SlideShare a Scribd company logo

Module 3.pdf

Sitamarhi Institute of Technology
Sitamarhi Institute of Technology

Module 3.pdf

Engineering
1 of 10
Download to read offline
Cyber Security [105713] – Notes Module 3 Infrastructure and Network Security: Introduction to System Security, Server Security, OS Security, Physical Security, Introduction to Networks, Network packet Sniffing, Network Design Simulation. DOS/DDOS attacks. Asset Management and Audits, Vulnerabilities and Attacks. Intrusion detection and Prevention Techniques, Host based Intrusion prevention Systems, Security Information Management, Network Session Analysis, System Integrity Validation. Open Source/ Free/ Trial Tools: DOS Attacks, DDOS attacks, Wireshark, Cain & abel, iptables/ Windows Firewall, snort, suricata, fail2ban. Introduction to System Security: System security refers to the set of measures that are put in place to protect computer systems and their data from unauthorized access, damage, theft, and other forms of cyber threats. The main goal of system security is to ensure the confidentiality, integrity, and availability of system resources, data, and services. There are several types of security mechanisms that can be used to protect a computer system. Some of them are:  Encipherment: This security mechanism deals with hiding and covering of data which helps data to become confidential.  Access Control: This mechanism is used to stop unattended access to data which you are sending.  Notarization: This security mechanism involves use of trusted third party in communication.  Data Integrity: This mechanism ensures that data is not tampered with during transmission.  Authentication exchange: This mechanism is used to verify the identity of the sender and receiver.  Bit stuffing: This mechanism is used to prevent unauthorized access to data by adding extra bits to it.  Digital Signature: This mechanism is used to verify the authenticity of a message. Some common security threats include viruses, worms, malware, and remote hacker intrusions. To improve our system security, we can follow some best practices such as:  Use strong passwords  Keep your software up-to-date  Use antivirus software  Use firewalls  Use encryption Server Security: Server security refers to the set of measures taken to protect the information stored on a server from unauthorized access, use, modification, or destruction. A server is a computer or device that provides data, resources, or services to other devices or computers over a network. Servers can host critical information, such as personal data, confidential business data, or financial data, making them a prime target for cyberattacks. Server security encompasses a range of practices, tools, and policies designed to safeguard servers from various threats, including malware, unauthorized access, denial-of-service attacks, data breaches, and theft. The following are some of the essential components of server security:  Access control  Firewall  Encryption  Patch management
 Backup and disaster recovery  Monitoring and logging  Physical Security OS Security: Operating system security (OS security) is the process of ensuring OS integrity, confidentiality and availability. It refers to specified steps or measures used to protect the OS from threats, viruses, worms, malware or remote hacker intrusions. OS security encompasses all preventive-control techniques, which safeguard any computer assets capable of being stolen, edited or deleted if OS security is compromised. OS security encompasses many different techniques and methods which ensure safety from threats and attacks. OS security allows different applications and programs to perform required tasks and stop unauthorized interference. It may be approached in many ways, including adherence to the following:  Performing regular OS patch updates  Installing updated antivirus engines and software  Scrutinizing all incoming and outgoing network traffic through a firewall  Creating secure accounts with required privileges only (i.e., user management) Physical Security: Physical security refers to the set of measures taken to protect physical assets, people, and property from threats, such as theft, vandalism, sabotage, or terrorism. Physical security is essential in maintaining a safe and secure environment for people and assets, including buildings, equipment, data centers, and other critical infrastructure. The following are some of the essential components of physical security:  Access Control  Perimeter Security  Surveillance  Alarms and Notifications  Environmental Control  Emergency response  Physical asset protection Introduction to Networks: A network is a group of interconnected devices that can communicate with each other and share resources, such as data, applications, and hardware. Networks can be used to connect computers, servers, printers, mobile devices, and other hardware devices to enable communication and collaboration. There are various types of networks, including local area networks (LANs), wide area networks (WANs), and metropolitan area networks (MANs). Networks can be wired or wireless, and both types have their advantages and disadvantages. Wired networks use physical cables, such as Ethernet cables, to transmit data, while wireless networks use radio waves to transmit data between devices. Wireless networks offer more flexibility and mobility, but wired networks tend to be more reliable and secure. Networks can be connected to the internet, which allows devices on the network to access resources and services from anywhere in the world. However, this also introduces security risks, and network administrators must take steps to protect the network from cyber threats.
Networks rely on protocols, which are a set of rules that govern how devices on the network communicate with each other. Common network protocols include TCP/IP, HTTP, FTP, and DNS. Network Packet Sniffing: Network packet sniffing, also known as packet analysis, is a method of capturing and analyzing network traffic for the purpose of monitoring and troubleshooting network issues. A network packet sniffer is a tool or software program that captures and decodes network traffic, allowing users to examine the contents of individual packets. Packet sniffing works by intercepting and capturing data packets as they are transmitted across a network. This can be done by installing a packet sniffer on a computer or by using specialized hardware devices called network analyzers. Once the packets are captured, the packet sniffer can analyze the packet headers and contents to determine the source and destination of the packets, the type of traffic, and the protocols used. Packet sniffing has many legitimate uses, including network monitoring and troubleshooting, network security analysis, and performance optimization. However, it can also be used for malicious purposes, such as stealing sensitive information or monitoring network traffic for unauthorized access attempts. To prevent unauthorized packet sniffing, network administrators can use encryption to secure network traffic and implement access controls to restrict access to sensitive data. Additionally, network administrators can monitor network activity to detect and block unauthorized packet sniffing attempts. Network Design Simulation: Network design simulation is the process of creating a virtual model of a computer network to simulate its behavior under various conditions. Network design simulation allows network designers and administrators to test and validate network designs, configurations, and changes without affecting the actual network. In network design simulation, a software tool is used to create a virtual representation of the network. The tool can simulate the behavior of network devices, such as routers, switches, and servers, and can replicate the network traffic flow between them. Network designers can use the tool to evaluate the performance of the network under different conditions, such as heavy traffic loads or equipment failures. Network design simulation can help identify potential problems with the network before it is deployed, such as bottlenecks, security vulnerabilities, and other issues. It can also help optimize the network's performance by testing different configurations and scenarios. There are various network design simulation tools available, ranging from simple free tools to advanced commercial products. These tools can vary in features, capabilities, and ease of use, and network designers and administrators should choose the tool that best meets their needs. DOS/DDOS attacks: DOS (Denial of Service) and DDOS (Distributed Denial of Service) attacks are types of cyber attacks that are aimed at disrupting or disabling computer systems, networks, or services. These attacks are carried out by overwhelming the target system with a large volume of traffic or requests, causing it to become unavailable to legitimate users. In a DOS attack, the attacker uses a single computer or a network of computers to flood the target system with a large volume of traffic or requests. This can cause the system to become overloaded and unable to respond to legitimate traffic. In a DDOS attack, the attacker uses a network of compromised computers, also known as a botnet, to flood the target system with traffic or requests. The botnet is controlled by the attacker, who can use it to launch a coordinated attack on the target system.
The goal of DOS and DDOS attacks is to disrupt or disable the target system, making it unavailable to legitimate users. This can have serious consequences, particularly in the case of critical systems such as banking or healthcare systems, where downtime can have significant financial or health impacts. To protect against DOS and DDOS attacks, organizations can implement various security measures, such as firewalls, intrusion detection and prevention systems, and content delivery networks (CDNs). Additionally, organizations can take steps to ensure their systems are configured securely, such as limiting access to critical systems and implementing strong authentication and access controls. Asset Management and Audits: Asset management and audits refer to the process of tracking and managing an organization's technology assets and reviewing its security practices to ensure that they are secure and up-to-date. Asset management involves keeping track of an organization's hardware, software, and other technology assets. This includes maintaining an inventory of all assets, tracking their location and status, and ensuring that they are properly secured and maintained. Asset management also involves managing software licenses, keeping track of warranties and service agreements, and ensuring that assets are retired or disposed of properly. Audits involve reviewing an organization's security practices to identify vulnerabilities and areas of weakness. This can include penetration testing, vulnerability assessments, and compliance audits. Penetration testing involves simulating an attack on an organization's network to identify vulnerabilities and weaknesses. Vulnerability assessments involve identifying potential vulnerabilities in an organization's infrastructure and network security. Compliance audits involve reviewing an organization's security practices to ensure they comply with applicable regulations and standards. Asset management and audits are important for maintaining the security and integrity of an organization's technology assets. By tracking and managing assets and conducting regular audits, organizations can identify and address vulnerabilities and weaknesses before they are exploited by attackers. This can help prevent data breaches, downtime, and other security incidents that can have serious consequences for the organization and its stakeholders. Intrusion detection and Prevention Techniques: Intrusion detection and prevention techniques (IDP) are security measures designed to identify and prevent unauthorized access, misuse, modification, or destruction of computer networks, systems, and data. Intrusion Detection System (IDS) is a security technology that monitors network traffic for suspicious activity or patterns that may indicate an attack or unauthorized access. IDS can be deployed in two ways, as a network-based IDS (NIDS) or as a host-based IDS (HIDS). NIDS is installed at the network level, and it monitors all traffic on the network to detect any potential threats. HIDS is installed on individual hosts or servers, and it monitors system logs, files, and activities to detect any potential threats. Intrusion Prevention System (IPS) is a technology that works alongside IDS to prevent unauthorized access to a network or system. IPS can be deployed in two ways, as a network-based IPS (NIPS) or as a host-based IPS (HIPS). NIPS is installed at the network level, and it blocks malicious traffic from entering the network. HIPS is installed on individual hosts or servers, and it blocks malicious activities at the host level. There are several techniques used in IDP, including: 1. Signature-based detection: This technique involves creating a database of known signatures of attacks or malicious activities, and then monitoring network traffic or system logs for matching signatures. 2. Anomaly-based detection: This technique involves monitoring network or system behavior for
abnormal patterns or activities that may indicate an attack or unauthorized access. 3. Heuristic-based detection: This technique involves using algorithms to identify patterns of behavior that may indicate an attack or unauthorized access. 4. Protocol-based detection: This technique involves monitoring network traffic for protocol violations or anomalies that may indicate an attack or unauthorized access. 5. Reputation-based detection: This technique involves using reputation services to identify known malicious IP addresses, domains, or URLs. Host based Intrusion prevention Systems: A host-based intrusion prevention system (HIPS) is a security solution designed to protect individual hosts or endpoints from unauthorized access, misuse, modification, or destruction. HIPS operates at the host or endpoint level and provides an additional layer of security beyond traditional antivirus software or firewalls. HIPS works by monitoring and analyzing system activity, including system calls, network traffic, file changes, and other system events. By using various detection techniques, HIPS can identify suspicious or malicious behavior that may indicate an attack or unauthorized access. HIPS can then take action to block or prevent these activities, such as terminating the offending process, alerting the user or administrator, or blocking network traffic to or from the affected host. HIPS can use various detection techniques, including:  Signature-based detection  Anomaly-based detection  Heuristic-based detection  Whitelisting  Blacklisting HIPS can be deployed on individual hosts or endpoints, such as desktops, laptops, servers, or mobile devices. By using HIPS, organizations can protect their endpoints from a wide range of cyber threats, including malware, ransomware, spyware, and other types of attacks. HIPS can also help organizations comply with regulatory requirements and industry standards that mandate the use of host-based security solutions. Security Information Management: Security Information Management (SIM) is a process of collecting, analyzing, and reporting security-related data from various sources within an organization's network and systems. The goal of SIM is to provide a comprehensive view of an organization's security posture and to detect and respond to security incidents in a timely manner. SIM collects data from various sources, including network devices, servers, applications, and security devices such as firewalls, intrusion detection/prevention systems, and antivirus software. This data is collected in real-time and then analyzed using various techniques, including correlation, anomaly detection, and pattern recognition. The main functions of SIM include:  Event log collection and storage  Event correlation and analysis
28  Reporting and alerting  Incident response  Compliance reporting The benefits of implementing a SIM solution include:  Improved visibility into an organization's security posture  Faster incident response  Better compliance reporting  Reduced risk of security incidents Network Session Analysis: Network session analysis is the process of capturing and analyzing the traffic that occurs between two or more network devices during a communication session. This technique is commonly used by network administrators and security analysts to troubleshoot network problems, optimize network performance, and identify potential security threats. During a network session, packets of data are exchanged between the devices involved. Network session analysis involves capturing and decoding these packets to gain insight into the behavior of the devices and the nature of the communication. This analysis can reveal important details such as the types of protocols used, the amount of data transferred, and the length of the communication session. Network session analysis can be performed using various tools and techniques, including packet capture software, network analyzers, and intrusion detection/prevention systems. These tools allow network administrators and security analysts to view the packets that make up the communication session, and to analyze the traffic in real-time or after the session has ended. The benefits of network session analysis include:  Troubleshooting network issues  Optimizing network performance  Detecting and preventing security threats  Improving network design System Integrity Validation: System integrity validation is the process of verifying that the software and configuration of a computer system have not been tampered with or modified in an unauthorized manner. This process is typically performed by security administrators to ensure that the system is secure and to identify any potential security breaches or vulnerabilities. System integrity validation involves comparing the current state of a system to a known, trusted state. This known state may be established through various methods, such as creating a system image, checksumming critical system files, or using a secure boot process. The current state of the system is then compared to the
29 known state, and any differences or discrepancies are identified and investigated. There are various tools and techniques that can be used to perform system integrity validation, including:  Hashing and checksumming  Digital signatures  Trusted Platform Module (TPM) The benefits of system integrity validation include:  Enhanced security  Improved compliance  Reduced downtime Open Source/ Free/ Trial Tools: DOS/DDOS Attacks: There are several tools available for DOS attacks. Some of them are:  LOIC (Low Orbit Ion Cannon): LOIC (Low Orbit Ion Cannon) is an open source network stress testing tool that can be used for both legitimate and malicious purposes. LOIC allows users to flood a website or network with traffic by sending multiple requests at the same time, overwhelming the target and causing it to become unresponsive. LOIC is relatively easy to use, and it can be configured to target a specific website or IP address. Users can set the number of requests to be sent per second, as well as the type of request, such as GET or POST. The tool also allows users to customize the headers of the requests, which can make it more difficult for the target to block the attack.  XOIC (Xavier's Own IC): It is a free and open-source DoS (Denial of Service) attack tool that can be used to conduct both DoS and DDoS attacks. It is a graphical user interface (GUI) based tool that is easy to use and does not require advanced technical skills. XOIC can flood a website or network with traffic by sending multiple requests at the same time, overwhelming the target and causing it to become unresponsive. It can be configured to target a specific website or IP address, and users can set the number of requests to be sent per second, as well as the type of request, such as GET or POST. The tool also allows users to customize the headers of the requests,which can make it more difficult for the target to block the attack.  HULK (HTTP Unbearable Load King): HULK (HTTP Unbearable Load King) is a free and open-source DoS (Denial of Service) attack tool that is designed to target web applications. It is a Python-based tool that works by generating a large number of HTTP GET requests to a target web server, causing it to become overwhelmed and unresponsive. HULK is a command-line tool. It can be configured to target a specific web server or IP address, and users can setthe number ofrequests to besent persecond, aswellas the lengthand complexityoftherequested URLs. The tool is designed to evade common web application firewalls and can generate random user-agent strings and referrer URLs with each request. It can also generate a list of proxy servers to route the traffic through, which can help to hide the source of the attack.
30  R-U-Dead-Yet: R-U-Dead-Yet (RUDY) is a free and open-source tool designed to perform Denial of Service (DoS) attacks against web applications. It works by sending a large number of HTTP POST requests to the target server, overwhelming it with traffic and causing it to become unresponsive. RUDY is designed to be highly customizable, allowing users to adjust the number of requests sent per second, the size of the HTTP POST data, and the number of concurrent connections. It can also bypass certain web application firewalls and security measures by using HTTP chunked encoding and generating random HTTP headers with each request. The tool is written in Python and can be run on both Linux and Windows operating systems. It is relatively easy to use and does not require advanced technicalskills.  Tor’s hammer: Tor's Hammer is a free and open-source tool designed to perform Denial of Service (DoS) attacks against websites and servers. It is a Python-based script that uses the Tor network to anonymize the traffic generated during the attack. The tool works by sending a large number of HTTP or HTTPS requests to the target website or server, overwhelming it with traffic and causing it to become unresponsive. It can generate a large number of requests per second, making it a powerful and effective tool for testing the resilience of websites and servers against DoS attacks. One of the key features of Tor's Hammer is its ability to use the Tor network to anonymize the traffic generated during the attack. This makes it more difficult for the target to identify and block the attacker's IP address, making the attack more effective.  PyLoris: PyLoris is a free and open-source tool designed to perform Denial of Service (DoS) attacks against web servers. It is a Python-based script that uses a low and slow method to launch the attack, making it difficult for the target server to detect and block the attack. The tool works by opening a large number of connections to the target server andsending partial requests, keeping each connection open as long as possible. This ties up server resources and slows down or even crashes the server, causing it to becomeunresponsive. PyLoris is highly customizable and allows users to adjust the number of connections, the size of the request headers, and the time delay between requests. It also includes features like IP spoofing and SSL support, making it more difficult for the target server to identify and block the attacker's IP address.  OWASP switchblade (formerly DoS HTTP POST): OWASP Switchblade, formerly known as DoS HTTP POST, is a free and open- source tool designed to perform HTTP Denial of Service (DoS) attacks against web servers. It is a Python-based script that sends a large number of specially crafted HTTP POST requests to the target server, causing it to become overwhelmed and unresponsive. Thetool works byexploiting the vulnerability in some webservers where they do not properlyhandle large numbers of HTTP POST requests. OWASP Switchblade sends a large number of HTTP POST requests, each with a large amount of data in the request body, overwhelming the server's resources and causing it to crash. It also includes features like HTTP proxy support, user agent customization, and the ability to use multiple threads to increase the attack speed.  DDoSIM— layer 7 DDoS simulator: DDoSIM isa freeand open-sourcetool designedto simulate Distributed Denial of Service (DDoS) attacks. It is a layer 7 DDoS simulator, which means that it targets the application layer of the OSI model, making it more effective against web applications and websites. DDoSIM works by sending multiple HTTP requests to the target website or server, overwhelming it with traffic and causing it to become unresponsive. The tool can generate a large number of requests per second, making it a powerful and effective tool for testing the resilience of web applications and websites against DDoSattacks. One of the key features of DDoSIM is its ability to simulate different types of DDoS attacks, such as GET, POST, and HEAD requests. It also allows users to set the size and frequency of the requests, as well as the number of threads to be used during the attack.
31 Wireshark: Wireshark is a free and open-source packet analyzer used for network troubleshooting, analysis, software and communications protocol development, and education. It allows users to see what is happening on their network at a microscopic level and is often used by network administrators to diagnose and troubleshoot network issues. With Wireshark, users can capture network traffic in real-time and analyze itto identify potential issues.Itsupports hundreds of protocols, including Ethernet, TCP/IP, HTTP, DNS, and others. The tool can decode and display the data transmitted over these protocols, making it easier to understand and troubleshoot network issues. Wireshark offers a range of powerful features, includingthe ability to filter and search through captured data, view and analyze packets in real-time or offline, create and save custom statistics and reports, and export captured data in various formats for further analysis. Wireshark is highly customizable and extensible, allowing users to add new protocols, dissectors, and features to the tool. It is available for Windows, Linux, macOS, and other platforms. Cain & abel: Cain & Abel is a free and open-source tool for Windows that is used for password recovery, network analysis, and cracking various types of encrypted passwords. It is primarily used by network administrators and security professionals to test the strength of passwords and to recover lost or forgotten passwords. Cain & Abel can be used to perform a wide range of tasks, including capturing network traffic, cracking passwords, and sniffing passwords from various protocols such as FTP, HTTP, and Telnet. It also includes a wide range of tools for cracking password hashes, including dictionary attacks, brute force attacks, and rainbow table attacks. One of the most powerful features of Cain & Abel is its ability to sniff passwords in real- time. This means that it can capture and decode passwords as they are transmitted across the network, even if they are encrypted. This makes it a powerful tool for identifying potential security threats and vulnerabilities in a network. iptables/ Windows Firewall: iptables and Windows Firewall are two popular firewall tools used to protect computer networks from unauthorized access and attacks. iptables is an open-source firewall tool that is commonly used in Linux-based operating systems. It is a powerful tool that can be used to filter and manipulate network traffic based on a set of rules and policies that are defined by the user or the system administrator. With iptables, users can block specific IP addresses or network ranges, restrict incoming or outgoing traffic for specific protocols or services, and perform many other network security functions. Windows Firewall, onthe otherhand,is a built-in firewall toolthat comes bundledwithall versions of the Microsoft Windows operating system. It is a basic firewall that provides a way to monitor and control incoming and outgoing network traffic based on a set of predefined rules and policies. Windows Firewall can be configured to block or allow specific ports, applications, or services, and it includes different profiles for different types of networks such as Domain, Private, and Public. Snort: Snort is a widely-used open-source intrusion detection and prevention system (IDS/IPS) that provides real-time traffic analysis and packet logging on computer networks. It was created in 1998 by Martin Roesch, and is now owned by Cisco Systems. Snortworks by monitoring network traffic for suspiciousactivity andknownattack patterns. It uses rules to identify patterns of traffic that are indicative of malicious activity, and generates alerts when such patterns are detected. Snort can be configured to operate in different modes, including intrusion detection mode, intrusion prevention mode, and packet logging mode.
32 In intrusion detection mode, Snort monitors network traffic for suspicious activity and generates alerts when an attack is detected. In intrusion prevention mode, Snort not only generates alerts, but also takes action to block or drop traffic that is identified as malicious. In packet logging mode, Snort simply logs network traffic for later analysis. suricata: Suricata is a high-performance, open-source intrusion detection and prevention system (IDS/IPS) that is designed to monitor and protect computer networks against a wide range of cyber threats. It was created in 2008 by the Open Information Security Foundation (OISF) and is now widely used in enterprise and government environments. Suricata is based on a multi-threaded architecture that allows it to inspect network traffic at high speeds, while also providing real-time alerts and detailed packet capture. It uses rules and signatures to identify known attack patterns and malicious behavior, and can also perform behavioral analysis to detect previously unknown threats. Suricata supports a variety of protocols and network traffic types, including HTTP, DNS, SSL/TLS, and SSH, among others. It also features advanced protocol analysis capabilities that allow it to identify complex attacks such as buffer overflows, SQL injections, and remote file inclusions. Suricata can operate in both IDS and IPS modes, and can be deployed as a standalone system or as part of a larger security infrastructure. It is compatible with a wide range of operating systems, including Linux, Windows, and macOS. fail2ban: Fail2ban is a free and open-source software that helps protect computer servers from brute-force attacks by automatically blocking IP addresses that repeatedly fail to authenticate within a certain period of time. It is widely used by system administrators to enhance the security of their Linux servers. Fail2banworks by monitoring server logs for authentication failures and other suspicious activity, such as repeated requests for non-existent pages. When it detects a pattern of suspicious activity, it automatically adds the offending IP address to a blacklist and blocks all traffic from that address for a configurable period of time. Fail2ban supports a wide range of services and protocols, including SSH, FTP, HTTP, and SMTP, among others. It also includesa flexible configuration systemthatallows administratorsto fine-tunetheparametersfor eachservice and protocol, as well as set custom actions to be taken when an IP address is blocked. In addition to blocking IP addresses, Fail2ban can also send email notifications, log events, and execute custom scripts when certain events occur. It also includes a web interface that provides real-time status information and allows administrators to manage their configurations from a central location. .

Recommended

Network srcurity
Network srcurityNetwork srcurity
Network srcuritysheikhparvez4
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security FundamentalsRahmat Suhatman
 
unit 2 IT security solution.pptx
unit 2 IT security solution.pptxunit 2 IT security solution.pptx
unit 2 IT security solution.pptxlochanrajdahal
 
Seguridad web -articulo completo- ingles
Seguridad web -articulo completo- inglesSeguridad web -articulo completo- ingles
Seguridad web -articulo completo- inglesisidro luna beltran
 
Insecurity vssut
Insecurity vssutInsecurity vssut
Insecurity vssutRAVIKUMAR Digital Signal Processing
 
Network and web security
Network and web securityNetwork and web security
Network and web securityNitesh Saitwal
 
Information Security Lecture Notes
Information Security Lecture NotesInformation Security Lecture Notes
Information Security Lecture NotesFellowBuddy.com
 
Data security
Data securityData security
Data securitySoumen Mondal
 

Recommended

Network srcurity
Network srcurityNetwork srcurity
Network srcuritysheikhparvez4
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security FundamentalsRahmat Suhatman
 
unit 2 IT security solution.pptx
unit 2 IT security solution.pptxunit 2 IT security solution.pptx
unit 2 IT security solution.pptxlochanrajdahal
 
Seguridad web -articulo completo- ingles
Seguridad web -articulo completo- inglesSeguridad web -articulo completo- ingles
Seguridad web -articulo completo- inglesisidro luna beltran
 
Insecurity vssut
Insecurity vssutInsecurity vssut
Insecurity vssutRAVIKUMAR Digital Signal Processing
 
Network and web security
Network and web securityNetwork and web security
Network and web securityNitesh Saitwal
 
Information Security Lecture Notes
Information Security Lecture NotesInformation Security Lecture Notes
Information Security Lecture NotesFellowBuddy.com
 
Data security
Data securityData security
Data securitySoumen Mondal
 
network_security.docx_2.pdf
network_security.docx_2.pdfnetwork_security.docx_2.pdf
network_security.docx_2.pdfahmed53254
 
Chapter 4.ppt
Chapter 4.pptChapter 4.ppt
Chapter 4.pptgirmawodajo
 
COMPUTER AND NETWORK SECURITY.pptx
COMPUTER AND NETWORK SECURITY.pptxCOMPUTER AND NETWORK SECURITY.pptx
COMPUTER AND NETWORK SECURITY.pptxDebmalyaSingha
 
Ne Course Part Two
Ne Course Part TwoNe Course Part Two
Ne Course Part Twobackdoor
 
امن نظم المعلومات وامن الشبكات
امن نظم المعلومات وامن الشبكاتامن نظم المعلومات وامن الشبكات
امن نظم المعلومات وامن الشبكاتAmr Rashed
 
CyberSecurity Assignment.pptx
CyberSecurity Assignment.pptxCyberSecurity Assignment.pptx
CyberSecurity Assignment.pptxVinayPratap58
 
Basic Home Computer Network And Computer Network Security...
Basic Home Computer Network And Computer Network Security...Basic Home Computer Network And Computer Network Security...
Basic Home Computer Network And Computer Network Security...Jennifer Letterman
 
Network security model.pptx
Network security model.pptxNetwork security model.pptx
Network security model.pptxssuserd24233
 
Network and Security-2.pptx
Network and Security-2.pptxNetwork and Security-2.pptx
Network and Security-2.pptxDhanvanthkesavan
 
cybersecurity
cybersecuritycybersecurity
cybersecuritymaha797959
 
Network security
Network securityNetwork security
Network securityPooja Dewangan
 
Network security
Network security Network security
Network security Madhumithah Ilango
 
Implications of Computer Misuse and Cyber Security (Teaching) (1).pdf
Implications of Computer Misuse and Cyber Security (Teaching) (1).pdfImplications of Computer Misuse and Cyber Security (Teaching) (1).pdf
Implications of Computer Misuse and Cyber Security (Teaching) (1).pdfsrtwgwfwwgw
 
Security and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docxSecurity and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docxedgar6wallace88877
 
Security and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docxSecurity and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docxfathwaitewalter
 
network security.001.pptx................
network security.001.pptx................network security.001.pptx................
network security.001.pptx................MuhammadKhalil858111
 
Introduction to Network security
Introduction to Network securityIntroduction to Network security
Introduction to Network securitymohanad alobaidey
 
Cloud Computing & Security
Cloud Computing & SecurityCloud Computing & Security
Cloud Computing & SecurityAwais Mansoor Chohan
 
information security technology
information security technologyinformation security technology
information security technologygarimasagar
 
Network security
Network securityNetwork security
Network securitySimranpreet Singh
 
Project Front_Page.pdf
Project Front_Page.pdfProject Front_Page.pdf
Project Front_Page.pdfSitamarhi Institute of Technology
 
Module 1.pdf
Module 1.pdfModule 1.pdf
Module 1.pdfSitamarhi Institute of Technology
 

More Related Content

Similar to Module 3.pdf

network_security.docx_2.pdf
network_security.docx_2.pdfnetwork_security.docx_2.pdf
network_security.docx_2.pdfahmed53254
 
COMPUTER AND NETWORK SECURITY.pptx
COMPUTER AND NETWORK SECURITY.pptxCOMPUTER AND NETWORK SECURITY.pptx
COMPUTER AND NETWORK SECURITY.pptxDebmalyaSingha
 
Ne Course Part Two
Ne Course Part TwoNe Course Part Two
Ne Course Part Twobackdoor
 
امن نظم المعلومات وامن الشبكات
امن نظم المعلومات وامن الشبكاتامن نظم المعلومات وامن الشبكات
امن نظم المعلومات وامن الشبكاتAmr Rashed
 
CyberSecurity Assignment.pptx
CyberSecurity Assignment.pptxCyberSecurity Assignment.pptx
CyberSecurity Assignment.pptxVinayPratap58
 
Basic Home Computer Network And Computer Network Security...
Basic Home Computer Network And Computer Network Security...Basic Home Computer Network And Computer Network Security...
Basic Home Computer Network And Computer Network Security...Jennifer Letterman
 
Network security model.pptx
Network security model.pptxNetwork security model.pptx
Network security model.pptxssuserd24233
 
Network and Security-2.pptx
Network and Security-2.pptxNetwork and Security-2.pptx
Network and Security-2.pptxDhanvanthkesavan
 
Implications of Computer Misuse and Cyber Security (Teaching) (1).pdf
Implications of Computer Misuse and Cyber Security (Teaching) (1).pdfImplications of Computer Misuse and Cyber Security (Teaching) (1).pdf
Implications of Computer Misuse and Cyber Security (Teaching) (1).pdfsrtwgwfwwgw
 
Security and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docxSecurity and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docxedgar6wallace88877
 
Security and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docxSecurity and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docxfathwaitewalter
 
network security.001.pptx................
network security.001.pptx................network security.001.pptx................
network security.001.pptx................MuhammadKhalil858111
 
Introduction to Network security
Introduction to Network securityIntroduction to Network security
Introduction to Network securitymohanad alobaidey
 
information security technology
information security technologyinformation security technology
information security technologygarimasagar
 

Similar to Module 3.pdf (20)

network_security.docx_2.pdf
network_security.docx_2.pdfnetwork_security.docx_2.pdf
network_security.docx_2.pdf
 
Chapter 4.ppt
Chapter 4.pptChapter 4.ppt
Chapter 4.ppt
 
COMPUTER AND NETWORK SECURITY.pptx
COMPUTER AND NETWORK SECURITY.pptxCOMPUTER AND NETWORK SECURITY.pptx
COMPUTER AND NETWORK SECURITY.pptx
 
Ne Course Part Two
Ne Course Part TwoNe Course Part Two
Ne Course Part Two
 
امن نظم المعلومات وامن الشبكات
امن نظم المعلومات وامن الشبكاتامن نظم المعلومات وامن الشبكات
امن نظم المعلومات وامن الشبكات
 
CyberSecurity Assignment.pptx
CyberSecurity Assignment.pptxCyberSecurity Assignment.pptx
CyberSecurity Assignment.pptx
 
Basic Home Computer Network And Computer Network Security...
Basic Home Computer Network And Computer Network Security...Basic Home Computer Network And Computer Network Security...
Basic Home Computer Network And Computer Network Security...
 
Network security model.pptx
Network security model.pptxNetwork security model.pptx
Network security model.pptx
 
Network and Security-2.pptx
Network and Security-2.pptxNetwork and Security-2.pptx
Network and Security-2.pptx
 
cybersecurity
cybersecuritycybersecurity
cybersecurity
 
Network security
Network securityNetwork security
Network security
 
Network security
Network security Network security
Network security
 
Implications of Computer Misuse and Cyber Security (Teaching) (1).pdf
Implications of Computer Misuse and Cyber Security (Teaching) (1).pdfImplications of Computer Misuse and Cyber Security (Teaching) (1).pdf
Implications of Computer Misuse and Cyber Security (Teaching) (1).pdf
 
Security and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docxSecurity and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docx
 
Security and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docxSecurity and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docx
 
network security.001.pptx................
network security.001.pptx................network security.001.pptx................
network security.001.pptx................
 
Introduction to Network security
Introduction to Network securityIntroduction to Network security
Introduction to Network security
 
Cloud Computing & Security
Cloud Computing & SecurityCloud Computing & Security
Cloud Computing & Security
 
information security technology
information security technologyinformation security technology
information security technology
 
Network security
Network securityNetwork security
Network security
 

More from Sitamarhi Institute of Technology

More from Sitamarhi Institute of Technology (20)

Project Front_Page.pdf
Project Front_Page.pdfProject Front_Page.pdf
Project Front_Page.pdf
 
Module 1.pdf
Module 1.pdfModule 1.pdf
Module 1.pdf
 
Module 5.pdf
Module 5.pdfModule 5.pdf
Module 5.pdf
 
Module 6.pdf
Module 6.pdfModule 6.pdf
Module 6.pdf
 
Module 7.pdf
Module 7.pdfModule 7.pdf
Module 7.pdf
 
Module 2.pdf
Module 2.pdfModule 2.pdf
Module 2.pdf
 
Module 4.pdf
Module 4.pdfModule 4.pdf
Module 4.pdf
 
short notes bio
short notes bioshort notes bio
short notes bio
 
Photosynthesis.pptx
Photosynthesis.pptxPhotosynthesis.pptx
Photosynthesis.pptx
 
Concept of Allele.pptx
Concept of Allele.pptxConcept of Allele.pptx
Concept of Allele.pptx
 
Genetics.pptx
Genetics.pptxGenetics.pptx
Genetics.pptx
 
8m Biology.pdf
8m Biology.pdf8m Biology.pdf
8m Biology.pdf
 
Module 5.pptx
Module 5.pptxModule 5.pptx
Module 5.pptx
 
Mendel’s experiment.pptx
Mendel’s experiment.pptxMendel’s experiment.pptx
Mendel’s experiment.pptx
 
microbiology.pptx
microbiology.pptxmicrobiology.pptx
microbiology.pptx
 
BIOLOGY 7sem.pdf
BIOLOGY 7sem.pdfBIOLOGY 7sem.pdf
BIOLOGY 7sem.pdf
 
Heirarchy of life forms and classification.pptx
Heirarchy of life forms and classification.pptxHeirarchy of life forms and classification.pptx
Heirarchy of life forms and classification.pptx
 
Amino acids and proteins.pptx
Amino acids and proteins.pptxAmino acids and proteins.pptx
Amino acids and proteins.pptx
 
BIO.docx
BIO.docxBIO.docx
BIO.docx
 
clasification based on celluarity.pptx
clasification based on celluarity.pptxclasification based on celluarity.pptx
clasification based on celluarity.pptx
 

Recently uploaded

Heart Disease Prediction using machine learning.pptx
Heart Disease Prediction using machine learning.pptxHeart Disease Prediction using machine learning.pptx
Heart Disease Prediction using machine learning.pptxPoojaBan
 
Churning of Butter, Factors affecting .
Churning of Butter, Factors affecting .Churning of Butter, Factors affecting .
Churning of Butter, Factors affecting .Satyam Kumar
 
VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...
VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...
VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...VICTOR MAESTRE RAMIREZ
 
Electronically Controlled suspensions system .pdf
Electronically Controlled suspensions system .pdfElectronically Controlled suspensions system .pdf
Electronically Controlled suspensions system .pdfme23b1001
 
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...srsj9000
 
power system scada applications and uses
power system scada applications and usespower system scada applications and uses
power system scada applications and usesDevarapalliHaritha
 
Sachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
Sachpazis Costas: Geotechnical Engineering: A student's Perspective IntroductionSachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
Sachpazis Costas: Geotechnical Engineering: A student's Perspective IntroductionDr.Costas Sachpazis
 
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSAPPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSKurinjimalarL3
 
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube ExchangerStudy on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube ExchangerAnamika Sarkar
 
Call Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile serviceCall Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile servicerehmti665
 
HARMONY IN THE HUMAN BEING - Unit-II UHV-2
HARMONY IN THE HUMAN BEING - Unit-II UHV-2HARMONY IN THE HUMAN BEING - Unit-II UHV-2
HARMONY IN THE HUMAN BEING - Unit-II UHV-2RajaP95
 
Introduction to Microprocesso programming and interfacing.pptx
Introduction to Microprocesso programming and interfacing.pptxIntroduction to Microprocesso programming and interfacing.pptx
Introduction to Microprocesso programming and interfacing.pptxvipinkmenon1
 
Software and Systems Engineering Standards: Verification and Validation of Sy...
Software and Systems Engineering Standards: Verification and Validation of Sy...Software and Systems Engineering Standards: Verification and Validation of Sy...
Software and Systems Engineering Standards: Verification and Validation of Sy...VICTOR MAESTRE RAMIREZ
 
GDSC ASEB Gen AI study jams presentation
GDSC ASEB Gen AI study jams presentationGDSC ASEB Gen AI study jams presentation
GDSC ASEB Gen AI study jams presentationGDSCAESB
 
complete construction, environmental and economics information of biomass com...
complete construction, environmental and economics information of biomass com...complete construction, environmental and economics information of biomass com...
complete construction, environmental and economics information of biomass com...asadnawaz62
 
Concrete Mix Design - IS 10262-2019 - .pptx
Concrete Mix Design - IS 10262-2019 - .pptxConcrete Mix Design - IS 10262-2019 - .pptx
Concrete Mix Design - IS 10262-2019 - .pptxKartikeyaDwivedi3
 
What are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptxWhat are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptxwendy cai
 

Recently uploaded (20)

Heart Disease Prediction using machine learning.pptx
Heart Disease Prediction using machine learning.pptxHeart Disease Prediction using machine learning.pptx
Heart Disease Prediction using machine learning.pptx
 
Churning of Butter, Factors affecting .
Churning of Butter, Factors affecting .Churning of Butter, Factors affecting .
Churning of Butter, Factors affecting .
 
VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...
VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...
VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...
 
Electronically Controlled suspensions system .pdf
Electronically Controlled suspensions system .pdfElectronically Controlled suspensions system .pdf
Electronically Controlled suspensions system .pdf
 
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
 
9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf
9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf
9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf
 
power system scada applications and uses
power system scada applications and usespower system scada applications and uses
power system scada applications and uses
 
Sachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
Sachpazis Costas: Geotechnical Engineering: A student's Perspective IntroductionSachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
Sachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
 
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSAPPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
 
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube ExchangerStudy on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
 
Call Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile serviceCall Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile service
 
HARMONY IN THE HUMAN BEING - Unit-II UHV-2
HARMONY IN THE HUMAN BEING - Unit-II UHV-2HARMONY IN THE HUMAN BEING - Unit-II UHV-2
HARMONY IN THE HUMAN BEING - Unit-II UHV-2
 
Introduction to Microprocesso programming and interfacing.pptx
Introduction to Microprocesso programming and interfacing.pptxIntroduction to Microprocesso programming and interfacing.pptx
Introduction to Microprocesso programming and interfacing.pptx
 
POWER SYSTEMS-1 Complete notes examples
POWER SYSTEMS-1 Complete notes examplesPOWER SYSTEMS-1 Complete notes examples
POWER SYSTEMS-1 Complete notes examples
 
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptxExploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
 
Software and Systems Engineering Standards: Verification and Validation of Sy...
Software and Systems Engineering Standards: Verification and Validation of Sy...Software and Systems Engineering Standards: Verification and Validation of Sy...
Software and Systems Engineering Standards: Verification and Validation of Sy...
 
GDSC ASEB Gen AI study jams presentation
GDSC ASEB Gen AI study jams presentationGDSC ASEB Gen AI study jams presentation
GDSC ASEB Gen AI study jams presentation
 
complete construction, environmental and economics information of biomass com...
complete construction, environmental and economics information of biomass com...complete construction, environmental and economics information of biomass com...
complete construction, environmental and economics information of biomass com...
 
Concrete Mix Design - IS 10262-2019 - .pptx
Concrete Mix Design - IS 10262-2019 - .pptxConcrete Mix Design - IS 10262-2019 - .pptx
Concrete Mix Design - IS 10262-2019 - .pptx
 
What are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptxWhat are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptx
 

Module 3.pdf

  • 1. Cyber Security [105713] – Notes Module 3 Infrastructure and Network Security: Introduction to System Security, Server Security, OS Security, Physical Security, Introduction to Networks, Network packet Sniffing, Network Design Simulation. DOS/DDOS attacks. Asset Management and Audits, Vulnerabilities and Attacks. Intrusion detection and Prevention Techniques, Host based Intrusion prevention Systems, Security Information Management, Network Session Analysis, System Integrity Validation. Open Source/ Free/ Trial Tools: DOS Attacks, DDOS attacks, Wireshark, Cain & abel, iptables/ Windows Firewall, snort, suricata, fail2ban. Introduction to System Security: System security refers to the set of measures that are put in place to protect computer systems and their data from unauthorized access, damage, theft, and other forms of cyber threats. The main goal of system security is to ensure the confidentiality, integrity, and availability of system resources, data, and services. There are several types of security mechanisms that can be used to protect a computer system. Some of them are:  Encipherment: This security mechanism deals with hiding and covering of data which helps data to become confidential.  Access Control: This mechanism is used to stop unattended access to data which you are sending.  Notarization: This security mechanism involves use of trusted third party in communication.  Data Integrity: This mechanism ensures that data is not tampered with during transmission.  Authentication exchange: This mechanism is used to verify the identity of the sender and receiver.  Bit stuffing: This mechanism is used to prevent unauthorized access to data by adding extra bits to it.  Digital Signature: This mechanism is used to verify the authenticity of a message. Some common security threats include viruses, worms, malware, and remote hacker intrusions. To improve our system security, we can follow some best practices such as:  Use strong passwords  Keep your software up-to-date  Use antivirus software  Use firewalls  Use encryption Server Security: Server security refers to the set of measures taken to protect the information stored on a server from unauthorized access, use, modification, or destruction. A server is a computer or device that provides data, resources, or services to other devices or computers over a network. Servers can host critical information, such as personal data, confidential business data, or financial data, making them a prime target for cyberattacks. Server security encompasses a range of practices, tools, and policies designed to safeguard servers from various threats, including malware, unauthorized access, denial-of-service attacks, data breaches, and theft. The following are some of the essential components of server security:  Access control  Firewall  Encryption  Patch management
  • 2.  Backup and disaster recovery  Monitoring and logging  Physical Security OS Security: Operating system security (OS security) is the process of ensuring OS integrity, confidentiality and availability. It refers to specified steps or measures used to protect the OS from threats, viruses, worms, malware or remote hacker intrusions. OS security encompasses all preventive-control techniques, which safeguard any computer assets capable of being stolen, edited or deleted if OS security is compromised. OS security encompasses many different techniques and methods which ensure safety from threats and attacks. OS security allows different applications and programs to perform required tasks and stop unauthorized interference. It may be approached in many ways, including adherence to the following:  Performing regular OS patch updates  Installing updated antivirus engines and software  Scrutinizing all incoming and outgoing network traffic through a firewall  Creating secure accounts with required privileges only (i.e., user management) Physical Security: Physical security refers to the set of measures taken to protect physical assets, people, and property from threats, such as theft, vandalism, sabotage, or terrorism. Physical security is essential in maintaining a safe and secure environment for people and assets, including buildings, equipment, data centers, and other critical infrastructure. The following are some of the essential components of physical security:  Access Control  Perimeter Security  Surveillance  Alarms and Notifications  Environmental Control  Emergency response  Physical asset protection Introduction to Networks: A network is a group of interconnected devices that can communicate with each other and share resources, such as data, applications, and hardware. Networks can be used to connect computers, servers, printers, mobile devices, and other hardware devices to enable communication and collaboration. There are various types of networks, including local area networks (LANs), wide area networks (WANs), and metropolitan area networks (MANs). Networks can be wired or wireless, and both types have their advantages and disadvantages. Wired networks use physical cables, such as Ethernet cables, to transmit data, while wireless networks use radio waves to transmit data between devices. Wireless networks offer more flexibility and mobility, but wired networks tend to be more reliable and secure. Networks can be connected to the internet, which allows devices on the network to access resources and services from anywhere in the world. However, this also introduces security risks, and network administrators must take steps to protect the network from cyber threats.
  • 3. Networks rely on protocols, which are a set of rules that govern how devices on the network communicate with each other. Common network protocols include TCP/IP, HTTP, FTP, and DNS. Network Packet Sniffing: Network packet sniffing, also known as packet analysis, is a method of capturing and analyzing network traffic for the purpose of monitoring and troubleshooting network issues. A network packet sniffer is a tool or software program that captures and decodes network traffic, allowing users to examine the contents of individual packets. Packet sniffing works by intercepting and capturing data packets as they are transmitted across a network. This can be done by installing a packet sniffer on a computer or by using specialized hardware devices called network analyzers. Once the packets are captured, the packet sniffer can analyze the packet headers and contents to determine the source and destination of the packets, the type of traffic, and the protocols used. Packet sniffing has many legitimate uses, including network monitoring and troubleshooting, network security analysis, and performance optimization. However, it can also be used for malicious purposes, such as stealing sensitive information or monitoring network traffic for unauthorized access attempts. To prevent unauthorized packet sniffing, network administrators can use encryption to secure network traffic and implement access controls to restrict access to sensitive data. Additionally, network administrators can monitor network activity to detect and block unauthorized packet sniffing attempts. Network Design Simulation: Network design simulation is the process of creating a virtual model of a computer network to simulate its behavior under various conditions. Network design simulation allows network designers and administrators to test and validate network designs, configurations, and changes without affecting the actual network. In network design simulation, a software tool is used to create a virtual representation of the network. The tool can simulate the behavior of network devices, such as routers, switches, and servers, and can replicate the network traffic flow between them. Network designers can use the tool to evaluate the performance of the network under different conditions, such as heavy traffic loads or equipment failures. Network design simulation can help identify potential problems with the network before it is deployed, such as bottlenecks, security vulnerabilities, and other issues. It can also help optimize the network's performance by testing different configurations and scenarios. There are various network design simulation tools available, ranging from simple free tools to advanced commercial products. These tools can vary in features, capabilities, and ease of use, and network designers and administrators should choose the tool that best meets their needs. DOS/DDOS attacks: DOS (Denial of Service) and DDOS (Distributed Denial of Service) attacks are types of cyber attacks that are aimed at disrupting or disabling computer systems, networks, or services. These attacks are carried out by overwhelming the target system with a large volume of traffic or requests, causing it to become unavailable to legitimate users. In a DOS attack, the attacker uses a single computer or a network of computers to flood the target system with a large volume of traffic or requests. This can cause the system to become overloaded and unable to respond to legitimate traffic. In a DDOS attack, the attacker uses a network of compromised computers, also known as a botnet, to flood the target system with traffic or requests. The botnet is controlled by the attacker, who can use it to launch a coordinated attack on the target system.
  • 4. The goal of DOS and DDOS attacks is to disrupt or disable the target system, making it unavailable to legitimate users. This can have serious consequences, particularly in the case of critical systems such as banking or healthcare systems, where downtime can have significant financial or health impacts. To protect against DOS and DDOS attacks, organizations can implement various security measures, such as firewalls, intrusion detection and prevention systems, and content delivery networks (CDNs). Additionally, organizations can take steps to ensure their systems are configured securely, such as limiting access to critical systems and implementing strong authentication and access controls. Asset Management and Audits: Asset management and audits refer to the process of tracking and managing an organization's technology assets and reviewing its security practices to ensure that they are secure and up-to-date. Asset management involves keeping track of an organization's hardware, software, and other technology assets. This includes maintaining an inventory of all assets, tracking their location and status, and ensuring that they are properly secured and maintained. Asset management also involves managing software licenses, keeping track of warranties and service agreements, and ensuring that assets are retired or disposed of properly. Audits involve reviewing an organization's security practices to identify vulnerabilities and areas of weakness. This can include penetration testing, vulnerability assessments, and compliance audits. Penetration testing involves simulating an attack on an organization's network to identify vulnerabilities and weaknesses. Vulnerability assessments involve identifying potential vulnerabilities in an organization's infrastructure and network security. Compliance audits involve reviewing an organization's security practices to ensure they comply with applicable regulations and standards. Asset management and audits are important for maintaining the security and integrity of an organization's technology assets. By tracking and managing assets and conducting regular audits, organizations can identify and address vulnerabilities and weaknesses before they are exploited by attackers. This can help prevent data breaches, downtime, and other security incidents that can have serious consequences for the organization and its stakeholders. Intrusion detection and Prevention Techniques: Intrusion detection and prevention techniques (IDP) are security measures designed to identify and prevent unauthorized access, misuse, modification, or destruction of computer networks, systems, and data. Intrusion Detection System (IDS) is a security technology that monitors network traffic for suspicious activity or patterns that may indicate an attack or unauthorized access. IDS can be deployed in two ways, as a network-based IDS (NIDS) or as a host-based IDS (HIDS). NIDS is installed at the network level, and it monitors all traffic on the network to detect any potential threats. HIDS is installed on individual hosts or servers, and it monitors system logs, files, and activities to detect any potential threats. Intrusion Prevention System (IPS) is a technology that works alongside IDS to prevent unauthorized access to a network or system. IPS can be deployed in two ways, as a network-based IPS (NIPS) or as a host-based IPS (HIPS). NIPS is installed at the network level, and it blocks malicious traffic from entering the network. HIPS is installed on individual hosts or servers, and it blocks malicious activities at the host level. There are several techniques used in IDP, including: 1. Signature-based detection: This technique involves creating a database of known signatures of attacks or malicious activities, and then monitoring network traffic or system logs for matching signatures. 2. Anomaly-based detection: This technique involves monitoring network or system behavior for
  • 5. abnormal patterns or activities that may indicate an attack or unauthorized access. 3. Heuristic-based detection: This technique involves using algorithms to identify patterns of behavior that may indicate an attack or unauthorized access. 4. Protocol-based detection: This technique involves monitoring network traffic for protocol violations or anomalies that may indicate an attack or unauthorized access. 5. Reputation-based detection: This technique involves using reputation services to identify known malicious IP addresses, domains, or URLs. Host based Intrusion prevention Systems: A host-based intrusion prevention system (HIPS) is a security solution designed to protect individual hosts or endpoints from unauthorized access, misuse, modification, or destruction. HIPS operates at the host or endpoint level and provides an additional layer of security beyond traditional antivirus software or firewalls. HIPS works by monitoring and analyzing system activity, including system calls, network traffic, file changes, and other system events. By using various detection techniques, HIPS can identify suspicious or malicious behavior that may indicate an attack or unauthorized access. HIPS can then take action to block or prevent these activities, such as terminating the offending process, alerting the user or administrator, or blocking network traffic to or from the affected host. HIPS can use various detection techniques, including:  Signature-based detection  Anomaly-based detection  Heuristic-based detection  Whitelisting  Blacklisting HIPS can be deployed on individual hosts or endpoints, such as desktops, laptops, servers, or mobile devices. By using HIPS, organizations can protect their endpoints from a wide range of cyber threats, including malware, ransomware, spyware, and other types of attacks. HIPS can also help organizations comply with regulatory requirements and industry standards that mandate the use of host-based security solutions. Security Information Management: Security Information Management (SIM) is a process of collecting, analyzing, and reporting security-related data from various sources within an organization's network and systems. The goal of SIM is to provide a comprehensive view of an organization's security posture and to detect and respond to security incidents in a timely manner. SIM collects data from various sources, including network devices, servers, applications, and security devices such as firewalls, intrusion detection/prevention systems, and antivirus software. This data is collected in real-time and then analyzed using various techniques, including correlation, anomaly detection, and pattern recognition. The main functions of SIM include:  Event log collection and storage  Event correlation and analysis
  • 6. 28  Reporting and alerting  Incident response  Compliance reporting The benefits of implementing a SIM solution include:  Improved visibility into an organization's security posture  Faster incident response  Better compliance reporting  Reduced risk of security incidents Network Session Analysis: Network session analysis is the process of capturing and analyzing the traffic that occurs between two or more network devices during a communication session. This technique is commonly used by network administrators and security analysts to troubleshoot network problems, optimize network performance, and identify potential security threats. During a network session, packets of data are exchanged between the devices involved. Network session analysis involves capturing and decoding these packets to gain insight into the behavior of the devices and the nature of the communication. This analysis can reveal important details such as the types of protocols used, the amount of data transferred, and the length of the communication session. Network session analysis can be performed using various tools and techniques, including packet capture software, network analyzers, and intrusion detection/prevention systems. These tools allow network administrators and security analysts to view the packets that make up the communication session, and to analyze the traffic in real-time or after the session has ended. The benefits of network session analysis include:  Troubleshooting network issues  Optimizing network performance  Detecting and preventing security threats  Improving network design System Integrity Validation: System integrity validation is the process of verifying that the software and configuration of a computer system have not been tampered with or modified in an unauthorized manner. This process is typically performed by security administrators to ensure that the system is secure and to identify any potential security breaches or vulnerabilities. System integrity validation involves comparing the current state of a system to a known, trusted state. This known state may be established through various methods, such as creating a system image, checksumming critical system files, or using a secure boot process. The current state of the system is then compared to the
  • 7. 29 known state, and any differences or discrepancies are identified and investigated. There are various tools and techniques that can be used to perform system integrity validation, including:  Hashing and checksumming  Digital signatures  Trusted Platform Module (TPM) The benefits of system integrity validation include:  Enhanced security  Improved compliance  Reduced downtime Open Source/ Free/ Trial Tools: DOS/DDOS Attacks: There are several tools available for DOS attacks. Some of them are:  LOIC (Low Orbit Ion Cannon): LOIC (Low Orbit Ion Cannon) is an open source network stress testing tool that can be used for both legitimate and malicious purposes. LOIC allows users to flood a website or network with traffic by sending multiple requests at the same time, overwhelming the target and causing it to become unresponsive. LOIC is relatively easy to use, and it can be configured to target a specific website or IP address. Users can set the number of requests to be sent per second, as well as the type of request, such as GET or POST. The tool also allows users to customize the headers of the requests, which can make it more difficult for the target to block the attack.  XOIC (Xavier's Own IC): It is a free and open-source DoS (Denial of Service) attack tool that can be used to conduct both DoS and DDoS attacks. It is a graphical user interface (GUI) based tool that is easy to use and does not require advanced technical skills. XOIC can flood a website or network with traffic by sending multiple requests at the same time, overwhelming the target and causing it to become unresponsive. It can be configured to target a specific website or IP address, and users can set the number of requests to be sent per second, as well as the type of request, such as GET or POST. The tool also allows users to customize the headers of the requests,which can make it more difficult for the target to block the attack.  HULK (HTTP Unbearable Load King): HULK (HTTP Unbearable Load King) is a free and open-source DoS (Denial of Service) attack tool that is designed to target web applications. It is a Python-based tool that works by generating a large number of HTTP GET requests to a target web server, causing it to become overwhelmed and unresponsive. HULK is a command-line tool. It can be configured to target a specific web server or IP address, and users can setthe number ofrequests to besent persecond, aswellas the lengthand complexityoftherequested URLs. The tool is designed to evade common web application firewalls and can generate random user-agent strings and referrer URLs with each request. It can also generate a list of proxy servers to route the traffic through, which can help to hide the source of the attack.
  • 8. 30  R-U-Dead-Yet: R-U-Dead-Yet (RUDY) is a free and open-source tool designed to perform Denial of Service (DoS) attacks against web applications. It works by sending a large number of HTTP POST requests to the target server, overwhelming it with traffic and causing it to become unresponsive. RUDY is designed to be highly customizable, allowing users to adjust the number of requests sent per second, the size of the HTTP POST data, and the number of concurrent connections. It can also bypass certain web application firewalls and security measures by using HTTP chunked encoding and generating random HTTP headers with each request. The tool is written in Python and can be run on both Linux and Windows operating systems. It is relatively easy to use and does not require advanced technicalskills.  Tor’s hammer: Tor's Hammer is a free and open-source tool designed to perform Denial of Service (DoS) attacks against websites and servers. It is a Python-based script that uses the Tor network to anonymize the traffic generated during the attack. The tool works by sending a large number of HTTP or HTTPS requests to the target website or server, overwhelming it with traffic and causing it to become unresponsive. It can generate a large number of requests per second, making it a powerful and effective tool for testing the resilience of websites and servers against DoS attacks. One of the key features of Tor's Hammer is its ability to use the Tor network to anonymize the traffic generated during the attack. This makes it more difficult for the target to identify and block the attacker's IP address, making the attack more effective.  PyLoris: PyLoris is a free and open-source tool designed to perform Denial of Service (DoS) attacks against web servers. It is a Python-based script that uses a low and slow method to launch the attack, making it difficult for the target server to detect and block the attack. The tool works by opening a large number of connections to the target server andsending partial requests, keeping each connection open as long as possible. This ties up server resources and slows down or even crashes the server, causing it to becomeunresponsive. PyLoris is highly customizable and allows users to adjust the number of connections, the size of the request headers, and the time delay between requests. It also includes features like IP spoofing and SSL support, making it more difficult for the target server to identify and block the attacker's IP address.  OWASP switchblade (formerly DoS HTTP POST): OWASP Switchblade, formerly known as DoS HTTP POST, is a free and open- source tool designed to perform HTTP Denial of Service (DoS) attacks against web servers. It is a Python-based script that sends a large number of specially crafted HTTP POST requests to the target server, causing it to become overwhelmed and unresponsive. Thetool works byexploiting the vulnerability in some webservers where they do not properlyhandle large numbers of HTTP POST requests. OWASP Switchblade sends a large number of HTTP POST requests, each with a large amount of data in the request body, overwhelming the server's resources and causing it to crash. It also includes features like HTTP proxy support, user agent customization, and the ability to use multiple threads to increase the attack speed.  DDoSIM— layer 7 DDoS simulator: DDoSIM isa freeand open-sourcetool designedto simulate Distributed Denial of Service (DDoS) attacks. It is a layer 7 DDoS simulator, which means that it targets the application layer of the OSI model, making it more effective against web applications and websites. DDoSIM works by sending multiple HTTP requests to the target website or server, overwhelming it with traffic and causing it to become unresponsive. The tool can generate a large number of requests per second, making it a powerful and effective tool for testing the resilience of web applications and websites against DDoSattacks. One of the key features of DDoSIM is its ability to simulate different types of DDoS attacks, such as GET, POST, and HEAD requests. It also allows users to set the size and frequency of the requests, as well as the number of threads to be used during the attack.
  • 9. 31 Wireshark: Wireshark is a free and open-source packet analyzer used for network troubleshooting, analysis, software and communications protocol development, and education. It allows users to see what is happening on their network at a microscopic level and is often used by network administrators to diagnose and troubleshoot network issues. With Wireshark, users can capture network traffic in real-time and analyze itto identify potential issues.Itsupports hundreds of protocols, including Ethernet, TCP/IP, HTTP, DNS, and others. The tool can decode and display the data transmitted over these protocols, making it easier to understand and troubleshoot network issues. Wireshark offers a range of powerful features, includingthe ability to filter and search through captured data, view and analyze packets in real-time or offline, create and save custom statistics and reports, and export captured data in various formats for further analysis. Wireshark is highly customizable and extensible, allowing users to add new protocols, dissectors, and features to the tool. It is available for Windows, Linux, macOS, and other platforms. Cain & abel: Cain & Abel is a free and open-source tool for Windows that is used for password recovery, network analysis, and cracking various types of encrypted passwords. It is primarily used by network administrators and security professionals to test the strength of passwords and to recover lost or forgotten passwords. Cain & Abel can be used to perform a wide range of tasks, including capturing network traffic, cracking passwords, and sniffing passwords from various protocols such as FTP, HTTP, and Telnet. It also includes a wide range of tools for cracking password hashes, including dictionary attacks, brute force attacks, and rainbow table attacks. One of the most powerful features of Cain & Abel is its ability to sniff passwords in real- time. This means that it can capture and decode passwords as they are transmitted across the network, even if they are encrypted. This makes it a powerful tool for identifying potential security threats and vulnerabilities in a network. iptables/ Windows Firewall: iptables and Windows Firewall are two popular firewall tools used to protect computer networks from unauthorized access and attacks. iptables is an open-source firewall tool that is commonly used in Linux-based operating systems. It is a powerful tool that can be used to filter and manipulate network traffic based on a set of rules and policies that are defined by the user or the system administrator. With iptables, users can block specific IP addresses or network ranges, restrict incoming or outgoing traffic for specific protocols or services, and perform many other network security functions. Windows Firewall, onthe otherhand,is a built-in firewall toolthat comes bundledwithall versions of the Microsoft Windows operating system. It is a basic firewall that provides a way to monitor and control incoming and outgoing network traffic based on a set of predefined rules and policies. Windows Firewall can be configured to block or allow specific ports, applications, or services, and it includes different profiles for different types of networks such as Domain, Private, and Public. Snort: Snort is a widely-used open-source intrusion detection and prevention system (IDS/IPS) that provides real-time traffic analysis and packet logging on computer networks. It was created in 1998 by Martin Roesch, and is now owned by Cisco Systems. Snortworks by monitoring network traffic for suspiciousactivity andknownattack patterns. It uses rules to identify patterns of traffic that are indicative of malicious activity, and generates alerts when such patterns are detected. Snort can be configured to operate in different modes, including intrusion detection mode, intrusion prevention mode, and packet logging mode.
  • 10. 32 In intrusion detection mode, Snort monitors network traffic for suspicious activity and generates alerts when an attack is detected. In intrusion prevention mode, Snort not only generates alerts, but also takes action to block or drop traffic that is identified as malicious. In packet logging mode, Snort simply logs network traffic for later analysis. suricata: Suricata is a high-performance, open-source intrusion detection and prevention system (IDS/IPS) that is designed to monitor and protect computer networks against a wide range of cyber threats. It was created in 2008 by the Open Information Security Foundation (OISF) and is now widely used in enterprise and government environments. Suricata is based on a multi-threaded architecture that allows it to inspect network traffic at high speeds, while also providing real-time alerts and detailed packet capture. It uses rules and signatures to identify known attack patterns and malicious behavior, and can also perform behavioral analysis to detect previously unknown threats. Suricata supports a variety of protocols and network traffic types, including HTTP, DNS, SSL/TLS, and SSH, among others. It also features advanced protocol analysis capabilities that allow it to identify complex attacks such as buffer overflows, SQL injections, and remote file inclusions. Suricata can operate in both IDS and IPS modes, and can be deployed as a standalone system or as part of a larger security infrastructure. It is compatible with a wide range of operating systems, including Linux, Windows, and macOS. fail2ban: Fail2ban is a free and open-source software that helps protect computer servers from brute-force attacks by automatically blocking IP addresses that repeatedly fail to authenticate within a certain period of time. It is widely used by system administrators to enhance the security of their Linux servers. Fail2banworks by monitoring server logs for authentication failures and other suspicious activity, such as repeated requests for non-existent pages. When it detects a pattern of suspicious activity, it automatically adds the offending IP address to a blacklist and blocks all traffic from that address for a configurable period of time. Fail2ban supports a wide range of services and protocols, including SSH, FTP, HTTP, and SMTP, among others. It also includesa flexible configuration systemthatallows administratorsto fine-tunetheparametersfor eachservice and protocol, as well as set custom actions to be taken when an IP address is blocked. In addition to blocking IP addresses, Fail2ban can also send email notifications, log events, and execute custom scripts when certain events occur. It also includes a web interface that provides real-time status information and allows administrators to manage their configurations from a central location. .