Introduction To ICT Security Audit OWASP Day Malaysia 2011

Introduction To ICT Security Audit OWASP Day Malaysia 2011 by Harisfazillah Jamel or LinuxMalaysia during OWASP Day Malaysia 2011 20 Sept 2011.

-

Introduction To ICT Security Audit OWASP Day Malaysia 2011

-

-

Introduction To ICT Security Audit OWASP Day Malaysia 2011

View more presentations from Harisfazillah Jamel

Introduction To ICT Security Audit OWASP Day Malaysia 2011 - Presentation Transcript

https://www.owasp.org/index.php/OWASP_Day_KL_2011

Agenda ● Objective of The Day ● Identified The Risks ● Who should be involved ● Where To Starts ● What To Audit ● When To Audit ● How To Do It

Objective • Harden Our Servers • In Depth Defense• Find the loophole • Find the zero day

Risk Only one risk – HumanTo Err Is Human

Its our job to find it. :-)

Risks ● Not a latest Patches ● Forget my password ● Allow all, Deny None ● Install everything ● Share anything ● Phishing ● No backup

Not The Latest Patches ● Be alert – http://www.mycert.org.my/en/ – http://www.securityfocus.com/ – http://packetstormsecurity.org/ – http://gcert.mampu.gov.my/ – http://www.cert.org/certcc.html Internet Storm Center – http://isc.sans.edu/ Patches Priority One – http://www.sans.org/top-cyber-security-risks/

Lab One ● Subscribe websites to Google Reader ● http://www.kb.cert.org/vuls/

Forget My Password● We will use easy password ● Password must = Senang nak ingat, susah nak teka.● Dont leak the hash ● Generate MD5 hash – http://md5crack.com/crackmd5.php ● Crack MD5 – http://isc.sans.edu/tools/reversehash.html

Lab Two ● Crack this – password – abc123 – haris – Your own name – Birthday date in numbers – Birthday date in any format

Allow All Deny None ● Any ports outbound open ● Not proxy between LAN and Internet ● Used by BOT to attack and comm with BOSS

Lab Three ● Telnet – Telnet in CMD and Shell – Port 80 GET /index.htm HTTP/1.1 and enter twice – Port 25 helo and quit ● Visit this website – http://www.yougetsignal.com/tools/open-ports/ – http://canyouseeme.org

Install Everything ● To many patches ● To many services ● Only select what you want

Share Everything ● Windows Share permission “every body” – Dont trust your network ● Putting files in web servers – Google BOT nyum-nyum

Lab Four ● Google own name in PDF files – harisfazillah filetype:pdf ● You own IC numbers (with and without -) – Do this on your own

Phishing ● The most used tactic to gain password – Email – Phone

Lab Five ● Track your organisation here – http://www.phishtank.com/ ● You will never know, you are the target.● Defacement Archive – http://www.zone-h.org/archive

BreakJom Minum

Who ? - The Management - ICT - Me Everybody need to be involved

Lab Six ● CIS Security – The Benchmark – http://www.cisecurity.org/

Where To Start ● Any servers that have IP address – Public or Internal – Heavy traffic websites and Email ● LAN – Review firewall and proxy log – SMTP activities – IRC bot activities – HTTP and HTTPS requests – Minitor network traffic

Lab Seven ● Get the bootable CD ● tcpdump ● wireshark ● Any network analysis tools

When To Do It ● A must every 6 months● Any security warning

Contact linuxmalaysia@gmail.com

http://green-osstools.blogspot.com/

Download

http://www.slideshare.net/linuxmalaysia/introduction-to-ict-security-audit-owasp-day-malaysia-2011

http://www.scribd.com/doc/65765561/Introduction-To-ICT-Security-Audit-OWASP-Day-Malaysia-2011

Important: Security Breach on Linux.com, LinuxFoundation.org

I got this notice when visiting http://www.linuxfoundation.org/ and http://www.linux.com/ websites date and time 11 September 2011 19:58

Linux Foundation infrastructure including LinuxFoundation.org, Linux.com, and their subdomains are down for maintenance due to a security breach that was discovered on September 8, 2011. The Linux Foundation made this decision in the interest of extreme caution and security best practices. We believe this breach was connected to the intrusion on kernel.org.

We are in the process of restoring services in a secure manner as quickly as possible. As with any intrusion and as a matter of caution, you should consider the passwords and SSH keys that you have used on these sites compromised. If you have reused these passwords on other sites, please change them immediately. We are currently auditing all systems and will update this statement when we have more information.

We apologize for the inconvenience. We are taking this matter seriously and appreciate your patience. The Linux Foundation infrastructure houses a variety of services and programs including Linux.com, Open Printing, Linux Mark, Linux Foundation events and others, but does not include the Linux kernel or its code repositories.

Please contact us at info@linuxfoundation.org with questions about this matter.

The Linux Foundation

Email from info@linuxfoundation.org

Important: Security Breach on Linux.com, LinuxFoundation.org


Attention Linux.com and LinuxFoundation.org users,

We are writing you because you have an account on Linux.com, LinuxFoundation.org, or one of the subdomains associated with these domains. On September 8, 2011, we discovered a security breach that may have compromised your username, password, email address and other information you have given to us. We believe this breach was connected to the intrusion on kernel.org.

As with any intrusion and as a matter of caution, you should consider the passwords and SSH keys that you have used on these sites compromised. If you have reused these passwords on other sites, please change them immediately. We are currently auditing all systems and will update public statements when we have more information.

We have taken all Linux Foundation servers offline to do complete re-installs. Linux Foundation services will be put back up as they become available. We are working around the clock to expedite this process and are working with authorities in the United States and in Europe to assist with the investigation.

The Linux Foundation takes the security of its infrastructure and that of its members extremely seriously and are pursuing all avenues to investigate this attack and prevent future ones. We apologize for this inconvenience and will communicate updates as we have them.

Please contact us at info@linuxfoundation.org with questions about this matter.

The Linux Foundation

My advice to System Administrators from Malaysia, lets join OWASP Malaysia Chapter for ICT security alerts and discussion.

OWASP Malaysia Chapter links :-

OWASP.my Discussion Group In Facebook

http://www.facebook.com/groups/owaspmy/

OWASP Malaysia Twitter

http://www.twitter.com/owasp.my

OWASP Malaysia Local Chapter Facebook Page

http://www.facebook.com/OWASP.Malaysia

OWASP Malaysia Local Chapter official Website

http://www.owasp.my/

OWASP Malaysia Local Chapter Mailing List

https://lists.owasp.org/mailman/listinfo/owasp-Malaysia