2. INTRODUCTION
• Infosec is practice of protecting information from unauthorized access, misuse,
exposure, destruction, modification.
• Confidentiality, integrity and availability, also known as the CIA triad, is a
model designed to guide policies for information security within an
organization.
° Confidentiality: Only authorized user should access the data
° Integrity: Data should not be altered/modified
° Availability: Data should be available all the time, backup is essential.
2BHUSHAN GURAV
3. TYPES OF HACKER
• Black Hat: breaks into computer system for illegal purposes & personal gain
• White Hat: ethical hacker who has permission to hack system
• Gray Hat: Illegally hack into a system but not for personal gains. Can hack to
show his hacking skills or to prove system vulnerabilities.
• Script Kiddies: Unskilled hacker who breaks into system by using script
or tools written by others
• Hacktivists: Hacks system or network for political cause or political message
3BHUSHAN GURAV
4. TYPES OF TESTING
Black Box Gray Box White Box
Testing done without any
knowledge about the internals of
the system
Testing done with partial
knowledge about the internals of
the system
Testing done with proper
knowledge about inetrnals of the
system
Based on external specifications Based on knowledge of algorithm,
interal states, architecture
Based on detailed design and
knowledge of the internal logic of
an application code
Process is least exhastive, time
cosuming
Process is partly exhaustive and
time consuming
Process is most exhaustive and
time consuming
4BHUSHAN GURAV
5. NETWORK SECURITY
Switches:
Port Security: It can be achived by MAC binding. MAC
binding is process of mapping each physical address with
its logical address. Such measure is taken in order to keep
ports secured, if invalid mac address detected on switch
port, then it can be blocked.
Routers:
Access Control List (ACL): In order to allow trusted traffic to
and from network, ACL rules are implemented. ACLs are of
two types:
Standard ACL: Filtering traffic based on source address.
ACL numbers 1-99 and 1300-1999
Extended ACL: Filtering traffic based on source, destination
address, port numbers, protocols, etc
ACL numbers 101-199 and 2000-2699 5BHUSHAN GURAV
6. FIREWALL
Hardware Firewall Software Firewall
Expensive Comaparatively cheaper
Complex Simple
Difficult to upgrade Easy to upgrade
Difficult to configure Easy to install
Suitable for larger organiztions Ideal for individual users or small
businesses
6BHUSHAN GURAV
7. TYPES OF FIREWALL
• Packet filter firewalls: Filters data packets by checking packet headers
(metadata) and depending on set rules, accepts and discards the packets.
They are also known as network layer firewall as they work on network layer
only. It is also known as stateless firewall.
• Stateful multilayer inspection firewall: It keeps information about packet state
in a table called state table. This firewalls filter packets at the network layer,
determines if a packet is from a legitimate source or not and then evaluates
packet contents at the application layer. The state of packet is determined by
checking if packet is start of a new connection or part of existing one. If it is
neither of two, it is discarded.
7BHUSHAN GURAV
8. • Circuit level gateway firewall: It works at the network as well as transport
layer of the OSI model. It maintains a table of established connections ,
allowing data to pas when session information matches an entry in the table.
It's a stateful firewall as it maintains connection information. After completion
of a session, firewall removes its entry and all the associated entry in table
and closed the circuit this session used. They determine if session is legitimate
or not by the TCP handshake between data packets.
8BHUSHAN GURAV
9. • Application level gateway firewall: This type of firewall not only checks the
metadata of packet but also the actual data. These firewalls understand the
working of application layer protocols like HTTP, FTP, etc and hence
determines if the packet is valid or not. It performs additional access control
checking and logging. It operates at the application layer. It would work only
for protocols for which it is configured.
9BHUSHAN GURAV
10. IDS/IPS
A firewall filters traffic based on access rules that are configured on a firewall.
IDS/IPS analyzes traffic in more detail and are intelligent as compared to a firewall.
• Intrusion Detection System (IDS): IDS monitors network traffic for malicious activity
and detects an intrusion, logs information about the activity and reports the activity.
IDS uses two types of techniques Signature based IDS & Anomaly based IDS.
• Intusion Prevention System (IPS): IPS identifies malicious activity, logs information
about this activity, tries to prevent it (dropping the mailicious packets/blocking traffic
from particular IP) and reports this activity to administrator.
10BHUSHAN GURAV
11. • Signature based IDS: This will monitor traffic on the network and compare
them against a database of signatures. But, if there is new type of attack on
the network for which there is no signature in the signature database, the
attack attack can not be detected.
• Anomaly based IDS: This will monitor traffic on the network based on its
behavior. The behavior is defined by many factors such as bandwidth,
protocols, ports and devices used. Here, the system detects any type of
activity that falls out of normal system operation. The chances of false
positives are more as the system can log a normal activity as an attack, if it
matches defined attack behavior.
11BHUSHAN GURAV