Network Security & Ethical Hacking

  • 386 views
Uploaded on

Basics Of Network Security And Ethical Hacking

Basics Of Network Security And Ethical Hacking

More in: Education
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
386
On Slideshare
0
From Embeds
0
Number of Embeds
2

Actions

Shares
Downloads
75
Comments
0
Likes
4

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Security can be defined as the process or procedure to ensure the integrity, availability, and confidentiality of data and resources against threats, viruses, bugs, and vulnerabilities. Security can be of two types: Computer security Network security refers to preventing the disclosure of information to unauthorized individuals or systems In information security, data integrity means maintaining and assuring the accuracy and consistency of data over its entire life-cycle.This means that data cannot be modified in an unauthorized or undetected manner.
  • 2. For any information system to serve its purpose, the information must be available when it is needed. This means that the computing systems used to store and process the information, the security controls used to protect it, and the communication channels used to access it must be functioning correctly. High availability systems aim to remain available at all times, preventing service disruptions due to power outages, hardware failures, and system upgrades. AVAILIBILITY
  • 3. An information security management system (ISMS) is a set of policies and procedures for systematically managing an organization's sensitive data. The goal of an ISMS is to minimize risk and ensure business continuity by pro- actively limiting the impact of a security breach. PLAN : Is about designing the ISMS, assessing information security risks and selecting appropriate controls. DO : phase involves implementing and operating the controls. CHECK : objective is to review and evaluate the performance (efficiency and effectiveness) of the ISMS. ACT : changes are made where necessary to bring the ISMS back to peak performance.
  • 4. ISO/IEC 27000 ISO/IEC 27001:2005 The ISO/IEC 27000-series (also known as the 'ISMS Family of Standards' or 'ISO27k' for short) comprises information security standards published jointly by the International Organization for Standardization (ISO) and the International Electro technical Commission (IEC). The standard explains the purpose of an Information Security Management System (ISMS), Management system and risk management and definition of information security. is an information security management system (ISMS) standard published in October 2005 by the International Organization for Standardization (ISO) and the International Electro technical Commission (IEC). The key benefits of 27001 are: o It can act as the extension of the current quality system to include security o It provides an opportunity to identify and manage risks to key information and systems assets o Provides confidence and assurance to trading partners and clients; acts as a marketing tool o Allows an independent review and assurance to you on information security practices
  • 5. ISO/IEC 27003 ISO/IEC 27004 ISO/IEC 27003 is part of a growing family of ISO/IEC ISMS standards, the 'ISO/IEC 27000 series. And the purpose of ISO/IEC 27003 is to provide help and guidance in implementing an ISMS (Information Security Management System). Tasks To Maintain The Standards :- o Seeking management approval to start the project and to implement ISMS. o Describing scope and boundary Of ISMS. o Conducting security risks assessment planning for risk treatments. o Designing ISMS and planning the implementation project. The purpose of ISO/IEC 27004:2009 is to help organizations measure, report and hence systematically improve the effectiveness of their Information Security Management System(ISMS). The standard includes the following main sections: o Information security measurement overview. o Management responsibilities. o Measures and measurement development. o Measurement operation. o Data analysis and measurement results reporting. o Information Security Measurement Program evaluation and improvement.
  • 6. PASSIVE ATTACK ACTIVE ATTACK A "passive attack" attempts to learn or make use of information from the system but does not affect system resources. TYPES : BRUTE FORCE ATTACK : Breaks the encrypted data by finding the appropriate key. ALGEBERIC ATTACK : In which you can write a cipher as a system equation. After writing a cipher you can read it by using appropriate key. CODE BOOK ATTACK : Refers to a technique for cryptanalysis. The attacker tries to build a code book in which an attacker describes the cipher text and its corresponding plain test. An "active attack" attempts to alter system resources or affect their operation. EXAMPLES : Denial-of-service attack Spoofing
  • 7. Refers to a software that is designed for preventing, identifying and removing malware including malicious codes and computer system virus. Is a sequence of code or instructions that inserted into other programs and executed when the program runs. And is harmful for pc. Boot Sector Virus : - infects the MBR of hard disk and execute at the time of booting. File infector virus : - Attach itself to executable files and executed when the program runs. Macro Virus : - Attach itself to the documents and get executed when the file opens. Multipartite Virus : - Combines the boot sector virus with file infector virus.
  • 8. Polymorphic Virus : - Get replicated when they start replicating themselves over the network. Worm : - Refers to the virus they can auto replicate from one to many and can travel from one place another through network. Trojan Horse : - A program that appears safe but can harmful for the computer as it can steal password, delete data and create security hole or backdoor for hacker. Logic Bombs : - Embeds with some program and are designed to execute on a particular date or time. Bacteria/Rabbit : - The types of codes that do not damage the files but deny access to the resources by consuming all disk space or memory. Mac (Mandatory Access Control) : - Stores highly secret or sensitive information. And mainly used in Govt. Department . Dac (Discretionary Access Control) : - It Use username and password to check weather or not the user is authorized. Authentication : - A method of verifying the users who want to access the network or computer system.
  • 9. TYPES OF AUTHENTICATION SOMETHING THE USER KNOWS : - SOMETHING THE USER HAS : - SOMETHING THE USER IS : - E-MAIL WEB AUTHENTICATING SERVER DIRECTORY SERVICES DHCP Method of specifying the access right to the information and resources .
  • 10. PRINTING :- NFS :- TELNET INSTANT MESSAGING (IM) TCP/IP UDP SMTP POP FTP HTTP DNS
  • 11. PORT IN PROTOCOL
  • 12. CHAPTER – 2 THREATS TO A COMPUTER NETWORK II
  • 13. ACCESS ATTACK MODIFICATION ATTACK REPUDIATION ATTACK DENIAL-OF-SERVICE ATTACK Aims at gaining access to information that the attacker is not authorizes to have. Refers to the attack in which an attacker can modify your computer information such as inserting or deleting the text, which appears as genuine to the user. Makes the data or information to be useless. Refers to a strategy of attack in which an outsider tries to disrupt your network and services.
  • 14. SCOPING AN ATTACK ENUMERATING NETWORK Is a method or process which is used to violate the security of the network The process of gathering information about a host or group of hosts . Information can be gathered in different ways like whois query, zone transfer, ping sweeps, and traceroute . It provides the information, such as administrative contact, billing contact, and address of the target network. A scanning technique used to determine the range of ip address that can be mapped to live hosts and also known as ICMP sweep. By which we can check whether a particular pc is live in a network or not. WHOIS QUERY THE PING SWEEP
  • 15. The Zone Transfer The Traceroute Is performed with the help of nslookup command that is supported by both unix and windows platform. The various tools can be used for zone transfer such as ws pingpro, sam spade, and netscan. A command line tool available on both windows and unix platform Since domains can be registers via so many registrars you must first query the registrar to which the domain is registered. After that you can query the domain record from the associated registrar. In which you need to query internet regional registries (RIRs) for network blocks and details. For example ARIN or APNIC whois query.
  • 16. Is a way of collecting information from the organizational DNS sever by zone transferring method. Where a hacker can collect information regarding any hosts inside the organization and their corresponding ip address known as HINFO record. In this case the attacker sends a multiple SYN request to a host but never reply the request sent by the other host. In this way the listen queue is filled and does not accept new connections, till a partially opened connections is not completed. In this case the attacker send ICMP packet instead of SYN packet for DOS attack. TCP/IP hijacking is a clever technique that uses spoofed packets to take over a connection between a victim and a host machine. This technique is exceptionally useful when the victim uses a one-time password to connect to the host machine. A one-time password can be used to authenticate once and only once, which means that sniffing the authentication is useless for the attacker. TCP SYN FLOOD ATTACK ICMP ATTACKS TCP/IP HIJACKING
  • 17. IP SPOOFING TCP SEQUENCE NUMBER ATTACK The purpose of IP spoofing is to make the data look as if it came from an trusted host when in reality it did come from the attacker’s host. And the victim starts communicating with the attacker host as it is an authenticated server. Lets see what the attacker does : The attacker wants to attack Host A. It floods Host B with new requests causing a Denial of service attack to stop Host B from communicating with A. Now, the attacker can predict the sequence number of the packet that A is expecting from B. Attacker prepares such kind of packet and sends it to Host A. Since its a faked packed so host A thinks its coming from B. Now, this host can terminate the connection or asking host A to run some malicious commands/scripts etc.
  • 18. SOCAIL ENGINEERING MALICIOUS CODES The primary purpose of a hacker is to trick people into retrieving password or other confidential information by pretending as a trustworthy person. Different ways of social engineering are :- o FRIENDSHIP o E-MAIL o DUMPSTER DRIVING o OFFICE SNOOPING o TRUST VIRUSES o BOOT VIRUS : - Affect boot sector o RESIDENT VIRUS :- Resides in RAM o DIRECT ACTION VIRUS :- First replicate itself then take action when it executed. o OVERWRITE VIRUS :-Delete the information contained a file. o POLYMORPHIC VIRUS :- Can change its own digital signature.
  • 19. o MULTIPARTITE VIRUS :- Combination of boot sector virus and program virus. o STEALTH VIRUS :- Has the ability to mask or disguise itself from antivirus. o MACRO VIRUS :- Infects files and documents. o PROGRAM VIRUS : - Executed when the program executes with whom it attached. o REMOTE ACCESS TROJAN : - Provides remote access service to the victim’s pc. o PASSWORD SENDING TROJAN :- Sends all your credentials to the person who installed it. o KEY LOGGERS :- Track and log the keystrokes of the target computer. o DESTRUCTIVE TROJANS :- Used to delete the information and database of PC. o DOS ATTACK TROJANS :-Produce Lot of traffic on the target computer and create congestion on the internet connection. o PROXY/WINGATE TROJANS :- Change the target computer into a proxy or wingate server. o E-MAIL WORMS : -Spread through emails messages. o INSTANT MESSAGING WORMS :- Spread through IM applications. o INTERNET WORMS :- Attempt to access the vulnerable PCs in internet. o INTERNET RELAY CHAT WORMS :- Spread through the chat channel mainly. TROJAN HORSE WORMS
  • 20. o FILE SHARING NETWORKS WORMS :- Spreads through shared folder affecting it. o NUWAR OL WORMS :- Delivered to the users inbox with subjects like “you are in my dreams” , “I love you so much” , etc.. And when the user opens the message it infects the computer of that user as well as the all those users inside the contact list of the person by sending the message itself. o VALENTINE E WORMS – Distribute through emails and equivalent to NUWAR OL WORMS. Is a method of obtaining information from the internet conversation between two system. Involves physical access to a part of the wire (that is access to a section of PBX) Is a modification of the software that is used to run the phone system and also known as Remote Observation System (REMBOS), Direct Access Test Unit (DATU), Electronic switching System (ESS), and translation Tap. WIRETAPS HARDWIRED WIRETAP SOFT WIRETAP
  • 21. TRANSMIT WIRETAP RECORDING WIRETAP PASSIVE EAVESDROPPING ACTIVE EAVESDROPPING Refers to the Radio Frequency (RF) transmitter connected a wire. But it can be easily detectable by competent bug sweep specialist. Is similar to a tape recorder wire into the phone line. And is similar to hardwire wiretap. Very difficult to detect as it requires a very high level technical expertise. Technical surveillance counter measures (TSCM) specialists are usually hired to detect such wiretap. Is a process of listening partially of whole conversation between two parties. A attack on network layer used to capture packet using packet sniffer tools. Refers to unauthorized, covert monitoring of data transmission. Refers to probing, scanning to tampering with a transmission channel to access the transmitted data. EAVESDROPPING
  • 22. PORT SCAN IP SCAN PORT SCANNING TECHNIQUES A method used by attacker to identifying the port that are open or in use by any pc. And can search port from 0 to 65535 used by TCP/IP suite. A method used by attacker to identify live hosts or IPs those are actively used by pcs in a network. Exa- Lan Scanner The scanning is provided by an operating system . It succeeded if the port is listening, otherwise the port is unreachable. A narrower scan that used to check some specific port or services that the attacker know how to exploit. Also known as half-open-scanning as it does not require a TCP connection to complete. If the target respond with a SYN+ACK packet to the attacker’s SYN packet then it can be considered as a open port and a reset(RST) response represent non-listener port. TCP Connect STROBE SYN Scan
  • 23. FRAGMENTED PACKET PORT SCAN FIN SCAN BOUNCE SCAN FINGER EMAIL HTTP Proxy IRC BNC (Internet Relay Chat Bouncer) Splits the TCP header into several IP fragments so that it can easily pass through a packet filter firewall as filter rule will not match with the fragmented packet. 1. Speed: TCP FIN scanning is fast compared to other types of scans 2. Stealth: TCP FIN scanning is stealthy compared to other types of scans 3. Open Port: Detects an open port via no response to the segment 4. Closed Port: Detects that a closed via a RST received in response to the FIN FTP bounce attack is an exploit of the FTP protocol whereby an attacker is able to use the PORT command to request access to ports indirectly through the use of the victim machine as a middle man for the request. Refers to the spammers, which try to relay their spams through smtp servers. Refers to the web server support to use proxy so that all web traffic can be sent to a single server for filtering and caching to improve performance of network. Refers to the attackers who want to hide their IRC identities by bouncing their connection with the help of other machines. For this purpose a particular program known as BNC can be used on other pc.
  • 24. SPOOFING Man In The Middle Attack a spoofing attack is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gaining an illegitimate advantage. IP spoofing and DNS spoofing are the most popular spoofing attacks. Different types of spoofing are :- o IP Spoofing o Content Spoofing o Caller ID Spoofing o E-Mail Spoofing o Phishing A man-in-the-middle (MITM) attack is a form of eavesdropping where communication between two users is monitored and modified by an unauthorized party.
  • 25. BLIND SPOOFING Denial-Of –Service Attack Replay Attack Password-Guessing Attack URL Spoofing and Phishing In this method the hacker blindly send packets expecting by target host without reading or packets and TCP session. Because some operating systems now use random sequence numbers which is difficult to predict them accurately. Refers to an attempt that restricts the access to the computer or network to its intended user or organization. And IP spoofing can be used to defend against D-O-S. In this method the attacker can capture the information between a client and authenticated server and then replay it by submitting the security certificate, and if the attack becomes successful, the attacker will have the privileges that provided to the certificate holder. A method of guessing password of any E-mail account or authenticate device repeatedly with the help of password cracker application. In this method the attacker design a legitimate web page, such as bank’s site or any social network web page to misguide the user by making that believe that they are connected to a trusted web site.
  • 26. IDENTITY, AUTHENTICATION AND VULNEREBILITY MANAGEMENT
  • 27. IDENTIFICATION AND AUTHENTICATION PASSWORD BIOMETRICS PHYSIOLOGICAL BEHAVIORAL Identification refers to recognizing a user and authentication refers to the process of verifying whether the user is valid or not. It can be checked in two ways :- PASSWORD and BIOMETRICS Is a code, number, word or string of character that must be kept secret from others. It used to authenticating user over network. Is defined as the process of identifying or authenticating the identity of a user by using physiological and behavioral characteristics under the close observation. And is based on what a person is rather than what a person has. And can be divided into two classes. Refers to the body characteristics such as fingerprints, face recognition, hand and palm geometry, iris scan etc.. Refers to the behavior of a person such as hand writing, voice, sound etc..
  • 28. Method of biometric authentication also can be of two types.. Here user’s biometric is compared with stored original information to verify the user and it can be done in combination with smart card, username or ID number. Here user’s biometric is compared with the biometrics available in a database to identify an unknown user. A host can authenticate a user using the following mechanism :- In SSO a user provides username (ID) and password to the network at the beginning of the authentication process to logon to the network. Prompts a user for authentication and getting a Kerberos ticket to verify the user. VERIFICATION IDENTIFICATION AUTHENTICATION OF HOST o Single-Sign-On o Kerberos o Cryptography SINGLE-SIGN-ON KERBEROS BASED
  • 29. Smart Card Based OTP Token KERBEROS Authentication Method In the smart card based SSO , The user credential are stored in the smart card. Refers to one time password token and the best way for SSO authentication. Kerberos is a secure method for authenticating a request for a service in a computer network. Kerberos was developed in the Athena Project at the Massachusetts Institute of Technology (MIT). o The user enters the username and password to request a service. o Information is passed to the Authentication server(AS) or Key distribution center(KDC). o The KDC validates the username and password. o Then the AS creates a session key basing upon the user password and a random value that represent the requested service. The session key is effectively a Ticket Granting Ticket (TGT) o Then the TGT is sent to the TGS or the user requested server. o The service either rejects the ticket or accepts it and performs the service
  • 30. CRYPTOGRAPHY Common Uses of Cryptography Access Control Password Authentication E-Mail Security Data Integrity Security Digital Signature The art of protecting information by transforming it (encrypting it) into an unreadable format, called cipher text. Only those who possess a secret key can decipher (or decrypt) the message into plain text. Encrypted messages can sometimes be broken by cryptanalysis, also called code breaking, although modern cryptography techniques are virtually unbreakable. is a mathematical scheme for demonstrating the authenticity of a message or document. A valid digital signature gives a recipient reason to believe that the message was created by a known sender. Digital signatures are commonly used for software distribution, financial transactions, and in other cases where it is important to detect forgery or tampering.
  • 31. GOALS OF CRYPTOGRAPHY Confidentiality:- Integrity :- Availability :- Terms Used In Cryptography Cipher text :- Plain text :- Encryption :- Decryption :- Key :- Substitution :- BASIC PREMITIVE OF CRYPTOGRAPHY Symmetric Key -Symmetric-key cryptography refers to encryption methods in which both the sender and receiver share the same key. This means that the key must be transferred from sender to reciever.
  • 32. Symmetric key ciphers are implemented as either ”block ciphers” or ”stream ciphers”. a block cipher is a deterministic algorithm operating on fixed-length groups of bits, called BLOCK. The process is used when the size of the data is more than 128 bit. It takes the whole block of plain text and gives the whole in cipher text as output. where plaintext digits are combined with a pseudorandom cipher digit stream (key stream). In a stream cipher each plaintext digit is encrypted one at a time with the corresponding digit of the key stream, to give a digit of the cipher text stream. The method of encryption in which different keys are used to encrypt and decrypt data. The public key is used to encrypt the message, the private key is kept secret and used to decrypt the massage. BLOCK CIPHER STREAM CIPHER ASYMMETRIC KEY OR PUBLIC KEY ENCRYPTION
  • 33. Hash Function Low Cost Determinism Uniformity Variable range Dynamic Hash Function Continuity Hashing is the transformation of a string of characters into a usually shorter fixed-length value or key that represents the original string. Hashing is used to index and retrieve items in a database because it is faster to find the item using the shorter hashed key than to find it using the original value. It is also used in many encryption algorithms. Refers to the property that generates the same hash value for each given input. Refers to the process of checking consistency of data. This implies that every input must have output in hash code according to the input. Refers to the range variation of hash values according to the program run or data. The hash table can automatically expand or shrink according to the size of the data. Increase or decrease the output value with increase or decrease in the input value.
  • 34. RSA ALGORITHM EXAMPLE RSA is an Internet encryption and authentication system that uses an algorithm developed in 1977 by Ron Rivest, Adi Shamir, and Leonard Adleman. The RSA algorithm is the most commonly used encryption and authentication algorithm and is included as part of the Web browsers from Microsoft and Netscape. Choose p = 3 and q = 11 Compute n = p * q = 3 * 11 = 33 Compute φ(n) = (p - 1) * (q - 1) = 2 * 10 = 20 Choose e such that 1 < e < φ(n) and e and n are co-prime. Let e = 7 Compute a value for d such that (d * e) % φ(n) = 1. One solution is d = 3 [(3 * 7) % 20 = 1] Public key is (e, n) => (7, 33) Private key is (d, n) => (3, 33) The encryption of m = 2 is c = 27 % 33 = 29 The decryption of c = 29 is m = 293 % 33 = 2 Where n = modulus e = encryption exponent d = decryption exponent
  • 35. vulnerability management Stages Vulnerability management is a pro-active approach to managing network security.
  • 36. 1.Discover: Inventory all assets across the network and identify host details including operating system and open services to identify vulnerabilities. Develop a network baseline. Identify security vulnerabilities on a regular automated schedule. 2.Prioritize Assets: Categorize assets into groups or business units, and assign a business value to asset groups based on their criticality to your business operation. 3.Assess: Determine a baseline risk profile so you can eliminate risks based on asset criticality, vulnerability threat, and asset classification. 4.Report: Measure the level of business risk associated with your assets according to your security policies. Document a security plan, monitor suspicious activity, and describe known vulnerabilities. 5.Remediate: Prioritize and fix vulnerabilities in order according to business risk. Establish controls and demonstrate progress. 6.Verify: Verify that threats have been eliminated through follow-up audits.
  • 37. INTRUSION DETECTION
  • 38. Introduction Stages Of IDS An intrusion detection system (IDS) is a device or software application that monitors network or system activities for malicious activities or policy violations and produces reports to a management station.
  • 39. NETWORK-BASED IDS Capture network traffic to perform intrusion detection operations. NIDS scans the network at the router or host-level, audits packet information, and log any suspicious packets into a special log file with extended information. And when it will find any severity in packets informs the security team with emails or pager calls.
  • 40. THREATS AND ACTIVITIES THAT CAN BE CONTROLLED BY NIDS CONTROL MECHANISM Advantages of IDS o IP Spoofing o Denial-Of-Service Attack o DNS name corruption o Man-in-the-Middle attack o Centralized :- The information present in the various IDSs is analyzed and processed by a central entity. o Distributed :- The log information is distributed to every node present in the network. o Low Cost Of Ownership :- Do not require any additional software to be loaded in the network. Low cost is due to the small number of detection in can make. o Detects Attacks Missed by the HIDS:- examine all the packet header for signs of malicious and suspicious activities. o Analyze the payload packet :- Examines the content of the payload, looking for command used in specific attacks. o Real-time detection and response :- Allows rapid actions such as notification and responses. The response can ranges from allowing the penetration in surveillance mode to gather information or to immediate termination of the attack.
  • 41. o More difficult for an attacker to remove evidence :- Does not allow an attacker to remove evidence because NIDS use live network traffic for attack detection. o Active Response : - When a system is threatened by any potential attack it takes the immediate possible action required to decrease the impact of attack. o Passive Response : - When a system is threatened by any potential attack it notifies the administrator about the threat. o Logging :- Records an event and the circumstances of its occurrence. It can provide sufficient information about the nature of attack. o Notification :- Communicates event-related information to the person when an event takes place. o Shunning :- refers to the activity of avoiding attack. o Terminating Process Or Sessions :- Terminate all the unauthorized process and sessions that are trying to gain access to the system by resetting the network. o Network Configuration Changes :- Instructs the firewall or border router to reject any request or traffic coming from a particular socket or address that is being attacked. o Deception :- Fools the attackers and redirects them to a system that is designed to be broken. RESPONSES Common Passive Response Strategies Common Active Response Strategies
  • 42. HOST-BASED INTRUSION DETECTION SYSTEM
  • 43. Host Based IDS Advantages Of HIDS Mechanism Signature-Based HIDS Statistical Anomaly-based IDS Designed to monitor, detect and respond to activities or attacks on a given host. And are run on individual hosts or devices in the network. o Monitors user privileges o Verify success or failure of an attack o Monitors specific system activities o Detects attacks missed by the NIDS o Well-Suited for encrypted or switched environment . o Near-Real-Time detection and response o Requires no additional hardware. Also Known as the knowledge-based IDS, compares the packet against a database of signature or attributes from the known malicious threats. Also Known as Behavior-based IDS and dynamically detects deviations arising from the behavior of the user and accordingly triggers alarm.
  • 44. Issued Faced while using an IDS Honeypots Production honeypot o Continuous increase in the network traffic. o Use of encrypted massage to transport malicious information o Lack of widely accepted IDS terminology and conceptual structures o Inappropriate and automated response attacks are also inherited. o Lacks objectivity in evaluating and testing information. A honeypot is a computer that has been designed as a target for computer attacks. It is a trap mechanism that is used to attract a hacker away from valuable network resources and provide an early indication of an attack. It is configured to interact with possible hackers and capture details of their attacks and are also known as sacrificial lambs or booby traps. It records only limited information like organization of the attack and tools used in the process.
  • 45. Identifying Operating system vulnerabilities Issues physical and local security management Logon Security Management Is a process of defining the main issues related to the security of an OS. o Managing physical and local security o Managing logon security o Managing users and groups o Managing local and global groups o Managing user accounts o Managing domains o Password protect your basic input/output system. o Boot the computer from hard disk not by using floppy or compact disks o Password protect your computer o Password Protect your all user accounts o Set LegalNoticeCaption in registry under the string HKEY_LOCAL_MACHINESOFTWAREMICROSOFTwindowsNTcurrentversion winlogon
  • 46. User and Group Management Local And Global Group Management User Account Management Domain Management o Need to create group for easy and reliable management of users o Access privilege should be given to each user or group according to the responsibilities given to the user. o Local groups refer to the computer itself. o Global groups can be belongs to a whole domain. o Password complexity must be enabled for your PC. o Last logon user details can be disabled to make the user account secure by editing the registry: - HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsNTCurrentVersionWin logon then select Edit-New-String Vlaue to create a new string value then rename the string as “DonotDisplayLastUserName” then doible click it and type 1 for value data. o You must create BDC or ADC for PDC. in case PDC stops functioning BDC can work as PDC.
  • 47. Hardening the Operating System Layers Of Protection Analysis Components of LOPA o Refers to the process of protecting, securing or providing security to a computer or network by reducing vulnerabilities, such as weak password or threats from bugs. o The OS must updated with service pack and hotfixes. o LOPA is defined as a risk assessment method. It is used in many organizations to evaluate risks and compare it with risk tolerance criteria to determine if existing safeguards are adequate or if additional safeguards are required. o Process Design : -Refers to the components that helps to reduce the probability of loss due to various events such as fire and explosions. o Basic Control :- Refers to the components that can be used to responds to critical situations. o Alarms, Manual, Intervention – IPLs Refers to devices, systems or actions that are capable of preventing a scenario from proceeding to undesired consequences. And can be organized as an Independent Protection Layer (IPL) o SIS :- Stand for Safety Instrumented System which can handle emergency situations such as emergency shutdown. o Physical Protection:-Refers to the process of protect our system from outside accident using any equipments.
  • 48. o Plant and community response/emergency response :- Refers to the process or responses they are activated after initial release of critical situations . :- Refers to the process of sending max to max DHCP requests with deceived MAC addresses to make the DHCP server out of IP address. And then the attacker uses a fake DHCP server to provide IP address to the clients and gain access to the whole network. DHCP ATTACK Address Starvation Man-In –The-Middle-Attack Rouge DHCP Server Refers to a unauthorized DHCP server generally used by attacker for sniffing or reconnaissance purpose and to gain access to network traffic.