The document outlines objectives for day 1 of a training on network security and hacking techniques, including hardening Linux and Windows 2000 systems, analyzing software vulnerabilities and attacking techniques, and discussing elements of network security like confidentiality, integrity, availability, and models for access control. It also provides details on installation and configuration of Linux operating systems for network security.
Next Generation Network: Security and Architectureijsrd.com
Wireless sensor networks will be widely deployed in the near future. While much research has focused on making these networks feasible and useful, security has received little attention. Wireless Sensor Networks (WSN) are a most challenging and emerging technology for the Research due to their vital scope in the field coupled with their low processing power and associated low energy. As wireless sensor networks continue to grow, so does the need for effective security mechanisms. Because sensor networks may interact with sensitive data and/or operate in hostile unattended environments, it is imperative that these security concerns be addressed from the beginning of the system design staring with a brief overview of the sensor networks security, a review is made of and how to provide the security in the wireless sensor networks. This paper studies the security problems, Requirement, Architecture of WSN and different platform, characterized by severely constrained computational and energy resources, and an ad hoc operational environment.
Next Generation Network: Security and Architectureijsrd.com
Wireless sensor networks will be widely deployed in the near future. While much research has focused on making these networks feasible and useful, security has received little attention. Wireless Sensor Networks (WSN) are a most challenging and emerging technology for the Research due to their vital scope in the field coupled with their low processing power and associated low energy. As wireless sensor networks continue to grow, so does the need for effective security mechanisms. Because sensor networks may interact with sensitive data and/or operate in hostile unattended environments, it is imperative that these security concerns be addressed from the beginning of the system design staring with a brief overview of the sensor networks security, a review is made of and how to provide the security in the wireless sensor networks. This paper studies the security problems, Requirement, Architecture of WSN and different platform, characterized by severely constrained computational and energy resources, and an ad hoc operational environment.
In computing, a firewall is a software or hardware-based network security system that controls the incoming and outgoing network traffic by analyzing the data packets and determining whether they should be allowed through or not, based on a rule set. A firewall establishes a barrier between a trusted, secure internal network and another network (e.g., the Internet) that is not assumed to be secure and trusted.
Using Genetic algorithm for Network Intrusion DetectionSagar Uday Kumar
Using Genetic algorithm for Network Intrusion Detection : Genetic Algorithm IDS involves detecting the intrusion based on the log history, possible intrusions that are likely to occur. In Genetic Algorithm, each connection will be considered as a chromosome” which consists of many “genes” ( properties of the connection like : sourceIP, targetIP, port no., protocol …), One has to find the fitness value of each such chromosomes to detect intrusion.
All about Firewalls ,IPS IDS and the era of UTM in a nutshellHishan Shouketh
The Following report shows the Evolution of the fire wall from the most basic technology’s used to current methods and technological advances in modern firewall design. The author has referred to many articles and related website to get data in to this report. Purpose was to see how the changing modern network infrastructure and the new type of working patterns has affected the firewall technology and design.
The study has on this report has researched the modern network security threats, and what type of measures has been taken to overcome these issues throng the existing firewall technology’s.
Results has shown that modern network needs a multilayered security architecture to protect network environments conclusion was to use the UTM and Next generation firewalls to solve to problem.
Report Also Suggest the new paradigm on Cloud firewall services NBFW (Network base firewall services) as a Solution for ever-growing Security needs
In this research work an Intrusion Detection System (IDS) and Intrusion Prevention System (IPS) will be implemented to detect and prevent critical networks infrastructure from cyber-attacks. To strengthen network security and improve the network's active defense intrusion detection capabilities, this project will consist of intrusion detection system using honey token based encrypted pointers and intrusion prevention system which based on the mixed interactive honeypot. The Intrusion Detection System (IDS) is based on the novel approach of Honey Token based Encrypted Pointers. This honey token inside the frame will serve as a trap for the attacker. All nodes operating within the working domain of critical infrastructure network are divided into four different pools. This division is based per their computational power and level of vulnerability. These pools are provided with different levels of security measures within the network. IDS use different number of Honey Tokens (HT) per frame for every different pool e.g. Pool-A contains 4 HT/frame, Pool-B contains 3 HT/frame, Pool-C contains 2 HT/frame and Pool-D contain 1 HT/frame. Moreover, every pool uses different types of encryption schemes (AES-128,192,256). Our critical infrastructure network of 64 nodes is under the umbrella of unified security provided by this single Network Intrusion Detection System (NIDS). After the design phase of IDS, we analyze the performance of IDS in terms of True Positives (TP) and False Negatives (FN). Finally, we test these IDS through Network Penetration Testing (NPT) phase. The detection rate depends on the number of honey tokens per frame. Our proposed IDS are a scalable solution and it can be implemented for any number of nodes in critical infrastructure network. However, in case of Intrusion Prevention System (IPS) we use Virtual honeypot technology which is the best active prevention technology among all honeypot technologies. By using the original operating system and virtual technology, the honeypot lures attackers in a pre-arranged manner, analyzes and audits various attacking behavior, tracks the attack source, obtains evidence, and finds effective solutions.
To Get any Project for CSE, IT ECE, EEE Contact Me @ 09849539085, 09966235788 or mail us - ieeefinalsemprojects@gmail.co¬m-Visit Our Website: www.finalyearprojects.org
In computing, a firewall is a software or hardware-based network security system that controls the incoming and outgoing network traffic by analyzing the data packets and determining whether they should be allowed through or not, based on a rule set. A firewall establishes a barrier between a trusted, secure internal network and another network (e.g., the Internet) that is not assumed to be secure and trusted.
Using Genetic algorithm for Network Intrusion DetectionSagar Uday Kumar
Using Genetic algorithm for Network Intrusion Detection : Genetic Algorithm IDS involves detecting the intrusion based on the log history, possible intrusions that are likely to occur. In Genetic Algorithm, each connection will be considered as a chromosome” which consists of many “genes” ( properties of the connection like : sourceIP, targetIP, port no., protocol …), One has to find the fitness value of each such chromosomes to detect intrusion.
All about Firewalls ,IPS IDS and the era of UTM in a nutshellHishan Shouketh
The Following report shows the Evolution of the fire wall from the most basic technology’s used to current methods and technological advances in modern firewall design. The author has referred to many articles and related website to get data in to this report. Purpose was to see how the changing modern network infrastructure and the new type of working patterns has affected the firewall technology and design.
The study has on this report has researched the modern network security threats, and what type of measures has been taken to overcome these issues throng the existing firewall technology’s.
Results has shown that modern network needs a multilayered security architecture to protect network environments conclusion was to use the UTM and Next generation firewalls to solve to problem.
Report Also Suggest the new paradigm on Cloud firewall services NBFW (Network base firewall services) as a Solution for ever-growing Security needs
In this research work an Intrusion Detection System (IDS) and Intrusion Prevention System (IPS) will be implemented to detect and prevent critical networks infrastructure from cyber-attacks. To strengthen network security and improve the network's active defense intrusion detection capabilities, this project will consist of intrusion detection system using honey token based encrypted pointers and intrusion prevention system which based on the mixed interactive honeypot. The Intrusion Detection System (IDS) is based on the novel approach of Honey Token based Encrypted Pointers. This honey token inside the frame will serve as a trap for the attacker. All nodes operating within the working domain of critical infrastructure network are divided into four different pools. This division is based per their computational power and level of vulnerability. These pools are provided with different levels of security measures within the network. IDS use different number of Honey Tokens (HT) per frame for every different pool e.g. Pool-A contains 4 HT/frame, Pool-B contains 3 HT/frame, Pool-C contains 2 HT/frame and Pool-D contain 1 HT/frame. Moreover, every pool uses different types of encryption schemes (AES-128,192,256). Our critical infrastructure network of 64 nodes is under the umbrella of unified security provided by this single Network Intrusion Detection System (NIDS). After the design phase of IDS, we analyze the performance of IDS in terms of True Positives (TP) and False Negatives (FN). Finally, we test these IDS through Network Penetration Testing (NPT) phase. The detection rate depends on the number of honey tokens per frame. Our proposed IDS are a scalable solution and it can be implemented for any number of nodes in critical infrastructure network. However, in case of Intrusion Prevention System (IPS) we use Virtual honeypot technology which is the best active prevention technology among all honeypot technologies. By using the original operating system and virtual technology, the honeypot lures attackers in a pre-arranged manner, analyzes and audits various attacking behavior, tracks the attack source, obtains evidence, and finds effective solutions.
To Get any Project for CSE, IT ECE, EEE Contact Me @ 09849539085, 09966235788 or mail us - ieeefinalsemprojects@gmail.co¬m-Visit Our Website: www.finalyearprojects.org
A deception framework for survivability against next generationRuchika Mehresh
Over the years, malicious entities in cyber-space have grown smarter and resourceful. For defenders to stay abreast of the increasingly sophisticated attacks, the need is to understand these attacks. In this paper, we study the current trends in security attacks and present a threat model that encapsulates their sophistication. Survivability is difficult to achieve because of its contradictory requirements. It requires that a critical system survives all attacks (including zero-day attacks), while still conserving the timeliness property of its mission. We recognize deception as an important tool to resolve this conflict.
The proposed deception-based framework predicts an attacker’s intent in order to design a stronger and more effective recovery; hence strengthening system survivability. Each design choice is supported by evidence and a detailed review of existing literature. Finally, we discuss the challenges in implementing such a framework and the directions that can be taken to overcome them.
UW School of Medicine Social Engineering and Phishing AwarenessNicholas Davis
An IT Security presentation I created for faculty and staff of the UW-Madison, School of Medicine, about how to recognize and defend against the threats of complex Phishing and Social Engineering, to protect sensitive digital information.
This slide gives a brief description of social engineering, its classcification, attack environment and various impersonation scenario which will give the audinece a sound knowledge on social engineering technique.
A very common crime in cyber world - Phishing. Its necessary to make people aware of the possible scam/cyber crime. Awareness regarding the same and educating people in times of digitization is a must nowadays.... Its also important too take proper steps regarding the same.
Companies are generally very good at protecting themselves against external attacks, but only rarely do they guard themselves against internal attacks. By using what’s known as ‘Social Engineering’, hackers exploit unsuspecting people who in good faith open up their doors to unwanted strangers.
Social engineering, or SE, is the art of manipulating people into performing actions or so they give up confidential information. Social Engineering can mean different things to different people.
Attacks are evolving and so must the response – but how? This presentation explores how you get beyond the APT hype and strike a sensible balance between security expenditure and commercial risk. We explain what do you need to just keep doing, what’s new and what’s no longer effective.
With the explosion of the public Internet and e-commerce, private computers and computer networks, if not adequately secured are increasingly vulnerable to damaging attacks. Hackers, viruses, vindictive employees and even human error all represent
clear and present dangers to networks. And all computer users from the most casual Internet surfers to large enterprises could be affected by network security breaches. However, security breaches can often be easily prevented. How? This white paper provides you an overview of the most common network security threats and its solution which protects you and your organization from threats, hackers and ensures that the
data traveling across your networks is safe.
VSD Infotech (VSDi) is a technology services company specializing in Information Security Services and Networking solutions. We have been working with leaders in the Infrastructure management space, through a hybrid model combining technology and human expertise.
We offer a complete range of IT Services to our customers, focussing on delivery, technology and process excellence in providing top-notch infrastructure management and information security services.
Weaponised Malware & APT Attacks: Protect Against Next-Generation ThreatsLumension
Weaponised Malware & APT Attacks: Protect Against Next-Generation Threats
The weaponisation of software has ushered in a new era of cyber attacks. But with 99% of organizations not prepared for this new front line of cyber-warfare, what does this spell for your business?
• Gain a detailed overview of the next generation of threats out there
• Understand how to detect key threats and attacks before they develop a stranglehold on your business
• Implement the right integrated strategy to keep you safe from cybercriminals on today’s front line
Symantec Ubiquity is an award-winning, next generation security technology that is built on community-based reputation for fighting evolving malware. A result of more than four years of development, Ubiquity enables Symantec to harness the anonymous software usage patterns of more than 100 million Symantec customer computers, and deliver protection against micro-distributed, mutating threats, that would otherwise completely evade traditional security solutions.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfPeter Spielvogel
Building better applications for business users with SAP Fiori.
• What is SAP Fiori and why it matters to you
• How a better user experience drives measurable business benefits
• How to get started with SAP Fiori today
• How SAP Fiori elements accelerates application development
• How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities
• How SAP Fiori paves the way for using AI in SAP apps
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
2. DAY 1
Objectives of Network Security
Hardening Linux
Hardening Windows 2000
Network Security and Hacking Techniques – DAY1
3. Outline – Network Security
Objectives of Network Security
Attacks, Services and Mechanisms
Key Security Attacks/Threats
Active and Passive Security Threats
Analysis of Software Vulnerabilities …
Analysis of Attacking Technique Sophistication …
Conclusions of Attacks From Past
Anyone can Launch …
Model For Network Security
Network Access Security Model
Network Security Process Closed Loop Corrective Action
Elements of a Security Policy
Network Security and Hacking Techniques – DAY1
4. Objectives of Network Security
Confidentiality
Integrity Avaliability
Network Security and Hacking Techniques – DAY1
5. Objectives of Network Security
Confidentiality: only sender, intended receiver can
“understand” msg
sender encrypts msg
receiver decrypts msg
Authenticity: sender, receiver want to confirm
identity of each other
Integrity: sender, receiver want to ensure message
not altered (in transit, or afterwards) without
detection
Availability: ensure resource is available
Authorization: access to a resource is authorized
Network Security and Hacking Techniques – DAY1
6. Attacks, Services and Mechanisms
Security Attack: Any action that compromises
the security of information.
Security Mechanism: A mechanism that is
designed to detect, prevent, or recover from a
security attack.
Security Service: A service that enhances the
security of data processing systems and
information transfers. A security service makes
use of one or more security mechanisms.
Network Security and Hacking Techniques – DAY1
7. What Is The Internet?
Collection of networks that communicate
with a common set of protocols (TCP/IP)
Collection of networks with
no central control
no central authority
no common legal oversight or
regulations
no standard acceptable use policy
“wild west” atmosphere
Network Security and Hacking Techniques – DAY1
8. Why Is Internet Security a Problem?
Security not a design consideration
Implementing change is difficult
Openness makes machines easy targets
Increasing complexity
Network Security and Hacking Techniques – DAY1
10. Key Security Attacks/Threats
Interruption: This is an attack on
availability
Interception: This is an attack on
confidentiality
Modification: This is an attack on integrity
Fabrication: This is an attack on
authenticity
Network Security and Hacking Techniques – DAY1
11. Active and Passive Security Threats
Network Security and Hacking Techniques – DAY1
12. Analysis 82,094
of Software Vulnerabilities …
52,658
Incident:
The exploitation of a vulnerability: an
occurrence that interrupts normal process
21,756
and procedure.
4129
9859
2573
2412 3734
2437
2134
1090
345 311 417
171 262
1996 1997 1998 1999 2000 2001 2002 2003
Vulnerability:
A defect that violates an
implicit or explicit security policy
Network Security and Hacking Techniques – DAY1
13. Analysis of
Attacking Technique Sophistication …
www attacks/incidents
stealth diagnostics (Tools)
High sniffers
distributed denial
of service
sweepers
denial of service
automated probes/scans
back doors
disabling audits packet spoofing
hijacking
sessions
exploiting known
Attack vulnerabilities
Sophistication password cracking
self-replicating code
password guessing
1980 1985 1990 1995 2002
Network Security and Hacking Techniques – DAY1 Source: CERT/CC
14. Conclusions of Attacks From Past
www attacks/incidents
Knowledge
Required by stealth diagnostics (Tools)
Attacker High sniffers
distributed denial
of service
sweepers
denial of service
automated probes/scans
back doors
disabling audits packet spoofing
hijacking
sessions
exploiting known
Attack vulnerabilities
Low Sophistication password cracking
self-replicating code (Scripts)
password guessing
1980 1985 1990 1995 2002
Network Security and Hacking Techniques – DAY1 Source: CERT/CC
15. Anyone can Launch …
www attacks/incidents
Knowledge
Required by stealth diagnostics (Tools)
Attacker High sniffers
distributed denial
of service
s
er
sweepers
c k denial of service
a
tt
fA
automated probes/scans
ro
back doors
packet spoofing
be
disabling audits
um sessions
hijacking
N
exploiting known
Attack vulnerabilities
Low Sophistication password cracking
self-replicating code (Scripts)
password guessing
1980 1985 1990 1995 2002
Network Security and Hacking Techniques – DAY1 Source: CERT/CC
16. Consider that…
90% of companies detected computer security
breaches in the last 12 months
59% cited the Internet as the most frequent
origin of attack
74% acknowledged financial losses due to
computer breaches
85% detected computer viruses
Source: Computer Security Institute
Network Security and Hacking Techniques – DAY1
17. WHO ARE THE OPPONENTS?
49% are inside employees on the
internal network
17% come from dial-up (still
inside people)
34% are from Internet or an
external connection to another
company of some sort
HACKERS
Network Security and Hacking Techniques – DAY1
18. HACKER MOTIVATIONS
Money, profit
Access to additional resources
Experimentation and desire to learn
“Gang” mentality
Psychological needs
Self-gratification
Personal vengeance
Emotional issues
Desire to embarrass the target
Network Security and Hacking Techniques – DAY1
19. Internet Security?
sC od e Session H
iou ijacking
M ali c
Viruses Tro
Wor j ans
ms Replay Attack
ows
Scan ning Ove rfl
Port Spoofing Bu ffer
e
Denial of n-in-
the -midd
l
Ma
Service
Network Security and Hacking Techniques – DAY1
20. THE MOST COMMON EXCUSES
No one could possibly be interested in my
information
Anti-virus software slows down my processor
speed too much.
I don't use anti-virus software because I never
open viruses or e-mail attachments from people I
don't know.
So many people are on the Internet, I'm just a
face in the crowd. No one would pick me out.
I'm busy. I can't become a security expert--I
don't have time, and it's not important enough
Network Security and Hacking Techniques – DAY1
21. SANS Five Worst Security Mistakes End
Users Make
Opening unsolicited e-mail attachments without
verifying their source and checking their content
first.
Failing to install security patches-especially for
Microsoft Office, Microsoft Internet Explorer, and
Netscape.
Installing screen savers or games from unknown
sources.
Not making and testing backups.
Using a modem while connected through a local
area network.
Network Security and Hacking Techniques – DAY1
22. Model For Network Security
Network Security and Hacking Techniques – DAY1
24. Methods of Defense
Encryption
Software Controls (access limitations in a data
base, in operating system protect each user from
other users)
Hardware Controls (smartcard)
Policies (frequent changes of passwords)
Physical Controls
Network Security and Hacking Techniques – DAY1
25. Security hmm… ??
“Security is a process,
not a product”
Network Security and Hacking Techniques – DAY1
27. Elements of a Security Policy
Build a Security Team
skills and roles Attacker
Training and Awareness
explaining security
Physical Security
Monitoring
logs and analysis Response
Auditing
assess security posture Forensics
Prepare for an Attack
incident response team Watch Team
Handling an Attack
Forensics General Employees
analyze data
Network Security and Hacking Techniques – DAY1
29. Systems – Linux and Windows 2000
Hardening Linux
Hardening Windows 2000
Network Security and Hacking Techniques – DAY1
30. Typical Network- Linux and Windows Host
PC Servers
Visible
IP
Address
We are
here
Internal
Network Linux and
windows
Host
Application Servers
Like IDS,Sniffers
Network Security and Hacking Techniques – DAY1
31. Brief Introduction of Linux
“The Linux has by Introduction of Linux
8 billion users”
Installation of Linux Server
Security and Optimization
Linux Networking Concepts
Linux security Software's
Internet Infrastructure
Network Security and Hacking Techniques – DAY1
32. What is Linux ??
“The Linux Based
Services that
Mean Business Linux is an operating system, which is same
Securing Internet” as UNIX operating system.
First created at the University of Helsinki in
Finland by a young student named Linus
Torvalds.
The Linux operating system is developed
under the GNU General Public License
Source code is freely available
Network Security and Hacking Techniques – DAY1
33. Some good reasons to use Linux
There are no royalty or licensing fees for using
Linux
Linux quite portable. Linux runs on more CPUs
and platforms than any other computer operating
system
Linux is a true multi-tasking operating system
similar to his brother UNIX
Benefit of Linux is practically immunized against
all kinds of viruses that we find in other operating
systems
Network Security and Hacking Techniques – DAY1
34. Choosing Linux Vendors
Redhat Linux
Suse Linux
Debian Linux
Slackware Linux
Network Security and Hacking Techniques – DAY1
35. Installation of Linux Redhat
www.redhat.com
Freely available to everyone who downloads it via
the Internet
ftp://ftp.redhat.com
The Red Hat Linux CD-ROM at Rs. 10,000/-
Network Security and Hacking Techniques – DAY1
36. Know your Hardware !!
How many hard drives and what are size ?
What kind of hard drive e.g IDE, SCSI ?
How much RAM do you have ?
Do you have a SCSI adapter ??, what make
What type of mouse do you have ?
What is the make and model of your video card ?
What kind of monitor do you have ?
Your types of network(s) card(s) (makes and
model)?
If connected to network, what are IP address,
gateway, subnet mask and DNS servers
Network Security and Hacking Techniques – DAY1
37. Installation Class and Method (Install Type)
Red Hat Linux 9.0 include four different classes, or
type of installation. They are:
GNOME Workstation
KDE Workstation
Server
Custom
Network Security and Hacking Techniques – DAY1
38. Partition Strategy
A good partition strategy is to create a separate partition for
each major file system
Creating multiple partitions offers you the following
advantages:
Faster booting.
Easy backup and upgrade management.
Limit each file system’s ability to grow.
Protection against SUID programs.
Protection against denial of service attack.
Network Security and Hacking Techniques – DAY1
39. Partition Example
Partitions that must be created on your system:
/boot 5MB All Kernel images are kept
here.
/usr 512MB Must be large, since all Linux
binaries programs are
installed here.
/home 1146MB Proportional to the number of
users you intend to host (i.e.
10MB per users * by the
number of users 114 =
1140MB).
/chroot 256MB If you want to install
programs in chroot jail
environment (i.e. DNS).
/cache 256MB This is the cache partition of a
proxy server (i.e. Squid).
/var 256MB Contains files that change
when the system run
normally (i.e. Log f
iles). <Swap> 128MB Our
swap partition. The virtual
memory of the Linux
operating system.
/tmp 256MB Our temporary files partition.
/ 256MB Our root partition.
Network Security and Hacking Techniques – DAY1
40. Tools to Partition the Hard Drives
Disk Druid
Fdisk
Network Security and Hacking Techniques – DAY1
41. Components to Install (Package Group
Selection)
The host can be configured to better suit the
requirements of the particular service.
By reducing services, the number of logs and log
entries is reduced so detecting unexpected
behavior becomes easier.
Different individuals may administer different
services. By isolating services so each host and
service has a single administrator you will
minimize the possibility of conflicts between
administrators.
Other services cannot be used to attack the host
and impair or remove desired network services.
Network Security and Hacking Techniques – DAY1
43. How to use RPM Commands
• To install a RPM package, use the command:
[root@testing /]# rpm -ivh foo-1.0-2.i386.rpm
• To uninstall a RPM package, use the command:
[root@testing /]# rpm -e foo
• To upgrade a RPM package, use the command:
[root@testing /]# rpm -Uvh foo-1.0-2.i386.rpm
• To query a RPM package, use the command:
[root@testing /]# rpm -q foo
• To check a RPM signature package, use the
command:
[root@testing /]# rpm --checksig foo
Network Security and Hacking Techniques – DAY1
44. Starting and stopping daemon services
• To start the httpd Web Server manually under Linux.
[root@testing /]# /etc/rc.d/init.d/httpd start
Starting httpd: [ OK ]
• To stop the httpd Web Server manually under Linux.
[root@testing /]# /etc/rc.d/init.d/httpd stop
Shutting down http: [ OK ]
• To restart the httpd Web Server manually under
Linux.
[root@testing /]# /etc/rc.d/init.d/httpd restart
Shutting down http: [ OK ]
Starting httpd: [ OK ]
Network Security and Hacking Techniques – DAY1
45. Securing and Optimization of Linux
Basic Linux System Administration
General System Security
General System Optimization
Configuring and Building Kernels
Network Security and Hacking Techniques – DAY1
46. Basic Linux System Administration
Creating general users
root# useradd testing
root# passwd testing
Getting Help
root# man man
Walking around the Linux Directories
root# pwd
Output: /root
root# cd /home/testing
root# pwd
Output: /home/testing
Looking Around
root# ls –l
where -l – listing the files
-a--- listing all the files
Network Security and Hacking Techniques – DAY1
47. Basic Linux System Administration
(cont..)
Working with Files and Directories
To create a directory under the current directory
root# mkdir testing
root# mkdir /home/testing/test
To create a file, using text editor
root# vi ya.txt
To copy a file,
root# cp ya.txt yah.txt
root# cp ya.txt /home/testing/yah.txt
To move and rename a file
root# mv ya.txt /home/testing/yah.txt
root# mv l.txt /home/testing/l.txt
To delete a directory and file
root# rm –r /home/testing
root# rm y.txt
Network Security and Hacking Techniques – DAY1
48. Basic Linux System Administration
(cont..)
Pipes
root# ls –la /etc | less
root# ls –la /etc | grep hosts
Putting Commands Together
root# ls ; cp /home/testing/h.txt /root/h.txt
To check the process
root# ps –aux
To kill the process
root# kill –9 pid
root# killall –9 xinetd
To check loadaverage
root# uptime
Network Security and Hacking Techniques – DAY1
49. Linux General Security
BIOS Security set a boot password
Security Policy
Choose a right Password
The password length
Edit file /etc/login.defs and Change the following line
PASS_MIN_LEN 5
To read:
PASS_MIN_LEN 8
The root account
Set login time out for the root account
Edit file profile (/etc/profile) and the change the
following line
TMOUT=7200
Network Security and Hacking Techniques – DAY1
50. Linux General Security (Cont…)
TCP_WRAPPERS
TCP_WRAPPERS is controlled from two files and
the search stops at the first match.
vi /etc/hosts.allow
vi /etc/hosts.deny
For Example
Add ALL:ALL in hosts.deny file, then the access will be
denied
Add following line in hosts.allow
sshd: 192.128.9.13 home.secureindia.com
this will allow to access to above IP and Hostnames
Network Security and Hacking Techniques – DAY1
51. Linux General Security (Cont…)
Xinetd
xinetd is a secure replacement for inetd, the internet
services daemon
Features:
Access control
Prevent denial of service attacks!
Extensive logging abilities!
Offload services to a remote host
Network Security and Hacking Techniques – DAY1
52. Linux General Security (Cont…)
Xinetd (Cont..)
Xinetd files are /etc/xinetd.conf and
directories are stored at
/etc/xinetd.d/
Simple Configuration
defaults
{
instances = 60
log_type = SYSLOG authpriv
log_on_success = HOST PID
log_on_failure = HOST
cps = 25 30
}
includedir /etc/xinetd.d
Network Security and Hacking Techniques – DAY1
53. Linux General Security (Cont…)
Xinetd (cont..)
Sample Configuration of telnet services
service telnet
{
disable = no
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/sbin/in.telnetd
log_on_failure += USERID
}
Network Security and Hacking Techniques – DAY1
54. Linux General Security (Conts…)
Password protect the boot loader
Edit vi /etc/lilo.conf
add the following line
password = xxxxx
Special accounts
DISABLE ALL default vendor accounts
root# userdel adm
root# userdel lp
root# userdel sync
root# userdel shutdown
root# userdel halt
root# userdel news
root# userdel operator
root# userdel games
Network Security and Hacking Techniques – DAY1
55. Linux General Security (Cont…)
Enable TCP SYN Cookie Protection
Edit /etc/sysctl.conf and add
net.ipv4.tcp_syscookies = 1
OR
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
Prevent your system from responding to
ping request
Edit /etc/sysctl.conf
net.ipv4.icmp_echo_ignore_all = 1
OR
echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_all
Network Security and Hacking Techniques – DAY1
56. Linux Optimization
The “inode-max” parameter
Value roughly 3 to 4 times (8192*4=32768) the number of
opened files
Edit /etc/sysctl.conf and add
fs.inode-max = 32768
OR
echo "32768" >/proc/sys/fs/inode-max
The “file-max” parameter
256 for every 4M of RAM we have: i.e. for a machine with 128 MB
of RAM, set it to 8192 (128/4=32 32*256=8192). The default
setup for the “file-max” parameter under Red Hat Linux
is:"4096“
Edit /etc/sysctl.conf and add
fs.file-max = 8192
OR
echo 8192 > /proc/sys/fs/file-max
Network Security and Hacking Techniques – DAY1
57. Linux Optimization (cont…)
The “ulimit’ parameter
Linux itself has a "Max Processes" per user limit.
Edit the .bashrc file (vi /root/.bashrc) and add the following line:
ulimit -u unlimited
root# ulimit -a
core file size (blocks) 1000000
data seg size (kbytes) unlimited
file size (blocks) unlimited
max memory size (kbytes) unlimited
stack size (kbytes) 8192
cpu time (seconds) unlimited
max user processes unlimited _ this line.
pipe size (512 bytes) 8
open files 1024
virtual memory (kbytes) 2105343
Network Security and Hacking Techniques – DAY1
58. Linux Optimization (cont…)
The “atime” attribute
Linux records information about when files were created and last
modified as well as when it was last accessed.
To set the attribute to a file, use:
root# chattr +A filename _ For a specific file
For a whole directory tree, do something like:
root# chattr -R +A /var/spool/ _ For a news and mail
root# chattr -R +A /cache/ _ For a proxy caches
root# chattr -R +A /home/httpd/ona/ _ For a web pages
Network Security and Hacking Techniques – DAY1
59. Linux Optimization (cont…)
Handled more connections by time with your TCP/
IP
Edit the “/etc/sysctl.conf” file and add the following lines:
# Decrease the time default value for tcp_fin_timeout connection
net.ipv4.tcp_fin_timeout = 30
# Decrease the time default value for tcp_keepalive_time connection
net.ipv4.tcp_keepalive_time = 1800
# Turn off the tcp_window_scaling
net.ipv4.tcp_window_scaling = 0
# Turn off the tcp_sack
net.ipv4.tcp_sack = 0
# Turn off the tcp_timestamps
net.ipv4.tcp_timestamps = 0
Network Security and Hacking Techniques – DAY1
60. Securing and Building Linux kernel
Kernel is the core of Operating System
Kernel plays important role in performance of Linux
Server
Role of Kernel
Memory Management
Hardware Management
Process Management
www.kernel.org
http://www.openwall.com/linux/
Network Security and Hacking Techniques – DAY1
61. Securing and Building Linux kernel
(Cont…)
Untar the kernel Source
root# cp kernel_version.tar.gz /usr/src
root# cd /usr/src
root# tar –zxvf kernel_version.tar.gz
Increase the Tasks (optimization)
To increase the number of tasks allowed (the maximum number
of processes per user), you may need to edit the
“/usr/src/linux/include/linux/tasks.h” file and change the following
parameters.
Edit the tasks.h file
(vi +14 usr/src/linux/include/linux/tasks.h) and change the
following parameters:
NR_TASKS from 512 to 3072
MIN_TASKS_LEFT_FOR_ROOT from 4 to 24
Untar the kernel security patch
root#tar –zxvf linux-2_2_14-ow2_tar.gz
Network Security and Hacking Techniques – DAY1
62. Securing and Building Linux kernel
(Cont…)
Securing the kernel
Features:
Non-executable user stack area
Restricted links in /tmp
Restricted FIFOs in /tmp
Restricted /proc
Special handling of fd 0, 1, and 2
Enforce RLIMIT_NPROC on execve(2)
Network Security and Hacking Techniques – DAY1
63. Securing and Building Linux kernel
(Cont…)
Applying the Patch
root# cd /usr/src/kernel_version
root# patch -p0 < linux-2.2.14-ow2.diff
Compilation
root# make config
Choose options in menu .
root# make dep ; make bzImage
Compile the Modules
root# make modules; make modules_install
Installation of Kernel
root# cp /usr/src/linux/arch/i386/boot/bzImage /
boot/vmlinuz_kernel_version.number
Network Security and Hacking Techniques – DAY1
64. Securing and Building Linux kernel
(Cont…)
Linux Loader (lilo)
Edit file /etc/lilo.conf and add the following lines
mage=/boot/vmlinuz-2.5.1
label=linux-5
initrd=/boot/initrd-2.5.1
read-only
root=/dev/sda1
and change default to linux-5
default=linux
to
default=linux-5
running following command lilo –v to recognize new
kernel
root# /sbin/lilo –v
Network Security and Hacking Techniques – DAY1
65. Securing and Building Linux kernel
(Cont…)
Make a new rescue floppy
root# mkbootdisk -devise /dev/fd0 old-version
example
root# mkbootdisk –devise /dev/fd0 2.4.18
Now Reboot the system
root# reboot
After booting you see new kernel
Network Security and Hacking Techniques – DAY1
66. Linux Network Management
TCP/IP Network Management
Networking Firewall
Network Security and Hacking Techniques – DAY1
67. TCP/IP Linux Network Management
Files related to networking functionality
The “/etc/HOSTNAME” file
This file stores your system’s host name—your system’s fully
qualified domain name (FQDN), such as testing.secureindia.net.
Following is a sample “/etc/HOSTNAME” file:
testing.secureindia.com
The “/etc/resolv.conf” file
This file is another text file, used by the resolver—a library that
determines the IP address for a host name.
Following is a sample “/etc/resolv.conf” file:
search secureindia.net
nameserver 202.71.129.33
nameserver 202.71.129.37
Network Security and Hacking Techniques – DAY1
68. TCP/IP Linux Network Management(Cont..)
The “/etc/sysconfig/network-scripts/ifcfg-ethN”
files
File configurations for each network device
Following is a sample “/etc/sysconfig/network-
scripts/ifcfg-eth0” file:
DEVICE=eth0
IPADDR=202.71.129.252
NETMASK=255.255.255.0
NETWORK=202.71.129.0
BROADCAST=202.71.129.255
ONBOOT=yes
BOOTPROTO=none
USERCTL=no
Network Security and Hacking Techniques – DAY1
69. TCP/IP Linux Network Management(Cont..)
The “/etc/host.conf” file
This file specifies how names are resolved. Linux uses a
resolver library to obtain the IP address corresponding
to a host name.
Following is a sample “/etc/host.conf” file:
# Lookup names via DNS first then fall back to
/etc/hosts.
order bind,hosts
# We have machines with multiple addresses.
multi on
# Check for IP address spoofing.
nospoof on
Network Security and Hacking Techniques – DAY1
70. TCP/IP Linux Network Management(Cont..)
The “/etc/sysconfig/network” file
The “/etc/sysconfig/network” file is used to specify information
about the desired network configuration on your server.
Following is a sample “/etc/sysconfig/network” file:
NETWORKING=yes
FORWARD_IPV4=yes
HOSTNAME=deep. secureindia.com
GATEWAY=0.0.0.0
GATEWAYDEV=eth1
The “/etc/sysctl.conf” file
In Red Hat Linux 9.0, many kernel options related to networking
security such as dropping packets that come in over interfaces
they shouldn't or ignoring ping/broadcasts request, etc can be set
in the new “/etc/sysctl.conf” file instead of the “/etc/rc.d/rc.local”
file.
Edit the “/etc/sysctl.conf” file and add the following line:
# Enable packet forwarding
net.ipv4.ip_forward = 1
Network Security and Hacking Techniques – DAY1
71. TCP/IP Linux Network Management(Cont..)
Configuring TCP/IP Networking manually with the
command line
ifconfig utility is the tool used to set up and configure
your network card
To assign the eth0 interface the IP-address of
202.71.128.252 use the command:
root# ifconfig eth0 202.71.128.252 netmask 255.255.255.0
root# ifconfig eth0
The output should look something like this:
eth0 Link encap:Ethernet HWaddr 00:E0:18:90:1B:56
inet addr:202.71.128.252 Bcast:202.71.128.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1295 errors:0 dropped:0 overruns:0 frame:0
TX packets:1163 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
Interrupt:11 Base address:0xa800
Network Security and Hacking Techniques – DAY1
72. TCP/IP Linux Network Management(Cont..)
To assign the default gateway
root# route add default gw 202.71.128.1
To verify that you can reach your hosts, use the
command:
root# ping 202.71.128.1
The output should look something like this:
PING 202.71.128.1 (202.71.128.1) from 202.71.128.252:
56 data bytes
64 bytes from 202.71.128.252: icmp_seq=0 ttl=128 time=1.0 ms
64 bytes from 202.71.128.252: icmp_seq=1 ttl=128 time=1.0 ms
Network Security and Hacking Techniques – DAY1
73. TCP/IP Linux Network Management(Cont..)
To display the routing information
root# route -n
The output should look something like this:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
202.71.128.252 0.0.0.0 255.255.255.255 UH 0 0 0 eth0
202.71.128.0 202.71.128.252 255.255.255.0 UG 0 0 0 eth0
208.164.186.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
Network Security and Hacking Techniques – DAY1
74. TCP/IP Linux Network Management(Cont..)
To see all active TCP connections
root# netstat -t
The output should look something like this:
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
Tcp 0 0 deep.openar:netbios-ssn gate.openna.com:1045 ESTABLISHED
Tcp 0 0 localhost:1032 localhost:1033 ESTABLISHED
Tcp 0 0 localhost:1033 localhost:1032 ESTABLISHED
Tcp 0 0 localhost:1033 localhost:1034 ESTABLISHED
Tcp 0 0 localhost:1033 localhost:1030 ESTABLISHED
Network Security and Hacking Techniques – DAY1
75. Introduction to netfilter/iptables
Linux security and netfilter/iptables
Inbuilt capability is firewall configuration for Linux
systems on a network
Firewalls to stop unauthorized sources from
accessing their Linux systems by using telnet, for
example.
Free up the bandwidth by blocking unnecessary
traffic coming from sources like advertisement
sites
Network Security and Hacking Techniques – DAY1
76. Netfilter/IPtables
packet filtering process
Network Security and Hacking Techniques – DAY1
77. Building rules and chains
Root# iptables [-t table] command [match] [target]
Tables: INPUT,OUTPUT,PREROUTING,POSTROUTING
Command: -A or –append
$ iptables -A INPUT -s 205.168.0.1 -j ACCEPT
-D or --delete
$ iptables -D INPUT --dport 80 -j DROP
-F or –flush
$ iptables -F
-L or --list
$ iptables -L
Network Security and Hacking Techniques – DAY1
78. Building rules and chains (cont…)
Match: -p or --protocol
$ iptables -A INPUT -p TCP, UDP
-s or –source
$ iptables -A OUTPUT -s 192.168.1.1
-d or --destination
$ iptables -A INPUT -d 192.168.1.1
Target : ACCEPT,DROP and REJECT
$ iptables -A FORWARD -p TCP --dport 22 -j REJECT
Network Security and Hacking Techniques – DAY1
79. Securing Windows 2000
OS Installation
Installing Service Packs and Hotfixes
Secure Server Settings
Miscellaneous settings
Network Settings
Enabling /Disabling Services
System Policies
Registry Settings
Network Security and Hacking Techniques – DAY1
80. Windows2000 Server operating system
requires…
Introduction
Careful planning and preparation.
Default installation Server is vulnerable to security
attacks
Disconnected from the network until both the Windows
2000 Service Pack 3 and the Security hotfixes are
installed.
Disk Configuration
Ensure that all the drives on the server have NTFS
partitions
If the drives are not on NTFS then use the
“Convert.exe” tool to convert the partition to NTFS and
retain the data also
Ensure that the disk is partitioned into at least two
separate partitions
One for the system and OS files, and the other for data
files
Network Security and Hacking Techniques – DAY1
81. Installing Service Packs and Hotfixes
Hotfixes and security packs
Hotfixes are code patches for products that are provided
While applying the service pack you will be asked whether you
want to back up the existing setup
Secure Server Settings
Anti-virus
• Ensure that an anti-virus is installed on the server
• Latest updates as provided by the Anti-Virus vendor.
Emergency repair disk (ERD)
Network Security and Hacking Techniques – DAY1
82. Miscellaneous Settings
File permissions
list the permissions to be granted on critical files
Example
Repeat the process for the following directories and files.
Temp directories like c:temp, %systemroot%tmp.
Audit logs (%systemroot%system32config*.evt)
Registry files (%systemroot%system32config, %systemroot%repair)
All shared directories
Boot files on the system partition (Boot.ini, NTLDR, NTDETECT.COM, NTBOOTDD.SYS,
BOOTSECT.DOS)
Administrator password length
Rename Administrator Account
Rename Guest Account
Network Security and Hacking Techniques – DAY1
83. Network Settings
Microsoft provides two categories of networking services
Microsoft’s File and Print services (Installed Default)
The General TCP/IP and Internet services
• DNS and WINS settings
• Unbinding Microsoft networking services
Network Security and Hacking Techniques – DAY1
84. Network Settings
Enabling/Disabling services
• Default windows start a few services over
which we do not have any control, during
the installation phase
Network Security and Hacking Techniques – DAY1
85. System Policies
Password Policies
Password policies help
administrators dictate the
strength of passwords that
users can set
Account Lockout
Policies
Account lockout policy options
disable accounts after a set
number of failed logon attempts
Network Security and Hacking Techniques – DAY1
86. System Policies (Conts…)
Audit policy
Audit policies help administrators
monitor logon activity in
Windows 2000 Server in a very
detailed way by enabling success-
and-failure auditing in the system's
Audit policy
Network Security and Hacking Techniques – DAY1
87. System Policies (Conts…)
Audit log settings
Changing parameters like
1. Maximum log size
2. Do not overwrite events
Network Security and Hacking Techniques – DAY1
88. System Policies (Conts…)
User rights
User rights are typically
assigned on the basis of the
security groups to which a
user belongs
The policy settings in this
category are typically used
to allow or deny users
permission to access to
their computer based on the
method of access and their
security group memberships
Network Security and Hacking Techniques – DAY1
89. System Policies (Conts…)
Security options
The settings provided under
this heading help define the
behavior of the system for the
settings configured above
and the way the system
interacts with other machines
on the network.
Network Security and Hacking Techniques – DAY1
90. Registry Settings
This section address specific settings that have to be
done manually in the system registry
It’s highly recommended to take to take a full back of
the registry before any changes have been made
SYN attack protection
Procedure
Right click on the right hand pane
Syn attack protection involves reducing the Choose New→ DWORD Value
amount of retransmissions for the SYN-ACKS Name it “SynAttackProtect”.
Double click on the “SynAttackProtect” key
Reduce the time for which resources have to Enter the value as “2”
remain allocated
Network Security and Hacking Techniques – DAY1
91. Registry Settings (Conts…)
TcpMaxHalfOpen
This parameter controls the number of connections in the
SYN-RCVD state allowed before SYN-ATTACK protection
begins to operate.
If SynAttackProtect is set to 1, ensure that this value is
lower than the AFD listen backlog on the port you want to
protect. See the SynAttackProtect parameter for more
details.
TcpMaxHalfOpenRetried
This parameter controls the number of connections in the
SYN-RCVD state for which there has been at least one
retransmission of the SYN sent, before SYN-ATTACK
attack protection begins to operate.
The default values are 80 for Win2K Pro and Server and
400 for Advanced Server. See the SynAttackProtect
parameter for more details.
Network Security and Hacking Techniques – DAY1
92. Registry Settings (Conts…)
Perform router discovery
This parameter controls whether Windows 2000 will try to
perform router discovery (RFC 1256). This is on a per-
interface basis
It is located in Interfaces<interface> and is a REG_DWORD,
with a range of 0–2, (default is 2 and recommended is 0).
Value of 0 is disabled; 1 is enabled; and 2 DHCP controls the
setting.
Enable ICMP redirects
This controls whether Windows 2000 will alter its route table
in response to ICMP redirect messages that are sent to it by
network devices such as a routers.
It is a REG_DWORD, with 0,1 (False, True). Default value is
1, recommended value is 0.
Network Security and Hacking Techniques – DAY1
93. Registry Settings (Conts..)
Restrict network access to the registry
Network Security and Hacking Techniques – DAY1