Showing Need for Security - Eye Popping Examples wanted

George Toft plug-discuss@lists.plug.phoenix.az.us
Fri, 09 Aug 2002 21:04:17 -0400 

Too flashy.  

Trick 1.  Stick a Knoppix CD in, reboot, run ethereal on the same LAN
segment as the CSR's.

Trick 2.  If you are using a switch, flood the switch into failing - it
becomes a hub.  Snoop away.

Trick 3.  Make sure you have written permission, signed by the highest
ranking officer of the company you can find before you do anything like
this.

A company that I may or may not have worked for in the past, present or
future, is encrypting all traffic between servers, including mainframe
and database communications.  No snooping here.

A 1997 study released by the FBI showed 15% of the security problems
came from Internet "Hackers," 15% from contractos and 70% from
employees.  85% of the problems came from inside the walls. 
Unfortunately, 85% of the effort (for most companies) goes to blocking
the 15%.

George



Tony Wasson wrote:
> 
> Greetings PLUG readers,
> 
> I am working on giving a security presentation to several medical offices.
> New federal laws will require 'reasonable security measures' when handling
> medical records (google search on HIPAA). I want to demonstrate some very
> nasty and quick exploits to show that the threats are real. Many offices
> will look at buying new billing packages before the end of 2004 to support
> additional per user auditing features, and I'd love to put more offices onto
> Linux. I'd also like to hear about medical billing packages that will run on
> Linux. (Yes I know about http://www.linuxmednews.com/)
> 
> Here's my exploit demonstration game plan:
> 1) Run Netcat in listener mode on my demo PC.
> 2) Run IIS5HACK against a Windows 2000 server.
> 3) Show the Windows 2000 command prompt in my Netcat with no security
> limitations.
> 4) Copy over the NT Rootkit and 'deploy' it.
> 5) Show that I am 'invisible' when connected to the Rootkit (netstat output)
> 
> What do you recommend I demonstrate? Most offices I've seen are running
> Windows 9x for clients and a Win NT/2000 server. Some run ancient *NIX boxes
> and terminals. My clients are running Debian GNU/Linux servers. ;-)
> 
> Most medical offices have internet connectivity, but it is usually dialup in
> the doctor's office. I am going to play the part of a disgruntled employee
> whose going to compromise their system.
> 
> Thanks in advance for your input!
> Tony Wasson
> 
> ________________________________________________
> See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post to the list quickly and you use Netscape to write mail.
> 
> PLUG-discuss mailing list  -  PLUG-discuss@lists.plug.phoenix.az.us
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss