Seucrity in a nutshell


Published on

Introduction to security

Published in: Education
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Asset – People, property, and information.Threat – Anything that can exploit a vulnerability, intentionally or accidentally, and obtain, damage, or destroy an asset.Vulnerability – Weaknesses or gaps in a security program that can be exploited by threats to gain unauthorized access to an asset.Risk – The potential for loss, damage or destruction of an asset as a result of a threat exploiting a vulnerability.
  • Maltego:
  • NetstumblerKismit
  • Also, he may use some tricking techniques to communicatewith the compromised system.
  • IDS: Analyzes copies of the traffic stream Does not slow network traffic Allows some malicious traffic into the networkIPS: Works inline in real time to monitor Layer 2 through Layer 7 traffic and content Needs to be able to handle network traffic Prevents malicious traffic from entering the network
  • Isolate VMs which have diff security level
  • Seucrity in a nutshell

    1. 1. Yahia KandeelGCIH, GSEC, RHCE, CEH, CCNA, MCPInformation Security EngineerRaya IT
    2. 2.  Security Terminologies DiD Security Model Authentication systems Cryptography How Attackers Do It ..!! Network & Host Security Wireless Security
    3. 3.  Its an technique for ensuring that data stored in a computer cannot be read or compromised by any individuals without authorization.
    4. 4.  CIA  Confidentiality  Integrity  Availability Integrity A  AAA A  Authorization  Access Control A  Authentication
    5. 5.  Asset: is what we’re trying to protect. Vulnerability: a weakness that may lead to undesirable consequences. Threat: anything that can exploit a vulnerability Risk: a potential problem Risk = Vulnerability * Threat
    6. 6.  Physical access to the computer system and networks is restricted to only authorized users.  Access Controls,  Physical barriers, etc…
    7. 7. In network security, an emphasis is placed on: Network segmentation between different systems from different security level or categories. Controlling access to internal computers from external entities. This can be done by:  Firewalls between different zones.  Virtual LANs (Vlans)  Access Controls on network devices  Vulnerability Scanners
    8. 8.  Host security takes a granular view of security by focusing on protecting each computer and device individually instead of addressing protection of the network as a whole:  Authentication and Logging Mechanisms  Host based IDS  File Integrity Checkers For Client Security:  NAC  Antivirus
    9. 9.  A Web application is an application, generally comprised of a collection of scripts, that reside on a Web server and interact with databases or other sources of dynamic content.  Examples of Web applications include search engines, Webmail, shopping carts and portal systems
    10. 10.  Application attacks are the latest trend when it comes to hacking. On average, 90% of all dynamic content sites have vulnerabilities associated with them. No single web server and database server combination has been found to be immune! “Today over 70% of attacks against a company’s network come at the ‘Application Layer’ not the Network or System layer - Gartner
    11. 11.  How to secure a resource?  Authentication  Authorization  Accounting
    12. 12.  Something you know Something you have Something you are
    13. 13. One-factor authenticationTwo-factor authentication
    14. 14.  Memorize password Use different passwords Use longer passwords  Use upper- and lower-case letters, numbers and special characters Change frequently Avoid reusing passwords
    15. 15.  Encryption = convert to unreadable format Decryption = convert back to readable format Algorithm = procedure for encrypting or decrypting Cipher = encryption & decryption algorithm pair
    16. 16.  Hash (digest) = fixed-length derivation of a plaintext One-way operation Unique value / significant change with even single-bit changes in plaintext
    17. 17.  Data verification Secure password storage Secure password transmission Examples:  md5  sha1
    18. 18.  DES Triple DES AES Rijndael Blowfish RCn (RC5, RC6, etc.) OTP
    19. 19.  Advantages ?  Speed Disadvantages!!  Key distribution
    20. 20.  Advantages ?  Key distribution Disadvantages!!  Very slow  Key distribution
    21. 21.  Provides an increased level of confidence for exchanging information over an increasingly insecure Internet. By using a Certificate Authority..
    22. 22.  Identification information Public key Hash of the public key Signed by trusted third-party
    23. 23. ReconnaissanceCovering Scanning Tracks Maintain Exploitation Access
    24. 24.  Finding out as much as possible information about the target. This can be done by: 1. whois look-up 2. Viewing Victims current & old website 3. IP Addresses 4. Available e-mails on the internet 5. Metadata of All published documents 6. DNS Enumeration
    25. 25. Using whois we can know:• Registrar.• Domain status.• Expiration date, and name servers.• Contact information for the owner of a domain name or IP.• IP and IP location information• Web server information,• Related domain availability, premium domain listings, and more.
    26. 26. Using we can know:• All available information of the target’s web sites in the past..!!Using Meltego we can Gather :• All publicity available Info about target’s infrastructure & personal including their mails, phone numbers ..etc
    27. 27. Using Google we can know:• More than you imagine !!Using FOCA we can :• Analyze all targets Documents to know email addresses, user names, software versions, operating systems, internal server names, mapped drive share information, etc.
    28. 28.  In scanning phase, we’ll scan the entire network and the publicity accessible systems to gain more information about the target. This phase includes: 1. Port scanning 2. Vulnerability scanning 3. Open shares 4. Firewall’s implemented rules 5. War driving
    29. 29. Using nmap we can know:• Live hosts, the open ports, listening applications and OS on the target system.Using Nessus we can know:• Existing vulnerabilities associated with each running services, missed configurations, and default users & passwords.
    30. 30. Using firewalk we can know:• The firewall implemented rules..Using wa3f we can know:• The existing Web application vulnerabilities.Using Netstumpler kismt we can know:• Open wireless access points, wardriving, also we can find hidden AP and its associated SSID, channel #, signal power
    31. 31. Nmap supports: Multi-Scanning types:  Full Scan  SYN Scan  XMAX Scan  Ideal Scan  UDP Scan  Ping Scan OS fingerprinting Application fingerprinting
    32. 32.  Nessus provides a simple, yet powerful interface for managing vulnerability-scanning activity. To use Nuesses: 1. Creating a Policy I. Define scan type II. Optional, add taget’s credentials III. Chose the appropriate plug-ins 2. Creating and Launching a Scan 3. The output will be in the Reports tab
    33. 33.  wa3f provides a flexible framework for finding and exploiting web application Vulnerabilities. It is easy to use and extend and features dozens of web assessment and exploitation plug-ins.
    34. 34.  Gain access to the OS, applications on the computer or victim’s network !!
    35. 35.  This can be done by: 1. IP Address Spoofing 2. Password Cracking 3. MiTM Attack 4. Sniffing 5. DoS Attacks 6. Viruses & Worms
    36. 36.  In addition, exploiting systems can be done by: 1. Trojans & Backdoor 2. Social Engineering 3. DHCP & DNS Attacks 4. Web Hacking 5. Wireless Hacking 6. Buffer Overflow
    37. 37.  How ?  Normal IP address configurations.  Packet crafting.  Using proxies. When ?  Access based on IP address  Hide identity
    38. 38.  Use it to recover passwords from computer systems. -- System Admins— Use it to gain unauthorized access to vulnerable system --Hackers -- Password racking Methods : ▪ Dictionary Attack ▪ Brutforce Attack ▪ Hybrid Attack ▪ rainbow table attacks
    39. 39. Do you know ARP problem ?Why ARP ?When a machine needs to talk to another, it should know: 1. Destination IP 2. Destination MAC
    40. 40. Problem!!
    41. 41.  A sniffer is a piece of software that grabs all of the traffic flowing into and out of a computer attached to a network. Some Sniffers have add-on features: 1. Analyzes network traffic 2. Decoding network protocols
    42. 42.  Is an attempt to make a computer or network resource unavailable to its intended users. -- Wikipedia --
    43. 43.  What is a virus?  Malicious SW needs a carrier  Needs user Interaction  Needs a trigger What is a worm ?  Don’t need a carrier  Self replicated  Used to conquer new targets
    44. 44.  DHCP  Starvation attack DNS  Cash Poisoning
    45. 45.  “All input is evil until proven otherwise!” Due to bad filtration on user inputs, the web application may be vulnerable to:  SQL Injection  XSS  Directory Traversal  Session Hijacking  Account Harvesting
    46. 46.  Shared media Broadcast Vulnerable Encryption Algorithms ▪ To be continued ….
    47. 47. void foo (char *bar){ char c[12]; strcpy(c, bar); // no bounds checking...}int main (int argc, char **argv){ foo(argv[1]);}
    48. 48.  Trying to retain the ownership of the compromised system. This phase include: 1. Install Backdoors 2. Using RootKits
    49. 49.  In this phase, the attacker will try to hide his activities on the system and on the network.
    50. 50.  Attacks !! Mitigation:  Access control lists ▪ Essentially white or black list ▪ MAC or network address ▪ Layer 2 or layer 3  VLANs ▪ Virtual network segments ▪ “Distinct broadcast domain”
    51. 51.  Attacks !! Mitigations:  Use access controls.  Secure routing configuration.  Use any kind of prevention techniques
    52. 52. Preventive , Detective or Reactive
    53. 53.  A firewall is a hardware or software system that prevents unauthorized access to or from a network. Types of Firewall:  Network layer ▪ Packet filters ▪ Stateful Inspection  Application layer  Proxy
    54. 54.  Device or software application that monitors network and/or system activities for malicious activities or policy violations and produces alerts Terminologies:  Alert/Alarm  True Positive  False Positive  False Negative  True Negative
    55. 55.  Signature-Based Detection Statistical anomaly-based detection. Stateful Protocol Analysis Detection Types:  Network-based IDS  Wireless IDS  Host-based IDS
    56. 56.  An Intrusion Prevention System works similar to an IDS. In addition it can block, prevent or drop the malicious or unwanted traffic in real-time. Placed in-line Modes  Learning mode  Active mode
    57. 57.  Network regions of similar level of trust  Trusted  Semi-trusted  Untrusted Defense in depth, Security is Layers …
    58. 58.  Filter packets entering network Turn off directed broadcasts Block packets for any source address not permitted on the Internet Block ports or protocols not used on your network for Internet access Block packets with source addresses originating from inside your network Block counterfeit source addresses from leaving your network
    59. 59.  Command line terminal connection tool Replacement for rsh, rcp, telnet, and others All traffic encrypted Both ends authenticate themselves to the other end Ability to carry and encrypt non-terminal traffic
    60. 60.  Computers installed out of the box have known vulnerabilities  Not just Windows computers All services are vulnerable by default … Hackers can take them over easily They must be hardened—a complex process that involves many actions
    61. 61.  System/application (Vendors) design errors. System/application mis-configuration errors. In-house applications !!
    62. 62.  Secure installation and configuration  CIS benchmark  Vendor Documentations  SANS Reading Room Turn off unnecessary services (applications) Harden all remaining applications
    63. 63.  Manage users and groups  Default accounts …!! Manage access permissions  For individual files and directories, assign access permissions specific users and groups Back up the server regularly
    64. 64.  Known Vulnerabilities  Most programs have known vulnerabilities  Exploits are programs that take advantage of known vulnerabilities. Regularly check missing patches  Using Nessus you can do this task easily Install Anti-Virus/Firewalls on all Servers
    65. 65.  Reading Event Logs  The importance of logging to diagnose problems ▪ Failed logins, changing permissions, starting programs, kernel messages, etc. File Encryption File Integrity Checker Monitoring Running Services & Processes & Network Traffic.
    66. 66.  Nessus
    67. 67.  Work-around: A series of actions to be taken; no new software Patches: New software to be added to the operating system Upgrades: Newer versions of programs usually fix older vulnerabilities.
    68. 68.  Wireless networking  2.4 – 2.5 GHz  Data Link layer specifications  Access Point Family:  802.11a  802.11b  802.11g  802.11n
    69. 69.  Physical Access  Rouge access point Firmware vulnerabilities  Protocol vulnerabilities Default accounts  Some vendors hardcode admin accounts on AP
    70. 70.  Physical devices Laptop software  Airsnort  NetStumbler War driving
    71. 71. What a lovely symbols …
    72. 72.  Wired Equivalent Privacy (WEP) Wi-Fi Protected Access (WPA) WPA2
    73. 73.  Physical Barriers.. Strong Encryption Mac filtering Static IP addressing Restricted access networks 802.1X Service Set Identifier (SSID) No. Regularly scan for rouge AP
    74. 74. Bruce Schneier