Sunday, January 20, 2013
Building A Penetration Testing Lab Cluster
Building a penetration testing lab cluster at low-cost with virtualization support, further to be used for research and analysis.If you don’t have access to a pentest environment you should build up your own penetration testing lab.If you need a wide range of hosts you should also use virtualization.So today we show you how to build a virtualization cluster to be further used as a penetration testing lab.
Detecting Web Application Firewalls
Read more...
Wednesday, January 9, 2013
Is social engineering an actual threat?
Here are some brief explanations on why social engineering works. It’s tough to cover everything, because social engineering is a really broad field of information. The points made in the list below is taken from the book I’ve quoted on the bottom of this article:
Being helpful
Usually humans wants to be helpful to each other. We like doing nice things!
I run into the reception at a big corporate office with my papers soaked in coffee. I talk to the receptionist and explain that I have a job interview meeting in 5 minutes, but I just spilled coffee over all my papers. I then ask if the receptionist could be so sweet and print them out again for me with this USB memory stick that I have.This might lead to an actual infection of the receptionist PC and may gain me a foothold within the network.
Using fear
The fear of failing or not doing as ordered:
The company’s director’s (John Smith) facebook page (or whatever other source of information) reveals that he has just left on a cruise for 3 weeks. I call the secretary and with a commanding voice I say “Hi, it’s Chris calling. I just got off the phone with John Smith, hes having a very good time on his cruise with his wife Carla and kids. However we are in the middle of integrating a very important business system and he told me to give you a call so you can help us. He couldn’t call himself because they are going on a safari, but this is really urgent. All you need to do is take the USB stick that is addressed to him in the mail and plug it in, start the computer and we are all done. The project survives!Thank you very much! You have been a great help! I am sure John Smith will recognize you for this act of helpfulness. “
Playing on reciprocation
The tailgate. I hold the entry door for you, and I quickly walk behind you. When you open the next door, which is security enabled, I am heading in the same direction and most people will try and repay the helpful action by holding the door for you again. Thus allowing you into a place where you should not be. Worried about getting caught Nah.. You just say you’re sorry and that you went the wrong way.The target would almost feel obliged to hold the door for you!
Exploiting the curiosity
Try dropping 10 USB sticks around in various locations in your organization. You don’t have to place them in too obvious places. The USB should have a auto-run phone home program so you can see when someone connects the USB stick and should theoretically be exploited.Another version of this is to drop USB sticks with a single PDF document that is i.e. called “John Smith – Norway.pdf”. The PDF document contains a Adobe Acrobat Reader exploit (there is tons of them) and once the user clicks the document he will be owned. Of course you have made sure that the exploit it tailored to the target organizations specific version of Adobe. It will feel natural for most people to open the document so that they can try return the USB stick to its owner.
- Most people have the desire to be polite, especially to strangers.
- Professionals want to appear well informed and intelligent
- If you are praised, you will often talk more and divulge more.
- Most people would not lie for the sake of lying
- Most people respond kindly to people who appear concerned about them
Being helpful
Usually humans wants to be helpful to each other. We like doing nice things!
I run into the reception at a big corporate office with my papers soaked in coffee. I talk to the receptionist and explain that I have a job interview meeting in 5 minutes, but I just spilled coffee over all my papers. I then ask if the receptionist could be so sweet and print them out again for me with this USB memory stick that I have.This might lead to an actual infection of the receptionist PC and may gain me a foothold within the network.
Using fear
The fear of failing or not doing as ordered:
The company’s director’s (John Smith) facebook page (or whatever other source of information) reveals that he has just left on a cruise for 3 weeks. I call the secretary and with a commanding voice I say “Hi, it’s Chris calling. I just got off the phone with John Smith, hes having a very good time on his cruise with his wife Carla and kids. However we are in the middle of integrating a very important business system and he told me to give you a call so you can help us. He couldn’t call himself because they are going on a safari, but this is really urgent. All you need to do is take the USB stick that is addressed to him in the mail and plug it in, start the computer and we are all done. The project survives!Thank you very much! You have been a great help! I am sure John Smith will recognize you for this act of helpfulness. “
Playing on reciprocation
The tailgate. I hold the entry door for you, and I quickly walk behind you. When you open the next door, which is security enabled, I am heading in the same direction and most people will try and repay the helpful action by holding the door for you again. Thus allowing you into a place where you should not be. Worried about getting caught Nah.. You just say you’re sorry and that you went the wrong way.The target would almost feel obliged to hold the door for you!
Exploiting the curiosity
Try dropping 10 USB sticks around in various locations in your organization. You don’t have to place them in too obvious places. The USB should have a auto-run phone home program so you can see when someone connects the USB stick and should theoretically be exploited.Another version of this is to drop USB sticks with a single PDF document that is i.e. called “John Smith – Norway.pdf”. The PDF document contains a Adobe Acrobat Reader exploit (there is tons of them) and once the user clicks the document he will be owned. Of course you have made sure that the exploit it tailored to the target organizations specific version of Adobe. It will feel natural for most people to open the document so that they can try return the USB stick to its owner.
Another example of curiosity (maybe another term explains this better) is all these SPAM mails or bad Internet ad’s that you have won something or a Nigerian prince is offering you a whole lot of money if you can help him. I am sure you are familiar of these already, but these are also social engineering attacks, and the reason they are not stopping is that they are still working!
Friday, January 4, 2013
The Weakest Link in Data Center Security
The Weakest Link
Many of the organizations who have been attacked utilize comprehensive security technologies. Yet attackers have found a way to penetrate these defenses. This tells us that existing defenses aren’t working and security is being compromised by its weakest link—users in the enterprise.
1. The Human Factor - Via a variety of bad behaviors like weak passwords, negligence of management applications (RDP, Telnet, SSH), and social media oversharing, employees can compromise data center security without meaning to do so. There is no doubt this human factor in security is a challenge and needs to start with comprehensive and clearly understood security and privacy policies. While end-user education and awareness is important, it is insufficient given the uphill nature of that battle. The solution is to balance this with network security best practices: Do not trust, always verify – All users should always be authenticated, and provided least privilege access. In the data center, adopt a positive enforcement model. Positive enforcement means that you selectively allow what is required for day-to-day business operations as opposed to a negative enforcement approach where you would selectively block everything that is not allowed. This means safely enabling user access to specific applications or sub-application functions while inspecting all content for threats. Management applications like RDP, Telnet and SSH should be limited only to IT administrators.
2. Network segmentation – Network segmentation even in flat layer two networks like Ethernet Fabric architectures is critical. Properly segmenting the user to a segment of the data center helps in various ways. It helps to limit the scope of compliance, limit access to vulnerable servers in the network and limit exfiltration of data if you are compromised. Of course, to do this effectively, you need to have visibility of users, applications and content in every segment.
3. Tackle unknown threats – While addressing known threats is well-understood, addressing targeted, unknown threats is a tougher challenge because they are unlikely to hit honeypots in the wild that can provide comprehensive analysis of the malware and its behavior. Most targeted attacks originate from executable files downloaded onto an end-user device. Therefore, inspecting unknown files in the network in a virtual sandbox is a key strategy adopted by security vendors to weed out targeted, unknown malware. What is critical to complement this inspection is the ability to deliver malware signatures and inline enforcement for any malware that is found.
4. Inspect unknown traffic – In a data center, the amount of unknown traffic should be a very small percentage of all traffic. The ability to categorize and inspect unknowns to determine whether they are threats is a critical part of the data center security strategy.
5. Monitoring and logs - Finally, the monitoring of access by users to key applications in the data center is important to provide valuable information of user activity. It also helps detect critical policy violations and security holes.
Some of these best practices are in fact advocated by Forrester Research’s John Kindervag in his Zero Trust Network architecture, and being adopted by many enterprises worldwide. In summary, while end-users and employees in an organization may form the weakest link when it comes to unknowingly opening up businesses to damaging attacks, the strategy to address this may be to look beyond the users, and complement user awareness and training with network security best practices.
Read more...
Many of the organizations who have been attacked utilize comprehensive security technologies. Yet attackers have found a way to penetrate these defenses. This tells us that existing defenses aren’t working and security is being compromised by its weakest link—users in the enterprise.
1. The Human Factor - Via a variety of bad behaviors like weak passwords, negligence of management applications (RDP, Telnet, SSH), and social media oversharing, employees can compromise data center security without meaning to do so. There is no doubt this human factor in security is a challenge and needs to start with comprehensive and clearly understood security and privacy policies. While end-user education and awareness is important, it is insufficient given the uphill nature of that battle. The solution is to balance this with network security best practices: Do not trust, always verify – All users should always be authenticated, and provided least privilege access. In the data center, adopt a positive enforcement model. Positive enforcement means that you selectively allow what is required for day-to-day business operations as opposed to a negative enforcement approach where you would selectively block everything that is not allowed. This means safely enabling user access to specific applications or sub-application functions while inspecting all content for threats. Management applications like RDP, Telnet and SSH should be limited only to IT administrators.
2. Network segmentation – Network segmentation even in flat layer two networks like Ethernet Fabric architectures is critical. Properly segmenting the user to a segment of the data center helps in various ways. It helps to limit the scope of compliance, limit access to vulnerable servers in the network and limit exfiltration of data if you are compromised. Of course, to do this effectively, you need to have visibility of users, applications and content in every segment.
3. Tackle unknown threats – While addressing known threats is well-understood, addressing targeted, unknown threats is a tougher challenge because they are unlikely to hit honeypots in the wild that can provide comprehensive analysis of the malware and its behavior. Most targeted attacks originate from executable files downloaded onto an end-user device. Therefore, inspecting unknown files in the network in a virtual sandbox is a key strategy adopted by security vendors to weed out targeted, unknown malware. What is critical to complement this inspection is the ability to deliver malware signatures and inline enforcement for any malware that is found.
4. Inspect unknown traffic – In a data center, the amount of unknown traffic should be a very small percentage of all traffic. The ability to categorize and inspect unknowns to determine whether they are threats is a critical part of the data center security strategy.
5. Monitoring and logs - Finally, the monitoring of access by users to key applications in the data center is important to provide valuable information of user activity. It also helps detect critical policy violations and security holes.
Some of these best practices are in fact advocated by Forrester Research’s John Kindervag in his Zero Trust Network architecture, and being adopted by many enterprises worldwide. In summary, while end-users and employees in an organization may form the weakest link when it comes to unknowingly opening up businesses to damaging attacks, the strategy to address this may be to look beyond the users, and complement user awareness and training with network security best practices.
Read more...
DDoS Toolkit Being Used in Synchronized Attacks Against Banking, Hosting and Energy Firms
The denial-of-service toolkit used against financial institutions late last year has also been used against hosting and energy companies, DDoS protection firm Prolexic said in an advisory Thursday.
The “itsoknoproblembro” toolkit was behind the distributed denial-of-service attacks that dogged several banks in the United States last fall. The attacks against the banks were massive, with some peaking at 70 Gbps and more than 30 million pps. The toolkit has a two-tier command mode that can launch multiple high-bandwidth attack types simultaneously and has been used in coordinated campaigns against the energy, hosting provider, and banking industries, Scott Hammack, CEO of Prolexic, said in a statement.
Read more...
The “itsoknoproblembro” toolkit was behind the distributed denial-of-service attacks that dogged several banks in the United States last fall. The attacks against the banks were massive, with some peaking at 70 Gbps and more than 30 million pps. The toolkit has a two-tier command mode that can launch multiple high-bandwidth attack types simultaneously and has been used in coordinated campaigns against the energy, hosting provider, and banking industries, Scott Hammack, CEO of Prolexic, said in a statement.
Read more...
Subscribe to:
Posts (Atom)