Transcript Slide 1
Vulnerabilities and Killzones Laura Chappell Sr. Protocol/Security Analyst Protocol Analysis Institute www.packet-level.com KEY POINT: School networks are unlike any corporate network – the standard rules of corporate security and access control do not apply We must consider the “unique nature” of school networks and the hackers users when designing, deploying and supporting the network. Who Are School Network Users Administrative staff (non-technical) Administrative staff (technical) Users (high-tech students) Users (medium-tech students)* Users (malicious students) Note: There are rarely low-tech students. Vulnerabilities Inside v. Outside Wired v. wireless networks Proprietary information theft or alteration Denial of service Kill Zones Areas where a single stream of traffic can create major disruptions in network availability, confidentiality or integrity. For example… running Macof on a switched network that does not have port-level protection in place will bring the infrastructure to its knees (layer 3 devices will not propagate the attack further). One more note… Macof is free. The Tools of the Trade iPod (with Slurp Audit), Keyghost, Stealth Surfer, FlexiSpy Cybercrime’s “3” Classification Defined by the United States Department of Justice (US DOJ) Confidentiality – Integrity - Availability (CIA) http://www.usdoj.gov/criminal/cybercrime/cccases.html Current Threats and Trends CSI/FBI Computer Crime and Security Survey www.gocsi.com Computer Security Institute (CSI) and Federal Bureau of Investigation (FBI) Tenth year of surveying and analyzing computer crime and security issues 700 computer security practitioners Key sectors represented: financial (17%), government (16%) and high-tech (15%) Attack or Misuse Types (and US Dollar Loss) (But remember – school networks are not like corporate networks) 1. Viruses (~US$43 mil.) 2. Unauthorized access to information (~US$31 mil.) 3. Theft of proprietary information (~US$31 mil.) 4. Denial of service (~US$7 mil.) 5. Insider abuse of net access (~US$7 mil.) 6. Laptop/mobile theft (~US$4 mil.) Layered Security Approach Vulnerability Assessment – Penetration Testing Security Management patch management – centralized management Data Security authentication – authorization - logging Application Security virus/spyware/malware protection/prevention – application firewall Network Security firewalls – VPNs – web/content filtering (in/out) – IDS/IPS - honeypots Physical Security asset inventory – asset protection Inventory and Security Audit What do you have? What is your security posture now? Hacker traits Very bored; very smart Why Schools Get Hacked Because it is there Driving force to discover (constant stimulation) Popularity – gets the Geek the girl or guy! Revenge The Hacker Diaries: Confessions of Teenage Hackers by Dan Verton School Hacking Cases A Stark County high school senior has been arrested and charged for allegedly trying to crash his school's computer system. Advanced Technologies Academy in Nevada, which had its computer system attacked last week, bringing the school to its knees for the better part of an afternoon. School Hacking Cases “Someone had gotten full rights to our web server and vandalized the page to read "Ramapo HS class of 2001 rules". The hacker published a few similar "graffiti" type statements on the page and disappeared into cyberspace. Our staff discovered the attack at about 7:00am, immediately took the server off line and put our mirror server on-line. Two students at Corona del Mar High School in Newport Beach, California, were accused of selling "grade adjustments" to at least a dozen classmates for several hundred dollars each. Dealing with Hacking in the Schools Schools need to clearly establish acceptable use policies and define appropriate and inappropriate actions to both students and staff. Students and staff need to training regarding hacking, the mentality associated with it, the consequences of various hacking actions and possible consequences of interacting and forming online relationships with anonymous individuals who claim to be proficient in invading others' privacy. Dealing with Hacking in the Schools The use of filters may be considered in reducing access to unauthorized software serial numbers and hacking-related materials, newsgroups, chatrooms and hacking organizations. Teachers need to be aware of student activities in the computer labs and pay special attention to things they hear in terms of hacking behavior. Demo Time – What Can Students Get Their Hands On? Free analyzers (sniffers) Free vulnerability scanners/penetration testers (Nessus/Linux) Free MAC address spoofers (SMAC older version) Free slurpers (i.e., Slurp Audit for the iPod) Free flooders (Macof/Linux) Free intercepters/redirectors (ettercap NG/Windows & Linux) Free technical advice on hacking (all over the net) Wireless Lock – Nice for Adminstrative Staff www.thinkgeek.com Automatically locks PC when user is physical away from computer; resumes automatically when user is within 2 meter range. Password override can unlock PC if transmitter is lost. Contact Details Laura Chappell Protocol Analysis Institute, LLC 5339 Prospect Road, Suite 343 San Jose, CA 95129 Phone (408) 378-7841 Fax (408) 378-7891 Web: www.packet-level.com Email: [email protected]