David Maynor, Lance James, Spammer-X, Tony Bradley, Frank Thornton, Brad Haines, Brian Baskin,Thomas Porter
Anand M. Das, Hersh Bhargava, Jeremy Faircloth, Craig Edwards, Michael Gregg, Ron Bandes, Paul Piccard
 |
| Emerging Threat Analysis: From Mischief to Malicious |
Acknowledgments
Syngress would like to acknowledge the following people for their kindness and support in making this book possible. Syngress books are now distributed in the United States and Canada by O’Reilly
Media, Inc.The enthusiasm and work ethic at O’Reilly are incredible, and we
would like to thank everyone there for their time and efforts to bring Syngress
books to market:Tim O’Reilly, Laura Baldwin, Mark Brokering, Mike Leonard,
Donna Selenko, Bonnie Sheehan, Cindy Davis, Grant Kikkert, Opol Matsutaro,
Steve Hazelwood, Mark Wilson, Rick Brown,Tim Hinton, Kyle Hart, Sara Winge,
C. J. Rayhill, Peter Pardo, Leslie Crandell, Regina Aggio, Pascal Honscher, Preston
Paull, Susan Thompson, Bruce Stewart, Laura Schmier, Sue Willing, Mark Jacobsen,
Betsy Waliszewski, Kathryn Barrett, John Chodacki, Rob Bullington,Aileen Berg, and Wendy Patterson.
The incredibly hardworking team at Elsevier Science, including Jonathan Bunkell,
Ian Seager, Duncan Enright, David Burton, Rosanna Ramacciotti, Robert
Fairbrother, Miguel Sanchez, Klaus Beran, Emma Wyatt, Chris Hossack, Krista
Leppiko, Marcel Koppes, Judy Chappell, Radek Janousek, and Chris Reinders for
making certain that our vision remains worldwide in scope.
David Buckland, Marie Chieng, Lucy Chong, Leslie Lim,Audrey Gan, Pang Ai
Hua, Joseph Chan, and Siti Zuraidah Ahmad of STP Distributors for the enthusiasm with which they receive our books.
David Scott,Tricia Wilden, Marilla Burgess,Annette Scott,Andrew Swaffer, Stephen
O’Donoghue, Bec Lowe, Mark Langley, and Anyo Geddes of Woodslane for distributing our books throughout Australia, New Zealand, Papua New Guinea, Fiji,
Tonga, Solomon Islands, and the Cook Islands.
Syngress Publishing, Inc.
800 Hingham Street
Rockland, MA 02370
Contents
Foreword . . . . . . . . .. . . . . . . . . xxix
Part I VoIP. . . . . . . . . . . . . . . 1
Chapter 1 Threats to VoIP Communications Systems
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Denial-of-Service or VoIP Service Disruption . . ..4
Call Hijacking and Interception . . . . . . . . . . . ..12
ARP Spoofing . . . . . . . . . . . . . . . . . . . . . . . . . .15
H.323-Specific Attacks . . . . . . . . . . . . . . . . . . . 20
SIP-Specific Attacks . . . . . . . . . . . . . . . . . . . .. .21
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ..22
Solutions Fast Track . . . . . . . . . . . . . . . . . . . . . .23
Frequently Asked Questions . . . . . . . . . . . . . . . .25
Chapter 2 Validate Existing Security Infrastructure for VoIP
Introduction . . . . . . . . . . . . . . . . . . .28
Security Policies and Processes . . . . 29
Physical Security . . . . . . . . . . . . . . ..41
Perimeter Protection . . . . . . . . . . ..43
Closed-Circuit Video Cameras . . . . .43
Token System . . . . . . . . . . . . . . . . .44
Wire Closets . . . . . . . . . . . . . . . . . . .45
Server Hardening . . . . . . . . . . . . . . .45
Eliminate Unnecessary Services . . .. .46
Logging . . . . . . . . . . . . . . . . . . . . . .47
Permission Tightening . . . . . . . . . . .48
Additional Linux Security Tweaks . . .51
Activation of Internal Security Controls . .53
Security Patching and Service Packs . . . .57
Supporting Services . . . . . . . . . . .58
DNS and DHCP Servers . . . . . . .58
LDAP and RADIUS Servers . . . .60
NTP . . . . . . . . . . . . . . . . . . . . . .61
SNMP . . . . . . . . . . . . . . . . . . . . .61
SSH and Telnet . . . . . . . . . . . . . .62
Unified Network Management . . .63
Sample VoIP Security Policy . . . .64
Purpose . . . . . . . . . . . . . . . . . . . .64
Policy . . . . . . . . . . . . . . . . . . . . .65
Physical Security . . . . . . . . . . . . .65
VLANs . . . . . . . . . . . . . . . . . . . .65
Softphones . . . . . . . . . . . . . . . . .65
Encryption . . . . . . . . . . . . . . . .. .65
Layer 2 Access Controls . . . . . .66
Summary . . . . . . . . . . . . . . . . . .67
Solutions Fast Track . . . . . . . . ..68
Frequently Asked Questions . . . 70
Chapter 3 Recommendations for VoIP Security
Introduction . . . . . . . . . . . . . . . . . . . . . . . 74
Reuse Existing Security Infrastructure Wisely . . .75
Security Policies and Processes . . . . . . . . .75
Physical Security . . . . . . . . . . . . . . . . . . . .76
Server Hardening . . . . . . . . . . . . . . . . . . . 77
Supporting Services . . . . . . . . . . . . . . . . . 78
Combine Network Management Tools and Operations 78
Confirm User Identity . . . . . . . . . . . . . . . . 79
802.1x and 802.11i . . . . . . . . . . . . . . . . . .81
Public Key Infrastructure . . . . . . . . . . . . . 81
Active Security Monitoring . . . . . . . . . . . ..82
NIDS and HIDS . . . . . . . . . . . . . . . . . . . .82
Logging . . . . . . . . . . . . . . . . . . . . . . . . . .83
Penetration and Vulnerability Testing . . . . ..83
Logically Segregate VoIP from Data Traffic . .84
VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . .84
QoS and Traffic Shaping . . . . . . . . . . . . . .86
Firewalls . . . . . . . . . . . . . . . . . . . . . . . . .86
NAT and IP Addressing . . . . . . . . . . . . . .88
Access Control Lists . . . . . . . . . . . . . . . . .88
Encryption . . . . . . . . . . . . . . . . . . . . . . .. .89
Regulations . . . . . . . . . . . . . . . . . . . . . . . .89
Summary . . . . . . . . . . . . . . . . . . . . . . . .91
Of Layers, Compartments, and Bulkheads . . .91
Specific Recommendations . . . . . . . . . . .91
Solutions Fast Track . . . . . . . . . . . . . . .94
Frequently Asked Questions . . . . . . . . 100
Chapter 4 Skype Security
Introduction . . . . . . . . . . . . . . . . . . . .104
Skype Architecture . . . . . . . . . . . . . . ..105
Features and Security Information . . . ..107
Instant Messaging . . . . . . . . . . . . . . . ..107
Encryption . . . . . . . . . . . . . . . . . . . . . 108
Chat History . . . . . . . . . . . . . . . . . . . ..109
Skype Calls(Voice Chat) . . . . . . . . . . . 109
Group Chat . . . . . . . . . . . . . . . . . . . . ..110
File Transfer . . . . . . . . . . . . . . . . . . . . .112
Malicious Code . . . . . . . . . . . . . . . . . .113
Client Security . . . . . . . . . . . . . . . . . . .114
Summary . . . . . . . . . . . . . . . . . . . . . . .117
Solutions Fast Track . . . . . . . . . . . . . . .118
Frequently Asked Questions . . . . . . . ..120
Part II Malware
Chapter 5 The Transformation of Spyware
Introduction . . . . . . . . . .126
The Humble Beginnings . . .126
Targeted Marketing . . ..126
Hitting the Internet Target . ..128
Selling Software . . . . . . . . .128
Adware Evolves . . . . . . . . .129
Making a Name for Itself . ..131
All Roads Lead to Microsoft . .131
The Making of a Buzzword . . .131
The Early Effects of Spyware . 131
Early Means of Prevention . . . 132
Spyware in the Twenty-First Century .134
How Spyware Has Evolved . . 134
Increased Use of Spyware
in the Commission of Criminal Acts . .135
Antispyware Legislation . . . . . . . . . . 136
The Future of Spyware . . . . . . . . . . .138
Summary . . . . . . . . . . . . . . . . . . . . . 139
Solutions Fast Track . . . . . . . . . . . . .139
Frequently Asked Questions . . . . .141
Chapter 6 Spyware and the Enterprise Network
Introduction . . . . . . . . .144
Keystroke Loggers . .. .145
How Keystroke Loggers Work . . .146
Known Keystroke Loggers . .149
KeyGhost . . . . . . . . .149
KEYKatcher/KEYPhantom. .150
Invisible KeyLogger Stealth .151
Spector . . .151
Boss EveryWhere . . .152
Known Exploits . . .. .153
Trojan Encapsulation . . . . . .155
How Spyware Works with Trojan Horses .155
Known Spyware/Trojan Software . . .157
D1Der . . . . . . . . . . . . . . . . .157
Sony Digital Rights Management . 157
Kazanon . . . . . . . . . . . . . . .158
Spyware and Backdoors . . . . . . .159
How Spyware Creates Backdoors . .159
Known Spyware/Backdoor Combinations .160
A Wolf in Sheep’s Clothing: Fake Removal Tools ..162
Summary . . . . . . . . . .. .164
Solutions Fast Track ... .164
Frequently Asked Question .165
Chapter 7 Global IRC Security
Introduction . . . . . . . . . . . . .168
DDoS Botnets Turned Bot-Armies . .168
Methods of Botnet Control . . . . . . . .169
Reprisals . . . . . . . . . . . . . . . .172
The ipbote Botnet:A Real World Example .173
Information Leakage . . . . . . .175
Copyright Infringement . . . . .176
Other Forms of Infringement . . . .176
Transfer of Malicious Files . . . . .179
How to Protect Against Malicious File Transfe...181
What to Do if a Malicious File Infects Your Network . .182
Prevention of Malicious File Sends in the Client. . .182
DCC Exploits . . . . . . . . . . . . .182
Firewall/IDS Information . . . . .183
Port Scans . . . . . . . . . . .. . .183
IDS . . . . . . . . . . . . . . . . . . .183
Summary . . . . . . . . . . . . . . .185
Solutions Fast Track . . . . . .185
Frequently Asked Questions .187
Chapter 8 Forensic Detection and Removal of Spyware
Introduction . . . . . . .190
Manual Detection Techniques . . .190
Working with the Registry . . . . . 190
Start-Up Applications . . . .. .193
File Association Hijacking . . . . .195
Detecting Unknown Processes . . . . .196
Researching Unknown Processes . . . . .199
Detecting Spyware Remnants . . . . .202
Temporary File Caches . . . . .202
Windows System Restore . . . . .203
Windows File Protection . . . . .205
Windows Hosts File . . . . .205
Internet Explorer Settings . . . . .207
Detection and Removal Tools . . . . .208
HijackThis . . . . .208
Reviewing HijackThis Results. . . . .210
Reviewing a HijackThis Sample Log. . . . .213
Removing Detected Items. . . . .218
HijackThis Miscellaneous Tools. . . . .219
a2 HiJackFree. . . .220
InstallWatch Pro. . . .223
Performing a Scan with
the InstallWatch Pro Wizard. . . .225
Performing a Scan without
the InstallWatch Pro Wizard . . .228
Reviewing InstallWatch Pro Red... . .228
Unlocker . . . .230
VMware . .. .232
Snapshots . . . .235
Enterprise Removal Tools . .. .235
BigFix Enterprise Suite . . .235
FaceTime . . .238
Websense Web Security Suite . .. .238
Summary . . .240
Solutions Fast Track . . ..242
Frequently Asked Questions . . .243
Part III Phishing and Spam
Chapter 9 Go Phish!
Introduction . . . . .248
The Impersonation Attack. . . .. .250
The Mirror . . . . .250
Setting Up the Phishing Serve. . . . .254
Setting Up the Blind Drop . . . . .259
Preparing the Phishing E-Mail . . . . ..262
Preparing the Con. . . . . .266
Results . . . . .270
The Forwarding Attack. . . .. .270
E-Mail Preparation . ... . .271
The Phishing Server and the Blind Drop . ... . .273
Preparing the Con . . . . .274
Results . . . . .276
The Popup Attack . . . . .276
Setting Up the Phishing Server .. .278
E-Mail Preparation . .. .281
Preparing the Con . . . .282
Results .. . .285
Summary . .. . .286
Solutions Fast Track .. . .286
Frequently Asked Questions. .288
Chapter 10 E-Mail:
The Weapon of Mass Delivery
Introduction . . . . . .290
E-Mail Basics . . . . . .290
E-Mail Headers . . . . . .290
Mail Delivery Process . . . . . .294
Anonymous E-Mail . . . . . .299
Forging Our Headers . . . . . .302
Open Relays and Proxy Servers . . . . . .303
Proxy Chaining, Onion Routing, and Mixnets . . ... . .306
E-mail Address Harvesting . . . . . .310
Harvesting Tools,Targets, and Techniques . . . . . .311
Hackers and Insiders . . . . . .320
Sending Spam . . . . . .320
The Tools of the Trade . . . . . .321
The Anti-Antispam . . . . . .323
Summary . . .. . .329
Solutions Fast Track . . . . . .330
Frequently Asked Questions . . ... . .332
Chapter 11 How Spam Works . . . . 335
Who Am I? . . . . .336
The Business of Spam . . . . .336
Spam in the Works:A Real-World Step-by-Step Example . .338
Setting the Stage . . . .340
The E-mail Body . . . . .342
Chapter 12 Sending Spam. . . . . 349
The Required Mindset to Send Spam . . . . .350
Methods of Sending Spam . . ... .351
Proxy Servers . . . . .351
Simple Mail Transfer Protocol Relays . . . . .355
Spam-Sending Companies . . . . .357
Botnets . . . . .358
Internet Messenger Spam . . . . .364
Messenger Spam . . . . .366
Common Gateway Interface Hijacking . . . .368
Wireless Spam . . . . .375
BGP Hijacking and Stealing IP blocks . . . .377
Chapter 13 Your E-mail:Digital Gold
What Does Your E-mail Address Mean to a Spammer? . . . .384
Hackers and Spammers:Their United Partnership . . . .386
Harvesting the Crumbs of the Internet . . . .389
Network News Transfer Protocol . . .390
Internet Relay Chat Harvesting . . . .392
whois Database . . . .393
Purchasing a Bulk Mailing List . . .395
Mass Verification . . .397
Inside Information . . .402
Chapter 14 Creating the Spam Message and Getting It Read
Jake Calderon? Who Are You? . . .406
How to Sell a Product . . .407
Formats and Encoding . . .411
Plaintext Encoding . . .411
Rich Text . . .413
HTML . . . . . . . .413
Collecting Hidden Data . .416
Unsubscribe and Opt-out Links . . .417
Random Data . . .420
Hosting Content . . .422
HTML Injection and Hijacking ... .424
Part IV RFID . . 431
Chapter 15 RFID Attacks:
Tag Encoding Attacks
Introduction . . . . .434
Case Study: John Hopkins vs. SpeedPass . . . .. .434
The SpeedPass . . . . .434
Breaking the SpeedPass . . . . .438
The Johns Hopkins Attack . . . . .441
Lessons to Learn . . . .. .443
Summary . . . . .445
Chapter 16 RFID Attacks:
Tag Application Attacks
MIM . . . .448
Chip Clones—Fraud and Theft . . . .448
Tracking: Passports/Clothing . . . .453
Passports . . . .455
Chip Cloning > Fraud . . . .457
Disruption . .. .459
Summary . .. .460
Chapter 17 RFID Attacks:
Securing Communications Using RFID Middleware
RFID Middleware Introduction . . . .462
Electronic Product Code System Network Architecture 462
EPC Network Software Architecture Components . . . .462
Readers . . . .463
RFID Middleware . . . .463
EPC Information Service . . . .464
Object Name Service . . . .464
ONS Local Cache . . . .464
EPC Network Data Standards . . . .464
EPC . . ..465
PML . . .465
RFID Middleware Overview . . .465
Reader Layer—Operational Overview . ..467
Smoothing and Event Generation Stage . .470
Event Filter Stage . . .471
Report Buffer Stage . . .471
Interactions with Wireless LANs . .471
802.11 WLAN .. .472
Attacking Middleware with the Air Interface .. .473
Understanding Security
Fundamentals and Principles of Protection . ..478
Understanding PKIs and Wireless Networking . ..479
Understanding the Role
of Encryption in RFID Middleware . .479
Overview of Cryptography . .480
Understanding How a Digital Signature Works . .484
Basic Digital Signature and Authentication Concepts 485
Why a Signature Is Not a MAC . .485
Public and Private Keys. .485
Why a Signature Binds Someone to a Document . .486
Learning the W3C XML Digital Signature . .486
Applying XML Digital Signatures to Security . . . . .489
Using Advanced Encryption
Standard for Encrypting RFID Data Streams . . .490
Addressing Common Risks and Threats . . .491
Experiencing Loss of Data . .. .491
Loss of Data Scenario . . .491
The Weaknesses in WEP . .. .492
Criticisms of the Overall Design . . .492
Weaknesses in the Encryption Algorithm . .493
Weaknesses in Key Management .. . .494
Securing RFID Data Using Middle . .494
Fields: . .495
Using DES in RFID Middleware for Robust Encryption . .496
Using Stateful Inspection in the Application
Layer Gateway For Monitoring RFID Data Streams . .497
Application Layer Gateway . .497
Providing Bulletproof Security Using Discovery,
Resolution, and Trust Services in AdaptLink™.. .499
Discovery Service .. .499
Resolution, ONS, and the EPC Repository . . 500
EPC Trust Services . ..500
Summary . ..501
Chapter 18 RFID Security:
Attacking the Backend
Introduction. . . . .504
Overview of Backend Systems. . . . .504
Data Attacks . . . .506
Data Flooding . . . .506
Problem 1 . . . .506
Solution 1 . . . .506
Problem 2 . . . .506
Solution 2 . . . .507
Purposeful Tag Duplication . . . .507
Problem . . . .507
Solution. . . .507
Spurious Events. . . .507
Problem. . . .507
Solution . . .507
Readability Rates . . .508
Problem. . .508
Solution. . .508
Virus Attacks . . .508
Problem 1 (Database Components). . .508
Problem 2 (Web-based Components). . .509
Problem 3 (Web-based Components). . .509
Solution 1. . . .509
Problem 4 (Buffer Overflow). . . .509
Solution 4 . . . .509
RFID Data Collection Tool—Backend
Communication Attacks . . . . .510
MIM Attack . . . . .510
Application Layer Attack.. . . . .510
Solution . . . . .510
TCP Replay Attack.. . . . .511
Solution.. . . . .511
Attacks on ONS . . . . .511
Known Threats to DNS/ONS. . . . .511
ONS and Confidentiality. . . . .512
ONS and Integrity... . . .512
ONS and Authorization . . . .512
ONS and Authentication. . . .513
Mitigation Attempts . . . .513
Summary . . . .514
Chapter 19 Management of RFID Security
Introduction. . . . . . .516
Risk and Vulnerability Assessment. . . . . . .516
Risk Management . . . . . .519
Threat Management... . . . . .521
Summary . . . . . .523
Part V Non-Traditional Threats
Chapter 20 Attacking The People Layer
Attacking the People Layer . . . . .528
Social Engineering . . . . . .528
In Person . .. . .529
Phone . . . . . . . .540
Internet . . . . . . . .541
Phreaking . . . . . . . .541
Phreak Boxes . . . . .541
Wiretapping . . . . . . . . . .543
Stealing . . . . . . . . . . . . .543
Cell Phones . . . . . . .544
World Wide Web, E-mail, and Instant Messaging . . . . .546
Trojan Horses and Backdoors . . .. . .546
Disguising Programs . . . . . . . .546
Phishing . . . . . . . . . .547
Domain Name Spoofing . . . . . . . . .548
Secure Web Sites . . . . . . ..549
Defending the People Layer . . . . . . . .550
Policies, Procedures, and Guidelines . . . . . .550
Person-to-person Authentication . . . . . . .551
Data Classification and Handling . . . .552
Education,Training, and Awareness Programs . .. .553
Education . . . . . . . . . . . . .. . .553
Training . . . . . . . . . . .556
Security Awareness Programs . . . . .556
Evaluating . . .. .557
Testing . .. . . .557
Monitoring and Enforcement . . . . . . .558
Periodic Update of Assessment and Controls . . . . .558
Regulatory Requirements . . . . .559
Privacy Laws . . . . . .559
Corporate Governance Laws. . . . . .562
Making the Case for Stronger Security. . . . . .565
Risk Managemen. . . .. .566
Asset Identification and Valuation . . . . .566
Threat Assessment . . . . .568
Impact Definition and Quantification . . . . .571
Control Design and Evaluation. . . . .571
Residual Risk Management. . . . .571
People Layer Security Project. . . . .572
Orangebox—Phreaking . . . .572
Summary . . . .573
Solutions Fast Track . . . .574
Frequently Asked Questions . . . .575
Chapter 21 Device Driver Auditing
Introduction . . . . . . . . . . . . . . . 578
Why Should You Care? . . . . . . .578
What is a Device Driver? . . . . . .581
Windows . . . . . . . . . . . . . . . . . .582
OSX . . . . . . . . . . . . . . . . . . . . .582
Linux . . . . . . . . . . . . . . . . . . . . 583
Setting Up a Testing Environments . .583
Wifi . . . . . . . . . . . . . . . . . . . . . .584
Bluetooth . . . . . . . . . . . . . . . . .585
Testing the Drivers . . . . . . . . . . .585
Wifi . . . . . . . . . . . . . . . . . . . .587
A Quick Intro to Scapy. . . . .588
Bluetooth . . . . . . . . . . . . . . .592
Looking to the Future . . . . .594
Summary . . . . . . . . . . . . . . .596
● Screenshot ●
 |
Purchase Now !
Just with Paypal
Just with Paypal
Product details
Price
|
|
|---|---|
File Size
| 8,096 KB |
Pages
|
641 p |
File Type
|
PDF format |
ISBN
| 1-59749-056-3 |
Copyright
| 2006 by Syngress Publishing, Inc |
●▬▬❂❂▬▬●
●▬❂▬●
●❂●
═════● ●═════
