This document provides an overview of cyber security vulnerabilities and scanning. It defines what a vulnerability is, lists common types like buffer overflows and input validation issues. It explains what ports are and lists commonly used port numbers. It also defines packet sniffing and lists packet sniffers like Wireshark that can capture network traffic. It concludes by describing the packet analyzers TCPdump and Windump that can read and write network packets.

1. CYBER SECURITY-
TUTORIAL1
From: Sweta Dargad
Assistant Professor
NTC

2. SYSTEMS VULNERABILITY AND
SCANNING
1. Explain what is vulnerability.
2. List various types of vulnerability and explain briefly.
3. What is a port and explain how many ports are used regularly?
4. List various port numbers known.
5. Explain Packet Sniffing.
6. List down packet sniffers.
7. What is TCPdump and Windump.

3. WHAT IS VULNERABILITY.
In computer security, a vulnerability is a weakness which allows an
attacker to reduce a system's information assurance.
Vulnerability is the intersection of three elements:
a system susceptibility or flaw
 attacker access to the flaw
 and attacker capability to exploit the flaw.
Vulnerability is a ‘hole‘ in any software, operating system or service,
that can be exploited by web criminals for their own benefits.

4. A SECURITY VULNERABILITY IS A WEAKNESS IN A PRODUCT THAT COULD ALLOW
AN ATTACKER TO COMPROMISE THE INTEGRITY, AVAILABILITY, OR
CONFIDENTIALITY OF THAT PRODUCT.
Integrity of Product: means trustworthiness. If the above weakness is
bad enough that it allows exploiters to misuse it, the product is not
integrated enough. There is a question mark as to how safe is the
product.
Availability of the Product: again refers to the weakness whereby an
exploiter can take over the product and deny access to it for
authorized users.
Confidentiality of the Product: is keeping the data secure. If the bug
in the system allows for unauthorized people to collect others’ data,
it is termed vulnerability.

5. HAZARDS OF VULNERABILITY
To exploit a vulnerability, an attacker
must have at least one applicable tool
or technique that can connect
to a system weakness

6. EXAMPLES OF VULNERABILITIES
1. Buffer overflow
2. Lack of input validation
3. Lack of sufficient logging mechanism
4. Fail-open error handling
5. Not closing the database connection properly
6. Integer overflow
7. Format string vulnerability
8. Access Control Problems

7. BUFFER OVERFLOW
Buffer overflows can cause applications to crash, can compromise
data, and can provide an attack vector for further privilege escalation
to compromise the system on which the application is running.
Any application or system software that takes input from the user,
from a file, or from the network has to store that input, at least
temporarily.
stack—stores data that is specific to a single call to a particular
function, method, block, or other equivalent construct.
heap—General purpose storage for an application. Data stored in the
heap remains available as long as the application is running
Buffer overflow attacks generally occur by compromising either the
stack, the heap, or both.

8. LACK OF INPUT VALIDATION
As a general rule, you should check all input received by your
program to make sure that the data is reasonable
Any input received by your program from an untrusted source is a
potential target for attack. (In this context, an ordinary user is an
untrusted source.)
text input fields
commands passed through a URL used to launch the program
audio, video, or graphics files
command line input
Hackers look at every source of input to the program and attempt to
pass in malformed data. If the program crashes or misbehaves, the
hacker tries to find a way to exploit the problem. Example:
“jail break” iPhones

9. ACCESS CONTROL PROBLEMS
Access control is the process of controlling who is allowed to do what.
This ranges from controlling physical access to a computer
keeping your servers in a locked room,
for example—to specifying who has access to a resource (a file, for example)
and what they are allowed to do with that resource (such as read only).
Many exploits involve an attacker somehow gaining more privileges than
they should have.
Privileges, also called permissions, are access rights granted by the
operating system, controlling who is allowed to read and write files,
directories, and attributes of files and directories (such as the permissions
for a file), who can execute a program, and who can perform other restricted
operations such as accessing hardware devices and making changes to the
network configuration
Such an attack caused by this vulnerability is PRIVILEGE ESCALTION which is
also a step in hacking

11. WHAT IS A PORT
In computer networking, a port serves as an endpoint in an
operating system for many types of communication. It is not a
hardware device, but a logical construct that identifies a service or
process.
A port is always associated with an IP address of a host and the
protocol type of the communication, and thus completes the
destination or origination address of a communications session.
A port is identified for each address and protocol by a 16-bit
number, commonly known as the port number.

12. CLASSIFICATION OF PORTS
The Internet Assigned Numbers Authority (IANA) is responsible for
the global coordination of the DNS Root, IP addressing, and other
Internet protocol resources. This includes the registration of
commonly used port numbers for well-known Internet services.
The port numbers are divided into three ranges:
1. Well-known ports: The well-known ports (also known as system
ports) are those from 0 through 1023.
2. Registered ports: Ports 1024-49151 - Registered port: vendors
use for applications
3. the dynamic or private ports :Ports >49151 are the port numbers
that are available for use by any application to use in
communicating with any other application, using TCP or UDP.

14. PACKET SNIFFING
A packet sniffer, sometimes referred to as a network monitor or
network analyzer, can be used legitimately by a network or system
administrator to monitor and troubleshoot network traffic.
Using the information captured by the packet sniffer, an
administrator can identify erroneous packets and use the data to
pinpoint bottlenecks and help maintain efficient network data
transmission.
The packet sniffer is also capable of capturing ALL packets
traversing the network regardless of destination.

16. By placing a packet sniffer on a network in promiscuous mode, a
malicious intruder can capture and analyze all of the network traffic.
Within a given network, username and password information is
generally transmitted in clear text which means that the information
would be viewable by analyzing the packets being transmitted.

17. PACKET SNIFFERS
A Packet Sniffer is also known as packet analyzer is a computer
program or piece of computer hardware that can intercept and log
traffic that passes over a digital network or part of a network.
As data streams flow across the network, the sniffer captures each
packet and, if needed, decodes the packet's raw data, showing the
values of various fields in the packets.
1. Wireshark
2. WinPcap
3. Packetyzer
4. Ip Sniffer
5. CommView

19. TCPDUMP AND WINDUMP
tcpdump is a common packet analyzer that runs under the command
line. It allows the user to display TCP/IP and other packets being
transmitted or received over a network to which the computer is
attached.
tcpdump is free software, Tcpdump works on most Unix-like
operating systems
tcpdump prints the contents of network packets. It can read packets
from a network interface card or from a previously created saved
packet file. Tcpdump can write packets to standard output or a file.
WinDump, the Windows version of tcpdump, can help you analyze
network traffic to look for signs of active malware