SEC 572 Week 1 iLab Network Attacks 0
Network Attacks iLab 1 – Week 1
Targeted Attack on a Network Device
Submitted to: Dr. Charles Pak
SE572 Network Security
Keller Graduate School of Management
Submitted: September 07, 2014
Table of Contents
Executive Summary 3
Summary of Results 3-4
Details on Attack 5
Name of the Attack 5
Attack Discovery and Resolution Sates 5
Synopsis of the Attack 5
Vulnerable Target(s) for the Attack and Likely Victims 6
Probable Motivation(s) of the Attack 6
Probable Creators of the Attack 7
Deployment, Propagation or Release Strategy of the Attack 7
Published Countermeasures against the Attack 7
Published Recovery Techniques used to return to Normal Operations after the Attack 8
Recommended Incident Reporting Measures 8
Summary 8
References 9
Executive Summary
[Company] has been contracted to conduct a penetration test against [Organization] external web presence. The assessment was conducted in a manner that simulated a malicious actor engaged in a targeted attack against the company with the goals of:
Identifying if a remote attacker could penetrate [Organization] defenses.
Determining the impact of a security breach on:
The confidentiality of the organization’s customer information.
The assessment was conducted in accordance with the recommendations outlined in NIST SP 800-115 (Technical Guide to Information Security testing and Assessment). The results of this assessment will be used by [Organization] to drive future decisions as to the direction of their information security program. All test and actions were conducted under controlled conditions. (Security O. , 2012)
Summary of Results
Network reconnaissance was conducted against the address space provided by [Organization] with the understanding that this space would be considered the scope of this engagement. It was determined that the organization maintains a minimal external presence, consisting of an external web site and a hosted mail service. This constituted a small attack
Targeted Attack on a Network Device
Submitted to: Dr. Charles Pak
SE572 Network Security
Keller Graduate School of Management
Submitted: September 07, 2014
Table of Contents
Executive Summary 3
Summary of Results 3-4
Details on Attack 5
Name of the Attack 5
Attack Discovery and Resolution Sates 5
Synopsis of the Attack 5
Vulnerable Target(s) for the Attack and Likely Victims 6
Probable Motivation(s) of the Attack 6
Probable Creators of the Attack 7
Deployment, Propagation or Release Strategy of the Attack 7
Published Countermeasures against the Attack 7
Published Recovery Techniques used to return to Normal Operations after the Attack 8
Recommended Incident Reporting Measures 8
Summary 8
References 9
Executive Summary
[Company] has been contracted to conduct a penetration test against [Organization] external web presence. The assessment was conducted in a manner that simulated a malicious actor engaged in a targeted attack against the company with the goals of:
Identifying if a remote attacker could penetrate [Organization] defenses.
Determining the impact of a security breach on:
The confidentiality of the organization’s customer information.
The assessment was conducted in accordance with the recommendations outlined in NIST SP 800-115 (Technical Guide to Information Security testing and Assessment). The results of this assessment will be used by [Organization] to drive future decisions as to the direction of their information security program. All test and actions were conducted under controlled conditions. (Security O. , 2012)
Summary of Results
Network reconnaissance was conducted against the address space provided by [Organization] with the understanding that this space would be considered the scope of this engagement. It was determined that the organization maintains a minimal external presence, consisting of an external web site and a hosted mail service. This constituted a small attack
References: Name of the Attack It is called the Heart Bleed Bug because Bug is in the OpenSSL 's implementation of the TLS/DTLS (transport layer security protocols) heartbeat extension (RFC6520) This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users. (Codenomicon, 2014) Probable Creators of the Attack This is an implementation problem, i.e. programming mistake in popular OpenSSL library that provides cryptographic services such as SSL/TLS to the applications and services. (Codenomicon, 2014) Deployment, Propagation or Release Strategy of the Attack Exploitation of this bug does not leave any trace of anything abnormal happening to the logs. (Codenomicon, 2014) Summary Codenomicon. (2014, April 04). Heart Bleed. Retrieved from Heart Bleed: http://heartbleed.com/ CVE Database, N. V. (2014, April 07). National Cyber Awareness System. Retrieved from http://web.nvd.nist.gov/: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0160 Security, O