http://www.workbooks.com

Page 3 http://pentestmag.com03/2012 (3)

Dear ReadersWith the beginning of Spring we start with new ideas and concepts. Just after the Easter we present you with the new issue of “Auditing & Pentesting Standards” with Cyber crime as a cover topic.

PenTest Team still does its best to make you satisfied within our new series, so that the new issue of “Auditing & Pentesting Standards” is waiting for you to read! So now, let’s focus on what we have in current issue.

On the cover you can see Stefano Maccaglia, who is a malware researcher with more than fifteen years of experience in Networking and Security and the founder of Black Sun Factory an Italian security company that is focused on Pen Testing and Cybercrime. His article opens SPECIAL REPORT section. Today Mr. Stefano explains us about the newest IP standards.

The new “CYBER WORLD” section includes 2 articles this time. Pierluigi Paganini analyzes impact of cybercrime on private and military sectors. The article describes the main cyber threats and the most common scenario used to perform cyber attacks and conduct frauds. In the same section, Dev Rathod also agrees that Cybercrime is one of the fastest growing criminal activities on the planet and includes many illegal activities such as financial scams, cyber hacking, child pornography, viruses and Trojans attacks, cyber stalking and unethical websites which create racial hatred.

We will also include some reports about new matters in IT Security world. Alex Muratov describes the importance of log monitoring and the solution that may be used to simplify and make the process more efficient.

Of course, we do not forget about new strategies and tools: Robert Keeler presents his Bring Your Own Devices (BYOD) strategy. A well defined strategy is required for creating a successful blueprint for enabling Bring Your Own Devices (BYOD) into the enterprise. For these devices to safely access corporate networks requires an understanding of the special security requirements and access control issues unique to personal devices.

I hope you will find the new issue worthwhile and fascinating. We always do our best to make our magazines better and better. If any questions or suggestion and ideas, please feel free to contact us at en@pentestmag.com.

Thank for all of you for your help and consideration!

Enjoy reading!Monika Fiodorow

& Pentest team

EDITOR’S NOTE02/2012 (02)

Page 4 http://pentestmag.com03/2012 (3) Page 5 http://pentestmag.com03/2012 (3)

CONTENTSCONTENTS

SPECIAL REPORTThe Killing Jokeby Stefano MaccagliaLast 20 years we have lived with the constant fear of IP address exhaustion essentially generated by the huge growth of Internet connectivity. The number of connected people has increased dramatically from 1997 and when Russia and China have opened their territories to Internet the expansion, this has imposed a strong acceleration to the planned evolution of the Internet Protocol (IP), no longer able to cope with the exponentially increasing amount of devices that require network connection.

CYBER WORLDAnalysis of cybercrime and its impact on private and military sectorsby Pierluigi Paganini A detailed analysis of the cybercrime phenomenon and its impact in the private and military sectors. Cyber crime an industry that knows no crisis, whose growth is unprecedented. The article describe the main cyber threats and the most common scenario used to perform cyber attacks and realize frauds.

Cyber Crime, Cybercrime Investigation and Cyber Forensicby Dev RathodCyber Crime is a term with which each computer user may aware and you have to agree that most of those users might have been a victim of cyber crime. This is a situation where he/she has to think a lot that in which

TEAMManaging Editor: Monika Fiodorowmonika.fiodorow@software.com.pl

Associate Editor: Aby Raoabyrao@gmail.com

Betatesters / Proofreaders: Jeff Weaver, Robert Keeler, Daniel Wood, Scott Christie, Rishi Narang, Dennis Distler, Massimo Buso, Hussein Rajabali,Johan Snyman, Michael Munty, Aidan Carty, Jonathan Ringler

Senior Consultant/Publisher: Paweł Marciniak

CEO: Ewa Dudzicewa.dudzic@software.com.pl

Art Director: Ireneusz Pogroszewski ireneusz.pogroszewski@software.com.plDTP: Ireneusz Pogroszewski

Production Director: Andrzej Kuca andrzej.kuca@software.com.pl

Marketing Director: Ewa Dudzicewa.dudzic@software.com.pl

Publisher: Software Media Sp. z o.o.ul. Bokserska 1, 02-682 WarszawaPhone: +48 22 427 36 56www.pentestmag.com

Whilst every effort has been made to ensure the high quality of the magazine, the editors make no warranty, express or implied, concerning the results of content usage.All trade marks presented in the magazine were used only for informative purposes.

All rights to trade marks presented in the magazine are reserved by the companies which own them.To create graphs and diagrams we used program by

Mathematical formulas created by Design Science MathType™

DISCLAIMER!The techniques described in our articles may only be used in private, local networks. The editors hold no responsibility for misuse of the presented techniques or consequent data loss.

06

16

22

Page 4 http://pentestmag.com03/2012 (3) Page 5 http://pentestmag.com03/2012 (3)

direction he/she has to make a forward step. In short words, it is leading question of the cyber space which is quiet hard to answer. An industry needs a solid and comprehensive cyber crime investigation technique to deal with it, which also plays vital role with development of new techniques, tools and Procedures.

SECURITYFrom Compliant Log Monitoring to Advanced Threat Detection by Alex MuratovNot very long ago, networks were small and computer hackers were rare. Now there are numerous transcontinental enterprise networks. Hackers have been transformed to cyber criminals who search out vulnerabilities in an attempt to steal money and intellectual property on a routine basis.

NEW TRENDThe Consumerization of IT – Bold Steps Embracing BYOD and Beyond by Robert KeelerPersonally owned digital devices are becoming the data access tool of choice as smart phones and tablets have increased mobility and productivity in the personal and professional lives of the employees who use them. A well defined strategy is required for creating a successful blueprint for enabling Bring Your Own Devices (BYOD) into the enterprise. For these devices to safely access corporate networks requires an understanding of the special security requirements and access control issues unique to personal devices.

30

36

SPECIAL REPORT

Page 6 http://pentestmag.com03/2012(3) Page 7 http://pentestmag.com03/2012(3)

The number of connected people has increased dramatically from 1997 and when Russia and China have opened their territories to Internet

the expansion, this has imposed a strong acceleration to the planned evolution of the Internet Protocol (IP), no longer able to cope with the exponentially increasing amount of devices that require network connection.

Speaking about IPv4 (the actual Internet Protocol standard) we must note that it has worked pretty well, allowing the evolution of a network architecture that supports efficiently data streams of every kind regardless of what they represent in itself.

Unfortunately, the scenario is rapidly changing and the spread of the Internet has finally exhausted the number of IP address available today.

To address this and other concerns, the Internet Engineering Task Force (IETF), well before the actual crisis, has developed a newest suite of protocols and standards known as IP version 6 (IPv6).

This version, previously called IP-The Next Generation (IPng), incorporates concepts taken from various proposed methods originally conceived for updating the IPv4 protocol.

IPv6 is designed intentionally to have minimal impact on upper- and lower-layer protocols, but also to overcome three “original sins” that have led to the IPv4 inadequacy:

• The IPv4 address space;• The IPv4 routing problems;• The End-to-End problems caused by NAT.

The philosophy behind the newest IP standard was “transparency”, in other words, the transition from the

The Killing Joke… “Pwn a LAN with a simple multicast”…

Last 20 years we have lived with the constant fear of IP address exhaustion essentially generated by the huge growth of Internet connectivity.

Figure 1. IPv4 vs IPv6 in ISO/OSI Model

CYBER WORLD

Page 16 http://pentestmag.com03/2012(3) Page 17 http://pentestmag.com03/2012(3)

Several reports published in the last months demonstrate that Cybercrime has double digit growth, being today among the four biggest

crime threat all over the world, within asset theft crimes, frauds and corruption.

The trend is the same all over the word, cybercrime industry has collected a lot of successes during the last five years, we are facing with a sector doesn’t know the word “crisis”, in fact the cybercrime’s financial and geographic growth shows no slowdown despite the global economic difficulty. Cybercrime probably took advantage of the crisis factor, to undermine the business much more profitable. Lack of awareness of the incoming cyber threats, and contraction of

investment in prevention and control have played in favor of cybercrime. No company or organization is immune. Cybercrime growth has been fueled by an evident lack of adequate protection.

According a recent Norton cybercrime report costing fraud victims more than $388 billion worldwide over the past year, consider that up 35% of the global cybercrime bill were U.S. fraud victims, who spent $139 billion on cybercrime last year. An amounts of 141 victims per minute, an alarming statistic even for Norton’s consumer cybercrime expert, Helen Malani (Figure 1).

Online adults who have experienced with cybercrime in their lifetime are globally at 69% that indicate that the new threats are being part of everyone life,

Analysis of cybercrime and its impact on private and military sectors

A detailed analysis of the cybercrime phenomenon and its impact in the private and military sectors. Cyber crime an industry that knows no crisis, whose growth is unprecedented. The article describe the main cyber threats and the most common scenario used to perform cyber attacks and realize frauds.

Figure 1. Cybercrime Report 2011

CYBER WORLD

Page 22 http://pentestmag.com03/2012(3) Page 23 http://pentestmag.com03/2012(3)

In the current era, Cybercrime is one of the fastest growing criminal activities on the planet. It includes many illegal activities such as financial scams,

cyber hacking, child pornography, viruses and Trojans attacks, cyber stalking and unethical websites which create racial hatred. As the graph of cybercrime peaking high rapidly, it became necessary to have proper cyber forensic model and tools to encounter cybercrime cases fast and efficiently. In this article, I have explained in which manner cyber forensic investigation process should be. Proposed model of investigation will make you understand those processes easy.

Framework for Conducting an Investigation of a Computer Security IncidentWhat is the threat? How proficient does the “Hacker” need to be?Computers can easily be manipulated and “booby trapped” to intentionally destroy data. You don’t need computer wizard to command a computer to destroy data and create chaos. Hacking tools are easily available on the internet with tutorial. Hackers can usually find ways to bypass firewalls. When you find an ongoing attack, you can’t really find that whether it is fun by any kid or sophisticated, destructive attack by precursor.

You must investigate them all as though they were potentially the most serious case possible, and pray they are not.

How can a Hacker work his wiles and cover his tracks?

• The Hacker starts his chase with vulnerability scanner tools which are easily available on the Internet as Freeware Such as SATAN. Since SATAN has been widely publicized, “in-the-know” systems administrators have run SATAN against their own systems and fixed vulnerabilities they found. But others have not, and there are other products continually produced that circumvent previously known safeguards.

Cyber Crime, Cybercrime Investigation and Cyber Forensic

Cyber Crime is a term with which each computer user may aware and you have to agree that most of those users might have been a victim of cyber crime. This is a situation where he/she has to think a lot that in which direction he/she has to make a forward step. In short words, it is leading question of the cyber space which is quiet hard to answer. An industry needs a solid and comprehensive cyber crime investigation technique to deal with it, which also plays vital role with development of new techniques, tools and Procedures.

SECURITY

Page 30 http://pentestmag.com03/2012(3) Page 31 http://pentestmag.com03/2012(3)

This article will describe the importance of log monitoring and the solution that may be used to simplify and make the process more efficient.

Why keep logs?For many organizations, the question of why to keep logs has a very simply answer – because we have to. In fact, there are many laws and regulations which mandate the gathering and keeping of logs. They are:

1. PCI DSS (Data Security Standards)2. SOX3. Gramm-Leach-Bliley Act (GLBA) 4. Many others! (VISA CISP, FFIEC, Basel II, etc.)

PCI DSSThe PCI DSS requirement #10 stipulates one must track and monitor all access to network resources and cardholder data. This` requirement also necessitates one to keep an audit trail history for at least one year and at least three months of history must be immediately available for analysis.

HIPPAThe Security Standards for the Protection of Electronic Protected Health Information obligates the keeping of records about action, activity and assessment. Though it is not directly related to any network or firewall logs, it

is worth keeping file server logs, for example ones that indicate access to patient information.

GLBAThe Gramm-Leach-Bliley Act requires the keeping of records about financial activity. Similar to HIPPA, electronic records about access to particular financial documents or controls have to be recorded and retained for further audit.

An organization may be subject to one or more of the regulations mentioned above. It is an arduous task to meet all of the requirements and insure required controls are in place. It also may be very expensive taking into account how much data an organization has to keep for a given period of time (from one month to 6 years). The data may occupy many terabytes of disks or tapes.

What is the true purpose of keeping all of this data? Regulations state that record keeping is required to enable auditing the usage of critical and confidential information and to identify unauthorized and/or unintended access that may be malicious. It may not be possible to identify threats in real time and effectively block unauthorized access to apply required countermeasures.

There are a number of well-known security breaches that significantly highlight the ability to quickly identify and react to a threat.

From CompliantLog Monitoring to Advanced Threat Detection

Not very long ago, networks were small and computer hackers were rare. Now there are numerous transcontinental enterprise networks. Hackers have been transformed to cyber criminals who search out vulnerabilities in an attempt to steal money and intellectual property on a routine basis.

http://www.sptechcon.com

NEW TREND

Page 36 http://pentestmag.com03/2012(3) Page 37 http://pentestmag.com03/2012(3)

Once connected to internal corporate WIFI, the task becomes one of insuring these devices do not present additional risks to network data. This

is accomplished by careful initial and recurring audits of each device determining the type of device, the device ownership status, the overall health of the device, and of course local and remote data permissions for the users attempting to access corporate data, whether at work, or remotely.

Less than a year ago, industry analysts and CIOs were remarking negatively about the risk that BYOD placed on the the overall security of enterprise data. Today, the resistance toward employee requests wanting to bring and use their own devices has faded. Recent studies conclude that most corporations are now actively planning and implementing solutions to enable BYOD in the workplace. Companies are directly pursuing very definite plans for what is being referred to as the consumerization of IT. The benefits seem to easily outweigh the cost considerations. The fact that most of these device purchases are funded directly by employees and not a required investment by IT leads to an even more interesting reason to adopt a BYOD strategy. A reduction in IT operating costs..

As a result, Bring Your Own Devices (BYOD) implementation is no longer a wish list item for enterprise IT planners. The reality today is that we must incorporate this technology and find ways to adapt our

security to be able to leverage this new technology and harness the benefits of an increase in user productivity while minimizing any risk.

The planning and implementation of any BYOD blueprint must involve IT, HR, Finance and Legal departments in combination with C-level executives for an accurate determination of corporate and employee liability issues. In addition to regulatory, legal, and security issues, there may be financial, tax concerns, and most importantly regulatory compliance mandates to be addressed.

Every week seems to bring a another announcement of new personal mobile digital device. These devices narrow the gap between personal computers and smart phones and tablets. The frequency of purchasing new devices released directly impacts the number of requests from employees to access their corporate resources from these newly purchased devices. Options for allowing users to use their devices to access the corporate network can be expensive and cumbersome if IT must adapt solutions to each new device released. BYOD solutions exist to enable the technology while providing infrastructure though both technology and strategy that requires little in house effort. The best solutions offer immediate functionality and automation of device provisioning. Providing a continuing solution to allow for tomorrows devices without great investments in time and resources is a necessity.

The Consumerizationof IT – Bold Steps Embracing BYOD and Beyond

Personally owned digital devices are becoming the data access tool of choice as smart phones and tablets have increased mobility and productivity in the personal and professional lives of the employees who use them. A well defined strategy is required for creating a successful blueprint for enabling Bring Your Own Devices (BYOD) into the enterprise. For these devices to safely access corporate networks requires an understanding of the special security requirements and access control issues unique to personal devices.

�������������������������������

� ������������������������������������������

� ��������������������������������������������������������������������������

������

��������� ��������������������������

���� ����� ������

���������������������������������������������������

��������������������������������

��������� ���������������������������������������� �������������������������������������������������������������������������������������������������������������������������

�����������������������

������������������������

��������

������������������������������������������������������������������������������������������������������������������������������������������������

������������������������������������������

�����������������������������������������������������������������������������������������������������������������������

����������������������������������������������������

In the next issue of

If you would like to contact PenTest team, just send an email to maciej.kozuszek@software.com.pl or ewa.dudzic@software.com.pl . We will reply a.s.a.p.

(NFC) Near Field Communications

Available to download on May 7th

���������������������������������������������������

������������

� � � � � � � � �

�� ��������������������� ������������������������������������������ ������������������������� ���������

�� ��������������������� ����������������������������� ������������

��������������

�������������������

���������

�������������������������������������������

� ����������������

pwnplug - Dave-ad3-203x293mm.indd 1 1/5/12 3:32 PM