Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

Protecting Your Corporation from Hacking Attacks Presented by

advertisement 
Protecting Your
Corporation from
Hacking Attacks
Presented by Roland Cheung
HKCERT
Information Security Seminar 2012 (May) - Combat Cyber Attack
Agenda
• Security Threat
• Case Study
• Security Mitigation Strategies
Information Security Seminar 2012 (May) - Combat Cyber Attack
Security Threat
Information Security Seminar 2012 (May) - Combat Cyber Attack
Hacktivism
Information Security Seminar 2012 (May) - Combat Cyber Attack
Cyber Attacks Timeline Apr-2012
Source:http://hackmageddon.com/2012-cyber-attacks-timeline-master-index/
Information Security Seminar 2012 (May) - Combat Cyber Attack
Cyber Attacks Statistics
Source:http://hackmageddon.com/2012/04/16/april-2012-cyber-attacks-timeline-part-i/
Information Security Seminar 2012 (May) - Combat Cyber Attack
Target
• Data
– User Information
– Financial data
– Digital certificate
• Resources
– Computing power
– Bandwidth
– IP address
Information Security Seminar 2012 (May) - Combat Cyber Attack
Major Threat
•
•
•
•
•
Denial of Service
Website Defacement
Phishing Website
Malware Hosting
Botnet
Information Security Seminar 2012 (May) - Combat Cyber Attack
Denial of Service
• Attempt to make a computer or network
resource unavailable to its intended users.
• Data volume excess afforded limit
• Application Vulnerability
– Apache Byte Range vulnerability (CVE-2011-3192)
Source: http://wiki.apache.org/httpd/CVE-2011-3192
Information Security Seminar 2012 (May) - Combat Cyber Attack
Website Defacement
• An attack on a website that changes the visual
appearance of the site or a webpage.
• Zone-H
– a website archive of versions of defaced websites.
http://www.zone-h.org
Information Security Seminar 2012 (May) - Combat Cyber Attack
Website Defacement
• Year to Date (15-May-2012)
– No. of records (.hk): 207
• Source: www.zone-h.org
Information Security Seminar 2012 (May) - Combat Cyber Attack
Phishing Website
Information Security Seminar 2012 (May) - Combat Cyber Attack
Malware hosting
Information
Hong
Security
Kong Clean
Seminar
PC2012
Day 2011
(May)Seminar
- Combat
(June)
Cyber Attack
Botnet
Botnet (aka Zombie Network, 殭屍網路)
• A collection of compromised computers
(called bots, zombie) under a common
command-and-control (called C&C)
infrastructure.
http://en.wikipedia.org/wiki/Botnet
Image source: ENISA
Information Security Seminar 2012 (May) - Combat Cyber Attack
Botnet
Flashback Botnet
•
•
•
•
Targets to Mac OS
Exploits Java vulnerability
Infected over 0.6 millions Macs
Over 50 % in U.S.
Source: https://drweb.com/flashback/?lng=en
Information
Hong
Security
Kong Clean
Seminar
PC2012
Day 2011
(May)Seminar
- Combat
(June)
Cyber Attack
Case study
Information Security Seminar 2012 (May) - Combat Cyber Attack
1. Mass SQL
Injection
Information Security Seminar 2012 (May) - Combat Cyber Attack
1. Mass SQL Injection
• SQL injection
– A lack of input validation on a website in order to execute
unauthorized database commands on a Web Applications
database server.
E.g. http://example.com/app/accountView?id=' or '1'='1
– the query to return all the records from the accounts
database
• OWASP - Top 10 Web Application Security
Risks 2010
A1: Injection
Source: https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
Information
Hong
Security
Kong Clean
Seminar
PC2012
Day 2011
(May)Seminar
- Combat
(June)
Cyber Attack
1. Mass SQL Injection
• A recent campaign found over 10,000
legitimate global web sites were affected in
Mar 2012
– Abusing an input validation flaw
– exploiting vulnerable web application software
Source: http://blog.webroot.com/2012/03/26/tens-of-thousands-of-web-sitesaffected-in-ongoing-mass-sql-injection-attack/
Information
Hong
Security
Kong Clean
Seminar
PC2012
Day 2011
(May)Seminar
- Combat
(June)
Cyber Attack
1. Mass SQL Injection
Information
Hong
Security
Kong Clean
Seminar
PC2012
Day 2011
(May)Seminar
- Combat
(June)
Cyber Attack
1. Mass SQL Injection
• Injected malicious website link
– stmyst.com, statsmy.com
– server hosted in Russia
– serve Fake AV software
Information
Hong
Security
Kong Clean
Seminar
PC2012
Day 2011
(May)Seminar
- Combat
(June)
Cyber Attack
2. Conditional
Redirection
Information Security Seminar 2012 (May) - Combat Cyber Attack
2. Conditional Redirection
• Redirect search engines result to their own
sites
• Common method to use .htaccess in Apache
• A powerful file that allows you to make
multiple changes to the web server and PHP
behavior.
• Hard to find to clean up
Source: http://blog.sucuri.net/2011/05/understanding-htaccess-attacks-part-1.html
Information
Hong
Security
Kong Clean
Seminar
PC2012
Day 2011
(May)Seminar
- Combat
(June)
Cyber Attack
2. Conditional Redirection
Information
Hong
Security
Kong Clean
Seminar
PC2012
Day 2011
(May)Seminar
- Combat
(June)
Cyber Attack
2. Conditional Redirection
Information
Hong
Security
Kong Clean
Seminar
PC2012
Day 2011
(May)Seminar
- Combat
(June)
Cyber Attack
2. Conditional Redirection
Information
Hong
Security
Kong Clean
Seminar
PC2012
Day 2011
(May)Seminar
- Combat
(June)
Cyber Attack
Malicious web sites
• 92% of spam email contains a web link
• 82% of malicious web sites are hosted on
compromised hosts
Source: Websense
http://www.websense.com/assets/reports/report-2012-threat-report-en.pdf
Information Security Seminar 2012 (May) - Combat Cyber Attack
Common Problems
•
•
•
•
•
Weak Access Control
Weak Password
Vulnerable server or Application
Malware Infection
No dedicated IT staff
Information Security Seminar 2012 (May) - Combat Cyber Attack
Security Mitigation
Strategies
Information Security Seminar 2012 (May) - Combat Cyber Attack
Security Mitigation Strategies
• Security Policy
• Security Protection
• Security Audit
Information Security Seminar 2012 (May) - Combat Cyber Attack
Security Mitigation Strategies
Security policy
• Network Access Management
• Patch Management
• Password Management
• Data Management
• Log Management
• Desktop Management
Information Security Seminar 2012 (May) - Combat Cyber Attack
Patch Managment
• Vendor's OS and application update checking
features
• Patch checking tool
– Secunia - Personal Software Inspector (PSI)
http://secunia.com/vulnerability_scanning/personal/
Information Security Seminar 2012 (May) - Combat Cyber Attack
Patch Managment
Information Security Seminar 2012 (May) - Combat Cyber Attack
Data Management
• Data Classification
– Confidential
• Data Encryption
– Server/Workstation
– Database
– Portable storage
Information Security Seminar 2012 (May) - Combat Cyber Attack
Security protection
•
•
•
•
Anti-Malware
Network Firewall
Application Firewall
Content filtering service
Information Security Seminar 2012 (May) - Combat Cyber Attack
Network Firewall
• Malicious Site Blocklist
– ZeuS Blocklist
https://zeustracker.abuse.ch/blocklist.php
– Malware Domain Blocklist
http://www.malwaredomains.com/files/domains.txt
Information Security Seminar 2012 (May) - Combat Cyber Attack
Application Firewall
• Type of exploits defense supported
- e.g. OWASP Top 10
• Learning mode
• Self defined rule
Information Security Seminar 2012 (May) - Combat Cyber Attack
Content filtering service
Features
• Anti-DDoS
• Web traffic filtering
Operation
• Change to your domain's DNS settings.
• Route through to service provider for preprocessing
Information Security Seminar 2012 (May) - Combat Cyber Attack
Security Audit
• Review Policy and Procedure
• Vulnerability Scanning
• Site Checking
Information Security Seminar 2012 (May) - Combat Cyber Attack
Review Policy and Procedure
• Self Assessment
– Sample Audit checklist
http://www.ogcio.gov.hk/eng/prodev/download/g51_pub.pdf
Information Security Seminar 2012 (May) - Combat Cyber Attack
Vulnerability Scanning
• Self Assessment
– OpenVAS (System )
http://www.openvas.org
– Samurai Live CD (Web Application)
http://samurai.inguardians.com
Information Security Seminar 2012 (May) - Combat Cyber Attack
Site Checking
Free site checking tools
• Google Safe Browsing
http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=domain
• Sucuri
http://sitecheck.sucuri.net/scanner/
• URLQuery
http://urlquery.net/
• Wepawet
http://wepawet.iseclab.org/
• Zscaler
http://zulu.zscaler.com/
Information Security Seminar 2012 (May) - Combat Cyber Attack
Site Checking
Google Safe Browsing
Information Security Seminar 2012 (May) - Combat Cyber Attack
Site Checking
Sucuri
Information Security Seminar 2012 (May) - Combat Cyber Attack
Site Checking
URLQuery
Information Security Seminar 2012 (May) - Combat Cyber Attack
Site Checking
Wepawet
Information Security Seminar 2012 (May) - Combat Cyber Attack
Site Checking
Zulu
Information Security Seminar 2012 (May) - Combat Cyber Attack
Q&A
Thank you
Email: hkcert@hkcert.org
Information Security Seminar 2012 (May) - Combat Cyber Attack
Related documents
Management Basic – Seminars 2 Mgr A., 2P/1S, LS 2014/2015
Management Basic – Seminars 2 Mgr A., 2P/1S, LS 2014/2015
Seminar Assessment Form
Seminar Assessment Form
Discussion0.doc
Discussion0.doc
Download
advertisement