Upload
junho-lee
View
117
Download
0
Embed Size (px)
Citation preview
ISACA Scholarship Competition
E-SquaredJunho Lee
Jongmin LeeWookyung Youn
Sol Han
Agenda
• Case Analysis 1 – Phishing Attack
• Case Analysis 2 – Metasploit Attack
• Recommendation
Case Analysis 1
• The hackers obtained ABC company’s Windows server’s Admin
Password by Phishing Attack (Possibility 1)
Problem & Suggestion
• Problem-Based on the security assessment report:
• Security awareness training for employees is outdated
• Suggestion-Updating Information Awareness Training (User education)
+ Additional Suggestion - SPF (Sender Policy Framework)
• Hackers gain an access to ABC company’s internal network using Airmon-ng
• Hackers scanned ABC company’s Windows server’s IP Address by nmap
• Hackers exploit Hash table in order to snatch Admin Password by Metasploit
• Hackers accessed ABC company’s admin user account through remote desktop
• Hackers exploit Hash table again in order to snatch SQL server’s password
• Hacked ABC company’s database to compromise information
Case Analysis 2
Proof
Hackers access internal network by using Airmon-ng
Proof
Hackers scan Window Server’s IP Address by using nmap
Proof
Hackers snatched Windows Server admin password by using Metasploit
Proof
Hackers access Admin user account through remote desktop
Problem & Suggestion• Problem
• The security assessment report indicates that the company does not keep eyes on the network for malicious activities
• Suggestion •Human Resource
The system administrators should be informed of the specific tasks which they should carry out.
• Vulnerability Testing• Back up Procedures• Configuration Documentation• Monitoring the systems
:
Problem & Suggestion
Additional Suggestion• Prevent Password Cracking
• Disable LM password hashes - Make the password at least 15 characters long
• Enable Account Lockouts - Set the account lockout threshold - Set the account lockout counter after - Set the account lockout duration
• Disable LAN Manager / NTLM authentication
Disaster Recovery Plan
• Based on the security assessment report:• Disaster recovery plan has been provided but not tested yet
• Solutions•Prepare contingency organization chart, showing the name of the contingency manager and coordinator
• Develop customized up-to-date recovery plan and test it• Provide security copies of vital records and store these off-site• Nurture the ability to restore critical information within acceptable time period