구현기능 |
1. Network 관련 구성 내용 - Hierarchical 3 layer 모델을 기반으로 Network 토폴로지 설계 - ServerFarm, 관제센터 Network 망분리 - Network 할당 내역 - Spanning Tree, Gateway 이중화, VPN(Remote Access) - L4 Switch(SLB, FWLB, HA) 2. 보안 iptables(Network 기반), IDS(Network 기반), IPS, NAC(Untangle) 3.System 관련 구성 내용 계정 및 그룹 관리, rsyslog, logrotate, 백업(rsync), PAM, Tripwire 4.Service(Application) 관련 구성 내용 DNS(Master, Slave), DNSSEC, DHCP, FTP, WEB(HSTS-Redirect) 5. 기타 SOL 관련 구성 내용 UTM ESM WAPPLES(proxy) ----- [사용 기술] 1) White Box / Black Box Testing 2. 수동적 정보수집 1) DNS 정보수집 (1) Zone Transfer (2) Dictionary Attack 2) 경로추적 3. 능동적 정보수집 1) Active Host Scanning 2) Port Scanning 3) IDLE Scanning(winxp) 4) Vulnerability Scanning (Window XP 대상) 5) Nessus (Window XP대상) ---------------------------------------------------------- 4. 공격수행 1) Metasploit 2) Network (1) Sniffing - ARP Spoofing or ARP Redirect - ICMP Spoofing(ICMP Redirect) - GRE - DHCP Attack(Starvation / Spoofing) (2) Spoofing - IP Spoofing(SSH 접근통제 우회) - DNS Spoofing / DNS Cache Poisoning (3) Hijacking - TCP session Hijacking(Telnet) 3) System (1) 악성코드 - Ransomeware, Trojan, RAT, Backdoor, Wiper Malware (2) PW Cracking - john-the-ripper, Hydra, Xhydra 4) WEB (1) 정보수집 - Banner Grabbing, Fingerprinting, WEB Spidering, Vulnerability Scan (2) Bypassing Client Side Validation (3) WEB 인증 공격 - Form Based Authentication Brute Forcing - Basic / Form Based Authentication Dictionary Attack (4) WEB 세션 공격 - Fixation, Hijacking (5) Cross Site Scripting - Stored, Reflected (6) Cross Site Request Forgery - Stored, Reflected (7) SQL Injection - 인증우회, Non-Blind(Query/Error), Blind(Boolean/Time) (8) Directory Listing (9) File Upload/Download (10) SSL Attack - Mitm, Strip, HeartBleed 5) DOS / DDOS / DRDOS(실제공격) (1) DOS - Syn Flooding, TCP Connection Flood, UDP Flooding, ICMP Flooding (2) DDOS - TCP Connection Flood, UDP Flooding, ICMP Flooding, GET Flooding, Hulk, CC Attack, Slow HTTP POST/Header/read DOS (3) DRDOS - ICMP Flooding |