1. Cyber Security & Open Source
FOSS @ FISAT, Cochin, Kerala
TIFAC CORE in Cyber Security
2. Background Information
• Who am I?
• When did I start security?
• Where do I work?
• What is my job?
• What was your inspiration for this talk?
The only truly secure system is one that is powered off, cast in a block of
concrete and sealed in a lead-lined room with armed guards. — Gene Spafford
• Part 1 :
– Insight into Cyber Security
– Web In-Security
– Network Security Myths
4. What’s Cyber Security?
• When a computer connects to a network and
begins communicating with others, it is taking
a risk. Internet security involves the protection
of a computer's internet account and files
from intrusion of an unknown user.
• Nut Shell:
– Computer security is a branch of
computer technology known as information
security as applied to computers and networks
5. Cyber Security in Nut Shell!
6. Why do WE need Cyber Security?
7. What are the Risks Involved around
8. Aren’t these just Technology issues?
If you think technology can solve your security problems, then you don't
understand the problems and you don't understand the technology. — Bruce Schneier
10. Its all about PEOPLE who makes
11. It’s all about people, who
Break into Corporates &
Organizational networks to get
access to confidential data
Penetrate major bank’s security
system to steal $10 million
12. It’s all about people, who
Write Software Code which can
completely make your computer
Create Denial of Service attacks on Sites
like Twitter, Facebook & Amazon
Recently to bring the sites to a idle
13. If large Organizations and Institutions
are not safe from Cyber Attacks…!!
14. Are YOU Safe?
15. Not Always…..
16. Can YOU be Cautious?
17. Yes. YOU can!
18. The first step in becoming
Cyber Safe is
19. General Security
20. General Security
• No personal information(Name, College, Friend’s
Name, Date of Birth etc)
• Complex, but easy to remember
• Number, Special Characters, Upper Case
• Not Dictionary words
• Don’t write it down some where
• Don’t allow programs to “remember” your
21. General Security
– Use a good, well known software
– Set up Automatic Scans
– Manually Scan files received from Outside
– Regularly update the software – to get latest
– Not always 100% effective !
– Enable your Operating System Firewall (if built in)
– If your broadband is always on – Good to have firewall
22. General Security
• Good Security Habits
– Lock your computer when you are away from it
– Disconnect your computer from the internet, if
you are not using it
– Evaluate your security settings
– Back up all of your data
23. SAFE BROWSING, EMAIL
24. Email & Chat
Chat & IM
25. Social Networks
Limit Personal Info
Billboard Rule ! Links & Add-Ons
26. Secure Sites & Cookies
• https vs http
• Check if the website has a valid Certificate
• Cookies store information about you and your
• To increase your level of security, adjust your
privacy and security settings on your browser
27. SSL In-Security Demo
• open Source Tools used for the Demo:
28. Mobile Devices
29. MOBILE DEVICES
Wireless Security Key
Physical Security Password Protection
30. Attacks & Threats
31. Well Publicized Attack Methods
Parameters in Application. Authentication/Authorisation.
Cross Site Scripting (XSS) Character Set Manipulation Broken Session Management
SQL Injection Information Gathering Broken Access Control
OS Injection Brute Force Broken Authentication
Value Tampering Broken Session Value Tampering
Cookie Poisoning Management Cookie Poisoning
Buffer Overflow SQL Injection
HTTP/XML Known Vulnerabilities.
Structure Malformation Multi-part Post/Put
Published OS Vulnerabilities
Buffer Overflow Character Set Manipulation
Published App Vulnerabilities
Directory Transversal Information Gathering
Development Tool Vulnerabilities
Forceful Browsing Embedded Parameter
DoS and DDos
Buffer Overflow Attacks (XML)
Response Splitting``` Insecure Storage
One can familiar with all the attacks using a vulnerable App project : WebGoat – Ref:
32. Web Vulnerabilities in Nut Shell
• Limit exposure of your private information
• Encrypt confidential communication
• Supplementing Passwords –Use secure
data/passwords while supplementing
42. How to get Your Network Hacked in 10
• Don’t patch anything
• Run unhardened applications
• Use one account, everywhere
• Open lots of holes in firewall
• Allow unrestricted internal traffic
• Allow all outbound traffic
• Don’t harden servers
• Reuse your email/server passwords
• Use high-level service accounts, in multiple places
• Assume everything is OK.
• Post Issues on public forums with sample configurations
43. Commonly known Vulnerabilities of
• Internet Information Services (IIS)
• Microsoft Data Access Components (MDAC) -Remote Data
• Microsoft SQL Server
• NETBIOS -Unprotected Windows Networking Shares
• Anonymous Logon -Null Sessions
• LAN Manager Authentication -Weak LM Hashing
• General Windows Authentication - Accounts with No
Passwords or Weak Passwords
• Internet Explorer
• Remote Registry Access
• Windows Scripting Host
44. Commonly Known Vulnerabilities of
• Remote Procedure Calls (RPC)
• Apache Web Server
• Secure Shell (SSH)
• Simple Network Management Protocol (SNMP)
• File Transfer Protocol (FTP)
• R-Services -Trust Relationships
• Line Printer Daemon (LPD)
• General Unix Authentication -Accounts with No Passwords or