Diapositiva 1
Transcription
Diapositiva 1
Wireless and Mobile Hacks BYOD Security Risk Lab Ernest Staats [email protected] Master Science Information Assurance, (CISSP)®, CEH, MCSE, CNA, CWNA, Security+, I-Net+, Network+, Server+, A+ The Disclaimer! • This workshop is intended to help you understand how mobile software and hardware can be used to expose security issues in your network. • Have Permission in Writing First! • This knowledge is intended to be used responsibly so we can provide academic environments that are secure, safe and accessible. Download Lab • Go download the lab and put it on your mobile device save it to your dropbox, Kindle or email then open and follow along. – http://goo.gl/ • C:\FETCImage find installers for software • C:\FETCImage\Installers\PA = 3.1 gig of portable Security apps Perceived Danger Death by Shark at the Beach The Real Danger Death by Vending Machine at the Beach Understand RISK! Analyze risk risk = (cost of an exploit)*(likelihood it will occur) Mobile devices make this inexpensive and very possible (BeetleJuice) inside of “Flame” Demos: Bypass DLP (iSafe….) iPad Apps • Isafeplay • Fing – • iNetTools-. • NSLookup – • Netmon • -Opsview SPiceworks IRdesktop Free Wifi Inet Citrix Vsphere WI-FI Finder Free Pint NetSwissKnife DropBox + BoxCryptor Logmein WI-FI Finder Serial IO WiSnap Network Mapping inSSIDer 2.0 Wi-FI Inspector Meraki WIFI tester Portable apps Angry IP Scanner let’s scan our local network what shares are open Wireless keyview find your key WNetWatcher Netsparker - Community Edition Attack_Surface_Analyzer_BETA_x64 WSCC -- Windows System Control Center Google Hacking Diggity Project -- SearchDiggity.Client Google and Bing “hacking” FireFox portable FreeScreenRecord– HoffmanUtilitySpotlight2009_04 -- Rich Copy great copying What Channel is Rouge on What is no filter WIFI Key Walled out network What is a Port? “Doors” on the system where info is sent out from and received When a server app is running on a port, it listens for packets When there is nothing listening on a port, the port is closed Port Status Types Open – port has an application listening on it, and is accepting packets. Closed – port is accessible by nmap, but no application is listening on it. Filtered – nmap can’t figure out if the port is open or closed because the packets are being filtered. (firewall) Unfiltered – Ports are accessible, but nmap can’t figure out if it is open/closed. Typical Ports to know Any port can be configured to run any service. • But major services stick to defaults Popular TCP ports/services: • • • • • • 80 – HTTP (web server) 23 – Telnet 443 – HTTPS (ssl-encrypted web servers) 21 – FTP 22 – SSH (shell access) 25 – SMTP (send email) More Ports that you need to know • 445 – Microsoft –DS (SMB communication w/ MS Windows Services • 139 – NetBIOS-SSN (communication w/ MS Windows services – 143 – IMAP (email retreival) – 53 – Domain (DNS) – 3306 – MYSQL (database) nmap Nmap ("Network Mapper") is a great tool that we have in both the portable apps and in BT Extremely powerful. Simple use: Nmap –v –A ‘v’ for verbosity and ‘A’ for OS/version Detection Zenmap Scan one target or a range Built-in profiles or make your own for personal ease. Zenmap Visual Map • Hop Distance • Router Information Group Hosts by Service Using a quite traceroute Using Zenmap Here are some IPs open to be scanned. Be careful! • • • • • 66.110.218.68 66.110.220.87 Hackerinstitute.net 66.110.218.106 moodle.gcasda.org Just in case • 192.168.2.254 What ports are open on 66.110.220.87? Finding open Shares • • • • ShareEnum Angry IP Scanner SoftPerfect Network Scanner What Open shares are on our network? Packet Sniffing • WireShark • Caspsa Malware Detection: All Portable Apps • • • • • • • Current Ports CurrProcess Autoruns Process Hacker Clam AV Spybot Stinger Mobile Device Management Secures mobile devices beyond Just Email (i.e. ActiveSync) Application Delivery system Provision and Configure new devices Asset tracking/Finding or deleting A good list of MDM solutions and what they offer http://www.enterpriseios.com/wiki/Compar ison_MDM_Providers Desploit / Network Spoofer Great Free Man in the middle hacking tools that are hard to defend against Android Apps Anti - Wi-fi-scanning tool for finding open networks and showing all potential target devices Android Apps • ArpSpoof arpspoof is an open source tool for network auditing. It redirects packets on the local network by broadcasting spoofed ARP messages • PortKnocker a good port knocking client • Nessus log into your Nessus scanners and start, stop and pause vulnerability scans Android Apps Wifi Analyzer— Choose the best WiFI network NetAudit—TCP port scanner WiFi Key Recovery—recover the password of a wireless Network Discovery -- discovering, mapping, scanning, profiling your Wifi network Net Scan--Network scanning and discovery along with port scanner. Find holes and security flaws in your network. Metadata Tools FOCA (use compatibility mode if needed) http://www.informatica64.com/DownloadFOCA/ Metagoofil http://www.edge-security.com/metagoofil.php Will extract a list of disclosed PATHs in the metadata, with this information you can guess OS, network names, Shared resources, etc also extracts MAC address from Microsoft Office documents EXIF Tool http://www.sno.phy.queensu.ca/~phil/exiftool/ EXIF Viewer Plugin https://addons.mozilla.org/enUS/firefox/addon/3905 Jeffrey's Exif Viewer http://regex.info/exif.cgi Types that contain metadata MAC addresses, user names, edits, GPS info. It all depends on the file format. JPG EXIF (Exchangeable image file format) IPTC (International Press Telecommunications Council) PDF DOC DOCX EXE XLS XLSX PNG Too many to name them all. What Information is in MetaData? User Names: Creators. Modifiers . Users in paths. C:Documents and settings/ofmyfile /home/johnny Operating systems Printers. Local and remote Paths Local and remote. Network info. Shared Printers. Shared Folders. ACLS. Internal Servers. NetBIOS Name. Domain Name. IP Address. Database structures. Table names. Colum names. Device hardware info Photo cameras. Private Info. Personal data. History of use. Software versions. Fingerprinting Organizations with Collected Archives FOCA Search for documents in Google and Bing Automatic file downloading capable of extracting Metadata, hidden info and lost data cluster information Analyzes the info to fingerprint the network http://www.informatica64.com/FOCA Metadata Foca free Type a project Name then type the URL use: es-es.net Extract Metadata, it will be displayed on the right hand side of the window GEO Tagging •August of 2010, Adam Savage, of “MythBusters,” took a photo of his vehicle using his smartphone. He then posted the photo to his Twitter account including the phrase “off to work” Read the full story here: http://nyti.ms/917hRh Cat Schwartz of TechTV and her blog Meta Data Images Hands on Go to Jeffrey's Exif Viewer http://regex.info/exif.cgi Photo 1 photo.JPG Where was the photo taken of the Police office was the photographer on the sidewalk or somewhere else what kind of device was used to take the photo Second photo _MG_5982_ES.jpg what is the ethnicity of the Girl in the photo? device was used to take the photo Turn off GPS function on phones •Disable the geotagging function •Most smartphones/Tablets & several cameras automatically display geographical information •It’s important that users make efforts to turn off geotagging Scrubbing Meta Data •Software – Jpg and PNG metadata striper http://www.steelbytes.com/?mid=30 • Hands-On • Copy image 1 and 2 used earlier down to local system use metadata striper then compare the results @ http://regex.info/exif.cgi – BatchPurifier LITE • http://www.digitalconfidence.com/downloads.html – Doc Scrubber – http://www.javacoolsoftware.com/dsdownload.html •Websites – http://regex.info/exif.cgi – http://trial.3bview.com/3BTrial/pages/clean.jsp – Clean your documents: MSOffice 2k3 & XP http://www.microsoft.com/downloads/details.aspx?displaylang=en &FamilyID=144e54ed-d43e-42ca-bc7b-5446d34e5360 Metadata tools Doc Scrubber—Remove metadata from Word Documents downloaded Select ALL options, reset Author to ES and Company to ES, Click Next Build Secure Networks Secure Network Engineering • Document Gathering is First Step • Understand Data Flows • Log Events and Correlate • Apply Least Privileged Principles • Divide and Secure • Establish Trust and Validate Data Integrity • Test and Validate Routinely Functional Requirements 1. Documentation 9. Virtual and Blade Servers 2. Data Center Physical Controls 10. Vulnerability and Threat Mgt 3. Enclaves 11. Log Mgt 4. Firewalls and Security Apps 12. Asset Mgt 5. Internet Access 13. Access Mgt 6. DNS 14. Performance Mgt 7. Hardening 15. Forensic Mgt 8. Config and Change Mgt 16. Service Mgt Key Risk Considerations • Mixing assets of different value • Integrating security and network controls • High event volume and Impact of false negatives • Understanding data flows and security policies • Performance impact of inspection • Protecting high authority access • Configuration errors and product defects High-level Design and Build Approach N-Tier Application Control Checklist Enclave for each app function Dedicated Internet Access Firewall Security Fabric Separate Infrastructure Firewall SSL Accelerator and Proxies Tiered DNS Virtualization and Blade Servers Netflow Network Address Translation Network Monitoring Switch Load Balancers Lessons Learned Pitfalls •Poor Documentation •Too many ACLs and Flows •Netflow “meltdown” •4 x10 Port Aggregation •Virtual Switch Overload •Poorly designed QoS •Forensic Teams Promising Solutions • Security Fabric • Firewall Policy Mgt • Virtual Switch Replacement • IEEE 802.1AE (MACsec) Benefits • Improved Security • Increased Design Credibility • Better Manageability • Lower Total Costs • Faster Response to Threats Ultimately, adopting these design recommendations will provide a solid foundation for safeguarding infrastructure and data at the highest speeds available today—and tomorrow.