2. The Ultimate Defence:
Think Like a Hacker
An Ethical Hacker’s View of Corporate Security
Peter Wood
Chief Executive Officer
First•Base Technologies LLP
3. Who is Peter Wood?
Worked in computers & electronics since 1969
Founded First Base in 1989 (one of the first ethical hacking firms)
CEO First Base Technologies LLP
Social engineer & penetration tester
Conference speaker and security ‘expert’
Member of ISACA Security Advisory Group
Vice Chair of BCS Information Risk Management and Audit Group
UK Chair, Corporate Executive Programme
FBCS, CITP, CISSP, MIEEE, M.Inst.ISP
Registered BCS Security Consultant
Member of ACM, ISACA, ISSA, Mensa
4. Thinking like a hacker
• Hacking is a way of thinking
A hacker is someone who thinks outside the box. It's someone who
discards conventional wisdom, and does something else instead. It's
someone who looks at the edge and wonders what's beyond. It's
someone who sees a set of rules and wonders what happens if you
don't follow them. [Bruce Schneier]
• Hacking applies to all aspects of life
- not just computers
6. SNMP
Simple Network Management Protocol
• A protocol developed to manage nodes (servers, workstations,
routers, switches and hubs etc.) on an IP network
• Enables network administrators to manage network performance,
find and solve network problems, and plan for network growth
• SNMP v1 is the de facto network management protocol
• SNMP v1 has been criticised for its poor security. Authentication is
performed only by a ‘community string’, in effect a type of password,
which is transmitted in clear text
8. SNMP for hackers
• If you know the read string (default public) you can read the entire MIB for
that device
• If you know the read-write string (default private) you may be able to change
settings on that device
• You may be able to ‘sniff’ community strings off the network if they’ve been
changed from the defaults
• You may be able to control a router or switch:
– Intercept traffic and read sensitive information
– ‘Crash’ the network repeatedly
– Lock the device out, requiring physical access to reset it
• You may be able to list users, groups, shares etc. on servers
• You may be able to subvert wireless network security
10. Windows architecture
Domain logon
Local users Domain users
and groups Workstation Domain and groups
Controller
Global group in local group
Lo
Local users
Workstation ca Domain Domain users
and groups l lo and groups
go Controller
n
Local users Local users
and groups Workstation Member and groups
Server
Local users
Member and groups
Server
19. Desktop & Laptop Security
• Physical security on Windows desktops and laptops
doesn’t exist
• Native Windows security is ineffective if you have physical
access
• Everything is visible: e-mails, spreadsheets, documents,
passwords
• If it’s on your machine - it’s stolen!
• Encryption is the best defence, coupled with lots of
training!