Lockout Bypass

6 Steps to Securing Your Backup Media in Transport

Companies use significant resources to secure their production systems. The security of backup elements of the same infrastructure, especially the backup files are overlooked. This lack of security can be an excellent opportunity for an attacker.

Example scenario:
One of Shortinfosec Democorp branch office Domain Controllers has failed. A support expert is invited to assist, and he suggests to install a new server and restore the DC from system state backup of the failed one, thus retaining the SID of the old DC and other special configurations that have been implemented. The backup is kept at head office, and is sent on a CD via courier.
The CD is received, restored to the new server, and everything is good as new.

Two days later, a hacker attacks the Shortinfosec Democorp. The investigation concludes that the attacker used a domain user name and password to enter the computer system. The investigation concludes that the only possible breach of security was during the transport of the System State CD via courier.

Analysis:
The attacker has infiltrated the courier company used by Shortinfosec Democorp, and paid the courier to make a copy of all CD-s that are transited for Democorp. This can be performed even easier if the CD-s are sent via public mail, where a large number of personnel have access to sent material.
From the copy of the System State, the attacker recreated multiple clones of the domain controller in a VMware lab environment, and performed the following attacks in parallel:

1. Scanned the dumped clone for vulnerable services.
2. Performed enumeration of the domain users contained on the domain controller.
3. Performed brute force attack of the domain users contained on the domain controller. Any lockout was bypassed by simply restoring a copy of the clone and continuing with the attack
4. Performed systematic social engineering attack on targeted domain users to contained on the domain controller.

Conclusions and recommendations:
A good attacker is the one you have to be weary most about. Such an attacker will use any method to collect information, including media theft.

1. Any backup media must therefore adhere to the following recommendations:
2. All individual media containers with backup media should be sealed with a tamper evident unique label (a tamper evident bar code label with non-repeating serial number)
3. All such media must be logged, with dates of creation and tamper evidence protection label code. The log must be kept in two copies, one accompanying the tape and one kept by a person of authority which has no direct access to media containing backup (internal auditor, security officer).
4. All media containing information (erased and containing backup) must be kept in a locked enclosure with controlled access.
5. If backup is kept on a system (file server), the system must be configured for FULL AUDIT audit on access of all files. Audit logs must be regularly reviewed by a person of authority which has no direct access to media containing backup (internal auditor, security officer).
6. When the need arises to transfer media to another location, all transport methods must be treated as hostile. The media containing backup should be encrypted, and decryption keys should be transported by different channel. Also, all media must be protected by tamper evident labels with non-repeatable serial numbers, or placed in a tamper evident envelope with non-repeatable serial numbers.

About the Author

Spirovski Bozidar, CISSP, MCSA

Spirovski Bozidar is an ICT and security expert. Mr. Spirovski has worked in information management and security since 1999 His professional experience includes from Head of Systems and Security of an ISP, and Senior Solution Designer within an Incumbent Telco Opator. Bozidar currenty holds the position of a Chief Information Security Officer for bank, member of a large multinational group.
He has been involved as a guest speaker in a multitude of international conferences on information systems in CEE, covering the subjects of Personal Data protection and EU regulations, Risk Analysis and Business Continuity and Reliable Data hosting.

He is the author of the ShortInfosec Portal (http://www.shortinfosec.net)

Pioneer Avic N5 Hack Bypass lockout

Featured items Bestselling Average customer review: high to low Price: low to high Price: high to low Alphabetical: A to Z

Automatic video bypass Lockout For Kenwood DNX-9960 DNX-9980 DNX-7180 DNX-7160 DNX-7140 Sale Price: $29.99   Eligible for free shipping! Availability: Usually ships in 24 hours

Jensen automatic video DVD Navigation bypass Hack Lockout VM9214 VM9414 VM9424 VM9324 List Price: $59.99 Sale Price: $29.99 You save: $30.00 (50%)   Eligible for free shipping! Availability: Usually ships in 24 hours

PAC TR7 Universal. Trigger Module List Price: $34.95 Sale Price: $13.45 You save: $21.50 (62%)   Eligible for free shipping! Availability: Usually ships in 1-2 business days

Rosen Entertainment Fully Automatic Video Nav Bypass Hack Lockout for OEM Look Car Navigation and video systems. Sale Price: $39.99   Eligible for free shipping! Availability: Usually ships in 1-2 business days

Alpine Electronic Automatic Video Bypass Lockout Hack Triger Module List Price: $49.99 Sale Price: $29.99 You save: $20.00 (40%)   Eligible for free shipping! Availability: Usually ships in 24 hours

GM Honda Hyundai Mazda Toyota Subaru Nisan VW Rosen Entertainment Fully Automatic Video Nav Bypass Hack Lockout Sale Price: $39.99   Eligible for free shipping! Availability: Usually ships in 1-2 business days

Pioneer Avic Bypass Hack Kit Will Work for any one of Pioneer Avic Series like Z X U N D Hd F List Price: $49.99 Sale Price: $39.99 You save: $10.00 (20%)   Eligible for free shipping! Availability: Usually ships in 1-2 business days

Eclipse Automatic Electronic DVD Navigation Video Lockout Bypass Switch AVN AVX Sale Price: $29.99   Eligible for free shipping! Availability: Usually ships in 1-2 business days

US Auctions Australian Auctions Austrian Auctions Belgian Auctions Canadian Auctions French Auctions German Auctions Indian Auctions Irish Auctions Italian Auctions Dutch Auctions Polish Auctions Spanish Auctions Swiss Auctions UK Auctions

Best Match Time: ending soonest Time: newly listed Price: lowest first Price: highest first Price + Shipping: lowest first Price + Shipping: highest first

ALPINE VIDEO LOCKOUT BYPASS IVA D105 IXA W404 INA W900    US $28.90

KENWOOD VIDEO LOCKOUT BYPASS DDX616 KVT 747DVD KVT 839DVD    US $35.85

KENWOOD VIDEO BYPASS LOCKOUT KVT M707 KVT 717DVD NEW    US $29.97

KENWOOD VIDEO BYPASS LOCKOUT KVT 910DVD KVT 910DVD    US $29.97

PANASONIC AUTOMATIC VIDEO LOCKOUT BYPASS CQ VD6503U NEW    US $29.99

PAC TR 7 TR7 VIDEO LOCKOUT BYPASS IVA W200 IVA W205    US $20.99

KENWOOD VIDEO LOCKOUT BYPASS KVT 614 KVT614 DNX 7140    US $29.97

KENWOOD VIDEO BYPASS LOCKOUT KVT 50DVDRY KVT 532DVD NEW    US $35.30

KENWOOD VIDEO BYPASS LOCKOUT DNX5120 DNX7100 DNX7120    US $36.40

KENWOOD DNX8120 KVT 512 KVT 617DVD VIDEO LOCKOUT BYPASS    US $29.97

KENWOOD AUTOMATIC VIDEO BYPASS LOCKOUT DNX 9960 DNX9960    US $29.97

JVC VIDEO LOCKOUT BYPASS KW AVX720 KW ADV790 KW NT1    US $29.99

JENSEN VIDEO LOCKOUT BYPASS VM9410 VM9411 VM9412 VM9510    US $29.99

JENSEN VIDEO LOCKOUT BYPASS VM9311TS VM9312 VM9312HD    US $29.99

JENSEN VIDEO LOCKOUT BYPASS VM9021TS VM9021TSX VM9022    US $35.56

JENSEN VIDEO LOCKOUT BYPASS UV8 VM8012 VM8013 VM8022    US $29.97

ECLIPSE AUTOMATIC VIDEO LOCKOUT BYPASS AVN6600 AVN6610    US $35.62

ECLIPSE AUTOMATIC VIDEO LOCK OUT BYPASS AVN8826 AVN5500    US $35.90

DUAL VIDEO LOCKOUT BYPASS XDVD8265 XDVD8281 XDVD8285    US $29.88

PIONEER VIDEO LOCKOUT BYPASS AVH P6300BT AVHP6300BT NEW    US $33.96

View Page:   1  2

Powered by phpBay Pro