Professional Documents
Culture Documents
Cybsersecurity CKC v2
Cybsersecurity CKC v2
CyberSecurity
June , 2016
Christopher, K. Chepken (PhD)
C4DLab
Introduction to Cyber Security
Hacking
C4DLab
Hacking
• Has consequences
– denial of service
C4DLab
Hacking: Reasons & Justification
• To steal services, data or files
• Thrill and excitement
• To promote some tools or skills
• Disease: Feel like doing it!
• Believe that all info needs to be free
• Ethical hacking-show security problems
C4DLab
Hacking: Discussion
• How is your organization? How are staff
responding to tightenning of security
loopholes?
C4DLab
Hacking techniques
• Hacking techniques are different ways which
hackers use to exploit systems.
– Can be as many hacking techniques as there are
hackers.
• Some are known, others unknown (developing
everyday)
C4DLab
Hacking techniques
• Vulnerability scanning :a tool used to quickly check
computers on a network for known weaknesses e.g.
Open ports
• Brute force Attack e.g password guessing
• Dictionary attack
• Password cracking: process of recovering
passwords from data
• Packet sniffer
• Spoofing attack (Phishing): masquerades as
another by falsifying data
C4DLab
Hacking techniques
• Programmed threats e.g. Virus, worms or
trojans
C4DLab
Hacking techniques
• Social engineering May be an act of
– Intimidation
– Helpfulness: Oppossite of Intimidation
– Name-dropping : Using names of authorised
users
– Technical e.g. Sending an email to a legitimate
user, seeking a response that contains vital
information
C4DLab
Hacking Techniques
• Keystroke logging: A keylogger is a tool
designed to record ("log") every keystroke
on an affected machine for later retrieval
– Key loggers can be
• Legitimate:, to detect evidence of employee
fraud, Mac on iphone, ipads??
• Illegitimate: To steal info, viruses
C4DLab
Hackers techniques: Denial of service
• DoS: an attempt made by attackers to make computers’
resources inaccessible to its anticipated user
C4DLab
Hacking: Information gathering
• Identity management is the process for managing the entire
life cycle of digital identities, including the profiles of people,
systems, and services, as well as the use of emerging
technologies to control access to company resources.
– Identity theft
C4DLab
Information gathering
• What do robbers do before they break into
the bank or anything else? They gather
information.
• You can gather information to
– Protect yourself
– To harm others (hackers)
– Just to know or solve a problem
• Example: http://www.shortinfosec.net/2009/02/security-information-gathering-brief.html
C4DLab
Areas of interest to attackers
Source: http://resources.infosecinstitute.com/network-
intelligence-gathering/
C4DLab
Hacking: Insider threats
• A malicious insider threat is a current or former employee, contractor, or other
business partner who has or had authorized access to an organization's
network, system, or data and intentionally exceeded or misused that access in
a manner that negatively affected the confidentiality, integrity, or availability of
the organization's information or information systems. (http://www.cert.org/insider-
threat/)
C4DLab
Hacking: Rogue wireless points
• Rogue wireless points entice you to connect.
• Consequences can be very bad
– Information gathering
– Stealing data
– Installing malware
–
C4DLab
Hacking: Spam and email threats
• Spam is unsolicited email
• Threats include
– Information harvesting
– Malware introduction
– Denial of service
– Identity theft
C4DLab
Hacking: Spam and email threats
• Phishing: Emails that ask for your personal
information
C4DLab
Hacking: Attack on devices
• These devices include PDAs, USBs and other
hand held devices.
– Theft – both data and hardware
– Hijack, interception
– Malware, viruses, trojans etc.
C4DLab
Hackers: Routers & firewalls
C4DLab
Hacking: Routers & firewalls
• Interception
• Firewall vulnerabilities
– Firewall is S/W hence can have bugs
– Vendor back door
• Session hijacking/man-in-the middle
– Sniffing
– May insert commands in between communication sessions
• Attack on exposed servers e.g. SQL injection, default
passwords etc
– An exposed port is vulnerable
C4DLab
Hacking wireless network
• Wireless networks, sometimes called WiFi,
allow you to connect to the internet without
relying on wires- Use radio waves which
connect to a hotspot with idendifying
information called service set identifier
(SSID)
C4DLab
Hacking wireless network
• Hijack or intercept an unprotected connection
C4DLab
Introduction to Cyber Security
Prevention
C4DLab
Attack prevention: DDoS
• Increase bandwidth:
– Problem: Bandwidth is not unlimited
• DDoS mitigation Service
– Use DDoS protection and mitigation network,
automated tools,
– Use anti-DDoS technicians who are real-time as per
the varying DDoS attack characteristics
• Restrict connections to your servers:
install/configure your routers and firewall so
as to limit the connectivity
C4DLab
Attack prevention
• Harden your systems / lockdown
• Patch all your systems
• Install a firewall on each system, or at least
on the network
C4DLab
Securing routers and the network
• Assess network security and degree of
exposure to the Internet
– Portscan your own network from outside to see the
exposed services (TCP/IP service that shouldn't be
exposed, such as FTP)
– run a vulnerability scanner against your servers
– monitor your network traffic
– refer to your system log
– check your firewall logs
C4DLab
Securing routers and the network
• Limit who has access to the router
configuration
• Ensure that there is control over who can
make changes to router configuration
• Reduce the services running on the router
• Encrypt passwords
• Ensure that you understand security
loopholes which have been identified
C4DLab
Attack prevention: Use passwords
• Do not use
– real words or combinations thereof
– numbers of significance (eg birthdates)
– similar/same password for all your accounts
C4DLab
Passwords (very important)
• "A password should be like a toothbrush. Use it every day;
change it regularly; and DON'T share it with friends.” - USENET)
• Don’ts for password (http://oreilly.com/catalog/csb/chapter/ch03.html)
– Allow any logins without passwords. If you're the system
administrator, make sure every account has a password.
– Keep passwords that may have come with your system
– Write your password down
– Type a password while anyone is watching.
– Record your password online or send it anywhere via electronic
mail.
– Keep the same password indefinitely.
C4DLab
Attack prevention: Routers & network
• Encrypt connections
• Do not install software from little known sites
• Limit access to your server(s)
• Use Anti-Virus Software
• install secure certificates on web sites
• purchase and deploy of products according to
identified needs
C4DLab
Attack prevention: General
• Monitor suspicious traffic patterns
• Control on Mobile Devices
• Do not use public Email systems like Gmail,
Yahoo!... For official work
• Do not use professional credentials online
• Regularly conduct awareness trainings
• Do employee background checks
• Continuous training and learning new
technologies and methods
C4DLab
Attack Prevention: General
• Attending conferences and events by professional
industry groups in computer security.
C4DLab
Protection against attacks in social media
• Awareness training
• Regular vulnerability scans and tests
• Monitoring of networks for suspicious activity
• Implementation of best practices
• Avoid Unsolicited Installation of Scripts
• Organizational usage policy is recommended
C4DLab
Securing cables
• Mainly against physical attack
• Monitoring – manually or automatic
• Use reputable, experienced providers
• Make sure the wires are properly hidden
against the wall to prevent anyone from
tripping on them and causing damage.
C4DLab
Securing firewalls
• Tighten the Routers at your border to the Internet in
terms of packets that can be admitted or let out.
C4DLab
Securing firewalls
• Install updated service packs and Enable auto updates
for firewall
C4DLab
Securing firewalls: Best practice
• Use acceptable usage policy
• Limit the number of applications that run on the firewall- let the
firewall do it's work.
C4DLab
Securing Mobile handheld devices
• Mobile handheld devices:
– Any device operating to hold, store, process, and
access data, including smartphones, cellphones,
tablets, or personal digital assistants (PDAs)
C4DLab
Securing Mobile handheld devices
• Passcode lock
C4DLab
Securing Mobile handheld devices
• Avoid sharing mobile devices
C4DLab
Securing Mobile handheld devices
• Wipe each device thoroughly before disposing of it
C4DLab
Securing laptop computers
• Treat it like cash
• Get it out of the car…don't ever leave it behind
• Keep it locked…use a security cable
• Keep it off the floor…or at least between your feet
• Keep passwords separate…not near the laptop or
case
• Don't leave it "for just a sec"…no matter where you
are
• Pay attention in airports…especially at security
C4DLab
Securing laptop computers
• Use bells and whistles…if you've got an alarm,
turn it on
• Avoid distraction
• Mind the bag- May say you have a laptop
• Be vigilant in hotels
• Know where to turn for help
• No one thinks their laptop will be stolen- start
thinking from today
C4DLab
Penetration testing
• Also called pen testing, is the practice
of testing a computer system, network or
Web application to find vulnerabilities that
an attacker could exploit.
– Sometimes called white hat- the good guys
break in
– Main objective is to identify weaknesses
– Can be manual or automated
C4DLab
Penetration testing: process
• The generic process is
– Information gathering about target
– Identifying possible entry points
– Attempting to break in (either virtually or for
real)
– Reporting back the findings
C4DLab
Penetration testing: strategies
• Targeted testing: By IT team and pen test team- “light-turned” on pen
test
• Blind testing: team performing the attack has limited information e.g.
Only company name
C4DLab
Penetration testing
• Various Tools for pen tests exist.
• Class Exercise:
– Look for open source pen tests tools
– Try using simple open source pen tests tools
C4DLab
Preventing Data Loss (PDL)
• Data can be: any data or sensitive data.
– Identify: Identify where you have stored data under
your control.
– Inventory what data you have stored in ALL of these
places
– Dispose: do not keep any sensitive data, e.g. Credit
card numbers, ID etc, in electronic form unless you
absolutely must
– Stop and think whenever handling sensitive data
C4DLab
Preventing Data Loss (PDL)
• Saving to the wrong locations
– Do not save data in wrong locations
– Do not save sensitive data on mobile or removable media
– Do not save sensitive data on shared environment, should be
in a private area on a secure server; encrypt the data
• Human error
– If you know there has been an incident, do incident response
C4DLab
Securing wireless networks
• Change default passwords - Most network
devices, including wireless access points,
are pre-configured with default
administrator passwords to simplify setup
• Restrict access - Only allow authorized
users to access your network (Use media
access control- MAC of every device )
• Encrypt the data on your network
C4DLab
Securing wireless networks
• Protect your SSID - To avoid outsiders
easily accessing your network, avoid
publicizing your SSID; Turn network name
broadcasting off
• Use firewall
• Use up to date anti-virus
• Change the default name of the network
C4DLab
Physical security
• Physical access- definition
– Server room
– Office with network computers
– Other areas
• Measures
– E.g. log book, Biometrics
– One controlling point e.g. soldier
• How do you trace back in case of breakage-
Incident response
C4DLab
Physical security
• Computer physical security is a methodology for
safeguarding computer systems, peripherals and all
assets that form these systems- As important as other
security.
C4DLab
Physical access: Measures
Restrict Access - For servers and other important computing
devices, out of sight, out of mind is the motto.
Make sure the most vulnerable devices are in that locked room
C4DLab
Physical access: Measures
Protect the portables- a laptop or hand held device may
be stolen with saved passwords or data- lock them up
Pack up the backups- Do not have backups in the same
place as servers. Do not leave them anywhere!
Disable the drives e.g. USB, floppy or CD-Rom- they may
be used to fraudulently copy data
C4DLab
Incident handling
• What is an incident?
• Handling?
C4DLab
Incident Handling
What is an incident? Must be defined
How to report, who to contact
Plan your strategies and course of action
Have a policy in place
Have written procedures to follow
Communications – notifying affected
personnel
C4DLab
Incident Response Plan
C4DLab
Incident detection
Accidental or malicious source?
Need to monitor to detect incidents and
violations
Must have profiles of vulnerability – list of
known vulnerabilities
Use Intrusion Detection Systems (IDS)
Profiles of normal activity for computer networks, users,
and attack patterns
Physical access Intrusion Detection System
In most cases, internal staff pick up suspected
abnormal behavior and situations
C4DLab
Reaction
C4DLab
Incident response philosophies
Watch and Warn – monitor and notify
appropriate personnel on detection of an incident
C4DLab
Response
Define roles for personnel, responsibilities and
authority for each role
Determine costs for establishing response plan
Define under what circumstances services can be
disabled
Define who has authority to shut down services
Isolate affected segments/machines – both to
limit further infection and to gather evidence
C4DLab
Incident notification
Minimise surprises
Notify in a timely manner, to the appropriate
people, following written procedures
Notify response team, management and chief
security manager (or equivalent)
Contact
Organisations offering advisory and assistance response e.g. CERT
Affected parties and partners
Law enforcement
News media
C4DLab
Incident Containment
Stop the spread of containment or abuse
Determine the affected systems
Deny access, where possible
Eliminate rogue processes
Regain control
Lock out attacker/abuser
Block the source
Disable the service affected
Disconnect from the network or Internet
Clean the system
Rebuild the system
C4DLab
Assessing the damage
Determine the scope of damage
Compromised data, systems, services, privileges, etc.
Determine the length of the incident
Determine the cause of the incident
Vulnerability exploited
Safeguard bypassed
Detection avoided
Determine the responsible party
Source of attack
Online identity
Attack fingerprints
C4DLab
Incident recovery
Set priorities based upon costs and criticality
Repair the vulnerability – do not leave the
hole for others to abuse
Apply a patch
Disable the service
Change the procedure
Redesign
Improve the safeguard
Update detection systems
Restore data and services
Monitor for additional signs of attack
C4DLab
Incident documentation
Documentation is needed to provide evidence and for post-
incidence review
C4DLab
Sources of Information
Help desk logs
Network logs
System logs
Administration logs
Physical access logs
Accounting logs
Audit logs
Security logs
Backups
Staff clock logs
Staff
C4DLab
Computer forensics investigations
C4DLab
Computer forensics investigations
• Electronic record : any data that is recorded or preserved on any
medium in or by a computer system or other similar device, that
can be read or perceived by a person or a computer system or
other similar device. It includes a display, printout or other
output of that data.
• Computer Forensics: Computer forensics is the scientific
examination and analysis of data held on, or retrieved from,
computer storage media in such a way that the information can
be used as evidence in a court of law.
C4DLab
Computer forensics investigations &
Incident handling
• Handling data under investigation
– For hand held devices, mobile phones
– For computers, servers and laptops
– Any other computing devices
C4DLab
Computer forensics investigations:
Some history
• Early in 1970’s students discovered how to gain
unauthorized access to large timeshared computer
systems.
• 1978 the Florida Computer Crime Act was the 1st law
to help deal with computer fraud and intrusion.
Employees at a dog track used a computer to print
fraudulent winning tickets. The act also defined all
unauthorized access as a crime.
• 1984 US Federal Computer Fraud and Abuse Act was
passed. (Morris Worm 1988)
C4DLab
Properties of digital evidence
• Digital evidence is any data stored or
transmitted using a computer that supports
or refutes a theory of how an offense
occurred or that addresses critical elements
of the offense such as intent or alibi. (Casey,
Eoghan. Digital Evidence and Computer Crime, p12)
C4DLab
Properties of digital evidence
• “Latent” : it can not been seen in it’s natural state,
much like DNA.
– Any actions that can alter, damage or destroy digital
evidence will be scrutinized by the courts.
C4DLab
Recognizing Potential Evidence
There are many ways:
1. Contraband or fruits of a crime
– Stolen Computer Equipment
– Stolen Software
2. A tool of the offense
– Theft committed using computer
– Fraud committed using computer
– E-mail sent from a computer
– Sex offense committed after being arranged on computer
– Fraudulent money or ID’s made with computer
C4DLab
Recognizing Potential Evidence (cnt)
3. Only incidental to the offense
– Drug dealer maintaining records or ordering
supplies
– Child molester keeping records on children
– Suicide notes or pictures of the crime stored online
– Victim keeping diary or electronic journal
– Suspect searching the web for info about crime
– Credit card fraud records being kept on computer
– Child pornography being stored on computer
C4DLab
Recognizing Potential Evidence (cnt)
C4DLab
Types of crime that might involve
digital evidence
– Online auction fraud – Extortion
– Child exploitation/Abuse – Gambling
– Computer Intrusion – Identity Theft
– Homicide
– Narcotics
– Domestic Violence
– Economic Fraud, – Prostitution
Counterfeiting – Software Piracy
– Threats, Harassment, – Telecom Fraud
Stalking
C4DLab
Types of investigations
Internal: no search warrant or subpoena needed, quickest
investigation
– Corporate investigation that involves IT administrator
reviewing documents that they should not be viewing.
Civil: other side may own the data, may need subpoena
– One party sues another over ownership of intellectual
property, must acquire and authenticate digital evidence so it
can be submitted in court.
Criminal: highest stakes, accuracy and documentation
must be of highest quality, slowest moving
– Child porn investigation that involves possession and
distribution of contraband.
C4DLab
Qualities of a good investigator
Highest level of ethics
Unbiased
State facts not opinions (unless requested to do
so)
Aware of when to call for help
Has good documentation skills
Good communications skills
Follows same process/methodology every time
C4DLab
Incident response and business continuity
plans
C4DLab
Incident response and business continuity
plans
• Three key elements for business continuity are: (wikipedia)
C4DLab
Business Continuity Management
• Business Continuity Management (BCM) is a
holistic management process that identifies
potential threats to an organization and the
impacts to business operations those threats, if
realized, might cause, and which provides a
framework for building organizational resilience
with the capability of an effective response that
safeguards the interests of its key stakeholders,
reputation, brand and value-creating
activities. (Source: ISO 22301:2012)- BCI.org
C4DLab
Maltego: for showing the connections you have
C4DLab