This document discusses cloud computing security and covers the following key points in 15 sentences or less:
Cloud security involves ensuring confidentiality, integrity, and availability of data. There are four main types of security attacks: interruption, interception, modification, and fabrication. Security threats can be classified as disclosure, deception, disruption, or usurpation. Security policies define what is and is not allowed, while mechanisms enforce these policies. Security aims to prevent attacks, detect violations, and enable recovery from any successful attacks. Trust and assumptions underlie all aspects of security policies, mechanisms, operations, and issues.
Security+ Guide to Network Security Fundamentals, 3rd Edition, by Mark Ciampa
Knowledge and skills required for Network Administrators and Information Technology professionals to be aware of security vulnerabilities, to implement security measures, to analyze an existing network environment in consideration of known security threats or risks, to defend against attacks or viruses, and to ensure data privacy and integrity. Terminology and procedures for implementation and configuration of security, including access control, authorization, encryption, packet filters, firewalls, and Virtual Private Networks (VPNs).
CNIT 120: Network Security
http://samsclass.info/120/120_S09.shtml#lecture
Policy: http://samsclass.info/policy_use.htm
Many thanks to Sam Bowne for allowing to publish these presentations.
Security+ Guide to Network Security Fundamentals, 3rd Edition, by Mark Ciampa
Knowledge and skills required for Network Administrators and Information Technology professionals to be aware of security vulnerabilities, to implement security measures, to analyze an existing network environment in consideration of known security threats or risks, to defend against attacks or viruses, and to ensure data privacy and integrity. Terminology and procedures for implementation and configuration of security, including access control, authorization, encryption, packet filters, firewalls, and Virtual Private Networks (VPNs).
CNIT 120: Network Security
http://samsclass.info/120/120_S09.shtml#lecture
Policy: http://samsclass.info/policy_use.htm
Many thanks to Sam Bowne for allowing to publish these presentations.
1. Cloud Life-Cycle
2. Cloud Deployment Scenario
3. Cloud Service Development and Testing
4. Web Service Slicing for Regression Testing of Services
5. Cloud Service Evolution Analytics
6. Quality of Service and Service Level Agreement
Cloud Computing offers an on-demand and scalable access to a shared pool of resources hosted in a data center at providers’ site. It reduces the overheads of up-front investments and financial risks for the end-user. Regardless of the fact that cloud computing offers great advantages to the end users, there are several challenging issues that are mandatory to be addressed.
ppt consists of history, generations of firewalls, types, architectures, advantages & disadvantages.
very basic ppt- can be used for college & paper presentation seminars.
details of tools and methods used in cyber crime & how to protect your system from crimes...
detail study of password cracking, Denial of service, DDoS, steganography, keylogger, proxy server, phishing etc..
Intrusion detection and prevention systemNikhil Raj
This presentation describes how to implement Network based Intrusion Detection System (SNORT) in the network. Detecting and analyzing alerts generated and blocking the Attacker using Access Control List.
The encryption mechanism is a digital coding system dedicated to preserving the confidentiality and integrity of data. It is used for encoding plain text data into a protected and unreadable format.
security
,
system
,
introduction
,
threats to computer system
,
computer
,
security
,
types of software
,
system software
,
bios
,
need of an operating system
,
major functions of operating system
,
types of operating system
,
language
,
processor
,
application software
,
thank you
1. Cloud Life-Cycle
2. Cloud Deployment Scenario
3. Cloud Service Development and Testing
4. Web Service Slicing for Regression Testing of Services
5. Cloud Service Evolution Analytics
6. Quality of Service and Service Level Agreement
Cloud Computing offers an on-demand and scalable access to a shared pool of resources hosted in a data center at providers’ site. It reduces the overheads of up-front investments and financial risks for the end-user. Regardless of the fact that cloud computing offers great advantages to the end users, there are several challenging issues that are mandatory to be addressed.
ppt consists of history, generations of firewalls, types, architectures, advantages & disadvantages.
very basic ppt- can be used for college & paper presentation seminars.
details of tools and methods used in cyber crime & how to protect your system from crimes...
detail study of password cracking, Denial of service, DDoS, steganography, keylogger, proxy server, phishing etc..
Intrusion detection and prevention systemNikhil Raj
This presentation describes how to implement Network based Intrusion Detection System (SNORT) in the network. Detecting and analyzing alerts generated and blocking the Attacker using Access Control List.
The encryption mechanism is a digital coding system dedicated to preserving the confidentiality and integrity of data. It is used for encoding plain text data into a protected and unreadable format.
security
,
system
,
introduction
,
threats to computer system
,
computer
,
security
,
types of software
,
system software
,
bios
,
need of an operating system
,
major functions of operating system
,
types of operating system
,
language
,
processor
,
application software
,
thank you
Module 3 Lectures 6 hrs.
Infrastructure and Network Security: Introduction to System Security, Server Security,
OS Security, Physical Security, Introduction to Networks, Network packet Sniffing,
Network Design Simulation. DOS/DDOS attacks. Asset Management and Audits,
Vulnerabilities and Attacks. Intrusion detection and Prevention Techniques, Host based
Intrusion prevention Systems, Security Information Management, Network Session
Analysis, System Integrity Validation.
Open Source/ Free/ Trial Tools: DOS Attacks, DDOS attacks, Wireshark, Cain & abel,
iptables/
Windows Firewall, snort, suricata, fail2ban
Security Concepts: Introduction, The need for security, Security approaches, Principles of security, Types of Security attacks, Security services, Security Mechanisms, A model for Network Security Cryptography Concepts and Techniques: Introduction, plain text and cipher text, substitution techniques, transposition techniques, encryption and decryption, symmetric and asymmetric key cryptography, steganography, key range and key size, possible types of attacks
Research Paper on STRIDE
Presented By
Kranthi Sekhar Reddy Kolli
(002832361)
University of Cumberlands
Threat Modeling:
According to Adam Shostack(2017) Threat modeling is about building models, and using those models to help you think about what’s going to go wrong. There are models implicit in most things. For example, in threat intelligence, you often receive IP addresses, email addresses, and similar “indicators.” Implicit is that you’ll plug those IPs into your firewall or IDS, or block or detect those emails at your mail server. There are also important details rarely discussed: Is your firewall from Palo Alto or Fortinet Each has a different user interface, but each has a way to block an IP address.
Threat modeling is essential to becoming proactive and strategic in your operational and application security. Modern threat modeling is agile and integrative, building collaboration between security and other teams. That’s security and development, security and operations, security and all sorts of others. Threat modeling is also essential in moving away from “gut feel” to a disciplined approach to problems (2017).
STRIDE:
Stride is a systematic way to deal with recognizing our application's advantages and the in all probability threats to them. What resources would we say we are talking about precisely? This would be anything that is put away in a database, CPU influence, and documents situated in a record framework. When you have set aside the opportunity to assess your advantages, you would then be able to start to survey the genuine dangers that issue most to your foundation (Shostack, 2017).
The name STRIDE [Hernan 2006] is an acronym based on the initials of the six threat categories: Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, and Elevation of privilege. These categories are not mutually exclusive, and complex attacks may involve a combination of them. However, they provide a useful set that non-security experts can use to reason about security threats.
Spoofing:
Spoofing is an attack in which people (or programs) represent themselves as something other than what they truly are, with the intent of gaining authorized access to resources for which they should be unauthorized. A successful spoofing attack is one that allows an attacker to foil or avoid authentication.
Conditions under Which Spoofing Might Occur:
Spoofing can occur when the source or destination of a message is not properly trusted (e.g., via authentication), but the requested action in the message is still performed. Spoofing can be successful if the attacking component can steal another component’s identity to appear authentic or if other components do not demand proof of authentication.
Spoofing Risks:
When considering spoofing attacks, we must think about these general design weaknesses that would allow spoofing to occur:
· There is no authentication, or the authentication mechanism has been broken or bypassed.
...
Team research paper and project on network vulnerabilities with multiple attacks and defesnses:
Cybersecurity
-For this project, our class was paired with teams to attempt to find vulnerabilities in other teams networks and to successfully beach their network.
-My role in this group was to help breach other team vulnerabilities through different attacks like responder attacks, honeypots, etc.
-The main challenges of this project were trying to find the vulnerabilities successfully, as the whole team had troubles with each of our different attacks and defenses.
-We learned how to use cybersecurity tools to help find vulnerabilities in networks and how to protect against them better. For example, in the honeypot we used we deployed it to port 80, when the attacker tried to access our fake server we were notified. We also deployed palto alto firewall to create our private and secure network. For an attack, we also used password crackers like john the ripper. This project taught us how to breach networks as a team.
Layered Approach for Preprocessing of Data in Intrusion Prevention SystemsEditor IJCATR
Due to extensive growth of the Internet and increasing availability of tools and methods for intruding and attacking
networks, intrusion detection has become a critical component of network security parameters. TCP/IP protocol suite is the defacto
standard for communication on the Internet. The underlying vulnerabilities in the protocols is the root cause of intrusions. Therefor
Intrusion detection system becomes an important element in network security that controls real time data and leads to huge
dimensional problem. Processing large number of packets and data in real time is very difficult and costly. Therefor data preprocessing
is necessary to remove redundant and unwanted information from packets and clean network data. Here, we are focusing on
two important aspects of intrusion detection; one is accuracy and other is performance. The layered approach of TCP/IP model can be
applied to packet pre-processing to achieve early and faster intrusion detection. Motivation for the paper comes from the large impact
data preprocessing has on the accuracy and capability of anomaly-based NIPS. In this paper it is demonstrated that high attack
detection accuracy can be achieved by using layered approach for data preprocessing in Internet. To reduce false positive rate and to
increase efficiency of detection, the paper proposed framework for preprocessing in intrusion prevention system. We experimented
with real time network traffic as well as he KDDcup99 dataset for our research.
Water scarcity is the lack of fresh water resources to meet the standard water demand. There are two type of water scarcity. One is physical. The other is economic water scarcity.
Explore the innovative world of trenchless pipe repair with our comprehensive guide, "The Benefits and Techniques of Trenchless Pipe Repair." This document delves into the modern methods of repairing underground pipes without the need for extensive excavation, highlighting the numerous advantages and the latest techniques used in the industry.
Learn about the cost savings, reduced environmental impact, and minimal disruption associated with trenchless technology. Discover detailed explanations of popular techniques such as pipe bursting, cured-in-place pipe (CIPP) lining, and directional drilling. Understand how these methods can be applied to various types of infrastructure, from residential plumbing to large-scale municipal systems.
Ideal for homeowners, contractors, engineers, and anyone interested in modern plumbing solutions, this guide provides valuable insights into why trenchless pipe repair is becoming the preferred choice for pipe rehabilitation. Stay informed about the latest advancements and best practices in the field.
Final project report on grocery store management system..pdfKamal Acharya
In today’s fast-changing business environment, it’s extremely important to be able to respond to client needs in the most effective and timely manner. If your customers wish to see your business online and have instant access to your products or services.
Online Grocery Store is an e-commerce website, which retails various grocery products. This project allows viewing various products available enables registered users to purchase desired products instantly using Paytm, UPI payment processor (Instant Pay) and also can place order by using Cash on Delivery (Pay Later) option. This project provides an easy access to Administrators and Managers to view orders placed using Pay Later and Instant Pay options.
In order to develop an e-commerce website, a number of Technologies must be studied and understood. These include multi-tiered architecture, server and client-side scripting techniques, implementation technologies, programming language (such as PHP, HTML, CSS, JavaScript) and MySQL relational databases. This is a project with the objective to develop a basic website where a consumer is provided with a shopping cart website and also to know about the technologies used to develop such a website.
This document will discuss each of the underlying technologies to create and implement an e- commerce website.
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...Dr.Costas Sachpazis
Terzaghi's soil bearing capacity theory, developed by Karl Terzaghi, is a fundamental principle in geotechnical engineering used to determine the bearing capacity of shallow foundations. This theory provides a method to calculate the ultimate bearing capacity of soil, which is the maximum load per unit area that the soil can support without undergoing shear failure. The Calculation HTML Code included.
Saudi Arabia stands as a titan in the global energy landscape, renowned for its abundant oil and gas resources. It's the largest exporter of petroleum and holds some of the world's most significant reserves. Let's delve into the top 10 oil and gas projects shaping Saudi Arabia's energy future in 2024.
About
Indigenized remote control interface card suitable for MAFI system CCR equipment. Compatible for IDM8000 CCR. Backplane mounted serial and TCP/Ethernet communication module for CCR remote access. IDM 8000 CCR remote control on serial and TCP protocol.
• Remote control: Parallel or serial interface.
• Compatible with MAFI CCR system.
• Compatible with IDM8000 CCR.
• Compatible with Backplane mount serial communication.
• Compatible with commercial and Defence aviation CCR system.
• Remote control system for accessing CCR and allied system over serial or TCP.
• Indigenized local Support/presence in India.
• Easy in configuration using DIP switches.
Technical Specifications
Indigenized remote control interface card suitable for MAFI system CCR equipment. Compatible for IDM8000 CCR. Backplane mounted serial and TCP/Ethernet communication module for CCR remote access. IDM 8000 CCR remote control on serial and TCP protocol.
Key Features
Indigenized remote control interface card suitable for MAFI system CCR equipment. Compatible for IDM8000 CCR. Backplane mounted serial and TCP/Ethernet communication module for CCR remote access. IDM 8000 CCR remote control on serial and TCP protocol.
• Remote control: Parallel or serial interface
• Compatible with MAFI CCR system
• Copatiable with IDM8000 CCR
• Compatible with Backplane mount serial communication.
• Compatible with commercial and Defence aviation CCR system.
• Remote control system for accessing CCR and allied system over serial or TCP.
• Indigenized local Support/presence in India.
Application
• Remote control: Parallel or serial interface.
• Compatible with MAFI CCR system.
• Compatible with IDM8000 CCR.
• Compatible with Backplane mount serial communication.
• Compatible with commercial and Defence aviation CCR system.
• Remote control system for accessing CCR and allied system over serial or TCP.
• Indigenized local Support/presence in India.
• Easy in configuration using DIP switches.
Hybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdffxintegritypublishin
Advancements in technology unveil a myriad of electrical and electronic breakthroughs geared towards efficiently harnessing limited resources to meet human energy demands. The optimization of hybrid solar PV panels and pumped hydro energy supply systems plays a pivotal role in utilizing natural resources effectively. This initiative not only benefits humanity but also fosters environmental sustainability. The study investigated the design optimization of these hybrid systems, focusing on understanding solar radiation patterns, identifying geographical influences on solar radiation, formulating a mathematical model for system optimization, and determining the optimal configuration of PV panels and pumped hydro storage. Through a comparative analysis approach and eight weeks of data collection, the study addressed key research questions related to solar radiation patterns and optimal system design. The findings highlighted regions with heightened solar radiation levels, showcasing substantial potential for power generation and emphasizing the system's efficiency. Optimizing system design significantly boosted power generation, promoted renewable energy utilization, and enhanced energy storage capacity. The study underscored the benefits of optimizing hybrid solar PV panels and pumped hydro energy supply systems for sustainable energy usage. Optimizing the design of solar PV panels and pumped hydro energy supply systems as examined across diverse climatic conditions in a developing country, not only enhances power generation but also improves the integration of renewable energy sources and boosts energy storage capacities, particularly beneficial for less economically prosperous regions. Additionally, the study provides valuable insights for advancing energy research in economically viable areas. Recommendations included conducting site-specific assessments, utilizing advanced modeling tools, implementing regular maintenance protocols, and enhancing communication among system components.
Cosmetic shop management system project report.pdfKamal Acharya
Buying new cosmetic products is difficult. It can even be scary for those who have sensitive skin and are prone to skin trouble. The information needed to alleviate this problem is on the back of each product, but it's thought to interpret those ingredient lists unless you have a background in chemistry.
Instead of buying and hoping for the best, we can use data science to help us predict which products may be good fits for us. It includes various function programs to do the above mentioned tasks.
Data file handling has been effectively used in the program.
The automated cosmetic shop management system should deal with the automation of general workflow and administration process of the shop. The main processes of the system focus on customer's request where the system is able to search the most appropriate products and deliver it to the customers. It should help the employees to quickly identify the list of cosmetic product that have reached the minimum quantity and also keep a track of expired date for each cosmetic product. It should help the employees to find the rack number in which the product is placed.It is also Faster and more efficient way.
Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)MdTanvirMahtab2
This presentation is about the working procedure of Shahjalal Fertilizer Company Limited (SFCL). A Govt. owned Company of Bangladesh Chemical Industries Corporation under Ministry of Industries.
NO1 Uk best vashikaran specialist in delhi vashikaran baba near me online vas...Amil Baba Dawood bangali
Contact with Dawood Bhai Just call on +92322-6382012 and we'll help you. We'll solve all your problems within 12 to 24 hours and with 101% guarantee and with astrology systematic. If you want to take any personal or professional advice then also you can call us on +92322-6382012 , ONLINE LOVE PROBLEM & Other all types of Daily Life Problem's.Then CALL or WHATSAPP us on +92322-6382012 and Get all these problems solutions here by Amil Baba DAWOOD BANGALI
#vashikaranspecialist #astrologer #palmistry #amliyaat #taweez #manpasandshadi #horoscope #spiritual #lovelife #lovespell #marriagespell#aamilbabainpakistan #amilbabainkarachi #powerfullblackmagicspell #kalajadumantarspecialist #realamilbaba #AmilbabainPakistan #astrologerincanada #astrologerindubai #lovespellsmaster #kalajaduspecialist #lovespellsthatwork #aamilbabainlahore#blackmagicformarriage #aamilbaba #kalajadu #kalailam #taweez #wazifaexpert #jadumantar #vashikaranspecialist #astrologer #palmistry #amliyaat #taweez #manpasandshadi #horoscope #spiritual #lovelife #lovespell #marriagespell#aamilbabainpakistan #amilbabainkarachi #powerfullblackmagicspell #kalajadumantarspecialist #realamilbaba #AmilbabainPakistan #astrologerincanada #astrologerindubai #lovespellsmaster #kalajaduspecialist #lovespellsthatwork #aamilbabainlahore #blackmagicforlove #blackmagicformarriage #aamilbaba #kalajadu #kalailam #taweez #wazifaexpert #jadumantar #vashikaranspecialist #astrologer #palmistry #amliyaat #taweez #manpasandshadi #horoscope #spiritual #lovelife #lovespell #marriagespell#aamilbabainpakistan #amilbabainkarachi #powerfullblackmagicspell #kalajadumantarspecialist #realamilbaba #AmilbabainPakistan #astrologerincanada #astrologerindubai #lovespellsmaster #kalajaduspecialist #lovespellsthatwork #aamilbabainlahore #Amilbabainuk #amilbabainspain #amilbabaindubai #Amilbabainnorway #amilbabainkrachi #amilbabainlahore #amilbabaingujranwalan #amilbabainislamabad
Student information management system project report ii.pdfKamal Acharya
Our project explains about the student management. This project mainly explains the various actions related to student details. This project shows some ease in adding, editing and deleting the student details. It also provides a less time consuming process for viewing, adding, editing and deleting the marks of the students.
2. 2
Security - Basic Components
Confidentiality
Keeping data and resources hidden
Integrity
Data integrity (integrity)
Origin integrity (authentication)
Availability
Enabling access to data and resources
3. 3
Security Attacks
Any action that compromises the security of
information.
Four types of attack:
1. Interruption
2. Interception
3. Modification
4. Fabrication
Basic model:
D
Source Destination
S
4. 4
Security Attacks (contd.)
Interruption:
Attack on availability
Interception:
Attack on confidentiality
S D
S D
I
6. 6
Classes of Threats
Disclosure
Snooping
Deception
Modification, spoofing, repudiation of origin, denial of receipt
Disruption
Modification
Usurpation
Modification, spoofing, delay, denial of service
7. 7
Policies and Mechanisms
Policy says what is, and is not, allowed
This defines “security” for the site/system/etc.
Mechanisms enforce policies
Composition of policies
If policies conflict, discrepancies may create security
vulnerabilities
8. 8
Goals of Security
Prevention
Prevent attackers from violating security policy
Detection
Detect attackers’ violation of security policy
Recovery
Stop attack, assess and repair damage
Continue to function correctly even if attack succeeds
9. 9
Trust and Assumptions
Underlie all aspects of security
Policies
Unambiguously partition system states
Correctly capture security requirements
Mechanisms
Assumed to enforce policy
Support mechanisms work correctly
11. 11
Assurance
Specification
Requirements analysis
Statement of desired functionality
Design
How system will meet specification
Implementation
Programs/systems that carry out design
12. 12
Operational Issues
Cost-Benefit Analysis
Is it cheaper to prevent or recover?
Risk Analysis
Should we protect something?
How much should we protect this thing?
Laws and Customs
Are desired security measures illegal?
Will people do them?
13. 13
Human Issues
Organizational Problems
Power and responsibility
Financial benefits
People problems
Outsiders and insiders
Social engineering
15. 15
Passive and Active Attacks
Passive attacks
Obtain information that is being transmitted
(eavesdropping).
Two types:
Release of message contents:- It may be desirable to
prevent the opponent from learning the contents of the
transmission.
Traffic analysis:- The opponent can determine the
location and identity of communicating hosts, and
observe the frequency and length of messages being
exchanged.
Very difficult to detect.
16. 16
Active attacks
Involve some modification of the data stream or the
creation of a false stream.
Four categories:
Masquerade:- One entity pretends to be a different entity.
Replay:- Passive capture of a data unit and its subsequent
retransmission to produce an unauthorized effect.
Modification:- Some portion of a legitimate message is
altered.
Denial of service:- Prevents the normal use of
communication facilities.
17. 17
Security Services
Confidentiality (privacy)
Authentication (who created or sent the data)
Integrity (has not been altered)
Non-repudiation (the order is final)
Access control (prevent misuse of resources)
Availability (permanence, non-erasure)
Denial of Service Attacks
Virus that deletes files
18. 18
Role of Security
A security infrastructure provides:
Confidentiality – protection against loss of privacy
Integrity – protection against data alteration/ corruption
Availability – protection against denial of service
Authentication – identification of legitimate users
Authorization – determination of whether or not an
operation is allowed by a certain user
Non-repudiation – ability to trace what happened, &
prevent denial of actions
Safety – protection against tampering, damage & theft
19. 19
Types of Attack
Social engineering/phishing
Physical break-ins, theft, and curb shopping
Password attacks
Buffer overflows
Command injection
Denial of service
Exploitation of faulty application logic
Snooping
Packet manipulation or fabrication
Backdoors
21. 21
Step 1: Determine Security Policy
A security policy is a full security roadmap
Usage policy for networks, servers, etc.
User training about password sharing, password strength,
social engineering, privacy, etc.
Privacy policy for all maintained data
A schedule for updates, audits, etc.
The network design should reflect this policy
The placement/protection of database/file servers
The location of demilitarized zones (DMZs)
The placement and rules of firewalls
The deployment of intrusion detection systems (IDSs)
22. 22
Step 2: Implement Security Policy
Implementing a security policy includes:
Installing and configuring firewalls
iptables is a common free firewall configuration for Linux
Rules for incoming packets should be created
These rules should drop packets by default
Rules for outgoing packets may be created
This depends on your security policy
Installing and configuring IDSes
snort is a free and upgradeable IDS for several platforms
Most IDSs send alerts to log files regularly
Serious events can trigger paging, E-Mail, telephone
24. 24
Step 2: Implement Security Policy
Firewall
Applies filtering rules to packets passing through it
Comes in three major types:
Packet filter – Filters by destination IP, port or protocol
Stateful – Records information about ongoing TCP sessions, and ensures out-of-
session packets are discarded
Application proxy – Acts as a proxy for a specific application, and scans all layers
for malicious data
Intrusion Detection System (IDS)
Scans the incoming messages, and creates alerts when suspected scans/attacks are
in progress
Honeypot/honeynet (e.g. honeyd)
Simulates a decoy host (or network) with services
25. 25
Step 3: Reconnaissance
First, we learn about the network
IP addresses of hosts on the network
Identify key servers with critical data
Services running on those hosts/servers
Vulnerabilities on those services
Two forms: passive and active
Passive reconnaissance is undetectable
Active reconnaissance is often detectable by IDS
26. 26
Step 4: Vulnerability Scanning
We now have a list of hosts and services
We can now target these services for attacks
Many scanners will detect vulnerabilities (e.g. nessus)
These scanners produce a risk report
Other scanners will allow you to exploit them (e.g. metasploit)
These scanners find ways in, and allow you to choose the payload to
use (e.g. obtain a root shell, download a package)
The payload is the code that runs once inside
The best scanners are updateable
For new vulnerabilities, install/write new plug-ins
e.g. Nessus Attack Scripting Language (NASL)
27. 27
Step 5: Penetration Testing
We have identified vulnerabilities
Now, we can exploit them to gain access
Using frameworks (e.g. metasploit), this is as simple as
selecting a payload to execute
Otherwise, we manufacture an exploit
We may also have to try to find new vulnerabilities
This involves writing code or testing functions accepting
user input
28. 28
Step 6: Post-Attack Investigation
Forensics of Attacks
This process is heavily guided by laws
Also, this is normally done by a third party
Retain chain of evidence
The evidence in this case is the data on the host
The log files of the compromised host hold the footsteps and
fingerprints of the attacker
Every minute with that host must be accounted for
For legal reasons, you should examine a low-level copy of the disk
and not modify the original