360 likes | 457 Vues
Introduction to Security. What’s the weakest link?. You. Social Engineering. Exploiting humans willingness to help Exploiting our two most powerful emotions, Regret and fear Kevin Mitnick Stealing the Network series The Real Hustle. social engineering.
E N D
Social Engineering • Exploiting humans willingness to help • Exploiting our two most powerful emotions, Regret and fear • Kevin Mitnick • Stealing the Network series • The Real Hustle
social engineering • ten common techniques of social engineering • impersonation • pretend to be some from inside the company to obtain passwords • usually coupled with research regarding IT personnel • sympathy • usually request access to hardware: server room or PC • usually coupled with dire consequences if unable to complete the task
social engineering • ten common techniques (cont'd) • wooing • develop a trust relationship with the victim • to obtain a wide range of information • intimidation • for victims who do not respond well to sympathy or wooing • pretense: company official, government official, inspector
social engineering • ten common techniques (cont'd) • greed • money or goods in exchange for information • confusion • create a diversion which vacates an office • access logged-on session
social engineering • ten common techniques (cont'd) • shoulder surfing • passive observation of typing • either by physical presence as a trusted individual • or by using some form of eavesdropping • dumpster diving • searching garbage for useful information • either discarded papers • or removable media
social engineering • ten common techniques (cont'd) • phishing • request for victim to visit a false web site • for purpose of updating invalid / obsolete information • reverse social engineering • present oneself as an expert who can fix a problem • results in a reversal of roles: • victim asks the questions • social engineer provides the answers • often being granted access to the computer systems
5 Deadliest Viruses • Mydoom fastest spreading worm, SCO & Microsoft offer $250,000 reward • NIMDA after Sept11, terrorist attack? • CODERED Microsoft IIS • SLAMMER Infected 75,000 in minutes • 365 byte footprint, doubles every8.5 sec • ILOVEYOU caused $5 billion in damages Ford, the Pentagon, British Parliament
Top Hoaxes and Pranks • GOOD TIMES users warned that opening email would…. and kill your dog • 48 Hours claimed hovering mouse over email would…. And kill your dog • LIFE IS BEAUTIFUL Powerpoint • HONOR SYSTEM contained no payload told users to delete there hard drives • LION’s DEN warning of deadly virus, instead linked to porn site
Proactive measures • Download Product updates • Service packs, patches, fixes etc • Application updates, Office, Browsers, etc • Virus definitions updates • Spyware definitions
Passwords • No dictionary words, names • Dogs name, address, birthdates • Use pass phrases • Encrypt important doc’s, password files • Use Truecrypt http://www.truecrypt.org/
Most common passwords • password • 123456 • qwerty • abc123 • letmein • monkey • myspace1 • password1 • link182 • (your first name)
Password suggestions • Application / magic phrase / date • Magic phrase / date / application • Date / Application / magic phrase • GmailPassPhrasesStinkJan • PassPhrasesStinkGmailJun • JulGmailPassPhrasesStink • 01gmailpa$$phra$e$$tink
Spyware • Malicious software to spy and datamine your surfing habits • ??? Invasion of privacy ??? • Information is collected and used to harass you with pop-up ads, indirect web searches, browser homepage you can’t change, etc • Spyware masks itself, seems like legitimate software (toolbars, desktop buddies)
Removing Spyware • Uninstall browser toolbars, desktop buddies, search helps from control panel • Scan to remove from startup / reinstalling issues using windows defender http://www.microsoft.com/athome/security/spyware/software/default.mspx#
Other SW Scanners • A-Squared http://www.emsisoft.com/en/software/free/ • Spybot S&D $0 http://www.safer-networking.org • Ad-Aware $0 http://www.lavasoftusa.com/ • AVG Anti-Spyware $0 http://free.grisoft.com/ • Spy Sweeper $30 http://www.webroot.com/
Spyware continued • HijackThis scanner • http://www.spywareinfo.com/ • ccleaner
Virus • Can turn your PC into remote-controlled zombie for Denial of Service attacks • Record key strokes, passwords, banking • Wreak havoc, erase data, damage HW • Install Antivirus software AVG etc • Clamwin http://www.clamwin.com/ • alt web-based scanner $0 (scanfromIE) • www.pandasecurity.com/usa
WARNING • OK to install multiple spyware scanners on same system • DO NOT install multiple Anti VIRUS software on the same system. They will work against each other.
Rootkits • Integate into the OS’s kernel • Difficult to detect with conventional scanners • Blacklight (free for now) http://www.f-secure.com/blacklight • AVG’s Anti-Rootkit program http://free.grisoft.com/doc/5390#avg-anti-rootkit-free
Change your Boots • If Op Sys is render unusable • Boot into safe mode (hit F8 before windows splash screen) • Select Safe Mode with Networking • Loads Windows with basic drivers allowing you to disinfect your system while offending programs are dormant • With NW option you can update scanners
Boot CD • If you can’t get to Safe Mode • Build a BartPE CD (bootable live CD) http://nu2.nu/pebuilder/ • Installer + Windows CD + optional pluggins • Such as Spybot S&D, ClamWin
Defensive Measures • Surf security use Firefox if using IE put sticky on forehead saying “steal from me!” • Shield against spyware (real time monitoring) Webroots Spy Sweeeper $30 www.webroot.com • Install Virus Scanner AVG, Avast, AntiVir, Clamwin, ClamAV • Firewall Zone alarms
Change Habits • AVOID ATTACHMENTS • Don’t Be BAITED (Phishing) Never use links from emails to ebay, banks, CC, etc • Download responsibly P2P, BitTorrents, Warez • Use MD5 generators, MD5summer, etc • Surf net as a restricted user
Read – white papers etc • Spyware Quiz http://www.siteadvisor.com/quizzes/spyware_0306.html
Checklist for Windows • http://www.securityfocus.com/columnists/220
Resource’s • Freeware • http://www.econsultant.com/i-want-freeware-utilities/index.html • PC • http://www.majorgeeks.com/ • Security • http://www.sans.org/ • http://www.blackhat.com/ • http://www.securityfocus.com/ • Open Source • http://sourceforge.net/ • http://freshmeat.net/
Credits • Data taken from xforce report • http://www-935.ibm.com/services/us/iss/html/xforce-threat-insight.html