Post on 15-Jan-2015
description
transcript
From Your Pocket, to Your Heart, and Back
Cyber Security in the Financial and Healthcare Industries, and How They Affect Homeland Security!!Ian Amit, Director of Services
Hi!
Always remember that you are absolutely unique.!Just like everyone else.!
Margaret Mead
Part I !
Where we look at some examples
Wireless Network Penetration Testing Services
Confidential. Proprietary. [18]
Detailed Findings Tables
#RAPCON–1 Unauthenticated RAP Console Leaks IPSec Configuration
Device(s) RAP Console
Category Information Disclosure
Testing Method Black Box (Hardware)
Tools Used Firefox
Likelihood Medium (3)
Impact High (4)
Total Risk Rating High (12)
Effort to Fix Medium
Threat and Impact
The RAP Console is unauthenticated and displays information about the access point. Figure 1 shows a screenshot of the RAP Console home page.
Figure 1: Unauthenticated RAP Console
On the Diagnostics tab it is possible to view the conn_log, sapd_debug, dmseg, and rapper debug logs. The rapper debug log will log the PAP Username:
IKE_EXAMPLE: Starting up IKE server
Wireless Network Penetration Testing Services
Confidential. Proprietary. [18]
Detailed Findings Tables
#RAPCON–1 Unauthenticated RAP Console Leaks IPSec Configuration
Device(s) RAP Console
Category Information Disclosure
Testing Method Black Box (Hardware)
Tools Used Firefox
Likelihood Medium (3)
Impact High (4)
Total Risk Rating High (12)
Effort to Fix Medium
Threat and Impact
The RAP Console is unauthenticated and displays information about the access point. Figure 1 shows a screenshot of the RAP Console home page.
Figure 1: Unauthenticated RAP Console
On the Diagnostics tab it is possible to view the conn_log, sapd_debug, dmseg, and rapper debug logs. The rapper debug log will log the PAP Username:
IKE_EXAMPLE: Starting up IKE server
Wireless Network Penetration Testing Services
Confidential. Proprietary. [19]
setup_tunnel Initialized Timers IKE_init: completed after (0.0) (pid:16341) time:1999-12-31 16:37:53 seconds. Before getting PSK PSK:****** User:xiaobo1 Pass:******
A more serious information disclosure is the “Generate & save support file” option available on the home page of the RAP Console. The support.tgz file contained 73 files, including the ikepsk, pappasswd, and papuser files, as shown in Figure 2.
Figure 2: Contents of support.tgz
These files contain the encrypted IPSec pre-shared key, and the unique username and the encrypted password for this access point.
An attacker who has gained physical access to the access point or access to the RAP Console for the access point would be able to recover the credentials used by the access point to establish a VPN back to the controller. The credentials are encrypted with a static key, which can be easily decrypted.
Recommendations
The RAP Console has no security model. Disable it if possible.
What’s the problem there?
Medical or Financial?
What’s the problem there?
Medical or Financial?
What’s the problem there?
Who cares?
Medical or Financial?
What’s the problem there?
Who cares?
Fairly unique to healthcare, right?!Need to provide people access to medical facilities…
Kind’a like a financial institution needs to provide customers access to facilities, and their money…
ASSETSTraditionally protected?
Mapping all access paths?
Mapping all storage locations?
Secondary? Tertiary?…
Human Resources
What can it tell on your organization?
Business plans?
Access to resources?
Motivation (i.e. opportunity…)
Part II !
Where we try to connect MORE dots
The single biggest problem in communication is the illusion that it has taken place.!
George Bernard Shaw
Homeland security? Critical Infrastructure!
Homeland security? Critical Infrastructure!
Homeland security? Critical Infrastructure!
Homeland security? Critical Infrastructure!
Homeland security? Critical Infrastructure!
Part III !
Where we “disprove” what we just learned :-P
Always remember that you are absolutely unique. !Just like everyone else.!
Margaret Mead
Remember this?:
Always remember that you are absolutely unique. !Just like everyone else.!
Margaret Mead
Remember this?:
We can't solve problems by using the same kind of thinking we used when we created them!
Albert Einstein
Yes, you do need your!own special way of dealing!with your security posture.
What makes me “tick”?
• What can take the business down?!
!
• Who is involved???
vs.
Product Centric Threat/Asset Centric
Let that last one sit there for a second…
Product Centric Threat/Asset Centric
Let that last one sit there for a second…
Product Centric Threat/Asset Centric
Let that last one sit there for a second…
Produc RiskProduct Centric Threat/Asset Centric
Let that last one sit there for a second…
Produc Risk
Zero lateral knowledge transfer Peer knowledge transfer
Product Centric Threat/Asset Centric
Let that last one sit there for a second…
Produc Risk
Zero lateral knowledge transfer Peer knowledge transfer
Zero self learning (experience) Improves with practice
Product Centric Threat/Asset Centric
Let that last one sit there for a second…
Produc Risk
Zero lateral knowledge transfer Peer knowledge transfer
Zero self learning (experience) Improves with practice
Based on lab threats Based on real (relevant) threats
Product Centric Threat/Asset Centric
Let that last one sit there for a second…
Produc Risk
Zero lateral knowledge transfer Peer knowledge transfer
Zero self learning (experience) Improves with practice
Based on lab threats Based on real (relevant) threats
“Industry Best Practice” Tailored for YOUR practice
Product Centric Threat/Asset Centric
Product / Event
Risk / Asset
Vertical
Lateral
Product / Event
Risk / Asset
Vertical
Lateral
We all know the “how” !
Start asking “why”!
We all know the “how” !
Start asking “why”!
Thank YOU! !
@iiamit