Combating "Smash and Grab" Hacking with Tripwire Cybercrime Controls
•Télécharger en tant que PPTX, PDF•
1 j'aime•7,252 vues
The headlines are full of dazzling breaches that took long-term planning, persistence and hacking genius to execute. But the reality is that most breaches required only average knowledge and an under-protected target to pull off. It’s the cyber equivalent of a smash-and-grab burglary – a purse is left on a seat, a window is smashed, the burglar runs off with the purse – that exploits weak defenses and “targets of opportunity.” Learn how Tripwire’s easily-implemented Cybercrime Controls reduce attack surface, harden systems, and immediately detect many common cyber-attacks.
Recommandé
Recommandé
Contenu connexe
Tendances
Tendances (19)
En vedette
En vedette (11)
Similaire à Combating "Smash and Grab" Hacking with Tripwire Cybercrime Controls
Similaire à Combating "Smash and Grab" Hacking with Tripwire Cybercrime Controls (20)
Plus de Tripwire
Plus de Tripwire (20)
Dernier
Dernier (20)
Combating "Smash and Grab" Hacking with Tripwire Cybercrime Controls
- 4.
- 5.
- 6.
- 7.
- 8. • Global marketing • System integrations • Product training • Custom solutions • Analyst and press • New technologies • Customer programs • Proof of concepts • Product / Mktg Liaison • Analyst demos
- 9. • Personally identifiable information • Social Security #s Maintain Long-term Access to • Intellectual Property Compromised Systems: • Credit Card #s “Staying In” • IP addresses • Server names & configurations • Email address Initial Cause Compromise: Damage: • Medical history “Getting In” “Acting” • Employment records • Criminal records
- 10. • Personally identifiable information • Social Security #s • Intellectual Property • Credit Card #s • IP addresses • Server names & configurations • Email address • Medical history • Employment records • Criminal records
- 11. • Personally identifiable information • Social Security #s • Intellectual Property • Credit Card #s • IP addresses • Server names & configurations • Email address • Medical history • Employment records • Criminal records 80% of organizations have been breached Ponemon Research June 2011
- 12. • Personally identifiable information 1.3 Million • Social Security #s Customers • Intellectual Property $66 Million • Credit Card #s • IP addresses $171 Million • Server names & configurations [National Security • Email address Implications] • Medical history $4 Billion • Employment records • Criminal records 80% of organizations have been breached Ponemon Research June 2011
- 13. 80% of organizations have been breached Ponemon Research June 2011
- 16. 230% increase in cyber attacks against small companies Verizon Research June 2011
- 17. • These attacks leverage automated tools • They probe dozens of vulnerabilities in seconds • Unlike APTs they’re interested in targets of opportunity • It’s a volume business 230% increase in cyber attacks against small companies Verizon Research June 2011
- 22. PROTECT DETECT CORRECT
- 23. • Prevent breaches through proactive configuration assessment • Prevent weaknesses in the systems that store sensitive data • Prevent audit failures by aligning configs to standards PROTECT DETECT CORRECT
- 24. • Prevent breaches through • Instantly detect deviations proactive configuration from preferred states of assessment configurations • Prevent weaknesses in • Maintain constant the systems that store vigilance over key files sensitive data and data • Prevent audit failures by • Gain immediate visibility aligning configs to across infrastructure standards PROTECT DETECT CORRECT
- 25. PROTECT DETECT CORRECT
- 26. • • • • • no changes take place
- 27. 100 CIS tests per covered platform • • • • • •
- 28. 100 CIS tests per covered platform • • • • • • Breach Detection • • • •
- 30.
- 31. Ongoing updates will leverage this content across products Easy to import, install, activate and tune Provides a base level of both preventive & detective controls Available to all Tripwire Enterprise users though TCC
- 36. Compliance Policy File Integrity Remediation Manager hardens Manager Manager systems based immediately detects automatically on proven standards changes to realigns and repairs to prevent intrusion known and trusted, security settings using hardened and permission-based secure states workflows
- 37. THANKS FROM TRIPWIRE Change, Breaches, Audits and Outages Happen. TAKE CONTROL. Tripwire is a leading global provider of IT security and compliance automation solutions that enable organizations to protect, control and audit their entire IT infrastructure
Notes de l'éditeur
- http://www.globenewswire.com/newsroom/news.html?d=218783
- http://www.globenewswire.com/newsroom/news.html?d=218783
- http://www.globenewswire.com/newsroom/news.html?d=218783
- http://www.zdnet.com/blog/btl/sonys-data-breach-costs-likely-to-scream-higher/49161http://www.net-security.org/secworld.php?id=10966
- http://online.wsj.com/article/SB10001424052702304567604576454173706460768.html
- *http://www.technicalinfo.net/papers/StoppingAutomatedAttackTools.html such as Mirroring, Site Scraping/Spidering, CGI Scanning, Brute Forcing, FuzzingIn the demo of the Morto Worm you will see a classic “brute force” attack that apparently worked as well today as it would have in the 1990s.Mirroring – The attacker seeks to capture or create a comprehensive copy of the application on a server or storage device of their choosing. This mirrored image of the application content can be used for:Theft and repackaging of intellectual property.Part of a customer deception crime such as man-in-the-middle attacks, Phishing, or identity theft.Site Scraping or Spidering– The attacker’s goal is to analyse all returned data and uncover useful information within the visible and non-visible sections of the HTML or client-side scripts. Information gleaned in this process can be used for:Harvesting of email addresses for spam lists.Social engineering attacks based upon personal data (such as names, telephone numbers, email addresses, etc.)Ascertaining backend server processes and software versions or revisions.Understanding development techniques and possible code bypasses based upon “hidden” comments and notes left behind by the application developer(s).Uncovering application details that will influence future phases in the exploitation of the application (e.g. references to “hidden” URL’s, test accounts, interesting content, etc.).Mapping the structure of application URLs and content linking/referencing.CGI Scanning – The inclusion of exhaustive lists of content locations, paths and file names to uncover existing application content that could be used in later examinations or for exploitation. Typically, the information being sought includes:Likely administrative pages or directories.Scripts and controls associated with different web servers and known to be vulnerable to exploitation.Default content and sample files.Common “hidden” directories or file path locations.Shared web services or content not directly referenced by the web-based application.File download repository locations.Files commonly associated with temporary content or backup versions.Brute Forcing – Using this technique, an attacker attempts to brute force guess an important piece of data (e.g. a password or account number) to gain access to additional areas or functionality within the application. Common techniques make use of:Extensive dictionaries.Common file or directory path listings.Information gathered through site scraping, spidering and CGI scanning.Hybrid dictionaries that include the use of common obfuscation techniques such as elite-speak.Incremental iteration through all possible character combinations.Fuzzing – Closely related to brute forcing, this process involves examining each form or application submission variable for poor handling of unexpected content. In recent years, many of the most dangerous application security vulnerabilities have been discovered using this technique. Typically each application variable is tested for:Buffer overflows,Type conversion handling,Cross-site scripting,SQL injection,File and directory path navigation,Differences between client-side and server-side validation processes.