Showing Need for Security - Eye Popping Examples wanted
George Toft
plug-discuss@lists.plug.phoenix.az.us
Fri, 09 Aug 2002 21:04:17 -0400
Too flashy.
Trick 1. Stick a Knoppix CD in, reboot, run ethereal on the same LAN
segment as the CSR's.
Trick 2. If you are using a switch, flood the switch into failing - it
becomes a hub. Snoop away.
Trick 3. Make sure you have written permission, signed by the highest
ranking officer of the company you can find before you do anything like
this.
A company that I may or may not have worked for in the past, present or
future, is encrypting all traffic between servers, including mainframe
and database communications. No snooping here.
A 1997 study released by the FBI showed 15% of the security problems
came from Internet "Hackers," 15% from contractos and 70% from
employees. 85% of the problems came from inside the walls.
Unfortunately, 85% of the effort (for most companies) goes to blocking
the 15%.
George
Tony Wasson wrote:
>
> Greetings PLUG readers,
>
> I am working on giving a security presentation to several medical offices.
> New federal laws will require 'reasonable security measures' when handling
> medical records (google search on HIPAA). I want to demonstrate some very
> nasty and quick exploits to show that the threats are real. Many offices
> will look at buying new billing packages before the end of 2004 to support
> additional per user auditing features, and I'd love to put more offices onto
> Linux. I'd also like to hear about medical billing packages that will run on
> Linux. (Yes I know about http://www.linuxmednews.com/)
>
> Here's my exploit demonstration game plan:
> 1) Run Netcat in listener mode on my demo PC.
> 2) Run IIS5HACK against a Windows 2000 server.
> 3) Show the Windows 2000 command prompt in my Netcat with no security
> limitations.
> 4) Copy over the NT Rootkit and 'deploy' it.
> 5) Show that I am 'invisible' when connected to the Rootkit (netstat output)
>
> What do you recommend I demonstrate? Most offices I've seen are running
> Windows 9x for clients and a Win NT/2000 server. Some run ancient *NIX boxes
> and terminals. My clients are running Debian GNU/Linux servers. ;-)
>
> Most medical offices have internet connectivity, but it is usually dialup in
> the doctor's office. I am going to play the part of a disgruntled employee
> whose going to compromise their system.
>
> Thanks in advance for your input!
> Tony Wasson
>
> ________________________________________________
> See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post to the list quickly and you use Netscape to write mail.
>
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss