中文版CIW培训：安全审计、攻击和入侵检测培训.ppt

Penetration Theory Capture Int 2 Attack intranet from virus Open e-mail box Infect virus but nobody know System mutilated IframExecCommand bug Remote startup Work out system resource Two programs structure Characteristic Copy to “\WINNT\System32\krnl32.exe” Add “krnl32 service” registry Get all “htm/html” files from internet temp Search share folder form netwrokneighbor Create copy at %Temp% \winnt\temp” every time startup Change copy “\WINNT\System32\Wqk.dll” Write registry Setp What wqk.dll do? All over HDD Infect files Check local time Create copy of wqk.dll Keep self safe Auditing Prepare Report format Step Prepare Know what hacker think do Know what information can hacker obtain Network host Know TCP/IP RFCs Know hacker tools Like hacker Like employees manager Know IDS Know conduct audit log analysis Windows Linux Know audit solutions Report format Security scanner report Security audit report Output Written Step Determine the nature of the business you are auditing Check for a written security policy Evaluate existing management control architecture Conduct a security audit Identify prioritize at-risk system Write and deliver a detailed report of your finding Case2 Product Sell Model Company Enterprise environment Internet DDN ProxyFirewall LAN1 LAN2 Router Network Manager Web Server DB Server Local branch Example of hacker Discover Penetration Control Discover Outside Inside Security Auditing Attacks Threat Analysis CIW网络安全专家 安全审核、攻击和威胁分析 Course Schedule Case Analysis small business environment Analysis enterprise environment Auditing Step Report format Apply Small business environment Case1 I/E Company Status quo analyze Risk Assessment Threat analyze Case1 I/E Company Step Internet PPP Proxy Windows 98 Target Result Possible Resource Policy Actual Security Windows 98 IGMP Bug IE5 Java/JavaScript vulnerability Information leaked by plain text protocol Information leaked through windows network environment T