The headlines are full of dazzling breaches that took long-term planning, persistence and hacking genius to execute. But the reality is that most breaches required only average knowledge and an under-protected target to pull off. It’s the cyber equivalent of a smash-and-grab burglary – a purse is left on a seat, a window is smashed, the burglar runs off with the purse – that exploits weak defenses and “targets of opportunity.” Learn how Tripwire’s easily-implemented Cybercrime Controls reduce attack surface, harden systems, and immediately detect many common cyber-attacks.
8. • Global marketing • System integrations
• Product training • Custom solutions
• Analyst and press • New technologies
• Customer programs • Proof of concepts
• Product / Mktg Liaison • Analyst demos
9. • Personally identifiable information
• Social Security #s Maintain Long-term
Access to
• Intellectual Property Compromised
Systems:
• Credit Card #s “Staying In”
• IP addresses
• Server names & configurations
• Email address Initial Cause
Compromise: Damage:
• Medical history “Getting In” “Acting”
• Employment records
• Criminal records
10. • Personally identifiable information
• Social Security #s
• Intellectual Property
• Credit Card #s
• IP addresses
• Server names & configurations
• Email address
• Medical history
• Employment records
• Criminal records
11. • Personally identifiable information
• Social Security #s
• Intellectual Property
• Credit Card #s
• IP addresses
• Server names & configurations
• Email address
• Medical history
• Employment records
• Criminal records
80% of organizations have been breached
Ponemon Research June 2011
12. • Personally identifiable information 1.3 Million
• Social Security #s Customers
• Intellectual Property
$66 Million
• Credit Card #s
• IP addresses $171 Million
• Server names & configurations
[National Security
• Email address Implications]
• Medical history $4 Billion
• Employment records
• Criminal records
80% of organizations have been breached
Ponemon Research June 2011
16. 230% increase in cyber attacks against small companies
Verizon Research June 2011
17. • These attacks leverage
automated tools
• They probe dozens of
vulnerabilities in seconds
• Unlike APTs they’re
interested in targets of
opportunity
• It’s a volume business
230% increase in cyber attacks against small companies
Verizon Research June 2011
23. • Prevent breaches through
proactive configuration
assessment
• Prevent weaknesses in
the systems that store
sensitive data
• Prevent audit failures by
aligning configs to
standards
PROTECT DETECT CORRECT
24. • Prevent breaches through • Instantly detect deviations
proactive configuration from preferred states of
assessment configurations
• Prevent weaknesses in • Maintain constant
the systems that store vigilance over key files
sensitive data and data
• Prevent audit failures by • Gain immediate visibility
aligning configs to across infrastructure
standards
PROTECT DETECT CORRECT
31. Ongoing updates will leverage this content across products
Easy to import, install, activate and tune
Provides a base level of both preventive & detective controls
Available to all Tripwire Enterprise users though TCC
32.
33.
34.
35.
36. Compliance Policy File Integrity Remediation
Manager hardens Manager Manager
systems based immediately detects automatically
on proven standards changes to realigns and repairs
to prevent intrusion known and trusted, security settings using
hardened and permission-based
secure states workflows
37. THANKS FROM TRIPWIRE
Change, Breaches, Audits
and Outages Happen. TAKE CONTROL.
Tripwire is a leading global provider of
IT security and compliance automation
solutions that enable organizations to
protect, control and audit their entire IT
infrastructure
*http://www.technicalinfo.net/papers/StoppingAutomatedAttackTools.html such as Mirroring, Site Scraping/Spidering, CGI Scanning, Brute Forcing, FuzzingIn the demo of the Morto Worm you will see a classic “brute force” attack that apparently worked as well today as it would have in the 1990s.Mirroring – The attacker seeks to capture or create a comprehensive copy of the application on a server or storage device of their choosing. This mirrored image of the application content can be used for:Theft and repackaging of intellectual property.Part of a customer deception crime such as man-in-the-middle attacks, Phishing, or identity theft.Site Scraping or Spidering– The attacker’s goal is to analyse all returned data and uncover useful information within the visible and non-visible sections of the HTML or client-side scripts. Information gleaned in this process can be used for:Harvesting of email addresses for spam lists.Social engineering attacks based upon personal data (such as names, telephone numbers, email addresses, etc.)Ascertaining backend server processes and software versions or revisions.Understanding development techniques and possible code bypasses based upon “hidden” comments and notes left behind by the application developer(s).Uncovering application details that will influence future phases in the exploitation of the application (e.g. references to “hidden” URL’s, test accounts, interesting content, etc.).Mapping the structure of application URLs and content linking/referencing.CGI Scanning – The inclusion of exhaustive lists of content locations, paths and file names to uncover existing application content that could be used in later examinations or for exploitation. Typically, the information being sought includes:Likely administrative pages or directories.Scripts and controls associated with different web servers and known to be vulnerable to exploitation.Default content and sample files.Common “hidden” directories or file path locations.Shared web services or content not directly referenced by the web-based application.File download repository locations.Files commonly associated with temporary content or backup versions.Brute Forcing – Using this technique, an attacker attempts to brute force guess an important piece of data (e.g. a password or account number) to gain access to additional areas or functionality within the application. Common techniques make use of:Extensive dictionaries.Common file or directory path listings.Information gathered through site scraping, spidering and CGI scanning.Hybrid dictionaries that include the use of common obfuscation techniques such as elite-speak.Incremental iteration through all possible character combinations.Fuzzing – Closely related to brute forcing, this process involves examining each form or application submission variable for poor handling of unexpected content. In recent years, many of the most dangerous application security vulnerabilities have been discovered using this technique. Typically each application variable is tested for:Buffer overflows,Type conversion handling,Cross-site scripting,SQL injection,File and directory path navigation,Differences between client-side and server-side validation processes.