Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Seucrity in a nutshell


Published on

Introduction to security

Published in: Education
  • Be the first to comment

  • Be the first to like this

Seucrity in a nutshell

  1. 1. Yahia KandeelGCIH, GSEC, RHCE, CEH, CCNA, MCPInformation Security EngineerRaya IT
  2. 2.  Security Terminologies DiD Security Model Authentication systems Cryptography How Attackers Do It ..!! Network & Host Security Wireless Security
  3. 3.  Its an technique for ensuring that data stored in a computer cannot be read or compromised by any individuals without authorization.
  4. 4.  CIA  Confidentiality  Integrity  Availability Integrity A  AAA A  Authorization  Access Control A  Authentication
  5. 5.  Asset: is what we’re trying to protect. Vulnerability: a weakness that may lead to undesirable consequences. Threat: anything that can exploit a vulnerability Risk: a potential problem Risk = Vulnerability * Threat
  6. 6.  Physical access to the computer system and networks is restricted to only authorized users.  Access Controls,  Physical barriers, etc…
  7. 7. In network security, an emphasis is placed on: Network segmentation between different systems from different security level or categories. Controlling access to internal computers from external entities. This can be done by:  Firewalls between different zones.  Virtual LANs (Vlans)  Access Controls on network devices  Vulnerability Scanners
  8. 8.  Host security takes a granular view of security by focusing on protecting each computer and device individually instead of addressing protection of the network as a whole:  Authentication and Logging Mechanisms  Host based IDS  File Integrity Checkers For Client Security:  NAC  Antivirus
  9. 9.  A Web application is an application, generally comprised of a collection of scripts, that reside on a Web server and interact with databases or other sources of dynamic content.  Examples of Web applications include search engines, Webmail, shopping carts and portal systems
  10. 10.  Application attacks are the latest trend when it comes to hacking. On average, 90% of all dynamic content sites have vulnerabilities associated with them. No single web server and database server combination has been found to be immune! “Today over 70% of attacks against a company’s network come at the ‘Application Layer’ not the Network or System layer - Gartner
  11. 11.  How to secure a resource?  Authentication  Authorization  Accounting
  12. 12.  Something you know Something you have Something you are
  13. 13. One-factor authenticationTwo-factor authentication
  14. 14.  Memorize password Use different passwords Use longer passwords  Use upper- and lower-case letters, numbers and special characters Change frequently Avoid reusing passwords
  15. 15.  Encryption = convert to unreadable format Decryption = convert back to readable format Algorithm = procedure for encrypting or decrypting Cipher = encryption & decryption algorithm pair
  16. 16.  Hash (digest) = fixed-length derivation of a plaintext One-way operation Unique value / significant change with even single-bit changes in plaintext
  17. 17.  Data verification Secure password storage Secure password transmission Examples:  md5  sha1
  18. 18.  DES Triple DES AES Rijndael Blowfish RCn (RC5, RC6, etc.) OTP
  19. 19.  Advantages ?  Speed Disadvantages!!  Key distribution
  20. 20.  Advantages ?  Key distribution Disadvantages!!  Very slow  Key distribution
  21. 21.  Provides an increased level of confidence for exchanging information over an increasingly insecure Internet. By using a Certificate Authority..
  22. 22.  Identification information Public key Hash of the public key Signed by trusted third-party
  23. 23. ReconnaissanceCovering Scanning Tracks Maintain Exploitation Access
  24. 24.  Finding out as much as possible information about the target. This can be done by: 1. whois look-up 2. Viewing Victims current & old website 3. IP Addresses 4. Available e-mails on the internet 5. Metadata of All published documents 6. DNS Enumeration
  25. 25. Using whois we can know:• Registrar.• Domain status.• Expiration date, and name servers.• Contact information for the owner of a domain name or IP.• IP and IP location information• Web server information,• Related domain availability, premium domain listings, and more.
  26. 26. Using we can know:• All available information of the target’s web sites in the past..!!Using Meltego we can Gather :• All publicity available Info about target’s infrastructure & personal including their mails, phone numbers ..etc
  27. 27. Using Google we can know:• More than you imagine !!Using FOCA we can :• Analyze all targets Documents to know email addresses, user names, software versions, operating systems, internal server names, mapped drive share information, etc.
  28. 28.  In scanning phase, we’ll scan the entire network and the publicity accessible systems to gain more information about the target. This phase includes: 1. Port scanning 2. Vulnerability scanning 3. Open shares 4. Firewall’s implemented rules 5. War driving
  29. 29. Using nmap we can know:• Live hosts, the open ports, listening applications and OS on the target system.Using Nessus we can know:• Existing vulnerabilities associated with each running services, missed configurations, and default users & passwords.
  30. 30. Using firewalk we can know:• The firewall implemented rules..Using wa3f we can know:• The existing Web application vulnerabilities.Using Netstumpler kismt we can know:• Open wireless access points, wardriving, also we can find hidden AP and its associated SSID, channel #, signal power
  31. 31. Nmap supports: Multi-Scanning types:  Full Scan  SYN Scan  XMAX Scan  Ideal Scan  UDP Scan  Ping Scan OS fingerprinting Application fingerprinting
  32. 32.  Nessus provides a simple, yet powerful interface for managing vulnerability-scanning activity. To use Nuesses: 1. Creating a Policy I. Define scan type II. Optional, add taget’s credentials III. Chose the appropriate plug-ins 2. Creating and Launching a Scan 3. The output will be in the Reports tab
  33. 33.  wa3f provides a flexible framework for finding and exploiting web application Vulnerabilities. It is easy to use and extend and features dozens of web assessment and exploitation plug-ins.
  34. 34.  Gain access to the OS, applications on the computer or victim’s network !!
  35. 35.  This can be done by: 1. IP Address Spoofing 2. Password Cracking 3. MiTM Attack 4. Sniffing 5. DoS Attacks 6. Viruses & Worms
  36. 36.  In addition, exploiting systems can be done by: 1. Trojans & Backdoor 2. Social Engineering 3. DHCP & DNS Attacks 4. Web Hacking 5. Wireless Hacking 6. Buffer Overflow
  37. 37.  How ?  Normal IP address configurations.  Packet crafting.  Using proxies. When ?  Access based on IP address  Hide identity
  38. 38.  Use it to recover passwords from computer systems. -- System Admins— Use it to gain unauthorized access to vulnerable system --Hackers -- Password racking Methods : ▪ Dictionary Attack ▪ Brutforce Attack ▪ Hybrid Attack ▪ rainbow table attacks
  39. 39. Do you know ARP problem ?Why ARP ?When a machine needs to talk to another, it should know: 1. Destination IP 2. Destination MAC
  40. 40. Problem!!
  41. 41.  A sniffer is a piece of software that grabs all of the traffic flowing into and out of a computer attached to a network. Some Sniffers have add-on features: 1. Analyzes network traffic 2. Decoding network protocols
  42. 42.  Is an attempt to make a computer or network resource unavailable to its intended users. -- Wikipedia --
  43. 43.  What is a virus?  Malicious SW needs a carrier  Needs user Interaction  Needs a trigger What is a worm ?  Don’t need a carrier  Self replicated  Used to conquer new targets
  44. 44.  DHCP  Starvation attack DNS  Cash Poisoning
  45. 45.  “All input is evil until proven otherwise!” Due to bad filtration on user inputs, the web application may be vulnerable to:  SQL Injection  XSS  Directory Traversal  Session Hijacking  Account Harvesting
  46. 46.  Shared media Broadcast Vulnerable Encryption Algorithms ▪ To be continued ….
  47. 47. void foo (char *bar){ char c[12]; strcpy(c, bar); // no bounds checking...}int main (int argc, char **argv){ foo(argv[1]);}
  48. 48.  Trying to retain the ownership of the compromised system. This phase include: 1. Install Backdoors 2. Using RootKits
  49. 49.  In this phase, the attacker will try to hide his activities on the system and on the network.
  50. 50.  Attacks !! Mitigation:  Access control lists ▪ Essentially white or black list ▪ MAC or network address ▪ Layer 2 or layer 3  VLANs ▪ Virtual network segments ▪ “Distinct broadcast domain”
  51. 51.  Attacks !! Mitigations:  Use access controls.  Secure routing configuration.  Use any kind of prevention techniques
  52. 52. Preventive , Detective or Reactive
  53. 53.  A firewall is a hardware or software system that prevents unauthorized access to or from a network. Types of Firewall:  Network layer ▪ Packet filters ▪ Stateful Inspection  Application layer  Proxy
  54. 54.  Device or software application that monitors network and/or system activities for malicious activities or policy violations and produces alerts Terminologies:  Alert/Alarm  True Positive  False Positive  False Negative  True Negative
  55. 55.  Signature-Based Detection Statistical anomaly-based detection. Stateful Protocol Analysis Detection Types:  Network-based IDS  Wireless IDS  Host-based IDS
  56. 56.  An Intrusion Prevention System works similar to an IDS. In addition it can block, prevent or drop the malicious or unwanted traffic in real-time. Placed in-line Modes  Learning mode  Active mode
  57. 57.  Network regions of similar level of trust  Trusted  Semi-trusted  Untrusted Defense in depth, Security is Layers …
  58. 58.  Filter packets entering network Turn off directed broadcasts Block packets for any source address not permitted on the Internet Block ports or protocols not used on your network for Internet access Block packets with source addresses originating from inside your network Block counterfeit source addresses from leaving your network
  59. 59.  Command line terminal connection tool Replacement for rsh, rcp, telnet, and others All traffic encrypted Both ends authenticate themselves to the other end Ability to carry and encrypt non-terminal traffic
  60. 60.  Computers installed out of the box have known vulnerabilities  Not just Windows computers All services are vulnerable by default … Hackers can take them over easily They must be hardened—a complex process that involves many actions
  61. 61.  System/application (Vendors) design errors. System/application mis-configuration errors. In-house applications !!
  62. 62.  Secure installation and configuration  CIS benchmark  Vendor Documentations  SANS Reading Room Turn off unnecessary services (applications) Harden all remaining applications
  63. 63.  Manage users and groups  Default accounts …!! Manage access permissions  For individual files and directories, assign access permissions specific users and groups Back up the server regularly
  64. 64.  Known Vulnerabilities  Most programs have known vulnerabilities  Exploits are programs that take advantage of known vulnerabilities. Regularly check missing patches  Using Nessus you can do this task easily Install Anti-Virus/Firewalls on all Servers
  65. 65.  Reading Event Logs  The importance of logging to diagnose problems ▪ Failed logins, changing permissions, starting programs, kernel messages, etc. File Encryption File Integrity Checker Monitoring Running Services & Processes & Network Traffic.
  66. 66.  Nessus
  67. 67.  Work-around: A series of actions to be taken; no new software Patches: New software to be added to the operating system Upgrades: Newer versions of programs usually fix older vulnerabilities.
  68. 68.  Wireless networking  2.4 – 2.5 GHz  Data Link layer specifications  Access Point Family:  802.11a  802.11b  802.11g  802.11n
  69. 69.  Physical Access  Rouge access point Firmware vulnerabilities  Protocol vulnerabilities Default accounts  Some vendors hardcode admin accounts on AP
  70. 70.  Physical devices Laptop software  Airsnort  NetStumbler War driving
  71. 71. What a lovely symbols …
  72. 72.  Wired Equivalent Privacy (WEP) Wi-Fi Protected Access (WPA) WPA2
  73. 73.  Physical Barriers.. Strong Encryption Mac filtering Static IP addressing Restricted access networks 802.1X Service Set Identifier (SSID) No. Regularly scan for rouge AP
  74. 74. Bruce Schneier