Transcript Slide 1
Vulnerabilities and Killzones
Laura Chappell
Sr. Protocol/Security Analyst
Protocol Analysis Institute
www.packet-level.com
KEY POINT:
School networks are unlike any
corporate network – the standard
rules of corporate security and
access control do not apply
We must consider the “unique
nature” of school networks and the
hackers users when designing,
deploying and supporting the
network.
Who Are School Network Users
Administrative staff (non-technical)
Administrative staff (technical)
Users (high-tech students)
Users (medium-tech students)*
Users (malicious students)
Note: There are rarely low-tech students.
Vulnerabilities
Inside v. Outside
Wired v. wireless networks
Proprietary information theft or alteration
Denial of service
Kill Zones
Areas where a single stream of traffic can create major
disruptions in network availability, confidentiality or integrity.
For example… running Macof on a switched network that does
not have port-level protection in place will bring the
infrastructure to its knees (layer 3 devices will not propagate the
attack further).
One more note… Macof is free.
The Tools of the Trade
iPod (with Slurp Audit), Keyghost, Stealth Surfer, FlexiSpy
Cybercrime’s “3” Classification
Defined by the United States
Department of Justice (US DOJ)
Confidentiality – Integrity - Availability
(CIA)
http://www.usdoj.gov/criminal/cybercrime/cccases.html
Current Threats and Trends
CSI/FBI Computer Crime and Security Survey www.gocsi.com
Computer Security Institute (CSI) and Federal Bureau of
Investigation (FBI)
Tenth year of surveying and analyzing computer crime and
security issues
700 computer security practitioners
Key sectors represented: financial (17%), government
(16%) and high-tech (15%)
Attack or Misuse Types (and US Dollar Loss)
(But remember – school networks are not like
corporate networks)
1.
Viruses (~US$43 mil.)
2.
Unauthorized access to information
(~US$31 mil.)
3.
Theft of proprietary information
(~US$31 mil.)
4.
Denial of service (~US$7 mil.)
5.
Insider abuse of net access
(~US$7 mil.)
6.
Laptop/mobile theft (~US$4 mil.)
Layered Security Approach
Vulnerability Assessment – Penetration Testing
Security Management
patch management – centralized management
Data Security
authentication – authorization - logging
Application Security
virus/spyware/malware protection/prevention – application firewall
Network Security
firewalls – VPNs – web/content filtering (in/out) – IDS/IPS - honeypots
Physical Security
asset inventory – asset protection
Inventory and Security Audit
What do you have? What is your security posture now?
Hacker traits
Very bored; very smart
Why Schools Get Hacked
Because it is there
Driving force to discover (constant stimulation)
Popularity – gets the Geek the girl or guy!
Revenge
The Hacker Diaries: Confessions of Teenage Hackers
by Dan Verton
School Hacking Cases
A Stark County high school senior has been arrested
and charged for allegedly trying to crash his school's
computer system.
Advanced Technologies Academy in Nevada, which
had its computer system attacked last week, bringing
the school to its knees for the better part of an
afternoon.
School Hacking Cases
“Someone had gotten full rights to our web server and
vandalized the page to read "Ramapo HS class of 2001
rules". The hacker published a few similar "graffiti" type
statements on the page and disappeared into
cyberspace. Our staff discovered the attack at about
7:00am, immediately took the server off line and put our
mirror server on-line.
Two students at Corona del Mar High School in
Newport Beach, California, were accused of selling
"grade adjustments" to at least a dozen classmates
for several hundred dollars each.
Dealing with Hacking in the Schools
Schools need to clearly establish acceptable use policies and
define appropriate and inappropriate actions to both students
and staff.
Students and staff need to training regarding hacking, the
mentality associated with it, the consequences of various
hacking actions and possible consequences of interacting and
forming online relationships with anonymous individuals who
claim to be proficient in invading others' privacy.
Dealing with Hacking in the Schools
The use of filters may be considered in reducing access to
unauthorized software serial numbers and hacking-related
materials, newsgroups, chatrooms and hacking organizations.
Teachers need to be aware of student activities in the computer
labs and pay special attention to things they hear in terms of
hacking behavior.
Demo Time – What Can Students Get Their Hands On?
Free analyzers (sniffers)
Free vulnerability scanners/penetration testers (Nessus/Linux)
Free MAC address spoofers (SMAC older version)
Free slurpers (i.e., Slurp Audit for the iPod)
Free flooders (Macof/Linux)
Free intercepters/redirectors (ettercap NG/Windows & Linux)
Free technical advice on hacking (all over the net)
Wireless Lock – Nice for Adminstrative Staff
www.thinkgeek.com
Automatically locks PC
when user is physical away
from computer; resumes
automatically when user
is within 2 meter range.
Password override can
unlock PC if transmitter is
lost.
Contact Details
Laura Chappell
Protocol Analysis Institute, LLC
5339 Prospect Road, Suite 343
San Jose, CA 95129
Phone (408) 378-7841 Fax (408) 378-7891
Web: www.packet-level.com
Email: [email protected]