt to open not assigned application are  restricted by  pop­out message that user have not  privilege to open it.
  • 35. Anti-virus  Implement security antivirus, which gives you updated  database and protect from intruders.  Shut down any untruthful connection.  Scanning web pages, your downloads.  Made with reliable Firewall.  Security isn’t about blocking malicious actions, it’s about  keeping your data safe, so arrange the reliable  Encryption software.  Users to upload viruses for future updates.  #1 Bitdefender
  • 36. Security against network attacks ● IPS&IDS ● Snort ● Firewall ● Ipcop  APF (Advanced Policy Firewall) from rfxnetworks ● Optional expensive solutions ● Cisco router ● Paid firewall