A CLOUD BASED AND CONVENTIONAL APPROACH

A cloud based and conventional approach l.jpg
1 / 94
0
0
1254 days ago, 469 views
PowerPoint PPT Presentation
I am an Information Security Evangelist ? For paying my bills

Presentation Transcript

Slide 1

A CLOUD BASED AND CONVENTIONAL APPROACH IW - by Manu Zacharia MVP (Enterprise Security), ISLA-2010 (ISC)² C | HFI , C | EH, CCNA, MCP, AFCEH, Certified ISO 27001:2005 Lead Auditor Director – Information Security Millennium Consultants " Aut viam inveniam aut faciam " Hannibal Barca

Slide 2

# whoami I am an Information Security Evangelist  For paying my bills – I function as Director – Information Security – US Based Consultants. Grants I nformation S ecurity L eadership A chievement Award from International Information Systems Security Certification Consortium - (ISC)² Microsoft M ost V aluable P rofessional (Enterprise Security) Author of a Book – Intrusion Alert – An Ethical Hacker's Guide to Intrusion Detection Systems

Slide 3

# whoami Developed an Operating System from Linux piece – Matriux – (www.matriux.com) - Asia's First OS for Hacking, Forensics and Security testing – Open Source & Free  Some confirmations: C ertified E thical H acker ( C|EH ) C ertified H acking F orensics I nvestigator ( C|HFI ) C isco C ertified N etwork A ssociate M icrosoft C ertified P rofessional Certified ISO 27001:2005 I nformation S ecurity M anagement S ystems L ead A uditor Extend administration to police compel as Cyber Forensics Consultant

Slide 4

# whoami Teaching?? – no!!!!! – I don't educate, I simply prepare and lecture : Indian Navy - Signal School , Center for Defense Communication and Electronic and Information/Cyber Warfare Center for Police Research , Pune Institute of Management Technology ( IMT ) – Ghaziabad IGNOU M-Tech (Information Systems Security) – and furthermore an Expert Member – Curriculum Review Committee C-DAC, ACTS (Disks ( the tiger group ) & DSSD ( in-your-face folks )) Other International Assignments & H a c k i n g Conferences

Slide 5

Disclaimer(s) The supposition here spoke to are my own ones and don't fundamental mirror my bosses sees. Enrolled brands have a place with their true blue proprietors. The data contained in this introduction does not break any licensed innovation, nor does it give itemized data that might be in strife with real Indian laws (hopefully...) :)

Slide 6

Question So what is Cloud Computing? Do you know what is EC2 and S3? How these administrations could be misused?

Slide 7

substance INTRODUCTION UNDERSTANDING IW EXPLOITING THE CLOUD FORENSICS CONCLUSION

Slide 8

DO YOU KNOW THIS?

Slide 9

INFORMATION WARFARE Clue: Kendo ( kumdo in korean )

Slide 10

INFORMATION WARFARE 風 - Swift as the wind 林 - Quiet as the woodland 火 - Conquer like the fire 山 - Steady as the mountain

Slide 11

INFORMATION WARFARE Battle technique and proverb of Japanese primitive master Takeda Shingen ( 武田信玄 ) (1521–1573 A.D.). Twenty-Four Generals - renowned groupings of fight authorities ( Takeda Nijūshi-shō ) 武田二十四将

Slide 12

INFORMATION WARFARE Came from the Art of War by Chinese strategist and strategist Sun Tzu ( Sunzi ) A kind of shortening to remind officers and troops how to direct fight

Slide 13

INFORMATION WARFARE This is the thing that we require in data fighting

Slide 14

INFORMATION WARFARE " moves made to accomplish data prevalence by influencing foe data, data based procedures, data frameworks, and PC based systems while safeguarding one's own " The U.S. Joint Chiefs of Staff

Slide 15

INFORMATION WARFARE " Information fighting is the utilization and administration of data in quest for an upper hand over an adversary. " WIKIPEDIA

Slide 16

TWO SCHOOLS Two schools of contemplations exists: Military business By some different offices with the association of military

Slide 17

FORMS OF IW Bringing down of monetary framework like banks and stock trade Enemy correspondence arrange parodying and impairing Jamming of TV/Radio Hijacking of TV/radio for disinformation crusade

Slide 18

TYPES OF PLAYERS State supported organizations/bunches Terrorists Underground war-masters and gatherings Individuals "n" script kiddies

Slide 19

What's the most recent occurrence? What's going on in the Indian Web Space – most recent 45 days? 14 Aug–Independence day of Pakistan Underground breaking bunches http://www.pakcyberarmy.net/http://www.pakhaxors.com/forum.php

Slide 20

What's the most recent occurrence? The Two Pakistani Cracker Groups supposedly assaulted & ruined twelve of Indian Websites including: http://mallyainparliament.in/and http://malegaonkahero.com/

Slide 21

What's the most recent event?

Slide 22

Even the PM was not saved

Slide 23

What's the most recent incident? On 15 Aug – consequently an Indian underground gathering called as Indian Cyber Army (http://indishell.in) assaulted & ruined around 1226 sites of Pakistan.

Slide 24

MISSION STATEMENT Mission Statement - IN "Maritime introduction and preparing of volunteers to empower achievement of their prompt undertaking with confidence".

Slide 25

MISSION STATEMENT Mission explanation – IAF "The mission of the Flight Safety association of the IAF is to guarantee operational ability by moderating human and material assets through counteractive action of flying machine mischances."

Slide 26

mission

Slide 27

LOOK AROUND? UK CyberSafe Command PLA – Chinese PLA What happened last December – Jan?

Slide 28

MANCHURIAN ATTACK

Slide 29

what is distributed computing? Distributed computing is Internet-based figuring, whereby shared assets, programming and data are given to PCs and different gadgets on-request, similar to an open utility.

Slide 30

cloud in straightforward terms Uses the web and focal remote servers to keep up information and applications. Permits shoppers and organizations to utilize applications without establishment and get to their own records at any PC with web get to.

Slide 31

3 sorts of cloud administrations IaaS - Infrastructure-as-a-Service PaaS - Platform-as-a-Service SaaS - Software-as-a-Service

Slide 32

THE CLOUD Five basic qualities: on-request self-benefit, wide system get to, asset pooling, quick flexibility, and measured administration

Slide 33

EC2 Amazon Elastic Compute Cloud (Amazon EC2) A web administration that gives resizable figure limit in the cloud

Slide 34

EC2 - wikipedia Allows clients to lease PCs on which to run their own particular PC applications. A client can boot an Amazon Machine Image (AMI) to make a virtual machine, which Amazon calls a "instance", containing any product wanted.

Slide 35

EC2 - wikipedia A client can make, dispatch, and end server occurrences as required, paying by the hour for dynamic servers, thus the term "elastic".

Slide 36

S3 Amazon S3 (Simple Storage Service) is an online stockpiling web benefit offered by Amazon Web Services. Gives boundless capacity through a basic web administrations interface

Slide 37

S3 $0.15 per gigabyte-month 102 billion questions as of March 2010

Slide 38

POWER OF CLOUD The New York Times utilized Amazon EC2 and S3 to make PDF's of 15M checked news articles. NASDAQ utilizes Amazon S3 to convey verifiable stock data.

Slide 39

EXPLOITING CLOUD Sample Task Break PGP passphrases Solution Brute driving PGP passphrases

Slide 40

EXPLOITING CLOUD Try – ElcomSoft Distributed Password Recovery (with some patches to deal with PGP ZIP) Two components - EDPR Managers & EDPR Agents

Slide 41

EXPLOITING CLOUD On a quick double center Win7 box - 2100 days for a complex passphrase. Not worthy – too long Lets misuse the cloud.

Slide 42

EXPLOITING CLOUD First things first – Create an Account on Amazon. Charge card Required  Install Amazon EC2 API Tools on your linux box. sudo able get introduce ec2-programming interface apparatuses

Slide 43

EXPLOITING CLOUD Select an AMI (Amazon Machine Image) Example - utilize a 32 bit Windows AMI - ami-df20c3b6-g

Slide 44

EXPLOITING CLOUD Start a case from the Linux shell as takes after: ec2-run-cases - k ssh-keypair ami-df20c3b6-g default

Slide 45

EXPLOITING CLOUD Once the case is up and running, we counted the occasion ID and open IP address of the running occurrence with the order ec2-portray cases

Slide 46

EXPLOITING CLOUD Wait for the case status needs to change from "pending" to "running" Extract the administrator secret word for the case ec2-get-watchword - k ssh-keypair.pem $ instanceID

Slide 47

EXPLOITING CLOUD Configure EC2 firewall to allow inbound RDP activity to the case. ec2-approve default - p 3389 - s $ trusted_ip_address/32

Slide 48

EXPLOITING CLOUD Configure the firewall before the EDPR supervisor framework to allow TCP/12121 from anyplace. RDP into the occurrence & arrange EDPR

Slide 49

EXPLOITING CLOUD Use the manager secret word got from the ec2-get-watchword charge to login to the case.

Slide 50

EXPLOITING CLOUD Install EDPR Agent, Configure the Agent to interface with the Manager. 3 focuses to design for the most part

Slide 51

EXPLOITING CLOUD Configure people in general IP address or hostname of the EDPR director you have arranged.

Slide 52

EXPLOITING CLOUD Interface tab - Set the Start-up Mode to "At Windows Start-up".

Slide 53

EXPLOITING CLOUD Registry hack EDPR makes a couple of registry qualities which are utilized to exceptionally recognize the operator when interfacing with the supervisor. We have to clean these qualities – why?

Slide 54

EXPLOITING CLOUD If we don't alter, each and every occasion we bring forth/start will have all the earmarks of being a similar specialist to the supervisor, and the employment taking care of will be completely debased.

Slide 55

EXPLOITING CLOUD HKEY_LOCAL_MACHINE\Software\ ElcomSoft \Distributed Agent\UID Set the estimation of the UID key to invalid

SPONSORS