TCOM 59901 Information Assurance Management Software Hacking.
-
Upload
randolf-bridges -
Category
Documents
-
view
219 -
download
0
Transcript of TCOM 59901 Information Assurance Management Software Hacking.
TCOM 5990 1
Information Assurance Management
Software Hacking
TCOM 5990 2
Software Hacking
• Remote Control Software– Essential for a globally connected economy.– Support personnel rarely on site.– Indispensable for administrators…– misconfigured and filled with security
weaknesses.
TCOM 5990 3
Software Hacking
• Weaknesses– Cleartext user names and passwords
– Weak passwords
– Revealed passwords pulled from the GUI (remote or locally)
– Uploading profiles
TCOM 5990 4
Software Hacking
• Countermeasures– Enable passwords
– Enforce strong passwords
– Force alternate authentication
– Password protect profile and setup files
– Logoff user with call completion
TCOM 5990 5
Software Hacking
• Countermeasures– Encrypt session traffic
– Limit login attempts
– Log failed attempts
– Lockout failed users
TCOM 5990 6
Web Hacking
• HTML source page
• Low hanging fruit…
• Common, well publicized vulnerabilities