The document outlines fundamental concepts of information security, including historical cyber attacks, prevention strategies, and various types of security breaches such as phishing and denial of service attacks. It discusses the CIA triad (confidentiality, integrity, availability), cryptography types, and various security protocols for systems and communications. Additionally, it covers incident responses, risk management practices, and the importance of maintaining up-to-date security measures.

1. Information Security Basics , Attacks , Prevention & Practices By Renjith K P , CISA , CISSP

2. From History 19 Yr Old Russian hacker stole up to 300,000 credit card numbers from CD Universe customers in 1999 for $100000 Another Russian hacker stole more than 55,000 credit card numbers from CreditCards.com In September 2000, Western Union shut down its web site for five days after hackers stole more than 15,000 customer credit card numbers

3. Amazon.com - credit card information of more than 98,000 customers was compromised 2001 April 2002, the Bank of the State of California found out that 265,000 state employees had their personal information stolen by a hacker In August 2002, Daewoo Securities found out that $21.7 million in stock was illegally sold. March 2005, hackers obtained 1.4 million credit card numbers by carrying out an attack on DSW Shoe Warehouse’s database. Yahoo cautioned that the http://mail.yahoo.com/ address must include the trailing slash after the yahoo.com in 2006 Yahoo indicated that http://www.yahoo.com:login&mode=secure&i=b35 870c196e2fd4a&q=1@16909060 is a bogus URL

4. During the Persian Gulf War in 1991, it was reported that hackers from the Netherlands penetrated 34 American military sites that supported Operation Desert Storm activities. during the 1999 Kosovo Air Campaign, false messages were injected into Yugoslavia’s computer-integrated air defense systems to point the weapons at false targets. In February 2004, Wells Fargo Bank suffered its second theft of a laptop computer that contained confidential information 200000 users

5. What Does This Mean to Us? Good security does not begin and end with erecting a firewall and installing antivirus software. Good security should be planned, designed, implemented, maintained.

6. CIA Triad Confidentiality Integrity Availability

7. Password Attack Password Guessing Dictionary Attack Social Engineering Dumpster Diving

8. TCP Segment Format

9. 3 Way Handshaking Host A sends a TCP SYN packet to Host B Host B receives A's SYN Host B sends a SYN - ACK (Initial Sequence Number (ISN) ) Host A receives B's SYN-ACK Host A sends ACK Host B receives ACK . TCP connection is ESTABLISHED.

10. Denial of Service Attacks SYN Flood

11. Similar Attacks Ack Flood Reset (RST) Attack ( Calculate seq then RST) – Occurs at the middle of connection FIN Attack – At the End state of connection

12. Spoofing

13. Denial of Service Attacks Smurf

14. Denial of Service Attacks Teardrop

15. Detecting IP spoofing An incoming packet cannot have a source address that belongs to the internal network. An outgoing packet cannot have a source address that does not belong to the internal network. A packet leaving or entering through a firewall cannot have the same source and destination address.

16. Denial of Service Attacks DNS Poisoning – Hacking in to registrar account Ping of Death - ICMP packet is 65,536 bytes .What if the packet size is more

18. Firewall Architecture

19. Masquerading Attacks IP Spoofing Session Hijacking

20. Other Threats Virus - Malicious code. Worms- Code spread automatically, usually via the Internet Trojan - code hidden on a system to usually gain back door access. Phishing Spam Spy / Ad Ware

21. Mitigation Up-to-date Patches Antivirus Softwares Antispam Antiphishing Training Physical Security Logging and Auditing Need to know privileges

22. Incident Response Unplug the network Don't turn the computer off. Backup the system and keep the Back-ups. Investigate the cause Always, re-build Perform forensics on a backup Keep documentation and evidence

23. Elements of Risks

24. Symmetric Cryptography

25. Symmetric examples DES (56) 3DES IDEA (128) Blowfish (32 to 448) Skipjack (80 bits , for US Government) AES (128:9 , 192:11,256:13)

26. Asymmetric

27. Asymmetric RSA - 1088 bits DSA – 1024 Bits EL Gamel Elliptic Curve – 160 bits

28. Comparison

29. PKI – Public Key Infrastructure Certificate ( Serial , Issuer,Validity,Name , Public Key CA – Verisign , Thawte etc

30. SSL Credibility of the website Encrypted communication SSL uses the public-and-private key encryption system from RSA, which also includes the use of a digital certificate.

31. Hash Functions Unique output value derived from the content of the message SHA1 , MD4 , MD5

32. Digital Signature The message truly came from the claimed Sender Message was not altered while in transit between the sender and recipient

33. Digital Signatures

34. VPN Point-to-Point Tunneling Protocol (PPTP) Layer 2 Tunneling Protocol (L2TP) IPsec

35. Architecture - Protocols Authentication header (AH): access control, integrity, data origin authentication, confidentiality Encapsulating Security Payload (ESP): access control, confidentiality, traffic flow, confidentiality Key management protocols: IKE = OAKLEY + ISAKMP, . . .

36. Cryptographic Algorithms for IPSec HMAC - SHA1 for integrity protection Triple DES - for confidentiality AES for confidentiality.

37. Crypto Attacks Man in the Middle Birthday Attack : substitute a digitally signed communication a different message that produces the same message digest Replay Attack : Same as 1 st one , use the captured session at later time Brute Force Attack

38. Man In The Middle A and B Wants to Communicate each other and C is sniffing the communication. What if C captures both public keys and send C’s public key to A & B ?

39. Birthday Attack Suppose A wants to cheat B while signing the contract A prepare 2 contracts C and C’(Fraud) F(C’) = F(C) while Hashing the contracts B signs the Contract C A put the Digital signature of the contract to C’ and can prove that B signed the C’

40. Brute Force Attack How long can the key be? How many possible values can each component of the key have? How long will it take to attempt each key?

41. Attack Tools dsniff - A tool for SSH and SSL MITM attacks Cain - A Windows GUI tool which can perform MITM attacks, along with sniffing and ARP poisoning Ettercap - A tool for LAN based MITM attacks Karma - A tool that uses 802.11 Evil Twin attacks to perform MITM attacks AirJack - A tool that demonstrates 802.11 based MITM attacks wsniff - A tool for 802.11 HTTP / HTTPS based MITM attacks

42. Email Security Secure Multipurpose Internet Mail Extensions (S/MIME) Secure Electronic Transaction (SET) RSA & DES Privacy Enhanced Mail (PEM) protocol and uses RSA,DES, and X.509 Pretty Good Privacy (PGP) - IDEA

43. Decoy Techniques Honey Pots Pseudo-Flaws Monitoring & Logging Traffic Analysis and trend Analysis Sniffing Ethical Hacking

44. Operations Security Backup Need to Know and Least Privilege Trusted Recovery Media management Job rotation

45. BCP & Disaster Recovery Business Impact Assessment Risk Assessment Risk Acceptance Risk Mitigation Cold,Warm,Hot Sites

46. Terms Policies Standards Baselines Guidelines Procedures