Your SlideShare is downloading. ×
0
Invited Talk - Cyber Security and Open Source
Invited Talk - Cyber Security and Open Source
Invited Talk - Cyber Security and Open Source
Invited Talk - Cyber Security and Open Source
Invited Talk - Cyber Security and Open Source
Invited Talk - Cyber Security and Open Source
Invited Talk - Cyber Security and Open Source
Invited Talk - Cyber Security and Open Source
Invited Talk - Cyber Security and Open Source
Invited Talk - Cyber Security and Open Source
Invited Talk - Cyber Security and Open Source
Invited Talk - Cyber Security and Open Source
Invited Talk - Cyber Security and Open Source
Invited Talk - Cyber Security and Open Source
Invited Talk - Cyber Security and Open Source
Invited Talk - Cyber Security and Open Source
Invited Talk - Cyber Security and Open Source
Invited Talk - Cyber Security and Open Source
Invited Talk - Cyber Security and Open Source
Invited Talk - Cyber Security and Open Source
Invited Talk - Cyber Security and Open Source
Invited Talk - Cyber Security and Open Source
Invited Talk - Cyber Security and Open Source
Invited Talk - Cyber Security and Open Source
Invited Talk - Cyber Security and Open Source
Invited Talk - Cyber Security and Open Source
Invited Talk - Cyber Security and Open Source
Invited Talk - Cyber Security and Open Source
Invited Talk - Cyber Security and Open Source
Invited Talk - Cyber Security and Open Source
Invited Talk - Cyber Security and Open Source
Invited Talk - Cyber Security and Open Source
Invited Talk - Cyber Security and Open Source
Invited Talk - Cyber Security and Open Source
Invited Talk - Cyber Security and Open Source
Invited Talk - Cyber Security and Open Source
Invited Talk - Cyber Security and Open Source
Invited Talk - Cyber Security and Open Source
Invited Talk - Cyber Security and Open Source
Invited Talk - Cyber Security and Open Source
Invited Talk - Cyber Security and Open Source
Invited Talk - Cyber Security and Open Source
Invited Talk - Cyber Security and Open Source
Invited Talk - Cyber Security and Open Source
Invited Talk - Cyber Security and Open Source
Invited Talk - Cyber Security and Open Source
Invited Talk - Cyber Security and Open Source
Invited Talk - Cyber Security and Open Source
Invited Talk - Cyber Security and Open Source
Invited Talk - Cyber Security and Open Source
Invited Talk - Cyber Security and Open Source
Invited Talk - Cyber Security and Open Source
Invited Talk - Cyber Security and Open Source
Invited Talk - Cyber Security and Open Source
Invited Talk - Cyber Security and Open Source
Invited Talk - Cyber Security and Open Source
Invited Talk - Cyber Security and Open Source
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Invited Talk - Cyber Security and Open Source

1,195

Published on

Prepared for Invited Talk @ FISAT Cochin, Kerala.

Prepared for Invited Talk @ FISAT Cochin, Kerala.

Published in: Education
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,195
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
0
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Cyber Security & Open Source FOSS @ FISAT, Cochin, Kerala Sajan Kumar.S Research Associate, TIFAC CORE in Cyber Security Apr-21-2010
  • 2. Background Information • Who am I? • When did I start security? • Where do I work? • What is my job? • What was your inspiration for this talk? The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards. — Gene Spafford
  • 3. Agenda • Part 1 : – Insight into Cyber Security – Web In-Security – Network Security Myths – References
  • 4. What’s Cyber Security? • When a computer connects to a network and begins communicating with others, it is taking a risk. Internet security involves the protection of a computer's internet account and files from intrusion of an unknown user. • Nut Shell: – Computer security is a branch of computer technology known as information security as applied to computers and networks
  • 5. Cyber Security in Nut Shell!
  • 6. Why do WE need Cyber Security?
  • 7. What are the Risks Involved around YOU?
  • 8. Aren’t these just Technology issues? If you think technology can solve your security problems, then you don't understand the problems and you don't understand the technology. — Bruce Schneier
  • 9. NO
  • 10. Its all about PEOPLE who makes Insecurity!
  • 11. It’s all about people, who Break into Corporates & Organizational networks to get access to confidential data Penetrate major bank’s security system to steal $10 million
  • 12. It’s all about people, who Write Software Code which can completely make your computer useless Create Denial of Service attacks on Sites like Twitter, Facebook & Amazon Recently to bring the sites to a idle
  • 13. If large Organizations and Institutions are not safe from Cyber Attacks…!!
  • 14. Are YOU Safe?
  • 15. Not Always…..
  • 16. Can YOU be Cautious?
  • 17. Yes. YOU can!
  • 18. The first step in becoming Cyber Safe is Awareness!
  • 19. General Security
  • 20. General Security Passwords • No personal information(Name, College, Friend’s Name, Date of Birth etc) • Complex, but easy to remember • Number, Special Characters, Upper Case • Not Dictionary words • Don’t write it down some where • Don’t allow programs to “remember” your password
  • 21. General Security Anti-Virus Software – Use a good, well known software – Set up Automatic Scans – Manually Scan files received from Outside – Regularly update the software – to get latest definitions – Not always 100% effective ! Firewalls – Enable your Operating System Firewall (if built in) – If your broadband is always on – Good to have firewall
  • 22. General Security • Good Security Habits – Lock your computer when you are away from it – Disconnect your computer from the internet, if you are not using it – Evaluate your security settings – Back up all of your data
  • 23. SAFE BROWSING, EMAIL
  • 24. Email & Chat Attachments Spam Chat & IM
  • 25. Social Networks Limit Personal Info Privacy Settings Billboard Rule ! Links & Add-Ons
  • 26. Secure Sites & Cookies • https vs http • Check if the website has a valid Certificate • Cookies store information about you and your browsing habits • To increase your level of security, adjust your privacy and security settings on your browser
  • 27. SSL In-Security Demo • open Source Tools used for the Demo: – Fragrouter – Arpspoof – Dnspoof – Nslookup – Webmitm – Wireshark – ssldump
  • 28. Mobile Devices
  • 29. MOBILE DEVICES Wireless Security Key Physical Security Password Protection Caution! Bluetooth Caution! USB
  • 30. Attacks & Threats
  • 31. Well Publicized Attack Methods Parameters in Application. Authentication/Authorisation. Cross Site Scripting (XSS) Character Set Manipulation Broken Session Management SQL Injection Information Gathering Broken Access Control OS Injection Brute Force Broken Authentication Value Tampering Broken Session Value Tampering Cookie Poisoning Management Cookie Poisoning Buffer Overflow SQL Injection HTTP/XML Known Vulnerabilities. Structure Malformation Multi-part Post/Put Published OS Vulnerabilities Buffer Overflow Character Set Manipulation Published App Vulnerabilities Directory Transversal Information Gathering Development Tool Vulnerabilities Forceful Browsing Embedded Parameter DoS and DDos Buffer Overflow Attacks (XML) Default Installs Response Splitting``` Insecure Storage One can familiar with all the attacks using a vulnerable App project : WebGoat – Ref:
  • 32. Web Vulnerabilities in Nut Shell
  • 33. Privacy
  • 34. Privacy • Limit exposure of your private information online • Encrypt confidential communication • Supplementing Passwords –Use secure data/passwords while supplementing
  • 35. Software and applications
  • 36. Software and applications • Licensing! • Updates and patches • File sharing • Anonymity • Trojan Horses • Key Loggers • Logic Bomb • Backdoors, etc…
  • 37. Web In-Security
  • 38. Attack Scenario How to protect yourself with open source tools / distros?
  • 39. Strategies & Solutions!
  • 40. Insight into: • Information Gathering • XSS Attack • Phishing • Email Tracing • DOS Attack • SQL Injection Attack
  • 41. Network Security Myths
  • 42. How to get Your Network Hacked in 10 Easy Steps • Don’t patch anything • Run unhardened applications • Use one account, everywhere • Open lots of holes in firewall • Allow unrestricted internal traffic • Allow all outbound traffic • Don’t harden servers • Reuse your email/server passwords • Use high-level service accounts, in multiple places • Assume everything is OK. • Post Issues on public forums with sample configurations
  • 43. Commonly known Vulnerabilities of Windows Systems • Internet Information Services (IIS) • Microsoft Data Access Components (MDAC) -Remote Data Services • Microsoft SQL Server • NETBIOS -Unprotected Windows Networking Shares • Anonymous Logon -Null Sessions • LAN Manager Authentication -Weak LM Hashing • General Windows Authentication - Accounts with No Passwords or Weak Passwords • Internet Explorer • Remote Registry Access • Windows Scripting Host
  • 44. Commonly Known Vulnerabilities of Unix Systems • Remote Procedure Calls (RPC) • Apache Web Server • Secure Shell (SSH) • Simple Network Management Protocol (SNMP) • File Transfer Protocol (FTP) • R-Services -Trust Relationships • Line Printer Daemon (LPD) • Sendmail • BIND/DNS • General Unix Authentication -Accounts with No Passwords or Weak Passwords
  • 45. Internal Pen Testing • Footprint • Host Identification • Service Identification • Service Enumeration • Host Enumeration • Network Map • HSV Scans • Vulnerability Mapping/Exploitation
  • 46. References • http://planet-websecurity.org • http://www.owasp.org • http://sourceforge.net/ • https://addons.mozilla.org/en-US/firefox/addon/3899 • http://www.owasp.org/index.php/OWASP_WebScarab _NG_Project • http://www.owasp.org/index.php/Category:OWASP_W ebGoat_Project • http://web-sniffer.net/ • http://www.t1shopper.com/tools/
  • 47. Q&A
  • 48. Thank You! • Ping me Email: ammsajan@gmail.com Skype: ammasajan

×