1 / 8

Hacking a Corporate Network

ECE 4112 Internetwork Security Project. Hacking a Corporate Network. Putting it all together. Drew Conner Rachel Moorehead. Group 9. Background Corporate Network Attacks - To the DMZ - To the DC Defenses. Background. Motivation: Prepare for a real life corporate experience

joey
Télécharger la présentation

Hacking a Corporate Network

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. ECE 4112 Internetwork Security Project Hacking a Corporate Network Putting it all together Drew Conner Rachel Moorehead Group 9

  2. Background Corporate Network Attacks - To the DMZ - To the DC Defenses Background • Motivation: Prepare for a real life corporate experience • Microsoft has 66 percent market share in the server OS arena, Linux has 20 percent and UNIX has 8 percent, with all others (e.g., NetWare, Macintosh) accounting for 6 percent.

  3. Background Corporate Network Attacks - To the DMZ - To the DC Defenses Step-by-Step Approach • “[There is a] need for a more layered defense strategy that provides extensive internal network visibility.” ISS • The number of attempted attacks every day for some of the large web hosting farms range from hundreds of thousands to even millions. • High risk vulnerabilities are commonplace in corporate networks. Respondents found a number of risky vulnerabilities on their networks during 2005. • 28% found unauthorized reconnaissance • 23% found unauthorized personnel with root or administrator access • 17% found suspicious connections to critical applications and databases on their networks

  4. Project Description Technical Details - Microcontroller - Database Problems Faced Market & Cost Analysis Future Work Acknowledgements Background Corporate Network Attacks - To the DMZ - To the DC Defenses Corporate Network Manufacturing Problems Lean Principles Lean Benefits Why Lean?

  5. Project Description Technical Details - Microcontroller - Database Problems Faced Market & Cost Analysis Future Work Acknowledgements Background Corporate Attacks - To the DMZ - To the DC Defenses Attacks to the DMZ Manufacturing Problems Lean Principles Lean Benefits Why Lean? • Attacking the Web Server • Use MS SQL Exploits • Exploit xp_cmdshell service • Load our “warez” on the machine using TFTP • Activate NetCat to open a connection • New Reconnaissance Tools: • PWDump - Get password hashes • Ophcrack - Crack hashes

  6. Project Description Technical Details - Microcontroller - Database Problems Faced Market & Cost Analysis Future Work Acknowledgements • Background • Corporate Network • Attacks • - To the DMZ • - To the DC • Defenses Attacks to the DC • Attacking the MS Active Directory • Reroute traffic • Exploit Remote Desktop • New Reconnaissance Tools: • Active Directory Domain Listing • netsh

  7. Project Description Technical Details - Microcontroller - Database Problems Faced Market & Cost Analysis Future Work Acknowledgements Background Corporate Network Attacks - To the DMZ - To the DC Defenses Defenses Manufacturing Problems Lean Principles Lean Benefits Why Lean? • Web Server • Disable xp_cmdshell • Run SQL Server as a restricted user • Access databases as a restricted user • Restrict use to services like TFTP • Active Directory • Harden Administrator account and password • Review what services such a Remote Desktop that should be disabled

  8. Project Description Technical Details - Microcontroller - Database Problems Faced Market & Cost Analysis Future Work Acknowledgements Background Corporate Network Attacks - To the DMZ - To the DC Defenses Questions Manufacturing Problems Lean Principles Lean Benefits Why Lean? “Annual Internal Threat Report Reveals Attacks Against Corporate Networks Unrelenting.” ISS. 2005. Dido, Laura. “Application Infrastructure & Software Platforms.” The Yankee Group. April 2004. Johansson, J. “Protect Your Windows Network: From Perimeter to Data.” Addison-Wesley Professional. 2005.

More Related