Sunday, July 29, 2012

Lights, Camera, Action Plan!

Week 8 of 'Current Trends in Cybersecurity' has us working on a Threat Action Plan for the fictional Harry & Mae's organization.  This week I am to reflect on the hardest part of working out the Action Plan.

For me the hardest part of working on the Harry and Mae Case Study to provide threat, vulnerabilities, and risk analysis is trying to find the happy medium of demonstrating that I understand the material without going overboard.  Done properly (as if Harry & Mae's were a true world client), the Threat Action Plan would likely be somewhere in the ballpark of 80 pages long.

There are a lot of references out there to draw from, to include NIST pubs and CISSP material, but  my biggest problem is trying to grasp what is really required for these assignments.  I could spend another 40 hours sifting through NIST documents, and another 40 hours using ALE (SLE * ARO) calculations to present something that demonstrates a strong grasp of how to approach this case study, but I'm not sure if something along those lines are required, or if it'd be overkill. 

The material for the other class I'm currently enrolled in (Ethical Hacking and Response) is very familiar, so it frees me up to really focus on this class.  Again, the challenge for me this week is to know where to draw the line on identifying threats/vulnerabilities/risks; for example, identifying threats/vulnerabilities/risks associated with a Cisco Nexus 7000 Switch could take a week by itself, so I've opted to provide a few simple examples for each area I'm addressing and hope that it's enough to meet the requirement and demonstrate that I have a grasp of what we're attempting to achieve.

Sunday, July 22, 2012

Technical Aspects of CyberSecurity


There's a plethora of Cyber Security tools available on the Internet, but I've come up with a top 10 list of my favorite tools which I feel are beneficial for any Cybersecurity Professional.

·         The Cyber Security Evaluation Tool (CSET):  A Department of Homeland Security (DHS) that aids organizations in protecting their cyber assets.  Loaded with a variety of standards (NIST, NERC, ISO, DoD, etc), that can be selected and used to scan security assurance levels of systems.  The software generates a detailed report which indicates areas that can be improved.  
 

·         Microsoft Security Essentials:  A free tool provided by Microsoft to aid in protecting against viruses, spyware, and other malicious software.  Easy to install, update, and runs in the background so it's not intrusive to end-users.


·         Ad-Aware Free Antivirus+:  Free Anti-spyware and Ant-Virus software; features download protection, sandboxing, and advanced detection.


·         RootkitRemover:  A free, stand-alone McAfee product which is used to detect and remove complex rootkits and associated malware.  


·         Wireshark:  A free, open-source network protocol analyzer.  Wireshark is a great tool for network troubleshooting and analysis.  It's user-friendly with a graphical frond-end.


·         NMAP:  A free and open-source tool for network discovery and security auditing.  This is a must have tool for Cyber Security.  


·          Leviathan Auditor:  A network auditing and penetration tool which works on (and against) Microsoft machines.  Leviathan can enumerate: users, local groups, shares, hidden shares, transports, installed services, registry and more.


·         THC-Hydra:  A free, open-source network logon cracker.  Easy to use and one of the faster network logon crackers.


·         Cain & Abel:  A password recovery tool for Microsoft operating systems.  Can be used to sniff networks, crack encrypted passwords via dictionary, brute force, and cryptanalysis attacks.  It can also capture VoIP conversations, decode scrambled passwords, capture and crack wireless networking keys.


·         BackTrack Linux:  Hands down my favorite technical security tool.  BackTrack is the one-stop-shop of security tools.  It can be installed to a PC or run from a Live CD distribution.  Installing BackTrack, and utilizing Metasploit, NMAP, and Nessus, and it's one of the greatest tools a security professional could hope for!   

Also, two great sites to peruse for an abundance of tools (many of them free) are:

-and-




References:

Ad-Aware Free Antivirus+.  Retrieved 22 July, 2012, from: http://www.lavasoft.com/products/ad_aware_free.php?t=overview

Backtrack Linux:  Retrieved 22 July, 2012, from: http://www.backtrack-linux.org/

Cain & Able.  Retrieved 22 July, 2012, from: http://www.oxid.it/cain.html

Control Systems Security Program (CSSP): CSET.  Retrieved 22 July, 2012, from: http://www.us-cert.gov/control_systems/satool.html

Leviathan Auditor.  Retrieved 22 July, 2012, from: http://leviathan.sourceforge.net/

Microsoft Security Essentials.  Retrieved 22 July, 2012, from: http://windows.microsoft.com/en-US/windows/products/security-essentials

NMAP.  Retrieved 22 July, 2012, from: http://nmap.org/

RootkitRemover.  Retrieved 22 July, 2012, from: http://www.mcafee.com/us/downloads/free-tools/rootkitremover.aspx

SecTools.org: Top 125 Network Security Tools.  Retrieved 22 July, 2012, from: http://sectools.org/

THC-Hydra.  Retrieved 22 July, 2012, from: http://freeworld.thc.org/thc-hydra/

Wireshark.  Retrieved 22 July, 2012, from: http://www.wireshark.org/

Sunday, July 15, 2012

What's in your wallet?

Nikhil Kolbekar, aka HellsAngel, was arrested in Mumbai, India on the 11th of July.  Eric Bogle, aka Swat Runs Train, was taken into custody in Canada and Justin Mills, aka xTGxKAKAROT, was taken into custody in Colorado.

Kolbekar and Bogle are suspected of selling complete credit card information, to include: names, addresses, social security numbers, birth dates, and bank account information.

Kolbekar also sold remote desktop protocol (RDP) access data that could be used to break into computers and steal credit card information and identity information from PCs located in Turkey, India, CZech Republic, Brazil, Germany, France, Italy, Spain, Sweden, and other countries.

Kolbekar was brought before Esplanade Court last Thursday and has remained in judicial custody.  He will be brought before the Patiala House court in Delhi on the 25th of this month, and the US is pushing for his extradition through Interpol.

Janice K. Fedarcyk, the assistant director in charge of the New York FBI said that cross-border law-enforcement operation is targeting "highly organized cyber criminals" and their focus is to "root out criminal behavior on the Internet."  Fedarcyk says that the arrests in India, Canada, and the US are all part of Operation Card Shop, and that these arrests serve as an example that cyber criminals will be stopped even if they cross boarders. 

Operation Card Shop is an international operation aimed at catching those involved in the buying and selling of stolen identities, exploited credit cards, counterfeit documents, and sophisticated hacking tools.  27 people have been arrested since 26 June, 2010 as part of this ongoing operation.

It's exciting to see that there's something is being done to crack down on identity and credit card theft, but looking at the numbers, 27 arrests in a little over two years doesn't seem that hefty, but if these individuals are major players in operations the numbers may not be as important as the message that it sends to those who are involved in this type of criminal activity. 


References:

Hacker wanted by FBI arrested (2012):  Retrieved 15 July, 2012, from:  http://www.indianexpress.com/news/hacker-wanted-by-fbi-arrested/973844/

Manhattan U.S. Attorney And FBI Assistant Director-In-Charge Announce Additional Arrests As Part Of International Cyber Crime Takedown.  Retrieved 15 July, 2012, from: http://www.justice.gov/usao/nys/pressreleases/july12/cardshopfollowup.html

THN Security Analyst (2012).  Hacker wanted by FBI held in India for carding crimes.  Retrieved 15 July, 2012, from: http://thehackernews.com/2012/07/hacker-wanted-by-fbi-held-in-india-for.html

Monday, July 9, 2012

Reviewing List of Sources

A few weeks ago I came up with a list of sources that I feel are useful for vulnerability research:
This week I consider the following: Are these the actual sources that I am using in my current class? Are there any additional sources I've discovered? Any that I have decided would not be good to use?
To answer the first question: Are these actual sources that I am using in my current class?

The sites that I feel I am getting the most use out of are: nvd.nist.gov, cve.mitre.org, and exploit-db.com.

Second question: are there any additional sources that I've discovered?  No, with such an extensive list already compiled, haven't had the time or need to seek out additional sources this week.

Third question: Any that I have decided not to use?  In regards to looking for specific vulnerabilities, I would say that I would use the three that I've listed in my first answer, and the rest would simply be used for situational awareness of new vulnerabilities that are being talked about online.