INTEGRITY

About This Presentation

Title:

INTEGRITY

Description:

INTEGRITY & POLICY Leticia Nisbett Lauren Walters Andrew Yao Overview Leticia Basic Integrity and Writing Policies to ensure integrity Lauren Access controls ... – PowerPoint PPT presentation

Number of Views:359

Avg rating:3.0/5.0

Slides: 102

Provided by: TheHein

Learn more at: https://www.andrew.cmu.edu

Category:

more less

Transcript and Presenter's Notes

Title: INTEGRITY

1
INTEGRITY POLICY

Leticia Nisbett
Lauren Walters
Andrew Yao

2
Overview

Leticia Basic Integrity and Writing Policies to
ensure integrity
Lauren Access controls Security Models, and
Integrity Tools
Andrew Applications to Case Study and Examples

3
What is Integrity?

Integrity is a VERY important security
requirement
Protecting your information is highest priority
protecting integrity of your network is critical
in ability to protect the information it
contains.
Can be defined in a number of ways..

4
How would you define Integrity?
5
Definitions of Integrity

Integrity requires that computer system assets
and transmitted information be capable of
modification only by authorized parties.
not modified by unauthorized persons
not created by unauthorized persons

6
Integrity

In cryptography and information security
integrity refers to the validity of data.
Integrity can be compromised in two main ways
Malicious altering
Attacker alters account number in a bank
transaction
Forging an identity document
Accidental altering
Transmission errors my name Leticia and u have
a car
Harddisk crash
According to Wikipedia

7
Integrity 2

In telecommunication, the term data integrity has
the following meanings
The condition in which data are identically
maintained during any operation, such as
transfer, storage, and retrieval.
The preservation of data for their intended use.
Specifically, data integrity in a relational
database is concerned with three aspects of the
data in a database
Accuracy
Correctness
Validity
according to Wikipedia

8
What happens if integrity is compromised?

Modification is an attack on integrity
Modification the data is changed, delayed or
reordered to produce an unauthorized, undesired
effect.
A breach in the integrity of your network can be
extremely costly in time and effort, and it can
open multiple avenues for continued attacks.

9
Network Considerations

When considering what to protect within your
network, you are concerned with maintaining the
integrity of
the physical network
your network software
any other network resources
your reputation
This Integrity involves
the verifiable identity of computers and users
proper operation of the services that your
network provides
and optimal network performance
all these concerns are important in maintaining a
productive network environment.

10
Common Methods of Attack on Integrity

The four methods of attack that are commonly used
to compromise the integrity of a network
Network packet sniffers
IP spoofing
Password attacks
Application layer attacks

11
Network Packet Sniffers

Network packet sniffers can yield critical system
information, such as user account information and
passwords.
When an attacker obtains the correct account
information, he or she has the run of your
network.
Worst-case scenario
an attacker gains access to a system-level user
account
creates a new account that can be used at any
time as a back door
can modify system-critical files such as
the password for the system administrator
account
the list of services and permissions on file
servers
the login details for other computers that
contain confidential information.

12
Network Packet Sniffers 2

Packet sniffers provide information about the
topology of your network that many attackers find
useful. such as
what computers run which services
how many computers are on your network
which computers have access to others
A network packet sniffer can be modified
to interject new information
change existing information in a packet.
Attack can cause network connections to shut down
prematurely, as well as change critical
information within the packet.
Imagine modification to the accounting system

13
IP Spoofing

IP spoofing can yield access to user accounts and
passwords, and it can also be used in other ways.
Attacker emulates one of your internal users in
ways that prove embarrassing for your
organization
Such attacks are easier when an attacker has a
user account and password
Are possible by combining simple spoofing attacks
with knowledge of messaging protocols.
Telnetting directly to the SMTP port on a system
allows the attacker to insert bogus sender
information.

14
Password Attacks

A brute-force password attack can provide access
to accounts that can be used to modify critical
network files and services.
Can compromise network's integrity
Once an attacker gets the password and gains
access to the system
he can modify the routing tables for the network.
attacker ensures that all network packets are
routed to him or her before they are transmitted
to their final destination

15
Application Layer Attacks

Application Layer attacks can be implemented
using several different methods.
A common method is exploiting well-known
weaknesses in software commonly found on servers,
such as sendmail, PostScript, and FTP.
By exploiting these weaknesses, attackers can
gain access to a computer with the permissions of
the account running the application
usually a privileged system-level account

16
Application Layer Attacks

Trojan horse attacks
implemented using bogus programs that attacker
substitutes for common programs.
programs provide all functionality of a normal
application or service
also include other features that are known to
the attacker
programs can capture sensitive information and
distribute it back to the attacker

17
Network considerations when defining security
policies

Three main types of networks must be considered
when defining a security policy
Trusted
Un-trusted
Unknown.

18
Trusted Networks

Networks inside your network security perimeter.
Networks that you are trying to protect.
Someone in the organization administers the
computers that comprise these networks (most
times)
Organization controls their security measures.
Usually, trusted networks are within the security
perimeter.
To set up firewall server
explicitly identify the type of networks that are
attached to the firewall server through network
adapter cards
After the initial configuration, the trusted
networks include the firewall server and all
networks behind it.
One exception to this general rule is the
inclusion of virtual private networks (VPNs)

19
Un-trusted Networks

Networks known to be outside your security
perimeter.
Un-trusted because they are outside your control
No control over the administration or security
policies for these sites
Private, shared networks from which you are
trying to protect your network
Still need and want to communicate with these
networks although they are un-trusted.
To set up the firewall server
explicitly identify the un-trusted networks from
which that firewall can accept requests

20
Unknown Networks

Networks that are neither trusted nor un-trusted.
Unknown quantities to the firewall because you
cannot explicitly tell the firewall server that
the network is a trusted or un-trusted
Unknown networks exist outside your security
perimeter
By default, all non-trusted networks are
considered unknown networks, and the firewall
applies the security policy that is applied to
the Internet node in the user interface, which
represents all unknown networks.

21
Establishing a Security Perimeter

When you define a network security policy, you
must define procedures to safeguard your network
and its contents and users against loss and
damage.
A network security policy plays a role in
enforcing the overall security policy defined by
an organization.

22
Establishing a Security Perimeter

A critical part of an overall security solution
is a network firewall
monitors traffic crossing network perimeters
imposes restrictions according to security
policy.
Perimeter routers are found at any network
boundary
between private networks, intranets, extranets,
or the Internet.
Firewalls most commonly separate internal
(private) and external (public) networks.
A network security policy focuses on controlling
the network traffic and usage
identifies a network's resources and threats
defines network use and responsibilities
details action plans for when the security policy
is violated
When a network security policy is deployed it
should be strategically enforced at defensible
boundaries within your network. These strategic
boundaries are called perimeter networks.

23
Three Types of Perimeter Networks Exist
Outermost, Internal, and Innermost
24
Example Two-Perimeter Network Security Design
25
Developing Your Security Design

The design of the perimeter network and security
policies require certain subjects to be
addressed.

26
Important considerations for defining a security
policy

1. Know your enemy
2. Count the cost
3. Identify any assumptions
4. Control your secrets
5. Human factors
6. Know your weakness
7. Limit the scope of access
8. Understand your environment
9. Limit your trust
10. Remember physical security
11. Make security pervasive

27
Know Your Enemy

Know attackers or intruders.
Consider who might want to circumvent your
security measures
Identify their motivations.
Determine what they might want to do and the
damage that they could cause to your network.
Security measures can never make it impossible
for a user to perform unauthorized tasks with a
computer system they can only make it harder.
The goal is to make sure that the network
security controls are beyond the attacker's
ability or motivation.

28
Count the Cost

Security measures usually reduce convenience,
especially for sophisticated users.
Security can delay work and can create expensive
administrative and educational overhead.
Security can use significant computing resources
and require dedicated hardware.
When you design your security measures,
understand their costs and weigh those costs
against the potential benefits.
To do that, you must understand the costs of the
measures themselves and the costs and likelihood
of security breaches. If you incur security costs
out of proportion to the actual dangers, you have
done yourself a disservice.

29
Identify Any Assumptions

Every security system has underlying assumptions.
For example, you might assume that your network
is not tapped, that attackers know less than you
do, that they are using standard software, or
that a locked room is safe. Be sure to examine
and justify your assumptions. Any hidden
assumption is a potential security hole.

30
Control Your Secrets

Most security is based on secrets.
Eg. Passwords and encryption keys
Too often, the secrets are not all that secret.
The most important part of keeping secrets is in
knowing the areas that you need to protect.
What knowledge would enable someone to circumvent
your system?
You should jealously guard that knowledge and
assume that everything else is known to your
adversaries.
The more secrets you have, the harder it will be
to keep them all. Security systems should be
designed so that only a limited number of secrets
need to be kept.

31
Human Factors

Many security procedures fail because their
designers do not consider how users will react to
them.
Automatically generated nonsense passwords often
written on the undersides of keyboards- difficult
to remember
A secure door that leads to the system's only
tape drive is sometimes propped open- for
convenience
Unauthorized modems are often connected to a
network to avoid onerous dial-in security
measures- for expediency
If security measures interfere with essential use
of the system they will be resisted and perhaps
circumvented.
To get compliance, make sure users can get their
work done, and must emphasize (sell) security
measures to users. Users must understand and
accept the need for security.

32
Human Factors 2

Users can compromise system security, at least to
some degree
Passwords can be found out simply by calling
legitimate users on the telephone claiming to be
a system administrator, and asking for them.
If your users understand security issues, and if
they understand the reasons for your security
measures, they are far less likely to make an
intruder's life easier.
At minimum
Users should be taught never to release passwords
or other secrets over unsecured telephone lines
or e-mail
Users should be wary of people who call them on
the telephone and ask questions
Some companies have implemented formalized
network security training so that employees are
not allowed access to the Internet until they
have completed a formal training program

33
Know Your Weaknesses

Every security system has vulnerabilities.
You should understand your system's weak points
and know how they could be exploited.
You should also know the areas that present the
greatest danger and should prevent access to them
immediately.
Understanding the weak points is the first step
toward turning them into secure areas.

34
Limit the Scope of Access

You should create appropriate barriers in your
system so that if intruders access one part of
the system, they do not automatically have access
to the rest of the system.
The security of a system is only as good as the
weakest security level of any single host in the
system.

35
Understand Your Environment

Understanding how your system normally functions,
knowing what is expected and what is unexpected,
and being familiar with how devices are usually
used will help you detect security problems.
Noticing unusual events can help you catch
intruders before they can damage the system.
Auditing tools can help you detect those unusual
events.

36
Limit Your Trust

You should know exactly which software you rely
on, and your security system should not have to
rely on the assumption that all software is
bug-free.

37
Remember Physical Security

Physical access to a computer (or a router)
usually gives a sufficiently sophisticated user
total control over that computer.
Physical access to a network link usually allows
a person to tap that link, jam it, or inject
traffic into it. It makes no sense to install
complicated software security measures when
access to the hardware is not controlled.

38
Make Security Pervasive

Administrators, programmers, and users should
consider the security implications of every
change they make.
Understanding the security implications of a
change takes practice it requires lateral
thinking and a willingness to explore every way
that a service could potentially be manipulated.

Ten suggested ways to improve the security of
your computer!!!
http//web.mit.edu/ist/topics/security/pamphle
ts/tensteps.pdf

40
1. patch, Patch, PATCH!

Set up your machine for automatic updates.
For Windows
Start MenugtControl PanelgtServicesgtWindows Update
set to automatic
For Macs
System PreferencesgtSoftware Update set to
daily or weekly.
For Red Hat Linux, refer to
http//mit.edu/ist/topics/Linux/rhn.html

41
2. Install anti-virus software.

Install the appropriate version of the antivirus
software for your computer.
Set it to scan your files on a regular basis.
software is available on ISTs Getting
Started CD or at http//web.mit.edu/software

42
3. Choose strong passwords.

Some suggestions for choosing strong passwords!!??

43
3. Choose strong passwords.

Choose strong passwords by picking letter,
number, and special characters to create a mental
image or an acronym that is easy for you to
remember.
Change passwords regularly.
Do not reuse your password among different
accounts. Its bad if your email account is
hacked, its even worse if its your email
account AND your bank account.
http//web.mit.edu/network/passwords.html

44
DEMO

MAC Password Helper

45
4. backup, Backup, BACKUP!

Backing up your data on a regular basis helps
protect you from the unexpected.
Ask yourself how many days of work you are
willing to lose if your computer is compromised
and the hackers decide to overwrite your disk
space with their favorite movies and music.
http//web.mit.edu/net-security/www/faq.htmlba
ckup

46
5. Control access to your machine.

Dont leave your machine unattended and logged
on.
Dont leave your PDA unattended in public places.
Disable guest accounts, and delete unused
accounts in a timely manner.
More information on securing your Windows
machine can be found at http//web.mit.edu/ist/top
ics/windows

47
6. Use email safely.

Filter your spam e-mail.
Check with the sender when receiving unexpected
attachments from people you know.
Never open attachments from people you dont
know.
Always use your virus scanner on any attachment
before opening it.
MIT Spam Screening is described at
http//web.mit.edu/ist/services/email/nospam

48
7. Use secure connections.

Using a secure connection is essential. On the
Internet your data is vulnerable unless you do
something to protect it.
For Linux, SSH and SCP are best for secure logins
and secure file transfers.
For Windows, use Filezilla and SecureFX for file
transfers, Host Explorer and SecureCRT for secure
remote logins.
http//web.mit.edu/net-security/www/faq.htmlse
cure-connections

49
8. Encrypt sensitive files.

Sensitive data is frequently stored on your
hard drives. Protecting the data can protect you
from identity theft.
Encrypt sensitive files.
Have password-protected documents.

50
9. Use desktop firewalls.

Apple Mac OS X and Microsoft Windows XP have
basic desktop firewalls as part of their
operating systems. It is recommended that users
activate these firewalls unless there are known
software conflicts.

51
10.Stay informed.

To stay current with the latest developments
for Windows, Macs, and nix systems, subscribe to
the security-fyi mailing list by visiting
http//mailman.mit.edu/mailman/listinfo/security-f
yi

52
Access Controls

Mandatory Access Control
Discretionary Access Control
Role-Based Access Control

53
Mandatory Access Control

The MAC technique protects and contains computer
processes, data, and system devices from being
misused.

54
Mandatory Access Control

Four modes of security operation
Dedicated Security Mode
All users can access ALL data.
System-High Security Mode
All users can access SOME data, based on their
need to know.
Compartmented Security Model
All users can access SOME data, based on their
need to know and formal access approval.
Multilevel Security Mode
All users can access SOME data, based on their
need to know, clearance and formal access
approval.

55
Discretionary Access Control

DAC defines basic access control policies to
objects at the discretion of the objects owner.
MAC and DAC can be applied
to the same file

56
Role-Based Access Control

RBAC is an new alternative approach to MAC and
DAC
Access Control is determined by the job function,
not the individual staff member.

57
Access Control

In your opinion, which is the better method for
access control?
MAC,
DAC,
and/or RBAC

58
Security Models

Security models are an important concept in the
design and analysis of secure computer systems
Examples of security models
Information Flow Model
Biba Security Model
Clark-Wilson Model
Chinese Wall Model
The Bell-LaPadula Model

59
Information Flow Model

The Information flow model is a variation of the
access control model
This model attempts to control the transfer of
information from one object to another which is
constrained by the two objects security
attributes
Information can flow to the same or higher level
of security

60
The Biba Model

The Biba Integrity Model describes read and write
restrictions based on integrity classes of
subject and objects
Two main principles
A subject can write to an object only if the
integrity access class of the subject is larger
than the integrity class of the object
A subject can read an object only if the
integrity access class of the subject is less
than that of the integrity class of the object

61
The Biba Model
Layer of Higher Secrecy
Contaminated
Read
Write
Get Contaminated
Layer of Lower Secrecy
Simple Integrity Property
Integrity Star Property
Official (isc)2 Guide to the CISSP Exam
62
The Clark-Wilson Model

The model address integrity requirements which
are based on process and data integrity
The model identifies three rules of integrity
Unauthorized users should not make changes
Authorized users should not make unauthorized
changes
The system should maintain internal and external
consistency
Enforce policies by
Well-formed transactions
Separation of duties

63
The Clark-Wilson Model

Data
Constrained data items (CDI)
Unconstrained data items (UDI)
Procedures
Integrity verification procedure (IVP)
Transformation procedure (TP)

64
Example of CW Model

Purchasing clerk creates an order for a supply,
sending copies to the supplier and the receiving
department.
Upon receiving the items, a receiving clerk
checks the delivery and, if all is well, signs a
delivery form. Then the delivery form and
original order form will go to the accounting
department.
Supplier sends an invoice to the accounting
department. The accounting clerk will compare
the invoice with the original order and delivery
form and issues a check to the supplier.

65
Example of CW Model

Users?
Purchasing clerk
Receiving clerk
Supplier
Accounting clerk
Constrained Data?
Order
Delivery form
Invoice
check
Transformation Procedures?
Create order, Send order
Create delivery form, Send delivery form, Sign
delivery form
Create invoice, Send invoice
Compare invoice to order
And so on

66
Tools

Integrity Management Software
Anti-Virus Software

67
Integrity Management Software

Encryption is most commonly used for secrecy but
it can also be used for integrity.
Check for integrity by specifically utilizing
Hash functions
Digital Signatures
File Size
Example
Tripwire Enterprise

68
Hash Functions

A public function that maps a plaintext message
of any length to a fixed length hash value
Are used as an authenticator
Pros
Offers integrity
Cons
No confidentiality
Examples
CRC
MD5
SHA-1

69
Cyclic Redundancy Check

CRC is a type of hash function that is utilized
to create a checksum
Useful for error detection, CRC cannot be relied
upon to verify data integrity
Example of Tools solely use CRC
Crckit

70
Message-Digest Algorithm 5

MD5 is a popular cryptographic function with a
128-bit hash value
Utilized in a variety of security applications
Also commonly used for checking the integrity of
files
It is computationally unrealistic to find two
messages that have the same message digest

71
Secure Hash Algorithm

SHA is a set of related cryptographic hash
functions
SHA-1 is the most commonly used for a large
variety of security applications and protocols
SHA-1 is considered the successor to MD5

72
Digital Signatures

Digital signatures also known as public-key
digital signature is an encryption scheme
utilizing public key cryptography
This method has two complementary algorithms, one
for signing and the other for verification, and
the output of this process is a digital signature

73
Tripwire Enterprise

http//www.tripwire.com/
Captures a baseline of server file systems,
desktop file systems, directory servers and
network device configurations in a known good
state, and then automatically performs integrity
checks that compare current states against
baselines to detect changes.
Tripwire Demo

74
Examples of Integrity Management Software

Advanced CheckSum Verifier (ACSV)
Advanced Intrusion Detection Environment (AIDE)
Cambia CM
Crckit
FileCheckMD5
FTimes
Hashdig
Integrit
Intrusec CM
Jacksum
LANGuard Security Integrity Monitor
MD5 Hashing Utilities
Md5deep
Nabou
NIST_Crc

Radmind
Samhain
Secure Hash Signature Generator
Sentinel
Sha_verify
Spidernet
SysCheck
Sysdiff
Tripwire - Commercial
Tripwire OpenSource
Veracity System Integrity Assurance
ViperDB
Yafic
Winalysis
WinInterrogate
Xintegrity

75
Anti-virus Software

The techniques for detecting a virus include
Checking unexpected increases in file size
Noting changes in timestamps
Sudden decreases in free space
Calculating checksums
Saving images on the internal control tables and
noting unexplained changes

76
Examples ofAnti-virus Software

AntiVir PersonalEdition Classic
AVAST 4 Home Edition
AVG Free Edition
Bullguard Antivirus Software, Firewall and Backup
Command Antivirus
F-Prot Antivirus for Windows
F-Secure
Kaspersky Anti-Virus
McAfee VirusScan 2006

NOD32 Antivirus System v2.0
Norton AntiVirus 2002
Panda Titanium Antivirus 2004
PC-cillin Internet Security 2004
Platinum Internet Security 2005
Rising AntiVirus
Virex
Windows Live OneCare

77
Case Study - Integrity

Hamlet
Being thus be-netted round with villanies,--
I sat me down,
Devised a new commission, wrote it fair
He should the bearers put to sudden death.
I had my father's signet in my purse,
Which was the model of that Danish seal
Subscribed it, gave't the impression, placed
it safely,
The changeling never known.

78
Case study - Attacks

Attacks on integrity
alter teleprompter speeches/ presentation
slides
alter scheduling
alter voting results
alter outgoing media reports
attacker could be other media or
outsider

79
Attackers

The cold passed reluctantly from the earth, and
the retiring fogs revealed an army stretched out
on the hills, resting.
- The Red Badge of Courage

80
Case study - Outside attacker

Henry is a member of a small revolutionary
anarchist group
Assigned to disrupt the event using information
warfare tactics.
Attacks from an open wireless network at a public
library.

How you gonna call yourself a revolutionary and
you aint got no poems?
-Dewey

82
Case study - Attacker 1 recon

Scan port 0-65535 with an aggressive stealth scan
with OS and application fingerprinting.
nmap -sS -F -P0 -O -T4 -v A p0-65535 event
network address
Starting nmap 3.50 ( http//www.insecure.org/nmap/
)
...
Interesting ports on contractor2.event.net
(XX.227.165.100)
(The 65535 ports scanned but not shown below are
in state filtered)
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 3.7.1p1 (protocol
1.99)
Running Linux 2.4.X
OS details Linux 2.4.18 (x86)
Uptime 316.585 days
...

83
Preventing recon

Only open service on the network
contractor left an SSH server running.
How can we prevent the attacker from finding it?

84
Preventing recon contd

At the firewall, prevent all incoming
connections
Use NAT so internal boxes are not Internet
addressable
Put a firewall between Ops and Organization in
case a contractor is compromised or malicious.
Policy that no one may run listening servers
without IT authorization.

85
Finding vulnerabilities

Henry looks up OpenSSH 3.7.1p1 on various
security websites such as SecurityFocus BID and
OSVDB.org.
http//www.kb.cert.org/vuls/id/602204
When PAM and SSHv1 are enabled, OpenSSH 3.7.1p1
has a vulnerability that allows an attacker to
login to any account by using a null password.

86
Exploiting OpenSSH

psychegt ssh -1 root_at_ contractor2.event.net
The authenticity of host contractor2.event.net
(XX.227.165.212)' can't be established.
RSA1 key fingerprint is 2dfb27e0abaddeadca
febabe53022838.
Are you sure you want to continue connecting
(yes/no)? yes
root_at_contractor2.event.net's password
whoami
root
How could we prevent this?

87
Preventing OpenSSH Exploit

How could we prevent this?
Keep on top of patch management
automated scan when they connect to the network
Use PermitRootLogin no in sshd_config to
prevent root login

88
Dictionary attack on SSH

Henry uses hydra to attempt to do a dictionary
attack and guess a users password.
hydra -L names.txt -P passwords.txt
contractor2.event.net ssh2
Hydra v5.2 (c) 2006 by van Hauser / THC - use
allowed only for legal purposes.
DATA 400000 tasks, 1 servers, 400000 login
tries (l1/p2), 1 tries per task
DATA attacking service ssh2 on port 22
STATUS attack finished for contractor2.event.net
(waiting for childs to finish)
22ssh2 host XX.227.165.212 login test
password trustno1

89
Preventing Dictionary Attack

Unable to guess a password for root, but did get
user test with password trustno1 (Fox
Mulders password on The X-Files)
How to prevent this attack?

90
Preventing Dictionary Attack contd

Choose strong passwords on all accounts, not
just root
Enforceable by having IT people run hydra?
Ban an IP address for some length of time after
a certain number of failed attempts.

91
Privilege Escalation

Henry has a user level shell on the contractors
box.
Inside the firewall, uses same dictionary attack
technique to get a user account on the podium
server.
Wants to alter the presentations, but cant with
current privileges.

92
Privilege Escalation

uname -a
Linux podium.event.net 2.4.18 3-i686-UP (034)
i686 i386 GNU/Linux
This is a relatively old kernel version, and
there is a privilege escalation vulnerability in
versions below 2.4.22.
http//www.kb.cert.org/vuls/id/301156
An integer overflow vulnerability in the brk
system call.

93
Privilege Escalation

He downloads and uses a publicly available
exploit to get root privileges.
As root, he subtly modifies the saved
presentations for several presenters in an
embarrassing way.
How to prevent this?

94
Preventing Privilege Escalation

Again patch management, even on computers which
are supposedly safe because theyre inside the
firewall
Use Tripwire or other integrity checking programs
to detect modifications to sensitive files
But?
Minimize set of programs which are setuid or run
as root
Backups on removable media

95
Attacking the Media LAN attacks

Media share a wired network.
Many network attacks available when on the same
network.
ARP poisoning to sniff or do MITM
Alter or forge media reports
http//en.wikipedia.org/wiki/ARP_spoofing

96
LAN attacks

SSL not foolproof if MITM possible.
Animation at http//crimemachine.com/Tuts/Flash/SS
LMITM.html

97
Preventing LAN attacks

Static ARP/Port Security
But?
Detect ARP poisoning with arpwatch
But?
Train them not to click through SSL warnings
Media connect to home base with VPN

98
Social Engineering

There was much food for thought in the manner in
which he replied. He came near to convincing
them by disdaining to produce proofs.
-The Red Badge of Courage

99
Social Engineering

http//en.wikipedia.org/wiki/The_Yes_Men
Set up a fake WTO website. Invited to speak on
behalf of the WTO at events, including a CNBC
news program.
Successfully impersonated a Dow Chemical
spokesman on BBC television, at a London banking
conference, and at Dows annual shareholder
meeting
In this case study, attacker could speak at
event, or could fool the media into printing
lies.
How to prevent this?

100
Preventing social engineering