1 / 94

A CLOUD BASED AND CONVENTIONAL APPROACH

A CLOUD BASED AND CONVENTIONAL APPROACH. IW -. by Manu Zacharia MVP (Enterprise Security), ISLA-2010 (ISC)² C | HFI , C | EH, CCNA, MCP, AFCEH, Certified ISO 27001:2005 Lead Auditor Director – Information Security Millennium Consultants. “ Aut viam inveniam aut faciam ” Hannibal Barca.

leighanna
Download Presentation

A CLOUD BASED AND CONVENTIONAL APPROACH

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. A CLOUD BASED AND CONVENTIONAL APPROACH IW - byManu Zacharia MVP (Enterprise Security), ISLA-2010 (ISC)² C|HFI , C|EH, CCNA, MCP, AFCEH, Certified ISO 27001:2005 Lead Auditor Director – Information Security Millennium Consultants “Aut viam inveniam aut faciam ” Hannibal Barca

  2. #whoami • I am an Information Security Evangelist • For paying my bills – I work as Director – Information Security – US Based Consultants. • Awards • Information Security Leadership Achievement Award from International Information Systems Security Certification Consortium - (ISC)² • Microsoft Most Valuable Professional (Enterprise Security) • Author of a Book – Intrusion Alert – An Ethical Hacker’s Guide to Intrusion Detection Systems

  3. #whoami • Developed an Operating System from Linux kernel – Matriux – (www.matriux.com) - Asia’s First OS for Hacking, Forensics and Security testing – Open Source & Free  • Some certifications: • Certified Ethical Hacker (C|EH) • Certified Hacking Forensics Investigator (C|HFI) • Cisco Certified Network Associate • Microsoft Certified Professional • Certified ISO 27001:2005 Information Security Management Systems Lead Auditor • Extend service to police force as Cyber Forensics Consultant

  4. #whoami • Teaching?? – no!!!!! – I don’t teach, I just train and preach: • Indian Navy - Signal School , Centre for Defense Communication and Electronic and Information / Cyber Warfare • Centre for Police Research, Pune • Institute of Management Technology (IMT) – Ghaziabad • IGNOU M-Tech (Information Systems Security) – and also an Expert Member – Curriculum Review Committee • C-DAC, ACTS (DISCS (the tiger team) & DSSD (hard core guys)) • Other International Assignments & Hacking Conferences

  5. Disclaimer(s) • The opinion here represented are my personal ones and do not necessary reflect my employers views. • Registered brands belong to their legitimate owners. • The information contained in this presentation does not break any intellectual property, nor does it provide detailed information that may be in conflict with actual Indian laws (hopefully...) :)

  6. Question • So what is Cloud Computing? • Do you know what is EC2 and S3? • How these services could be exploited?

  7. contents INTRODUCTION UNDERSTANDING IW EXPLOITING THE CLOUD CLOUD FORENSICS CONCLUSION

  8. DO YOU KNOW THIS?

  9. INFORMATION WARFARE • Clue: • Kendo (kumdo in korean)

  10. INFORMATION WARFARE • 風- Swift as the wind • 林- Quiet as the forest • 火- Conquer like the fire • 山- Steady as the mountain

  11. INFORMATION WARFARE • Battle strategy and motto of Japanese feudal lord Takeda Shingen( 武田信玄 )(1521–1573 A.D.). • Twenty-Four Generals - famous groupings of battle commanders • (Takeda Nijūshi-shō )武田二十四将

  12. INFORMATION WARFARE • Came from the Art of War by Chinese strategist and tactician Sun Tzu (Sunzi) • A sort of abbreviation to remind officers and troops how to conduct battle

  13. INFORMATION WARFARE • This is what we need in information warfare

  14. INFORMATION WARFARE • “actions taken to achieve information superiority by affecting adversary information, information-based processes, information systems, and computer based networks while defending one's own” • The U.S. Joint Chiefs of Staff

  15. INFORMATION WARFARE • “ Information warfare is the use and management of information in pursuit of a competitive advantage over an opponent. ” • WIKIPEDIA

  16. TWO SCHOOLS • Two schools of thoughts exists: • Military business • By some other agencies with the involvement of military

  17. FORMS OF IW • Bringing down of financial infrastructure like banks and stock exchange • Enemy communication network spoofing and disabling • Jamming of TV / Radio • Hijacking of TV / radio for disinformation campaign

  18. TYPES OF PLAYERS • State • State sponsored agencies / groups • Terrorists • Underground war-lords and groups • Individuals ‘n’ script kiddies

  19. What’s the latest happening? • What’s happening in the Indian Web Space – last 45 days? • 14 Aug–Independence day of Pakistan • Underground cracking groups • http://www.pakcyberarmy.net/ • http://www.pakhaxors.com/forum.php

  20. What’s the latest happening? • The Two Pakistani Cracker Groups reportedly attacked & defaced a dozen of Indian Websites including: • http://mallyainparliament.in/ and • http://malegaonkahero.com/

  21. What’s the latest happening?

  22. Even the PM was not spared

  23. What’s the latest happening? • On 15 Aug – In return an Indian underground group called as Indian Cyber Army (http://indishell.in) attacked & defaced around 1226 websites of Pakistan.

  24. MISSION STATEMENT • Mission Statement - IN • “Naval orientation and training of recruits to enable accomplishment of their immediate task with self-assurance”.

  25. MISSION STATEMENT • Mission statement – IAF • “The mission of the Flight Safety organization of the IAF is to ensure operational capability by conserving human and material resources through prevention of aircraft accidents.”

  26. mission

  27. LOOK AROUND? • UK CyberSafe Command • PLA – Chinese PLA • What happened last December – Jan?

  28. MANCHURIAN ATTACK

  29. what is cloud computing? • Cloud computing is Internet-based computing, whereby shared resources, software and information are provided to computers and other devices on-demand, like a public utility.

  30. cloud in simple terms • Uses the internet and central remote servers to maintain data and applications. • Allows consumers and businesses to use applications without installation and access their personal files at any computer with internet access.

  31. 3 types of cloud services • IaaS - Infrastructure-as-a-Service • PaaS - Platform-as-a-Service • SaaS - Software-as-a-Service

  32. THE CLOUD • Five essential characteristics: • on-demand self-service, • broad network access, • resource pooling, • rapid elasticity, and • measured service

  33. EC2 • Amazon Elastic Compute Cloud (Amazon EC2) • A web service that provides resizable compute capacity in the cloud

  34. EC2 - wikipedia • Allows users to rent computers on which to run their own computer applications. • A user can boot an Amazon Machine Image (AMI) to create a virtual machine, which Amazon calls an "instance", containing any software desired.

  35. EC2 - wikipedia • A user can create, launch, and terminate server instances as needed, paying by the hour for active servers, hence the term "elastic".

  36. S3 • Amazon S3 (Simple Storage Service) is an online storage web service offered by Amazon Web Services. • Provides unlimited storage through a simple web services interface

  37. S3 • $0.15 per gigabyte-month • 102 billion objects as of March 2010

  38. POWER OF CLOUD • The New York Times used Amazon EC2 and S3 to create PDF's of 15M scanned news articles. • NASDAQ uses Amazon S3 to deliver historical stock information.

  39. EXPLOITING CLOUD • Sample Task • Break PGP passphrases • Solution • Brute forcing PGP passphrases

  40. EXPLOITING CLOUD • Try – ElcomSoft Distributed Password Recovery (with some patches to handle PGP ZIP) • Two elements - EDPR Managers & EDPR Agents

  41. EXPLOITING CLOUD • On a fast dual core Win7 box - 2100 days for a complex passphrase. • Not acceptable – too long • Lets exploit the cloud.

  42. EXPLOITING CLOUD • First things first – Create an Account on Amazon. Credit Card Required  • Install Amazon EC2 API Tools on your linux box. • sudo apt-get install ec2-api-tools

  43. EXPLOITING CLOUD • Select an AMI (Amazon Machine Image) • Example - use a 32 bit Windows AMI - ami-df20c3b6-g

  44. EXPLOITING CLOUD • Start an instance from the Linux shell as follows: • ec2-run-instances -k ssh-keypair ami-df20c3b6-g default

  45. EXPLOITING CLOUD • Once the instance is up and running, we enumeratedthe instance ID and public IP address of the running instance with the command • ec2-describe-instances

  46. EXPLOITING CLOUD • Wait for the instance status has to change from “pending” to “running” • Extract the admin password for the instance • ec2-get-password -k ssh-keypair.pem $instanceID

  47. EXPLOITING CLOUD • Configure EC2 firewall to permit inbound RDP traffic to the instance. • ec2-authorize default -p 3389 -s $trusted_ip_address/32

  48. EXPLOITING CLOUD • Configure the firewall in front of the EDPR manager system to permit TCP/12121 from anywhere. • RDP into the instance & configure EDPR

  49. EXPLOITING CLOUD • Use the administrator password obtained from the ec2-get-password command to login to the instance.

  50. EXPLOITING CLOUD • Install EDPR Agent, • Configure the Agent to connect to the Manager. • 3 points to configure mainly

More Related