A CLOUD BASED AND CONVENTIONAL APPROACH

Presentation Transcript

A CLOUD BASED AND CONVENTIONAL APPROACH IW - by Manu Zacharia MVP (Enterprise Security), ISLA-2010 (ISC)² C | HFI , C | EH, CCNA, MCP, AFCEH, Certified ISO 27001:2005 Lead Auditor Director – Information Security Millennium Consultants " Aut viam inveniam aut faciam " Hannibal Barca

# whoami I am an Information Security Evangelist  For paying my bills – I function as Director – Information Security – US Based Consultants. Grants I nformation S ecurity L eadership A chievement Award from International Information Systems Security Certification Consortium - (ISC)² Microsoft M ost V aluable P rofessional (Enterprise Security) Author of a Book – Intrusion Alert – An Ethical Hacker's Guide to Intrusion Detection Systems

# whoami Developed an Operating System from Linux piece – Matriux – (www.matriux.com) - Asia's First OS for Hacking, Forensics and Security testing – Open Source & Free  Some confirmations: C ertified E thical H acker ( C|EH ) C ertified H acking F orensics I nvestigator ( C|HFI ) C isco C ertified N etwork A ssociate M icrosoft C ertified P rofessional Certified ISO 27001:2005 I nformation S ecurity M anagement S ystems L ead A uditor Extend administration to police compel as Cyber Forensics Consultant

# whoami Teaching?? – no!!!!! – I don't educate, I simply prepare and lecture : Indian Navy - Signal School , Center for Defense Communication and Electronic and Information/Cyber Warfare Center for Police Research , Pune Institute of Management Technology ( IMT ) – Ghaziabad IGNOU M-Tech (Information Systems Security) – and furthermore an Expert Member – Curriculum Review Committee C-DAC, ACTS (Disks ( the tiger group ) & DSSD ( in-your-face folks )) Other International Assignments & H a c k i n g Conferences

Disclaimer(s) The supposition here spoke to are my own ones and don't fundamental mirror my bosses sees. Enrolled brands have a place with their true blue proprietors. The data contained in this introduction does not break any licensed innovation, nor does it give itemized data that might be in strife with real Indian laws (hopefully...) :)

Question So what is Cloud Computing? Do you know what is EC2 and S3? How these administrations could be misused?

substance INTRODUCTION UNDERSTANDING IW EXPLOITING THE CLOUD FORENSICS CONCLUSION

DO YOU KNOW THIS?

INFORMATION WARFARE Clue: Kendo ( kumdo in korean )

INFORMATION WARFARE 風 - Swift as the wind 林 - Quiet as the woodland 火 - Conquer like the fire 山 - Steady as the mountain

INFORMATION WARFARE Battle technique and proverb of Japanese primitive master Takeda Shingen ( 武田信玄 ) (1521–1573 A.D.). Twenty-Four Generals - renowned groupings of fight authorities ( Takeda Nijūshi-shō ) 武田二十四将

INFORMATION WARFARE Came from the Art of War by Chinese strategist and strategist Sun Tzu ( Sunzi ) A kind of shortening to remind officers and troops how to direct fight

INFORMATION WARFARE This is the thing that we require in data fighting

INFORMATION WARFARE " moves made to accomplish data prevalence by influencing foe data, data based procedures, data frameworks, and PC based systems while safeguarding one's own " The U.S. Joint Chiefs of Staff

INFORMATION WARFARE " Information fighting is the utilization and administration of data in quest for an upper hand over an adversary. " WIKIPEDIA

TWO SCHOOLS Two schools of contemplations exists: Military business By some different offices with the association of military

FORMS OF IW Bringing down of monetary framework like banks and stock trade Enemy correspondence arrange parodying and impairing Jamming of TV/Radio Hijacking of TV/radio for disinformation crusade

TYPES OF PLAYERS State supported organizations/bunches Terrorists Underground war-masters and gatherings Individuals "n" script kiddies

What's the most recent occurrence? What's going on in the Indian Web Space – most recent 45 days? 14 Aug–Independence day of Pakistan Underground breaking bunches http://www.pakcyberarmy.net/http://www.pakhaxors.com/forum.php

What's the most recent occurrence? The Two Pakistani Cracker Groups supposedly assaulted & ruined twelve of Indian Websites including: http://mallyainparliament.in/and http://malegaonkahero.com/

What's the most recent event?

Even the PM was not saved

What's the most recent incident? On 15 Aug – consequently an Indian underground gathering called as Indian Cyber Army (http://indishell.in) assaulted & ruined around 1226 sites of Pakistan.

MISSION STATEMENT Mission Statement - IN "Maritime introduction and preparing of volunteers to empower achievement of their prompt undertaking with confidence".

MISSION STATEMENT Mission explanation – IAF "The mission of the Flight Safety association of the IAF is to guarantee operational ability by moderating human and material assets through counteractive action of flying machine mischances."

mission

LOOK AROUND? UK CyberSafe Command PLA – Chinese PLA What happened last December – Jan?

MANCHURIAN ATTACK

what is distributed computing? Distributed computing is Internet-based figuring, whereby shared assets, programming and data are given to PCs and different gadgets on-request, similar to an open utility.

cloud in straightforward terms Uses the web and focal remote servers to keep up information and applications. Permits shoppers and organizations to utilize applications without establishment and get to their own records at any PC with web get to.

3 sorts of cloud administrations IaaS - Infrastructure-as-a-Service PaaS - Platform-as-a-Service SaaS - Software-as-a-Service

THE CLOUD Five basic qualities: on-request self-benefit, wide system get to, asset pooling, quick flexibility, and measured administration

EC2 Amazon Elastic Compute Cloud (Amazon EC2) A web administration that gives resizable figure limit in the cloud

EC2 - wikipedia Allows clients to lease PCs on which to run their own particular PC applications. A client can boot an Amazon Machine Image (AMI) to make a virtual machine, which Amazon calls a "instance", containing any product wanted.

EC2 - wikipedia A client can make, dispatch, and end server occurrences as required, paying by the hour for dynamic servers, thus the term "elastic".

S3 Amazon S3 (Simple Storage Service) is an online stockpiling web benefit offered by Amazon Web Services. Gives boundless capacity through a basic web administrations interface

S3 $0.15 per gigabyte-month 102 billion questions as of March 2010

POWER OF CLOUD The New York Times utilized Amazon EC2 and S3 to make PDF's of 15M checked news articles. NASDAQ utilizes Amazon S3 to convey verifiable stock data.

EXPLOITING CLOUD Sample Task Break PGP passphrases Solution Brute driving PGP passphrases

EXPLOITING CLOUD Try – ElcomSoft Distributed Password Recovery (with some patches to deal with PGP ZIP) Two components - EDPR Managers & EDPR Agents

EXPLOITING CLOUD On a quick double center Win7 box - 2100 days for a complex passphrase. Not worthy – too long Lets misuse the cloud.

EXPLOITING CLOUD First things first – Create an Account on Amazon. Charge card Required  Install Amazon EC2 API Tools on your linux box. sudo able get introduce ec2-programming interface apparatuses

EXPLOITING CLOUD Select an AMI (Amazon Machine Image) Example - utilize a 32 bit Windows AMI - ami-df20c3b6-g

EXPLOITING CLOUD Start a case from the Linux shell as takes after: ec2-run-cases - k ssh-keypair ami-df20c3b6-g default

EXPLOITING CLOUD Once the case is up and running, we counted the occasion ID and open IP address of the running occurrence with the order ec2-portray cases

EXPLOITING CLOUD Wait for the case status needs to change from "pending" to "running" Extract the administrator secret word for the case ec2-get-watchword - k ssh-keypair.pem $ instanceID

EXPLOITING CLOUD Configure EC2 firewall to allow inbound RDP activity to the case. ec2-approve default - p 3389 - s $ trusted_ip_address/32

EXPLOITING CLOUD Configure the firewall before the EDPR supervisor framework to allow TCP/12121 from anyplace. RDP into the occurrence & arrange EDPR

EXPLOITING CLOUD Use the manager secret word got from the ec2-get-watchword charge to login to the case.

EXPLOITING CLOUD Install EDPR Agent, Configure the Agent to interface with the Manager. 3 focuses to design for the most part

EXPLOITING CLOUD Configure people in general IP address or hostname of the EDPR director you have arranged.

EXPLOITING CLOUD Interface tab - Set the Start-up Mode to "At Windows Start-up".

EXPLOITING CLOUD Registry hack EDPR makes a couple of registry qualities which are utilized to exceptionally recognize the operator when interfacing with the supervisor. We have to clean these qualities – why?

EXPLOITING CLOUD If we don't alter, each and every occasion we bring forth/start will have all the earmarks of being a similar specialist to the supervisor, and the employment taking care of will be completely debased.

EXPLOITING CLOUD HKEY_LOCAL_MACHINE\Software\ ElcomSoft \Distributed Agent\UID Set the estimation of the UID key to invalid