Upload
mahmoud-eladawi
View
60
Download
6
Tags:
Embed Size (px)
DESCRIPTION
LPTv4 Module 41 Data Leakage Penetration Testing_NoRestriction
Citation preview
/ECSA/LPT
EC Council Mod le XXXXIEC-Council Module XXXXI
Data Leakage Penetration T tiTesting
Penetration Testing Roadmap
Start HereInformation Vulnerability External
Gathering Analysis Penetration Testing
Fi ll Router and InternalFirewall
Penetration Testing
Router and Switches
Penetration Testing
Internal Network
Penetration Testing
IDS
Penetration Testing
Wireless Network
Penetration Testing
Denial of Service
Penetration Testing
Password Cracking
Stolen Laptop, PDAs and Cell Phones
Social EngineeringApplication
Cont’d
EC-CouncilCopyright © by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Penetration TestingPenetration Testing Penetration TestingPenetration Testing
Penetration Testing Roadmap (cont’d)(cont d)
Cont’dPhysical S i
Database P i i
VoIP P i T iSecurity
Penetration Testing
Penetration testing Penetration Testing
Vi dVirus and Trojan
Detection
War Dialing VPN Penetration Testing
Log Management
Penetration Testing
File Integrity Checking
Blue Tooth and Hand held
Device Penetration Testing
Telecommunication And Broadband Communication
Email Security Penetration Testing
Security Patches
Data Leakage Penetration Testing
End Here
EC-CouncilCopyright © by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Communication Penetration Testing
gPenetration Testing
Penetration Testing
Data Leakage
Loss of private and sensitive data affects the financial condition of an organization, and damages its reputation.
Many companies are worried about data leakage through Many companies are worried about data leakage through email.
EC-CouncilCopyright © by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Data Leakage Statistics
EC-CouncilCopyright © by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Source: http://www.networksunlimited.com
How Much Security?
EC-CouncilCopyright © by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Source: Infowatch, 2007
How Data Can be Leaked
Doors of data leakage:
USB and other removable devices
FTP ports
Bluetooth
Email attachments
FirewireFirewire
Memory slots
EC-CouncilCopyright © by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Spyware and Trojans
What to Protect
Employee’s information such as names, addresses, social security numbers, and other identity-related information
Marketing and new product plans
Corporate strategies
Target markets and prospect information
Usual business methods
Product designs research and costsProduct designs, research, and costs
Alliance and contract arrangements: delivery, pricing, and terms
Customer and supplier informationCustomer and supplier information
Staffing, operations, and wage/salary
Credit records or credit union account information
EC-CouncilCopyright © by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Trade secrets and intellectual property
Steps for Data Leakage Penetration TestingPenetration Testing
Step 1: Check physical availability of USB devices
Step 2: Check whether USB drive is enabled
Step 3: Try to enable USB
Step 4: Check whether USB asks for passwordStep 4: Check whether USB asks for password
Step 5: Check whether Bluetooth is enabled
Step 6: Check if the firewire is enabled
EC-CouncilCopyright © by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Step 7: Check if FTP ports 21,22 are enabled
Steps for Data Leakage Penetration Testing (cont’d)Penetration Testing (cont d)
Step 8: Check whether memory slot is available and enabled in systems
Step 9: Check whether employees are using camera devices within restricted areas
Step 10: Check whether systems have any camera driver installed
Step 11: Check whether anti-spyware and anti-trojans are enabledStep 11: Check whether anti-spyware and anti-trojans are enabled
Step 12: Check whether encrypted data can be decrypted
Step 13: Check if the internal hardware components are locked
EC-CouncilCopyright © by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Step 14: Check whether mail and attachments size is restricted
Step 1: Check Physical Availability of USB DevicesAvailability of USB Devices
USB devices are used for bulk data transfer.USB devices are used for bulk data transfer.
A system uses USB devices to transfer the data.
Check the device manager to find the physical availability of USB devices.
EC-CouncilCopyright © by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Step 2: Check Whether USB Drive is EnabledDrive is Enabled
A USB drive is directly connected to the computer through USB port and is used for data transfer.
Check whether USB drive is enabled or disabled.
EC-CouncilCopyright © by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Step 3: Try to Enable USB
If the USB is disabled, try to enable the USB.
If you are able to enable the device, it means that the user has admin privileges, which should not be the case for normal users.
EC-CouncilCopyright © by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Step 4: Check Whether USB Asked for PasswordAsked for Password
Most USB devices are secured with a passwordMost USB devices are secured with a password.
Check whether the device is asked for authentication after it Check whether the device is asked for authentication after it is connected to the system.
EC-CouncilCopyright © by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Step 5: Check Whether Bluetooth is Enabledis Enabled
Some systems have built-in Bluetooth Some systems have built in Bluetooth connectivity options.
Check whether these connections are enabled.
Try to enable such connection.
If you are able to enable the device, it means that the user has admin privileges which should not be the case
EC-CouncilCopyright © by EC-Council
All Rights reserved. Reproduction is strictly prohibited
privileges, which should not be the case for normal users.
Step 6: Check if the Firewire is EnabledEnabled
Firewire is used to transfer data at a hi h d higher speed.
It transfers data upto 400 MbpsIt transfers data upto 400 Mbps.
It is also known as IEEE 1394 It is also known as IEEE 1394.
Check whether firewire is enabled or not.
Go to the DOS window and type
EC-CouncilCopyright © by EC-Council
All Rights reserved. Reproduction is strictly prohibited
ipconfig/all.
Step 7: Check if FTP Ports 21 and 22 are Enabled22 are Enabled
Check whether FTP ports 21 and 22 are enabled or not.
Check the firewall settings to see if the ports are blocked.
EC-CouncilCopyright © by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Step 8: Check Whether any Memory Slot is Available and Enabled in Systemsy
There are many memory slots present on the system, such as RAM slots, y y p y , ,SRAM slots, and virtual memory slots.
Check for all available memory slot in the system.
Use the slot manager which creates slot information record for each memory slot.
Slot manager identifies all the memory resources and creates a slot resource table.
EC-CouncilCopyright © by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Step 9: Check Whether Employees are Using Camera Devices within Restricted
AreasAreas
Employees with camera devices can easily capture confidential data in p y y ptheir device.
Illegal use of such devices in restricted/sensitive areas leads to data leakage.
EC-CouncilCopyright © by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Step 10: Check Whether Systems have Any Camera Driver Installedy
Check whether the system has yany camera driver installed. The image cannot be displayed. Your computer may not have enough memory to open the image, or the image may have been corrupted. Restart your computer, and then open the file again. If the red x still appears, you may have to delete the image and then insert it again.
Go to My Computer→Properties→Hardware→Device Manager
EC-CouncilCopyright © by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Step 11: Check Whether Anti-Spyware and Anti-Trojans are
E bl dEnabled
Check whether anti-spyware and anti-Trojans are enabled py jor not.
S d li i h d h k h h Send malicious programs to the system and check whether these anti-spyware detects it or not.
EC-CouncilCopyright © by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Step 12: Check Whether Encrypted Data Can be Decryptedb yp
Data encryption technique protects organization’s vital information against unauthorized users.
Use cryptanalysis tools to decrypt the encrypted Use cryptanalysis tools to decrypt the encrypted information.
Cryptanalysis tools:
Jipher
Crank
EC-CouncilCopyright © by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Step 13: Check if the Internal Hardware Components are Lockedp
Check whether internal hardware components Check whether internal hardware components such as LAN/WLAN and PCMCIA cards are locked or not.
EC-CouncilCopyright © by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Step 14: Check Whether Size of Mail and Mail Attachments is Restricted
Check the size limits for mails and mail attachments.
For Microsoft Exchange Server, Go to the mailbox properties mail flow setting tab and open the message size restriction
di l b t h k th i f th t f d d i d ildialog box to check the size of the transferred and received mail.
T t d th tt h t h i i th th d fi d Try to send the attachment having more size than the defined limit.
EC-CouncilCopyright © by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Data Privacy and Protection Acts
Gramm-Leach-BlileyG y
Health Insurance Portability and Accountability Act (HIPAA)(HIPAA)
The Patriot ActThe Patriot Act
Data Protection ActData Protection Act
Sarbanes Oxley Act (SOX)
EC-CouncilCopyright © by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Sarbanes Oxley Act (SOX)
Data Protection Tools
VIP Privacy
Safend Protector
VISOCO Data Protection Master
Reconnex's iGuard
CryptEnCrypt
Steganos Security SuiteData Protection Software
FolderAccess
Steganos Security Suite
Private InfoKeeperFolderAccess
LockFolderQwikSecure File Protection System
EC-CouncilCopyright © by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Summary
Loss of private and sensitive data affects the financial condition and reputation of the organizationreputation of the organization.
Employee’s information such as names, addresses, and social security numbers must be protected.p
Doors of data leakage are USB, FTP ports, Bluetooth, email attachment, firewire, memory slots, spyware, and Trojans.
Check physical availability of USB devices and try to enable them.
Check whether Bluetooth, firewire, and FTP ports are enabled.
EC-CouncilCopyright © by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Check whether anti-spyware and anti-Trojans are enabled.
EC-CouncilCopyright © by EC-Council
All Rights reserved. Reproduction is strictly prohibited
EC-CouncilCopyright © by EC-Council
All Rights reserved. Reproduction is strictly prohibited