burp-suite-scan Powerpoint
pgw-burpsuite Word document
ITACS 5211: Introduction to Ethical Hacking
Wade Mackay
burp-suite-scan Powerpoint
pgw-burpsuite Word document
In an effort to better combat cyber attacks IBM built a simulated version of the entire internet in a data center located in Massachusetts coined the “cyber range”. The cyber range is manned by former security experts from federal law enforcement and intelligence agencies. The cyber range is capable of simulating live malware, ransomware and other hacking tools type of cyber attacks. The end goal is to better prepare clients to recover from large scale cyber attacks. According to IBM many IT and security professional who they surveyed do not have an incident response plan in place. No one can stop all cyber attacks but having an incident response plan in place could be the deciding factor in determining if your business succeeds or fail if faced with that situation.
http://www.pcmag.com/news/349629/ibm-built-a-copy-of-the-internet-for-mock-cyberattacks
The Internet of Things is changing how we look at securing our home networks, gone are the days of just installing antivirus software on your pc and feeling secure. We now have to look at all the devices connected to our home network as a possible entry point for a cyber attack. Gryphon’s wireless router aims to fill this void by offering a technology that monitors smart thermostats, webcams, and other internet-connected devices for unusual activity. Similar to how businesses have hardware/software to monitor their networks for traffic. A perfect example of why this type of device is now needed is the DDOS attack a few weeks back that crippled internet activity for the northeast region of the united states before moving west. The DDOS attack took advantage of wireless devices on home networks to launch an attack on popular websites. I see this as a positive step in the IoT age.
http://www.bloomberg.com/news/articles/2016-11-10/the-wi-fi-router-that-sniffs-out-cyber-attacks
https://www.hackread.com/ddos-attacks-on-apartments-heating-system/
Here is an example of how incorporating IoT into our everyday lives could have a crippling effect on us. An apartment building in the city of Lappeenranta in Finland, had its heating system hit with a DDOS attack causing residents to lose heat and hot water. Luckily on the day of the attack, the temperature was 20℉. Lappeenranta is known to have temperatures go as low as -25℉ in the winter.
This article is a perfect example of upper management not taking IT security seriously. Even though this article is 2 years old it shows a blatant act on Home Depot’s part not to address known security issues. Home Depot cyber security team presented concerns to management back in 2008 and they were slow to respond, resulting in 56 million credit cards being compromised four years later. You would have thought after the Target data breech; Home Depot would have tightened up their act.
http://www.theverge.com/2014/9/20/6655973/the-home-depot-reportedly-ignored-warnings-from-its-own-cybersecurity-team
National researchers in Australia developed a hack proof computer code called microkernel. It is the barest bone of an operating system. By keeping an operating system as simple as possible, the harder it is to crack because you eliminate vulnerabilities in the system. We are now in the Internet of Things age where most of the devices we have connects to the internet, making them susceptible to hacking. Recently in the news we seen how hackers were able to take control of cars, could you imagine how dangerous that could be if someone was driving on a highway at 65mph and someone hacked into their car and took control of the vehicles acceleration and braking. Better yet an Airplane with hundreds of people on board. The more we introduce technology into our everyday lives we increase the risk of vulnerabilities that someone can exploit. If these researchers could develop a hack proof code they will change the world of technology as we know it.
This news couldn’t have hit yahoo at a worse time, with already falling stock prices and currently in negotiation with Verizon for its purchase. Yahoo’s market value just took another big hit. Yahoo was made aware of the breach in July and at that time it was speculated that 200 million accounts were compromised. Yahoo should have started damaged control then, two months later an additional 300 million accounts are added.
http://money.cnn.com/2016/09/22/technology/yahoo-data-breach/index.html
With the growing demand for BYOD (Bring Your Own Device) as a possible cost saving measure for many companies, IT networking and security groups have to properly plan for this new IT model. To the untrained eye this might look like a great idea to cut IT costs but in the long run it could cost a company much more than what they saved on pc hardware. Some things to consider: 1) how to properly ensure all pc’s have some form of virus protection, 2) are pc’s being kept up to date with security patches and updates, 3) will BYOD be centrally managed.
Even though this is a novel idea, it’s also a hacker’s playground for mischief once the door is open for them to gain access to your network. This article gave great pointers on processes one should consider if choosing to go down this path. For instance: 1) Create a structured network segmentation strategy, 2) Limit access to systems through a single point and apply fine-grained access controls, 3) Increase authentication to corporate resources, 4) Manage your devices.
I’m currently at this same crossroad in my current position as Director of Desktop Support and Systems Administration. We are seeing the push for people to work from home and also bring those same mobile devices into work to gain access to network resources. The work from home part isn’t new. We currently use VPN tunneling and depending on network access required a RSA token is assigned. What is new is if we will allow BYOD on to our physical network.
Note: Deleted graphic to eliminate authentication request
“Hacking Air – Gapped Networks”, this article blew my mind. The level at which these researchers and ethical hackers used to exfiltrate data from pc’s isolated from the internet is unbelievable. They were able to collect data using acoustic sounds, electromagnetic waves, sound waves and even heat emissions generated by the pc’s. The sole purpose of implementing an air gap network is to ensure your network is secure and out of reach from an unsecure network. I would have never imagine using the above methods to capture information such as encryption keys, usernames and password in such a manner.
This article was really an eye opener and just made this class even more exciting/interesting to be in.
http://resources.infosecinstitute.com/hacking-air-gapped-networks/