Network and system security

1. Dr. Mostafa Elgamala
RHCE-MCSA-CCNA-CCAI-CSCU-PMP-ITIL-IBDL

2. Security importance
 Algerian ministry of defense subjected to 3500 attempt daily.
 Hacking on UAV in south Korea.
 Hacking on Boshahr Nuclear reactor in Iran.
 Electric failure in USA due to cyber attack.
 Thieving of subscriber data of ashley madison, AT&T, T
mobile US.
 Thieving of 55000 username/password from Twitter.
 Nasa hacking.

3. Hacking scope
1- Planted medical devices hacking
2- Automobiles hacking
3- Computer &Mobile hacking
4- Network devices hacking
5- UAV hacking
6- Industrial devices hacking
…….Any software based device is vulnerable.

4. Cyber attack (online attack)- Why
 On line criminals for money ( i.e bank accounts)
 On line criminals for opinions and protest
(anonymous)
 Governments against its citizens
 For fun

5. Levels f security
 User security
 Application security
 System security
 Network security
 Physical security

6. System security
 Virus
 Worms(network)
 Backdoor
 Trojans (79% of malware)
 Key logger
 Logic bomb
 Spy ware
 Password cracking (brute force, dictionary attack,
shoulder surfing, social engineering)
 Zombie (bot)

7. Statistics (Sophos & F5)
 250000 virus every day (315000 Kaspersky)
 30,000 hacked site every day
 99 % from people fail to implement the basic security
procedures
 25% of malware is caught by antivirus
 82% of security problems from internal

8. Famous viruses
 1986 – Brain – Baset & Amgad Farouk
 1988 – morris worm – 10% of internet PC 6000-100M$
 1998 – Chernobyl – erase MBR
 2000 – I love you worm –file editing-10% of internet
PC-(5-10 B$)
 2008 – Conficker worm –slowing and steal data-15
million windows servers
 2010 – Stuxnet – scada systems – Boshaar - Iran

9. Guidelines for windows
 Strong password
 Lock the system when not in use
 Apply software patches
 Use windows firewall
 Hide files/folders
 Use NTFS
 Implement malware protection

10. Identity theft
 Personal information
 Names
 Addresses
 Birth date
 Telephone number
 Passport number
 Social security number
 Credit card number

11. How attacker steal identity?
 Physical methods:
 Stealing (computer, mobile, wallets)
 Social engineering (people trust)
 Pretexting: info from telephone companies of
financial institutions.

12.  Internet methods
Phishing : pretend to be financial institution site
or email.
Key loggers: may be by Trojans
Hacking: compromise user O.S , user sniffers, etc.

13. Social Engineering
 Art of convincing people to reveal confidential
information from people
 Human based method:
 Laying
 Eavesdropping
 Shoulder surfing
 Dumpster diving

14.  Computer based method
 Chain letter: free money or gift
 Hoax letter: warning from viruses
 Fake website: to know your info.

15. Measures
 Complex password
 Disable auto login
 Not post sensitive/personal information
 Be careful clicking links in messages (fake sites)

16. Mobile devices security
 Mobile malware: conversations listener, wipe-out
info. ,monitor your actions.
 Application vulnerabilities
 Lost or stolen devices

17. Measure procedures
 Patching mobile platforms and applications
 Use power-on authentication
 Backup
 Use mobile phone anti-virus
 Encrypt your data
 Secure Bluetooth

18. Avoid mobile device theft
 Avoid lending mobile phone
 Do not talk while walking/driving
 Turn off ringer
 Record IMEI (*#06#)
 Use anti-theft S/W to remotely wipe the data &
make the device unusable.
 Cancel SIM

19. Network security types
 Network sniffers
 Denial of service (DoS)
 DNS poisoning (DNS spoofing)
 Wireless security
 Man-in-the-middle attack
 Sql injection

20. Encryption
 Plain text
 Cipher text
 Encryption key
 Encryption types (symmetric / asymmetric / hash
function)
 Encryption standard (DES / AES)

21. Security awareness is the first
step for your security

22. Thanks