भारतीय ूौोिगकी संान मुंबई (IIT Bombay) siva@iitb.ac.in

Cyber Crimes and Internet Security

िशवकुमार G. Sivakumar _{சிவகுமா}

Computer Science and Engineering

भारतीय ूौोिगकी संान मुंबई (IIT Bombay) siva@iitb.ac.in

April 29, 2016

• The Good (Web 3.0, 3rd Platform, Emerging Trends)

• The Bad (Security- sine qua non! Threats, Vulnerabilities)

• The Ugly(Tools for Defence, Offence)

िशवकुमार

சிவகுமா

भारतीय ूौोिगकी संान मुंबई

Blind men and the Elephant - _{अ-गज ायः}

िशवकुमार

சிவகுமா

भारतीय ूौोिगकी संान मुंबई

Takeaways from Talk

• Web 3.0, 3rd platform (SMAC + IoT).

• Recent Attacks, Vulnerabilities, Defence Mechanisms.

• Different Perspectives

• Researcher (Protocol Security, Formal Methods)

• Defender (IITB Case Study: Iptables/Netfiler firewall, OSSIM)

• Attacker (Metasploit Framework)

• Investigator (Forensics using Autopsy, Wireshark, SiLK (netflow))

िशवकुमार

சிவகுமா

भारतीय ूौोिगकी संान मुंबई

पूव प (Purva Paksha) for Web 3.0

Web 1.0 may have democratized access to information, but it is like drinking water from a fire hose!

Search engines provide partial solutions, but cannot combine, categorize and infer!

Web 2.0 may have allowed right to assembly/collaboartion, but

• Proliferated unreliable, contradictory information.

• Facilitated malicious uses including loss of privacy, security.

What do you want from Web 3.0?

What you want to see/hear when you wakeup?

I have a dream ...

AI meets the web!

िशवकुमार

சிவகுமா

भारतीय ूौोिगकी संान मुंबई

Semantic Web

The application layer tapping the hardware (Web 1.0) and OS (Web 2.0)?

Ramana

Maharishi ^author-of

Naan Yaar?

Aksharamanamalai

Vichara Mani Mala Reality in Forty Verses

contemporaries Kanchi Chan- drasekara Saraswathi Jiddu

Krish- namurti Place: Tiru-

vannamali, Tamil Nadu Lived

30/12/1879 to 14/4/1950

Combined, categorized information inferred from various sites, languages. www.dbpedia.org comes close today!

िशवकुमार

சிவகுமா

भारतीय ूौोिगकी संान मुंबई

Revival of AI

• Statistical Machine Learning (Unsupervised)

• Deep learning (structured learning, hierarchical learning or deep machine learning) models high-level abstractions in data by using multiple processing layers, with complex structures or otherwise, composed of multiple non-linear transformations.

• sens.ai

Connects to public, premium and proprietary unstructured and semi-structured data sets so that non-obvious

patterns related to money laundering and related suspicious activities can be identified, analyzed, and reported.

• Bots (not Botnets )

Microsoft’s experimental Mandarin-language bot, Xiaolce huge hit in China! (Whay Bots do professors use?)

• Algorithmic personality detection.

Predict financial risk from your facebook, twitter, ...

activity.

िशवकुमार

சிவகுமா

भारतीय ूौोिगकी संान मुंबई

3rd platform: SMAC + IoT

3rd Platform Social

Mobile

Analytics

Cloud Internet

of Things

• Main Frame (1960s ...)

• Client Server (1990s ...)

• Today (Handheld, Pervasive Computing)

िशवकुमार

சிவகுமா

भारतीय ूौोिगकी संान मुंबई

3rd platform: SMAC + IoT

3rd Platform Social

Mobile

Analytics

Cloud Internet

of Things

• What’s App (how many engineers?)

• Facebook, Twitter, GooglePlus ...

• Web 2.0 (Right to Assembly)

• Crowdsourcing (Wikipedia)

• Crowdfunding (no banks!)

िशवकुमार

சிவகுமா

भारतीय ूौोिगकी संान मुंबई

3rd platform: SMAC + IoT

3rd Platform Social

Mobile

Analytics

Cloud Internet

of Things

• Phone (Smart, Not-so-smart!)

• Wearables! (Google glass, Haptic)

• Internet of “Me” (highly personalized) Business (no generic products!)

• BYOx: Device security, App/content management nightmare.

• Data Loss Prevention (Fortress Approach - Firewall, IDS/IPS - won’t work!)

िशवकुमार

சிவகுமா

भारतीय ूौोिगकी संान मुंबई

3rd platform: SMAC + IoT

3rd Platform Social

Mobile

Analytics

Cloud Internet

of Things

• Big Data

• Volume, Variety, Velocity, Veracity

• ACID properties Database not needed

• Hadoop, Map Reduce, NoSql

• Knowledge is Power!

• Collect, Analyse, Infer, Predict

िशवकुमार

சிவகுமா

भारतीय ूौोिगकी संान मुंबई

3rd platform: SMAC + IoT

3rd Platform Social

Mobile

Analytics

Cloud Internet

of Things

• Moore’s law

• What could fit in a building .. room ... pocket ... blood cell!

• Containers Analogy from Shipping

• VMs separate OS from bare metal (at great cost- Hypervisor, OS image)

• Docker- separates apps from OS/infra using containers.

• Like IaaS, PaaS, SaaS Have you heard of CaaS?

िशवकुमार

சிவகுமா

भारतीय ूौोिगकी संान मुंबई

3rd platform: SMAC + IoT

3rd Platform Social

Mobile

Analytics

Cloud Internet

of Things

• Sensors (Location, Temperature, Motion, Sound, Vibration, Pressure, Current, ....)

• Device Eco System (Smart Phones, Communicate with so many servers!)

• Ambient Services (Maps, Messaging, Traffic modelling and prediction, ...)

• Business Use Cases (Ola Cabs, Home Depot, Philips Healthcare, ...)

• Impact on wireless bandwdith, storage, analytics (velocity of BIG data, not size)

िशवकुमार

சிவகுமா

भारतीय ूौोिगकी संान मुंबई

What are Cyber crimes?

Cybercrime

Activity in which computers or networks are a tool, a target, or a place of criminal activity. (Categories not exclusive).

• Against People

• Cyber Stalking and Harrassment

• (Child) Pornography

• Phishing, Identity Theft, Nigerian 419

• Against Property

• Cracking, Virus and Spam

• Software/Entertainment Piracy

• Trade secrets, espionage

• Cyber Terrorism!

• Hactivism! (in some countries!)

• Information Warfare

िशवकुमार

சிவகுமா

भारतीय ूौोिगकी संान मुंबई

Some Examples

Food for thought...

• Recent Examples later ...

• Vikram Buddhi, Assange, Snowden, Panama papers

• Stuxnet

Stuxnet is a computer worm discovered in June 2010 that is believed to have been created by the U nited States and Israel to attack Iran’s nuclear facilities. Stuxnet initially spreads via Mic rosoft Windows, and targets Siemens industrial control systems. While it is not the first time th at hackers have targeted industrial systems, it is the first discovered malware that spies on and subverts industrial systems, and the first to include a programmable logic controller (PLC) rootkit.

• Flame (Iran Oil terminals, 2012)

• DarkSeoul

Check out Wikipedia for more.

िशवकुमार

சிவகுமா

भारतीय ूौोिगकी संान मुंबई

What’s Bad about Computers and Internet?

• “Can’t live with them, can’t live without them!”

• Know Your Enemy (threats/Vulnerabilities)

Can cyber/internet crimes cause events like the following?

• July 2006 Mumbai rains

• 26/11 attack on Mumbai

• Gulf of Mexico oil spill

• Mangalore air crash

• Stop all Mumbai local trains

• Damage BARC nuclear reactor

• Disrupt all Mumbai mobile phones? (Prof.

Jhunjhunwala’s example)

• How to protect Critical National Infrastructure?

• Passive Defence

• Counter Intelligence (Technical side)

• Demo from atlas.arbor.net and cert-in.org.in Your questions/suggestions now will be invaluable!

िशवकुमार

சிவகுமா

भारतीय ूौोिगकी संान मुंबई

Operation C-Major

Trend Micro report (Apr 2016) with all details avaialable at http://documents.trendmicro.com/assets/pdf/Indian-military- personnel-targeted-by-information-theft-campaign-cmajor.pdf The Trend Micro Forward-Looking Threat Research team recently uncovered an information theft campaign in India that has stolen passport scans, photo IDs, and tax information of high- ranking Indian military officers, non-Indian military attaché based in the said country, among others.

िशवकुमार

சிவகுமா

भारतीय ूौोिगकी संान मुंबई

Major Incidents in 2015

From www.wired.com/2015/12/the-years-11-biggest-hacks- from-ashley-madison-to-opm

• Office of Personnel Management. (OPM) - 21 million, including fingerprint files of govt. employees.

• Juniper NetScreen Firewalls - hardcoded backdoor password.

and hole in Dual-EC encryption. ( Apple/Fbi now)

• Ashley Madison - online partner site. blackmail.

payment/transaction data exposed many.

• Gemalto - Dutch Sim cards manufacturer

• Kaspersky Lab -stole research on how to bypass

• Hacking Team - white hats used to “bug” activists in morocco, uae, syria.

िशवकुमार

சிவகுமா

भारतीय ूौोिगकी संान मुंबई

Major Incidents in 2015 (ctd.)

• CIA Director John Brennan – socially phihsed his personal details, hacked AOL email and got sensitive data

• Experian’s T-Mobile Customers - 15 million applicants personal info- for credit check..

• LastPass - easy to store passwords with master key= hacked!

• IRS - accessed 1 lakh returns

• Anthem - health care records Even more recent

• Locky (Ransomware),

• Mazar Bot (Android malware),

• Whose side are you on? ... Why?

िशवकुमार

சிவகுமா

भारतीय ूौोिगकी संान मुंबई

Big Bong Theory

• Korean Banking malware

• Detailed report at www.arbornetworks.com (ASERT)

• Patiently wait for opportunity to strike!

िशवकुमार

சிவகுமா

भारतीय ूौोिगकी संान मुंबई

Security Concerns

Match the following!

Problems Attackers

Highly contagious viruses Unintended blunders

Defacing web pages Disgruntled employees or customers Credit card number theft Organized crime

On-line scams Foreign espionage agents Intellectual property theft Hackers driven by technical challenge

Wiping out data Petty criminals Denial of service Organized terror groups

Spam E-mails Information warfare

Reading private files ...

Surveillance ...

• Crackers vs. Hackers

• Note how much resources available to attackers.

िशवकुमार

சிவகுமா

भारतीय ूौोिगकी संान मुंबई

Atlas.arbor.net

िशवकुमार

சிவகுமா

भारतीय ूौोिगकी संान मुंबई

Atlas.arbor.net

िशवकुमार

சிவகுமா

भारतीय ूौोिगकी संान मुंबई

Atlas.arbor.net

िशवकुमार

சிவகுமா

भारतीय ूौोिगकी संान मुंबई

Atlas.arbor.net

िशवकुमार

சிவகுமா

भारतीय ूौोिगकी संान मुंबई

Real-time Intelligence- atlas.arbor.net

िशवकुमार

சிவகுமா

भारतीय ूौोिगकी संान मुंबई

Who is scanning?

िशवकुमार

சிவகுமா

भारतीय ूौोिगकी संान मुंबई

Who is hosting phising sites?

िशवकुमार

சிவகுமா

भारतीय ूौोिगकी संान मुंबई

Malicious Servers

िशवकुमार

சிவகுமா

भारतीय ूौोिगकी संान मुंबई

cert-in.org.in

िशवकुमार

சிவகுமா

भारतीय ूौोिगकी संान मुंबई

cert-in.org.in

िशवकुमार

சிவகுமா

भारतीय ूौोिगकी संान मुंबई

cert-in.org.in

िशवकुमार

சிவகுமா

भारतीय ूौोिगकी संान मुंबई

cert-in.org.in

िशवकुमार

சிவகுமா

भारतीय ूौोिगकी संान मुंबई

Vulnerabilities

• Application Security

• Buggy code

• Buffer Overflows

• Host Security

• Server side (multi-user/application)

• Client side (virus)

• Transmission Security

A B

C Network Security Secrecy

Integrity

Availability

A B

C

A B

C

A B

C

(Modification) (Fabrication)

(Denial of Service attack)

िशवकुमार

சிவகுமா

भारतीय ूौोिगकी संान मुंबई

What is a Computer Network?

TWO

or MORE

COMPUTERS sharing a LINK!

Point-to-Point

Shared Media (LAN)

िशवकुमार

சிவகுமா

भारतीय ूौोिगकी संान मुंबई

So, what’s Internet?

• A bottom-up collection (interconnection) of networks

• TCP/IP is the only common factor

• Bureaucracy-free, reliable, cheap

• Decentralized, democratic, chaotic

• Internet Society (www.isoc.org)

• Internet Engineering Task Force (www.ietf.org)

िशवकुमार

சிவகுமா

भारतीय ूौोिगकी संान मुंबई

Why is Internet Vulnerable?

Quick overview of how Internet works.

Connectionless Best-Effort Datagram Routing through Internet

Analogy with PostCards

िशवकुमार

சிவகுமா

भारतीय ूौोिगकी संान मुंबई

Internet Attacks Toolkits (Youtube)

िशवकुमार

சிவகுமா

भारतीय ूौोिगकी संान मुंबई

Internet Attacks Timeline

From training material at http://www.cert-in.org.in/

िशवकुमार

சிவகுமா

भारतीय ूौोिगकी संान मुंबई

Internet Attack Trends

From training material at http://www.cert-in.org.in/

िशवकुमार

சிவகுமா

भारतीय ूौोिगकी संान मुंबई

Security Requirements

Informal statements (formal is much harder)

• Confidentiality Protection from disclosure to unauthorized persons

• Integrity Assurance that information has not been modified unauthorizedly.

• Authentication Assurance of identity of originator of information.

• Non-Repudiation Originator cannot deny sending the message.

• Availability Not able to use system or communicate when desired.

• Anonymity/Pseudonomity For applications like voting, instructor evaluation.

• Traffic Analysis Should not even know who is communicating with whom. Why?

• Emerging Applications Online Voting, Auctions (more later)

And all this with postcards (IP datagrams)!

िशवकुमार

சிவகுமா

भारतीय ूौोिगकी संान मुंबई

Security Landscape

िशवकुमार

சிவகுமா

भारतीय ूौोिगकी संान मुंबई

Security Mechanisms

• System Security: “Nothing bad happens to my computers and equipment”

virus, trojan-horse, logic/time-bombs, ...

• Network Security:

• Authentication Mechanisms “you are who you say you are”

• Access Control Firewalls, Proxies “who can do what”

• Data Security: “for your eyes only”

• Encryption, Digests, Signatures, ...

िशवकुमार

சிவகுமா

भारतीय ूौोिगकी संान मुंबई

Network Security Mechanism Layers

Application

TCP/Socket

IP

Data Comm.

Application

TCP/Socket

IP

Data Comm.

IPv6, AH, ..

SSL, TLS PGP

S-HTTP, S-MIME

Firewalls

Encryption can be done at any level!

Higher-up: more overhead (for each application) but better control

Cryptograhphic Protocols underly all security mechanisms.

Real Challenge to design good ones for key establishment, mutual authentication etc.

िशवकुमार

சிவகுமா

भारतीय ूौोिगकी संान मुंबई

Cryptography and Data Security

• sine qua non [without this nothing :-]

• Historically who used first? (L & M)

• Code Language in joint families!

Confidentiality Data Integrity Authentication Non-Repudiation

Encryption Digital

Signature Message

authentication User

Identification

Ciphers Block Stream

Ciphers Hashing Signatures

Pubic-Key Methods Secret Key

Establishment

Key Management

िशवकुमार

சிவகுமா

भारतीय ूौोिगकी संान मुंबई

Exchanging Secrets

Goal

A and B to agree on a secret number. But, C can listen to all their conversation.

Solution?

A tells B: I’ll send you 3 numbers. Let’s use their LCM as the key.

िशवकुमार

சிவகுமா

भारतीय ूौोिगकी संान मुंबई

Exchanging Secrets

Goal

A and B to agree on a secret number. But, C can listen to all their conversation.

Solution?

A tells B: I’ll send you 3 numbers. Let’s use their LCM as the key.

िशवकुमार

சிவகுமா

भारतीय ूौोिगकी संान मुंबई

Motivation for Session keys

Combine Symmetric (fast) and Asymmetric (very slow) Methods using session (ephemeral) keys for the following additional reasons.

• Limit available cipher text (under a fixed key) for cryptanalytic attack;

• Limit exposure with respect to both time period and quantity of data, in the event of (session) key compromise;

• Avoid long-term storage of a large number of distinct secret keys (in the case where one terminal communicates with a large number of others), by creating keys only when actually required;

• Create independence across communications sessions or applications. No replay attacks.

How to establish session keys over insecure medium where adversary is listening to everything?

Can be done even without any public key! Randomization to rescue (like in CSMA/CD of Ethernet).

िशवकुमार

சிவகுமா

भारतीय ूौोिगकी संान मुंबई

Diffie-Hellman Key Establishment Protocol

Alice Bob

Choose N Choose N

Send Send

Compute Compute

8

13 4

P,g

gN a

mod P gN bmod P

a b

45 4 mod 13 5

8

m a mb

Kab= m bN a

mod P m aN b

mod P = Kba

3 5 mod 13 = 9 = 10 8 mod 13

= 3 mod 13= 10

िशवकुमार

சிவகுமா

भारतीय ूौोिगकी संान मुंबई

Man-in-the-middle attack

Vishwanathan Anand

Gary

Kasparov

Siva

e4 e4

c5 c5

• Authentication was missing!

• Can be solved if Kasparov and Anand know each other’s public key (Needham-Schroeder).

• Yes, but different attack possible.

िशवकुमार

சிவகுமா

भारतीय ूौोिगकी संान मुंबई

Why Are Security Protocols Often Wrong?

They are trivial programs built from simple primitives, BUT, they are complicated by

• concurrency

• a hostile environment

• a bad user controls the network

• Concern: active attacks masquerading, replay, man-in-middle, etc.

• vague specifications

• we have to guess what is wanted

• Ill-defined concepts

Protocol flaws rather than cryptosystem weaknesses Formal Methods needed!

िशवकुमार

சிவகுமா

भारतीय ूौोिगकी संान मुंबई

Zero-Knowledge Proofs

Goal

A to prove to B that she knows how to solve the cube.

Without actually revealing the solution!

Solution?

A tells B: Close your eyes, let me solve it...

िशवकुमार

சிவகுமா

भारतीय ूौोिगकी संान मुंबई

Zero-Knowledge Proofs

Goal

A to prove to B that she knows how to solve the cube.

Without actually revealing the solution!

Solution?

A tells B: Close your eyes, let me solve it...

िशवकुमार

சிவகுமா

भारतीय ूौोिगकी संान मुंबई

IIT Bombay Case Study (Defender’s Perspective)

• Campus Network Infrastructure

• Academic Area

• Hostels

• Residential

• Hardware and Network (the easy part!)

• Gigabit L3 switches

• 10 Mbps Internet (4 Links)

• 5000+ nodes

• Applications (Complex enough)

• Mail

• Web Browsing/Hosting

• Users and Management (Nightmare begins)

• MisUse (mp3, movie, porn, hacking, fake mails, ...)

• CCTeam

• We carry your Bytes

• Our T-shirt (cows, dogs, leopards!)

िशवकुमार

சிவகுமா

भारतीय ूौोिगकी संान मुंबई

IIT-B’s WAN Links and Firewall

िशवकुमार

சிவகுமா

भारतीय ूौोिगकी संान मुंबई

Important LAN Issues

Important Considerations

• Virus, Spware

• Wrong IP addresses

• Wireless Access (guest house, conference halls)

• Static MAC-IP mapping

• Software Piracy

• Illegal Content (pornography,...)

• ...

Good LAN design can help a lot with this...

िशवकुमार

சிவகுமா

भारतीय ूौोिगकी संान मुंबई

Critical Network Services

• Firewall (Security sine qua non)

• Domain Name Service (DNS) http://cr.yp.to/djbdns/

• Directory Services (LDAP)

• Virus Scanning clamav.elektrapro.com

िशवकुमार

சிவகுமா

भारतीय ूौोिगकी संान मुंबई

Critical Network (WAN) Services

• E-mail (www.qmail.org)

• Newsgroups (inn)

• Web Proxy

• WWW Servers (httpd.apache.org)

िशवकुमार

சிவகுமா

भारतीय ूौोिगकी संान मुंबई

Firewall

• Inside IIT we have 50+ IP subnets.

• Over 5000 nodes.

• All Private addresses 10.x.y.z

• 4 Different WAN subnets

• 128, 64, 32, 32 address only!

• iptables (www.iptables.org) to the rescue.

• Selective services/machines opened up

• Incoming ssh to different dept. servers.

• Outgoing ssh, Yahoo/MSN chat

• Outgoing port for SciFinder

• Outgoing ftp from select machines

• Making a good policy is the hardest!

िशवकुमार

சிவகுமா

भारतीय ूौोिगकी संान मुंबई

Why Monitor?

िचनीया िह िवपदां आदावेव ूितिबया

न कूपखननं युं ूदीे विना गृहे

The effect of disasters should be thought of beforehand. It is not appropriate to start digging a well when the house is ablaze with fire.

Security cannot be an afterthought!

There is a tide in the affairs of men, Which taken at the flood, leads on to fortune. Omitted, all the voyage of their life is bound in shallows and in miseries. Shakespeare

िशवकुमार

சிவகுமா

भारतीय ूौोिगकी संान मुंबई

Monitoring Network and Services

How to answer the following questions?

1

How much traffic in/out? Anything abnormal?

2

How many emails came from outside IIT?

3

Who are the top 10 senders/receivers/domains?

4

Is anyone trying to spam/relay/DoS/break mail servers?

5

How much bandwidth is used for browsing? Top domains?

6

What are the biggest size downloads?

7

Is anyone attacking academic office from hostels?

Where is all this information? How to find out?

Reactive, static reports, pro-active, alerts?

िशवकुमार

சிவகுமா

भारतीय ूौोिगकी संान मुंबई

Network, Services and User Management

Eternal vigilance is the price of liberty!

• How is network doing?

• Are all services up?

• How much email in/out? How many viruses?

• Who’s using Web proxy? For what?

• Are User’s happy? www.gnu.org/software/gnats

िशवकुमार

சிவகுமா

भारतीय ूौोिगकी संान मुंबई

IIT Bombay WAN Links

िशवकुमार

சிவகுமா

भारतीय ूौोिगकी संान मुंबई

IIT Bombay WAN Links

िशवकुमार

சிவகுமா

भारतीय ूौोिगकी संान मुंबई

IIT Bombay WAN Links

िशवकुमार

சிவகுமா

भारतीय ूौोिगकी संान मुंबई

Nagios

िशवकुमार

சிவகுமா

भारतीय ूौोिगकी संान मुंबई

Nagios (ctd.)

िशवकुमार

சிவகுமா

भारतीय ूौोिगकी संान मुंबई

Mail Usage Statistics

िशवकुमार

சிவகுமா

भारतीय ूौोिगकी संान मुंबई

Mail Usage Statistics

िशवकुमार

சிவகுமா

भारतीय ूौोिगकी संान मुंबई

Mail Server Statistics

िशवकुमार

சிவகுமா

भारतीय ूौोिगकी संान मुंबई

Mail Server Statistics

िशवकुमार

சிவகுமா

भारतीय ूौोिगकी संान मुंबई

Web Proxy Usage

िशवकुमार

சிவகுமா

भारतीय ूौोिगकी संान मुंबई

Web Server Hits

िशवकुमार

சிவகுமா

भारतीय ूौोिगकी संान मुंबई

Web Server Hits

िशवकुमार

சிவகுமா

भारतीय ूौोिगकी संान मुंबई

Log Archival at IIT Bombay

िशवकुमार

சிவகுமா

भारतीय ूौोिगकी संान मुंबई

Squid Logs

िशवकुमार

சிவகுமா

भारतीय ूौोिगकी संान मुंबई

Security Information and Event Management (SIEM)

OSSEC and OSSIM tool suite.

ELK (Elastic Search, LogStash, Kibana) Framework

िशवकुमार

சிவகுமா

भारतीय ूौोिगकी संान मुंबई

SIEM Architecture

Image Reference : Unified Open Source Security- Santiago González Bassett, Alien Vault

www.ossec.net/files/OpenSourceSecurity 2013.pptx

िशवकुमार

சிவகுமா

भारतीय ूौोिगकी संान मुंबई

SIEM Use Case

Real-time Reactive (Recall atlas.arbor.net)

िशवकुमार

சிவகுமா

भारतीय ूौोिगकी संान मुंबई

Attacking IIT Bombay

Use dnsstuff.com to get some information.

िशवकुमार

சிவகுமா

भारतीय ूौोिगकी संान मुंबई

Mail Servers Information

Use dnsstuff.com

िशवकुमार

சிவகுமா

भारतीय ूौोिगकी संान मुंबई

Mail Servers Information

Use dnsstuff.com

िशवकुमार

சிவகுமா

भारतीय ूौोिगकी संान मुंबई

TraceRoute

Very sophisticated tools (nmap, nessus, metasploit) available to attackers.

िशवकुमार

சிவகுமா

भारतीय ूौोिगकी संान मुंबई

MetaSploit Framework

• Penetration testing

• Open source project

• Providing exploit code and the infrastructure

• Prevents data breaches

• Check security control

• Ensure security of new application

िशवकुमार

சிவகுமா

भारतीय ूौोिगकी संान मुंबई

Metasploit Libraries

Figure: Databases for the Vulnerability and Exploits

Version Exploit Payload Auxiliaries Encoders

3.7.0 684 217 355 27

4.0.0 716 226 361 27

4.9.2 1303 335 792 35

4.11.4 1467 432 840 37

िशवकुमार

சிவகுமா

भारतीय ूौोिगकी संान मुंबई

Certified Forensic Investigator

Scope of Forensics work

• Define and describe computer investigations

• Demonstrate correct methods of evidence gathering

• Use and evaluate various operating systems and file systems

• Equip a Forensics Lab with appropriate hardware and software

• Install, configure, and use various command-line and graphical software forensics tools

• Describe and compare various hardware devices employed by computer forensics experts

• Retrieve and analyze data from a suspect’s computer, tablet, mobile phone.

• Summarize the evidence and write investigative reports

• Utilize the services of expert witnesses

• Recover file images, and categorize the data

• Examine and trace email messages

• Obtain and control digital evidence

िशवकुमार

சிவகுமா

भारतीय ूौोिगकी संान मुंबई

forensicswiki.org

िशवकुमार

சிவகுமா

भारतीय ूौोिगकी संान मुंबई

cftt.nist.gov

Comprehensive test reports on all forensic tools!

िशवकुमार

சிவகுமா

भारतीय ूौोिगकी संान मुंबई

cfreds.nist.gov

Computer Forensics Reference Data Sets

िशवकुमार

சிவகுமா

भारतीय ूौोिगकी संान मुंबई

Android Forensics using Autopsy

From: http://www.nist.gov/forensics/upload/

6-Mahalik_OSMF.pdf How to obtain

• Contacts

• Messages and Chats

• Geolocation Data/Reports

• Multimedia files

िशवकुमार

சிவகுமா

भारतीय ूौोिगकी संान मुंबई

Geolocation Reporting

↓

Network Forensics

From en.wikipedia.org/wiki/Networkforensics

Network forensics is a sub-branch of digital forensics relating to the monitoring and analysis of computer network traffic for the

purposes of information gathering, legal evidence, or intrusion detection. Unlike other areas of digital forensics, network

investigations deal with volatile and dynamic information. Network traffic is transmitted and then lost, so network forensics is often a pro-active investigation.

Must have FoSS tools: Wireshark, SiLK. Can analyze packet captures, net flows.

िशवकुमार

சிவகுமா

भारतीय ूौोिगकी संान मुंबई

ानम ्परमम ्ेयम ् (Knowledge is Ultimate Goal)

न चोरहाय न च राजहाय न ॅातृभाम न च भारकारी

ये कृते वधत एव िनं िवाधनं सवधनूधानं

It cannot be stolen by thieves, cannot be taken away by the king, cannot be divided among brothers and does not cause a load. If spent, it always multiplies. The wealth of knowledge is the greatest among all wealths.

IIT Bombay’s motto is the title of this slide.

Eternal vigilance is the price of liberty!

Way Forward: Ramakrishna story!

िशवकुमार

சிவகுமா

भारतीय ूौोिगकी संान मुंबई