security holes and vulnerabilities in corporate network_pre null meet kolkata
TRANSCRIPT
Security Holes and Vulnerabilities in
Corporate network
- AMIYA DUTTA
In-General Corporate IT Infra 2
Critical Systems have two basic properties
1. Integrity
2. Availability
Protecting a corporate network requires reduction the attack
surface
Main attack-vector on a corporate network - User Computers
connected to the Internet on that network
Its much easier to protect critical systems than workstations
3
Possible attack vectors that do not require any
administrator rights.4
Local attacks
Attacker gets full access to the memory of all processes running under
the user account.
Attackers often use more secretive methods to bypass Antivirus
Detection
Domain attacks
Domain authentication mechanisms provide the user with access to
various network services on a corporate network.
Allows attackers to access all network folders and disks available to the
user, shared-internal-resources via the intranet and sometimes even
access other workstations on the same network segment.
5
Possible vectors for an attack launched on a corporate
network from an infected computer within it.
After gaining control over a user system in a corporate network,
subsequent events form three consecutive stages –
Establishing foothold in the system
Analysing the environment
Propagating malware
6
7
Gaining a Foothold in the System
Attackers download utilities and malware to the victim computer
within a few hours or minutes.
Utilities are required to collect information about the system and its
installed software, search for files and data, establish a connection
to the C&C, steal login credentials, brute-force passwords, escalate privileges, infect a system, intercept network traffic, scan network
devices etc.
Depending on the network configuration, firewall policies and
IDS/IPS settings, attackers might use direct or reverse connection.
8
Environment analysis
Information about the operating system and its configuration,
updates installed for software, and security tools needs to be
collected
Helps in selecting the most effective utilities and exploits
9
Propagation
Launching malicious code from under a domain account belonging
to a user of an infected system
using a keylogger and easily get hold of the login credentials to the
domain account as well as other services that do not maintain
domain authorization
attempt to take advantage of vulnerabilities in the mechanisms for
storing and checking credentials, or brute-force the password
10
Top 5 Common Network Vulnerabilities
Missing patches
Weak or default passwords
Misconfigured firewall rulebases
Mobile devices
USB Flash Drives
11
12