Hacking Countermeasures Short

Course
Part of subject
ITE516: Hacking Countermeasures
Part of the
Master of Information Systems
Security
Master of Management (IT)
#StopCyberCrime

#S
top

Hacking Countermeasures
WEEK 1
Erdal Ozkaya
Erdal.Ozkaya@itmasters.edu.au
eozkaya@csu.edu.au
www.YourMCT.com

Cy
be

rC
rim

Jason Howarth /CSU

Master of Information Systems

Security
Core Subjects (8 Subjects):
ITC506 Topics in IT Ethics
ITC571 Emerging Technologies and
Innovation ITC593 Network Security
ITC595 Information Security
ITC597 Digital Forensics
ITE525 Cyber Law
ITI581 Network Security Fundamentals
MGI521 Professional Communications

University Electives
(choose 1):
ITC514 Network and Security
Administration
ITC596 IT Risk Management

Industry Electives (choose

3):

ITE512 Incident Response

ITE513 Forensic Investigation
ITE514 Professional Systems
Security
Eligibility
Form
at www.itmasters.edu.au
ITE516
Hacking
Countermeasures

To find out additional credit, fill out

To contact Charles Sturt University Course Director: jhowarth@csu.edu.au

Market Leader: Distance Ed

Source: DEET

Market leader IT, PG, Domestic

600
500
400
300
200
100
0

504
377

338

315

257

200

182

E-mail

: Erdal.Ozkaya@itmasters.edu.au

Blog

: www.ErdalOzkaya.com

Facebook : www.Facebook.com\YourMCT
Twitter

: www.twitter.com\Erdal_Ozkaya

LinkedIn : au.linkedin.com/pub/erdal-ozkaya/11/384/844/
Windows Store: Search: Erdal Ozkaya
Windows Phone app:
http://www.windowsphone.com/en-us/store/app/erdal-ozkaya/89dafdf6-61c0-493b-b51a-c556e4f5987d
Android App
https://play.google.com/store/apps/details?id=com.appypie.appypie9d090adb2c30

Who am I ?
Master of Information Security, Bachelor of Science in Information
Technology (B.I.T.), MVP, Microsoft Certified Trainer, ISO27001 Consultant,
Certified Ethical Hacker (CEH), Certified Ethical Instructor, is an educator at
Charles Sturt University.
I am also completing my Doctor of Philosophy (Ph.D.) in IT security and
working for KEMP Technologies as Regional Director.
I am a speaker, proctor for hands-on labs, and technical expert in
worldwide conferences such as TechEd, Hacker Halted, Microsoft
Management Summit, trade shows and in webcasts for Microsoft and ECCouncil. Erdal has also developed and consulted on Microsoft Official Exams
and Courses. You can visit his blog for more information
www.erdalozkaya.com

#StopCyberCrime

Skills Being Measured

What is in this class ?

Welcome to Hacking Countermeasures

All what you need to know is here:

http
://www.itmasters.edu.au/free-short-cour
e
m
i
r
se-hacking-countermeasures
C
r
e
b
/
y
C
p
o
t
Or
S
#

Our main communication channel

https://learn.itmasters.edu.au

Hacking Countermeasures
Module 1:
Introduction toHacking Countermeasures

Lets
START ;)

Warning!

This Presentation Contains Occasional Bad

Language & Subject Matter that some May find
Disturbing and some information which you should
not use in live targets or networks without
permissions.

Improvements that Microsoft has made in

the Windows platforms have driven BAD
GUYS to new tactics.

Those who realize theyve been

There are two hacked.
types of organizations.
Those who havent yet realized theyve
been hacked.

Moving forward, there will

be two types of
organizations

Those who adapt to the

modern threat
environment.

Those who dont.

Attackers have set their sights on identity

theft
and theyre breaking into systems as you!

The threat landscape is changing

rapidly.
But this time its not just the
attackers driving change, its your
users.

2009 Defined environment

2014 Disappearing perimeter

Mobility represents the end perimeter based

security.
Your perimeter is fading, maybe its
already gone.

BYOD is a top priority and one

of the biggest challenges
But its not the only one
when it comes to
security.

The improvements that Software Giants

has made have driven HACKERS to new
tactics.

Attackers have set their sights on

identity theft
and theyre breaking into systems as
you!

Bankin
g
Small
Online
Business

Small
Online
Business

Small
Online
Business
Small
Online
Business

Attackers steal
~75%
of from
users
passwords
Attackers
smallthe
online
use
same
know this
businesses
password
and
useexploit
the same
and
on
everytosite
password
the
(Robert
Siciliano
access
more
Security
Researcher - McAfee)
weakness
interesting
accounts

There is a prolific and easily accessible

black market that facilitates the
buying and selling
of identities,
cards, about
etc.
Personal credit
information
you can almost certainly be
found there!

And so we have a perfect storm.

HEADLINES

How hackers allegedly stole unlimited

amounts of cash from banks in just a few
hours
Ars Technica [2013]

Cybercrime costs US economy up

to $140 billion annually, report says
Los Angeles Times [2013]

Cyberspace changes
the fog of war
Politics.co.uk [2013]

Malware burrows
deep into computer
BIOS to escape AV

Forget carjacking,
soon it will be
carhacking

The Register [September 2011]

The Sydney Morning Herald [2013]

Researchers have discovered one

of the first pieces ever used in the
wild that modifies the software on
the motherboard of infected
computers to ensure the infection
cant be easily eradicated

Rising cyber security risks to

drivers as their cars become
increasingly powered by and
connected to computers have
prompted the US auto-safety
regulator to start a new office
focusing on the threat

Cyberattacks on the
rise against US
corporations
New York Times [2013]

Universities face a
rising barrage of
cyberattacks
Ars Technica [2013]

Espionage malware
infects rafts of
governments,
industries around
the world
Ars Technica [2013]

TODAY

Key Principles of Security

Not every
network
administrator
is a security
expert

But, all
network
administrato
rs must
understand
the basics

Follow the
Key
Principals
to secure
your
network(s)

Understand Risk Management

Probabili
ty

Conseque
nce

#StopCyberCrime

Ris
k

 First key principle of security

is that no network is
completely secure
information security is really
about risk management
The more important the
asset is and the more it is
exposed to security threats,
the more resources you
should put into securing it

Golden Rules

Elements of value for the

organization

Asset

[ISO 27001:2005, Clause 3.1]

Identification of Assets

A possible classification

Hardware

Software

#StopCyber
Crime
Site

Org. Structure

Personnel

[ISO 27001:2005, Clause 3.1]

Threat
Potential cause of an unwanted
incident, which may result in harm
to a system or organization

#StopCyberCrime

Crash

Vulnerability
Weakness of an asset or group of assets
that can be exploited by one or more
threats

Locked

[ISO 27002:2005, Clause 2.19]

Information Security

Is the protection of
information from a wide
range of threats, in
order to ensure
business continuity,
minimize business risk,
and maximize return on
investment and
business opportunities.

[ISO 27002:2005, Clause 0.3]

Confidentiality
The property that information is not
made available or disclosed to
unauthorized individuals, entities,
or processes
Confidential

[ISO 27001:2005, Clause 3.3]

Integrity
The property of safeguarding the
accuracy and completeness of
assets

Confidential

[ISO 27001:2005, Clause 3.8]

Availability
The property of being accessible
and usable upon demand by an
authorized entity
Data

[ISO 27001:2005, Clause 3.2]

Security Principles

Security
Granting
by Design,
the
Least
Default
Privilege
Deployment
Required
Protecting,
Defending
Detecting
Each
Network
andand
Responding
Layer
Reducing
Avoiding
the
Assumptions
Attack
Surface

Understandin
g your
enemy!

2 ways to shield yourself

from a HACK attack!

The Art of War

If you know the enemy and
know yourself, you need not fear
the result of a hundred battles. If
you know yourself but not the
enemy, for every victory gained
you will also suffer a defeat. If
you know neither the enemy nor
yourself, you will succumb in
every battle. Sun Tzu

Best Practices to Keep Your Servers

SAFE!

Keep In Mind!

There is no way to STOP a Hacker,

you can only make their job
HARDER !

Knowing Yourself
Accurately assess your own skills.
Possess detailed documentation of your
network.
Understand the level of organizational
support you receive.

Identifying Your Attacker

Understanding Internal
Attackers
Higher levels of trust
Physical access to network
resources
Human resources protections

Hackers Beware
Understanding External Attackers
Novice Attackers
Intermediate Attackers
Advanced Attackers

Why do we get attacked?

Notoriety, acceptance, and ego

Financial gain
Challenge
Activism
Revenge
Espionage
Information warfare

Module 2
Footprinting and Reconnaissance

Phases of Hackers
Reconnaissa
nce

Clearing
Tracks

Maintaining
Access

Scanning

Gaining
Access

Reconnaissance

Refers to phase where attacker gathers as

much information as possible
Learn About Target
1) Active Recon
2) Passive Recon

Scanning Types

Gaining Access
Attack occurs when the hacker moves from simply
probing the network to actually attacking it.
After hacker gained access, he begins to move
from system to system, spreading his damage
as progresses.
Comes down to skill level, amount of access
achieves, network architecture, and configuration
of the victim's network.

Maintaining Access

Refers to the phase when attacker tries to retain ownership of the

system
The attacker may compromise the system
This where Backdoors, RootKits or Trojans prevents your
systems
Attacker can upload, download or manipulate data, applications &
configurations of your systems

Clearing Tracks
Refer to activates carried out by an
attacker to hide the misdeeds
Reasons Inc. the need for prolonged stay,
continued use of resource, remove
evidence of hacking

How does Hackers Find Us?

How do hackers gain access?

Next Week:
Module 3: Scanning Networks
Module 4: Enumeration
Demo: U w1ll 0w3n T3hm 500n