This document provides an overview of network security concepts and techniques. It defines common attacks such as denial of service attacks, man-in-the-middle attacks, and SQL injection. It also describes defenses such as firewalls, intrusion detection systems, and encryption. The document outlines the stages of a cyber operation from target identification to gaining access and establishing persistence. It provides examples of passive and active attacks and how to classify network services and roles to implement security zones and isolation.
Botnets are networks of compromised computers that are used to conduct criminal online activities like spamming and phishing. They are controlled by botmasters through command and control servers. The document discusses how botnets utilize platforms like Windows and Unix machines, and spyware, adware, and malware to conduct spamming, phishing, denial of service attacks, and steal personal information. It also summarizes various network security measures that can help prevent the spread of botnets, including user education, firewalls, IPSec, SSL/TLS, RADIUS authentication, security tokens, and biometrics.
VAPT (Vulnerability Assessment and Penetration Testing) involves evaluating systems and networks to identify vulnerabilities, configuration issues, and potential routes of unauthorized access. It is recommended for SMEs due to common security issues like phishing and ransomware attacks targeting them. The document outlines the types of VAPT testing, why SMEs need it, example data breaches, and estimated costs of common cyber attacks and security services.
Network security involves implementing physical and software measures to protect a network from unauthorized access and enable authorized access. It aims to maintain confidentiality of data, integrity of data, availability of resources, and privacy of personal data. Key aspects of network security include encryption to scramble data, firewalls to control access to networks, and securing wireless networks through standards like WPA2. Common security processes also involve backing up data regularly, using access controls like passwords, and encrypting data during storage and transmission.
Your mobile device can become your biggest liability if it falls into the wrong hands. In this presentation, we help you understand:
a. Importance of securing your mobile device
b. Identifying the various types of threats to your mobile device security
c. How to secure your mobile device against such threats
d. How Quick Heal helps keep your mobile device secure
This document discusses network security. It covers topics such as why security is important given that the internet was initially designed for connectivity. It describes different types of security including computer, network, and internet security. It discusses security goals and common attacks targeting different layers such as IP, TCP, and DNS. The document also outlines security measures like firewalls, intrusion detection systems, access control, cryptography, public key infrastructure, and IPSec. It concludes with security management topics such as risk management and the Whois database.
Network security involves protecting computer networks from unauthorized access. It aims to achieve access control, confidentiality, authentication, integrity, and non-repudiation. Throughout history, as hacking and crimes emerged in the 1980s and the Internet became public in the 1990s, security concerns increased tremendously. Network security employs multiple layers including physical security, perimeter protection, user training, encryption, and firewalls among other hardware and software components. As threats continue to evolve, the field of network security must also evolve rapidly to protect information and system resources.
Endpoint security is the cybersecurity approach to defending devices like desktops, laptops, and mobile devices from malicious activity. It works by examining files, processes, and system activity for suspicious indicators from a centralized management console. While endpoint security usually refers to an on-premise solution, endpoint protection refers to a cloud-based solution. Endpoint security is important because every remote endpoint can be the entry point for an attack as organizations have increased their use of remote work and BYOD policies. Top endpoint security vendors include ESET, CrowdStrike, Check Point, and Kaspersky, which offer features like endpoint protection, email security, cloud-based control, sandboxing, and security awareness training.
Botnets are networks of compromised computers that are used to conduct criminal online activities like spamming and phishing. They are controlled by botmasters through command and control servers. The document discusses how botnets utilize platforms like Windows and Unix machines, and spyware, adware, and malware to conduct spamming, phishing, denial of service attacks, and steal personal information. It also summarizes various network security measures that can help prevent the spread of botnets, including user education, firewalls, IPSec, SSL/TLS, RADIUS authentication, security tokens, and biometrics.
VAPT (Vulnerability Assessment and Penetration Testing) involves evaluating systems and networks to identify vulnerabilities, configuration issues, and potential routes of unauthorized access. It is recommended for SMEs due to common security issues like phishing and ransomware attacks targeting them. The document outlines the types of VAPT testing, why SMEs need it, example data breaches, and estimated costs of common cyber attacks and security services.
Network security involves implementing physical and software measures to protect a network from unauthorized access and enable authorized access. It aims to maintain confidentiality of data, integrity of data, availability of resources, and privacy of personal data. Key aspects of network security include encryption to scramble data, firewalls to control access to networks, and securing wireless networks through standards like WPA2. Common security processes also involve backing up data regularly, using access controls like passwords, and encrypting data during storage and transmission.
Your mobile device can become your biggest liability if it falls into the wrong hands. In this presentation, we help you understand:
a. Importance of securing your mobile device
b. Identifying the various types of threats to your mobile device security
c. How to secure your mobile device against such threats
d. How Quick Heal helps keep your mobile device secure
This document discusses network security. It covers topics such as why security is important given that the internet was initially designed for connectivity. It describes different types of security including computer, network, and internet security. It discusses security goals and common attacks targeting different layers such as IP, TCP, and DNS. The document also outlines security measures like firewalls, intrusion detection systems, access control, cryptography, public key infrastructure, and IPSec. It concludes with security management topics such as risk management and the Whois database.
Network security involves protecting computer networks from unauthorized access. It aims to achieve access control, confidentiality, authentication, integrity, and non-repudiation. Throughout history, as hacking and crimes emerged in the 1980s and the Internet became public in the 1990s, security concerns increased tremendously. Network security employs multiple layers including physical security, perimeter protection, user training, encryption, and firewalls among other hardware and software components. As threats continue to evolve, the field of network security must also evolve rapidly to protect information and system resources.
Endpoint security is the cybersecurity approach to defending devices like desktops, laptops, and mobile devices from malicious activity. It works by examining files, processes, and system activity for suspicious indicators from a centralized management console. While endpoint security usually refers to an on-premise solution, endpoint protection refers to a cloud-based solution. Endpoint security is important because every remote endpoint can be the entry point for an attack as organizations have increased their use of remote work and BYOD policies. Top endpoint security vendors include ESET, CrowdStrike, Check Point, and Kaspersky, which offer features like endpoint protection, email security, cloud-based control, sandboxing, and security awareness training.
The document discusses why network security is important and outlines common security threats and network attacks. It notes that as networks have grown in size and importance, security compromises could have serious consequences. It describes various types of threats like hackers, crackers, viruses and malware that target network vulnerabilities. It also provides examples of reconnaissance attacks, denial of service attacks, and different strategies that can be used to mitigate security risks.
The document discusses mobile hacking and identification techniques for encrypted data. It covers mobile technology threats like Bluetooth, WiFi, cracked apps, and data storage. It then describes mobile hacking tools like PWN PAD, PWN Phone, and Linux chroot that can be used for wireless attacks, networking, and Android hacking. The conclusion recommends using firewalls, antivirus software, keeping apps up to date, avoiding cracked apps, and using security locks to help defend against these mobile threats.
The document discusses the importance of network security and outlines common security threats such as viruses, hackers, and data theft. It then describes methods for securing a network, including user authentication, firewalls, antivirus software, and encryption. Servers are central to networks for storing data, and securing the server room is crucial, requiring physical access controls, monitoring, locking server racks, and preventing environmental risks like fire or flooding.
Security zones segregate networks into different areas with varying levels of security. The most secure zone contains private networks and servers, while less secure zones like DMZs contain servers accessible from untrusted networks. Device security involves physical security of network components and their locations as well as logical security measures like access control lists and authentication on routers.
Information security involves protecting information and systems from unauthorized access, use, disclosure, disruption, modification, or destruction. It includes measures to ensure information availability, accuracy, authenticity, confidentiality and integrity. Network security aims to secure network components, connections and contents through authentication, encryption, firewalls and vulnerability patching in a continuous process of securing, monitoring, testing and improving security. Key related terms include assets, threats, vulnerabilities, risks, attacks, and countermeasures.
The document discusses cyber security awareness and promotes self-protection techniques. It outlines goals of promoting awareness, discussing how to secure personal information, and providing examples of protection software. It then discusses common security threats like malware, phishing, and social engineering and offers tools and best practices for protecting against them, including using antivirus software, enabling two-step verification, and employing encryption and VPNs when online.
This document provides an introduction to Fortinet's Unified Threat Management solutions. It discusses how Fortinet uses a single appliance with a specialized operating system to provide comprehensive security with features like firewall, antivirus, web filtering, intrusion prevention, and more. It also touches on the FortiGate platform, management tools, subscription services, and various FortiGate components and appliances in the Fortinet product line.
This document discusses mobile security and provides tips to stay safe. It begins with an introduction on how mobile phones are now used for more than calls and texts, and contain private data. It then covers security issues like physical theft, unencrypted voice calls and texts, and identifying IMEI numbers. The document details types of mobile security including device security measures like locks and remote wiping, and application security such as encryption and authentication. Mobile threats are reviewed like malware, phishing, and network exploits. Finally, tips are provided such as only downloading from trusted sources, setting passwords, using security tools, and being aware of unusual phone behaviors.
The document provides tips for keeping a network secure, including always keeping virus software and Windows updates enabled, using firewalls, backing up data regularly, and using strong passwords. It warns about common password risks like using obvious words or writing passwords down. The document also covers securing laptops, email, wireless networks, and avoiding risks from open networks. Proper authentication, surge protection, and password protecting are emphasized as important security best practices.
This document provides an overview of network sniffing and packet analysis using Wireshark. It discusses why sniffing is useful for understanding network activity, troubleshooting issues, and performing computer forensics. The document outlines topics like the basic techniques of sniffing, an introduction to Wireshark and its features, analyzing common network protocols, and examples of case studies sniffing could be used for. It emphasizes that patience is a prerequisite and encourages interactive discussion.
The document provides an overview of the Sophos XG Firewall. It discusses how the IT landscape is changing with increasing attacks and the blurring of network perimeters. It then introduces the Sophos XG Firewall as having the following key attributes:
- Simple and easy to use interface
- Lightning fast performance with FastPath packet optimization
- Unparalleled protection with features like Security Heartbeat that links endpoints and firewalls
- On-box reporting and visibility tools
- Backed by Sophos as a trusted industry leader in cybersecurity
The cyber kill chain describes cyber attacks from an attacker's perspective through distinct phases: (1) reconnaissance, (2) weaponization, (3) delivery, (4) exploitation, (5) installation, (6) command and control, and (7) actions on objectives. Each phase of the kill chain can be mapped to defensive tools and actions to prevent attacks. Understanding the kill chain stages gives analysts insight into what is being attempted and how to respond appropriately. The kill chain was developed by Lockheed Martin as a method to describe intrusions and prevent advanced persistent threats by highly trained adversaries targeting sensitive information.
This document discusses secure software design and development. It begins by stating that security is the top concern in software development. It then lists 10 common security flaws to avoid, such as not strictly separating data and control instructions. Next, it discusses security principles like authentication, authorization, confidentiality, non-repudiation, and availability. It also notes that developers should model security and look for bugs. The document advocates using security modeling techniques to systematically identify vulnerabilities and address countermeasures. Finally, it lists some additional security issues to consider, such as buffer overflows, insecure configuration management, and unnecessary code, and provides references for further reading.
The document provides information on vulnerability assessment and penetration testing. It defines vulnerability assessment as a systematic approach to finding security issues in a network or system through manual and automated scanning. Penetration testing involves exploring and exploiting any vulnerabilities that are found to confirm their existence and potential damage. The document outlines the types of testing as blackbox, graybox, and whitebox. It also lists some common tools used for testing like Nmap, ZAP, Nikto, WPScan, and HostedScan. Finally, it provides examples of specific vulnerabilities found and their solutions, such as outdated themes/plugins, backup files being accessible, and SQL injection issues.
The document discusses various cybersecurity attack vectors and how organizations can protect themselves. It outlines common attack methods like ransomware, malicious code delivery, social engineering, and phishing. It then recommends that organizations conduct regular security audits, establish governance policies, create an incident response plan, and provide cybersecurity education to employees. The document promotes cybersecurity services from Future Point of View including vulnerability testing, forensics, and training to help organizations enhance their protections.
The Zero Trust Model of Information Security Tripwire
In today’s IT threat landscape, the attacker might just as easily be over the cubicle wall as in another country. In the past, organizations have been content to use a trust and verify approach to information security, but that’s not working as threats from malicious insiders represent the most risk to organizations. Listen in as John Kindervag, Forrester Senior Analyst, explains why it’s not working and what you can do to address this IT security shortcoming.
In this webcast, you’ll hear:
Examples of major data breaches that originated from within the organization
Why it’s cheaper to invest in proactive breach prevention—even when the organization hasn’t been breached
What’s broken about the traditional trust and verify model of information security
About a new model for information security that works—the zero-trust model
Immediate and long-term activities to move organizations from the "trust and verify" model to the "verify and never trust" model
Network security is important to protect vital information while allowing authorized access. Key aspects of network security include identifying vulnerabilities, threats like hackers and methods of attack, and implementing appropriate countermeasures. Common attacks include password attacks, viruses, and packet sniffing. Effective countermeasures include firewalls to control access, intrusion detection systems to monitor for exploits, IPsec and encryption to secure communications, and user education to address social engineering vulnerabilities. Comprehensive security requires backups, encryption, virus protection, firewalls, monitoring, training, and testing defenses.
A Designated ENUM DNS Zone Provisioning Architectureenumplatform
The document summarizes the proposed designated ENUM DNS zone provisioning architecture including:
1) ENUM DNS and authentication transaction interfaces between subscribers, Tier1a registries, Tier1a registrars, Tier2 providers, and authenticators.
2) Normal DNS resolution and BIND queries would take place through the ENUM zone hierarchy to retrieve NAPTR records.
3) Authentication of a subscriber's right to use a number would involve digital certificates from an authenticator and verification by Tier2 and Tier1a providers.
The document discusses why network security is important and outlines common security threats and network attacks. It notes that as networks have grown in size and importance, security compromises could have serious consequences. It describes various types of threats like hackers, crackers, viruses and malware that target network vulnerabilities. It also provides examples of reconnaissance attacks, denial of service attacks, and different strategies that can be used to mitigate security risks.
The document discusses mobile hacking and identification techniques for encrypted data. It covers mobile technology threats like Bluetooth, WiFi, cracked apps, and data storage. It then describes mobile hacking tools like PWN PAD, PWN Phone, and Linux chroot that can be used for wireless attacks, networking, and Android hacking. The conclusion recommends using firewalls, antivirus software, keeping apps up to date, avoiding cracked apps, and using security locks to help defend against these mobile threats.
The document discusses the importance of network security and outlines common security threats such as viruses, hackers, and data theft. It then describes methods for securing a network, including user authentication, firewalls, antivirus software, and encryption. Servers are central to networks for storing data, and securing the server room is crucial, requiring physical access controls, monitoring, locking server racks, and preventing environmental risks like fire or flooding.
Security zones segregate networks into different areas with varying levels of security. The most secure zone contains private networks and servers, while less secure zones like DMZs contain servers accessible from untrusted networks. Device security involves physical security of network components and their locations as well as logical security measures like access control lists and authentication on routers.
Information security involves protecting information and systems from unauthorized access, use, disclosure, disruption, modification, or destruction. It includes measures to ensure information availability, accuracy, authenticity, confidentiality and integrity. Network security aims to secure network components, connections and contents through authentication, encryption, firewalls and vulnerability patching in a continuous process of securing, monitoring, testing and improving security. Key related terms include assets, threats, vulnerabilities, risks, attacks, and countermeasures.
The document discusses cyber security awareness and promotes self-protection techniques. It outlines goals of promoting awareness, discussing how to secure personal information, and providing examples of protection software. It then discusses common security threats like malware, phishing, and social engineering and offers tools and best practices for protecting against them, including using antivirus software, enabling two-step verification, and employing encryption and VPNs when online.
This document provides an introduction to Fortinet's Unified Threat Management solutions. It discusses how Fortinet uses a single appliance with a specialized operating system to provide comprehensive security with features like firewall, antivirus, web filtering, intrusion prevention, and more. It also touches on the FortiGate platform, management tools, subscription services, and various FortiGate components and appliances in the Fortinet product line.
This document discusses mobile security and provides tips to stay safe. It begins with an introduction on how mobile phones are now used for more than calls and texts, and contain private data. It then covers security issues like physical theft, unencrypted voice calls and texts, and identifying IMEI numbers. The document details types of mobile security including device security measures like locks and remote wiping, and application security such as encryption and authentication. Mobile threats are reviewed like malware, phishing, and network exploits. Finally, tips are provided such as only downloading from trusted sources, setting passwords, using security tools, and being aware of unusual phone behaviors.
The document provides tips for keeping a network secure, including always keeping virus software and Windows updates enabled, using firewalls, backing up data regularly, and using strong passwords. It warns about common password risks like using obvious words or writing passwords down. The document also covers securing laptops, email, wireless networks, and avoiding risks from open networks. Proper authentication, surge protection, and password protecting are emphasized as important security best practices.
This document provides an overview of network sniffing and packet analysis using Wireshark. It discusses why sniffing is useful for understanding network activity, troubleshooting issues, and performing computer forensics. The document outlines topics like the basic techniques of sniffing, an introduction to Wireshark and its features, analyzing common network protocols, and examples of case studies sniffing could be used for. It emphasizes that patience is a prerequisite and encourages interactive discussion.
The document provides an overview of the Sophos XG Firewall. It discusses how the IT landscape is changing with increasing attacks and the blurring of network perimeters. It then introduces the Sophos XG Firewall as having the following key attributes:
- Simple and easy to use interface
- Lightning fast performance with FastPath packet optimization
- Unparalleled protection with features like Security Heartbeat that links endpoints and firewalls
- On-box reporting and visibility tools
- Backed by Sophos as a trusted industry leader in cybersecurity
The cyber kill chain describes cyber attacks from an attacker's perspective through distinct phases: (1) reconnaissance, (2) weaponization, (3) delivery, (4) exploitation, (5) installation, (6) command and control, and (7) actions on objectives. Each phase of the kill chain can be mapped to defensive tools and actions to prevent attacks. Understanding the kill chain stages gives analysts insight into what is being attempted and how to respond appropriately. The kill chain was developed by Lockheed Martin as a method to describe intrusions and prevent advanced persistent threats by highly trained adversaries targeting sensitive information.
This document discusses secure software design and development. It begins by stating that security is the top concern in software development. It then lists 10 common security flaws to avoid, such as not strictly separating data and control instructions. Next, it discusses security principles like authentication, authorization, confidentiality, non-repudiation, and availability. It also notes that developers should model security and look for bugs. The document advocates using security modeling techniques to systematically identify vulnerabilities and address countermeasures. Finally, it lists some additional security issues to consider, such as buffer overflows, insecure configuration management, and unnecessary code, and provides references for further reading.
The document provides information on vulnerability assessment and penetration testing. It defines vulnerability assessment as a systematic approach to finding security issues in a network or system through manual and automated scanning. Penetration testing involves exploring and exploiting any vulnerabilities that are found to confirm their existence and potential damage. The document outlines the types of testing as blackbox, graybox, and whitebox. It also lists some common tools used for testing like Nmap, ZAP, Nikto, WPScan, and HostedScan. Finally, it provides examples of specific vulnerabilities found and their solutions, such as outdated themes/plugins, backup files being accessible, and SQL injection issues.
The document discusses various cybersecurity attack vectors and how organizations can protect themselves. It outlines common attack methods like ransomware, malicious code delivery, social engineering, and phishing. It then recommends that organizations conduct regular security audits, establish governance policies, create an incident response plan, and provide cybersecurity education to employees. The document promotes cybersecurity services from Future Point of View including vulnerability testing, forensics, and training to help organizations enhance their protections.
The Zero Trust Model of Information Security Tripwire
In today’s IT threat landscape, the attacker might just as easily be over the cubicle wall as in another country. In the past, organizations have been content to use a trust and verify approach to information security, but that’s not working as threats from malicious insiders represent the most risk to organizations. Listen in as John Kindervag, Forrester Senior Analyst, explains why it’s not working and what you can do to address this IT security shortcoming.
In this webcast, you’ll hear:
Examples of major data breaches that originated from within the organization
Why it’s cheaper to invest in proactive breach prevention—even when the organization hasn’t been breached
What’s broken about the traditional trust and verify model of information security
About a new model for information security that works—the zero-trust model
Immediate and long-term activities to move organizations from the "trust and verify" model to the "verify and never trust" model
Network security is important to protect vital information while allowing authorized access. Key aspects of network security include identifying vulnerabilities, threats like hackers and methods of attack, and implementing appropriate countermeasures. Common attacks include password attacks, viruses, and packet sniffing. Effective countermeasures include firewalls to control access, intrusion detection systems to monitor for exploits, IPsec and encryption to secure communications, and user education to address social engineering vulnerabilities. Comprehensive security requires backups, encryption, virus protection, firewalls, monitoring, training, and testing defenses.
A Designated ENUM DNS Zone Provisioning Architectureenumplatform
The document summarizes the proposed designated ENUM DNS zone provisioning architecture including:
1) ENUM DNS and authentication transaction interfaces between subscribers, Tier1a registries, Tier1a registrars, Tier2 providers, and authenticators.
2) Normal DNS resolution and BIND queries would take place through the ENUM zone hierarchy to retrieve NAPTR records.
3) Authentication of a subscriber's right to use a number would involve digital certificates from an authenticator and verification by Tier2 and Tier1a providers.
Creating Domain Specific Languages in PythonSiddhi
This document discusses domain specific languages (DSLs) and provides examples of creating DSLs in Python. It explains that DSLs allow users to work in specialized mini-languages tailored to specific problem domains. As examples, it discusses SQL as a DSL for databases and regular expressions as a DSL for patterns. It then demonstrates how to create an external DSL for defining forms using PyParsing and an internal DSL for the same using Python features like metaclasses. The document concludes that DSLs make code easier to read, write and maintain for non-programmers.
This document discusses using Ansible to manage PostgreSQL databases. It begins with an introduction to Ansible, explaining that it is an agentless automation tool used for configuration management, deployment, and orchestration. It then provides an overview of installing and using Ansible to provision infrastructure on Amazon Web Services and install PostgreSQL with streaming replication across multiple servers. Key components of Ansible like templates, variables, tasks, and playbooks are demonstrated in an example repository for automating PostgreSQL configuration management.
We browse the Internet. We host our applications on a server or a cloud that is hooked up with a nice domain name. That’s all there is to know about DNS, right? This talk is a refresher about how DNS works. How we can use it and how it can affect availability of our applications. How we can use it as a means of configuring our application components. How this old geezer protocol is a resilient, distributed system that is used by every Internet user in the world. How we can use it for things that it wasn’t built for. Come join me on this journey through the innards of the web!
Are you ready for the next attack? reviewing the sp security checklist (apnic...Barry Greene
Rethinking Security and how you can Act on Meaningful Change
What the industry recommends to protect your network is NOT working! The industry is stuck in a dysfunctional ecosystem that encourages the cyber-criminal innovation at the cost to business and individual loss throughout the world. We do not need a “Manhattan Project” for the security of the Internet. What we need are tools to help operators throughout the world ask the right question that would lead them to meaningful action. Security empowerment must empower the grassroots and provide the tools to push back on the root cause. This talk will explore these issues, highlight the dysfunction in our “security” economy, and present “take home” tools that would facilitate immediate action.
The document outlines a "Cyber Strategy of Action" for 2012 that calls for increased private industry collaboration, both privately and in public-private partnerships, to better prepare for and respond to cybersecurity threats. It recommends investing in existing security technologies and incident response communities, exercising legal options like civil lawsuits, and establishing real-time security data sharing to identify malicious actors and networks.
OpenDNS Enterprise Web Filtering allows organizations of all sizes to block websites at work. Choose from over 50 customizable categories. Use block page bypass to grant exceptions to your Web filtering policy. OpenDNS Enterprise offers web filtering without an appliance, can be deployed nearly instantly, and can be managed anywhere you have an Internet connection.
DNS and Troubleshooting DNS issues in LinuxKonkona Basu
The DNS is the system that translates domain names to IP addresses on the internet. It was created in 1983 and allows users to reference internet resources by name. The document then describes the step-by-step resolution process where a client's request is recursively resolved through root servers, TLD servers, and authoritative name servers to return the requested IP address. It also discusses caching for improved performance and common issues like hostname-IP mismatches that can be resolved by editing host files and DNS records.
This document provides an overview and tutorial of the getdns API, which is a new DNS API specification created by and for application developers. It aims to provide a natural follow-on to the getaddrinfo() function. The getdns API and its first implementation, getdns, highlight features like bootstrapping encrypted channels to prevent man-in-the-middle attacks. The tutorial covers DNSSEC and how getdns allows applications to directly query for and validate DNSSEC records like TLSA to securely establish TLS connections using DANE, bypassing the need to trust recursive resolvers. It demonstrates simple getdns functions for full recursion, stub resolution, and fallback options.
Query-name Minimization and Authoritative Server BehaviorShumon Huque
This document discusses query name minimization in DNS resolution and examines how some authoritative DNS servers behave when handling minimized queries. It finds that while name minimization aims to improve privacy, some CDNs and DNS hosting providers respond incorrectly to queries for empty non-terminal names, returning NXDOMAIN instead of NODATA. This prevents complete resolution. The document suggests providers will need to address this to allow wider adoption of name minimization.
Speaking from experience building MyGet.org: users are insane. If you are lucky, they use your service, but in reality, they probably abuse. Crazy usage patterns resulting in more requests than expected, request bursts when users come back to the office after the weekend, and more! These all pose a potential threat to the health of our web application and may impact other users or the service as a whole. Ideally, we can apply some filtering at the front door: limit the number of requests over a given timespan, limiting bandwidth, ...
In this talk, we’ll explore the simple yet complex realm of rate limiting. We’ll go over how to decide on which resources to limit, what the limits should be and where to enforce these limits – in our app, on the server, using a reverse proxy like Nginx or even an external service like CloudFlare or Azure API management. The takeaway? Know when and where to enforce rate limits so you can have both a happy application as well as happy customers.
This document provides 7 habits for success as an internet engineer:
1. Be disciplined in your work through consistency of action, values, goals and methods.
2. Write things down through documents like requirements, design, operations and testing plans.
3. It's okay to not know things, but not okay to remain clueless - ask others for help.
4. Read technical manuals and source materials to learn from experts.
5. Build a network of people in the field to learn from and contribute to.
6. Connect with networking groups and read their materials to stay informed of the latest developments.
7. Invest in your professional network through answering questions and sharing knowledge with
BIND’s New Security Feature: DNSRPZ - the "DNS Firewall"Barry Greene
Learn how to turn your network’s DNS into a Security Tool! Webinar-Oct 12th
What do you do if the security tools are not protecting your network? Cyber-criminals are constantly finding ways to bypass your security tools and own your network. When the threat changes, you should grow with the threat - think out of the box – using tools that the criminals have not yet considered; the DNS.
ISC’s Internet Critical Open Source DNS software BIND has a new feature that would turn a DNS Caching Resolver into a tool to help protect your network from malware. All the computers in your network must contact your DNS Resolvers to get to the outside world. Your DNS Resolvers are critical “choke-point” for which all devices in your network must interact to get to the outside world. This "choke-point" is a logical choice to put security capabilities to check if a domain is "clean" or "dirty."
How can you have your DNS Resolver check if a domain is clean or dirty? Use BIND’s new feature – the DNS Response Policy Zone (DNSRPZ). DNSRPZ uses secure and fast zone transfer technologies to pull down black list of bad domains and put them into your DNS resolver.
The archived recording of the Webinar is here: www.isc.org/webinars
Who should watch this Webinar?
E-mail Administrators: Find out how DNSRPZ offers more effective way to work with the Anti-Spam black list.
Network Operators: Learn how DNSRPZ can be used inside your network to keep your users from being in-inadvertently infected by malware, zero-days, and malvertisements.
Security Engineers: Discover how DNSRPZ is a tool to help contain infections that get into your network and try to “call home” to a BOTNET controller.
Hosting Providers: By default, most of your hosting customers are using your DNS resolvers. Learn how DNSRPZ can help prevent and contain the threat of your customers getting infected.
Service Providers: Learn how to turn your DNS services into a tool to help protect all your customers from infection.
Mobile Telecoms Operators: Find a new tool that would prevent miscreant smart phone applications from calling home with DNS and infecting your customer’s phones.
SCADA and Critical Industrial System Operators: Learn how DNSRPZ is a tool to help protect legacy control systems that need DNS to work.
Verisign Public DNS is a free DNS resolution service that provides stable and secure routing of internet navigation while respecting user privacy. It utilizes Verisign's patented ATLAS technology and over 17 years of experience operating the .com and .net domains to deliver 100% accurate and reliable resolution. User queries are not sold to third parties or used to redirect users to ads, keeping DNS data private. The service leverages Verisign's expertise in DNS infrastructure to offer a less vulnerable alternative to other public DNS platforms.
The document discusses network security topics such as common attacks, technical defenses, and encryption methods. It provides definitions and descriptions of various hacking techniques, security solutions, and objectives for students to understand network threats and defenses. The document also includes sample network diagrams and access control configurations.
Network security consists of the policies and practices adopted to prevent and monitor unauthorized access, misuse, modification, or denial of a computer network and network-accessible resources.
Asegurarme de la Seguridad?, Un Vistazo al Penetration TestingSoftware Guru
Sesión presentada en SG Virtual 11a. edición.
Por: Gilberto Sánchez.
En esta charla veremos ¿qué es el Penetration Testing?, ¿Porque hacerlo?, los tipos de Pen testing que existen, además veremos el pre-ataque, ataque y el post-ataque así como los estándares que existen en la actualidad..
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)WAJAHAT IQBAL
This post contains detailed Mindmap related to Complex subject of Cyber security and address critical components summarized as below:
- Cyber Security standards
- SOC (Security Operation Center)
- Cybersecurity Lifecycle
- Hacker Kill Chain
- Malware (Types,Protection Mechanism)
- Cyber Architecture
- CSC (Critical Security Standards)
- Incident Management
- Network Perimeter best security practices
- Final Case Study
I hope the Technical post is appreciated and liked by Security Consultants and Subject Matter experts on Cybersecurity.Your criticals Inputs are appreciated.Thank you
- Wajahat Iqbal
(Wajahat_Iqbal@Yahoo.com)
In my college i will created this presentation for seminar with my own interest so this will help you for your career.Please you also create any presentation and upload it,Thank you.
This document summarizes an information security presentation about emerging threats to infrastructure. It discusses growing malware threats, how attacks are carried out through social engineering and exploiting vulnerabilities, and advanced persistent threats targeting critical systems. It emphasizes that compliance does not equal security and organizations must focus on proactive security practices like patching, user awareness training, and incident response planning to defend against sophisticated attacks.
Synopsis:
The Internal Penetration Test: The Hitchhackers Guide to Discovering Sensitive Information is my research as a Penetration Tester looking at tactics, techniques, and procedures (TTPs) to get at how threat actors (criminals) discover sensitive data post exploitation.
The presentation is designed to encourage security professionals to discover where sensitive data resides within their organization to prevent potential information security incidents and continue to develop a culture of security awareness.
Join Darin Fredde as he presents his talk "Internal Penetration Test: Hitchhacker's Guide to Discovering Sensitive Information". Darin gets to the heart of what is most important in penetration tests, sensitive information. Too often the deliverables on a pentest are running scanners, performing exploits, and providing findings in a report.
Penetration testers sometime focus on getting a reverse shell, privilege escalation, or, single-purpose objectives to gain domain admin. The best tactic for protecting sensitive data is by testing threat actors’ ability to locate and exfiltration data. Therefore, an organization must consider a capability driven security assessment or penetration tests which the focus is on what cybercriminals want most your non-public information.
Reference:
So, How Secure Is Your Sensitive Data in SharePoint? | The .... https://thecybersecurityplace.com/secure-sensitive-data-sharepoint/
The document discusses network security concepts including attacks, defenses, encryption techniques, and intrusion detection systems. It defines various types of attacks like man-in-the-middle, denial of service, and SQL injection. It also describes defenses such as firewalls, intrusion detection/prevention systems, and virtual private networks. The document provides an overview of encryption standards like AES, hashing algorithms like SHA-1, and digital signatures. It also discusses public key infrastructure and techniques for securely accessing networks remotely.
The document discusses how web application hacking occurs through examples like SQL injection. It explains the basic components of a web application like the database, server, and client. It then covers the steps an attacker may take, like using tools to find hidden content or exploiting vulnerabilities in how user input is handled to access private user data or delete database tables. The document emphasizes that these types of vulnerabilities are common and provides resources for learning about different hacking techniques as well as the company's security assessment services.
The document discusses ethical hacking and summarizes key points in 3 sentences:
Ethical hackers, also known as white hats, help improve security by identifying vulnerabilities in systems without malicious intent and work to fix them, while black hat hackers break into systems illegally; common hacking techniques include SQL injection, cross-site scripting, and using Google dorks to find sensitive information on public websites. The document outlines skills and jobs of ethical hackers, different types of hackers, and provides examples of common attacks like SQL injection and cross-site scripting.
Application and Website Security -- Fundamental EditionDaniel Owens
The document provides an agenda for a course on application and website security. The agenda covers common input validation flaws like SQL injection and cross-site scripting, access control flaws like session hijacking, encryption flaws, security tools, and concludes with additional resources for further information. The document uses examples to demonstrate various security vulnerabilities and how they can be exploited.
This is a presentation I gave to senior high school students. The 1st part is an overview the 2nd part is more detailed on the ways to perform the Ethical Hacking.
Need my help? Contact Keith Brooks via one of the following ways:
Blog http://blog.vanessabrooks.com
Twitter http://twitter.com/lotusevangelist
http://about.me/keithbrooks
How to 2FA-enable Open Source Applications (Extended Session)
Presented at: Open Source 101 at Home 2020
Presented by: Mike Schwartz, Gluu
Abstract: Your organization loves open source tools like Wordpress, SuiteCRM, NextCloud, RocketChat, and OnlyOffice... but most of these tools are protected with plain old passwords. You want to use two-factor authentication... but how? In this workshop, you'll learn:
- Which 2FA technologies can be used without paying a license;
- How to enable users to enroll and delete 2FA credentials;
- How to configure open source applications to act as a federated relying party--delegating authentication to a central service
- How custom applications can act as a federated relying party
As soluções da NetWitness capturam todos os dados que circulam na rede e os contextualizam, filtrando o que pode ser crítico ou não. O usuario pode ver quem está indo aonde e vendo o quê.
Gerald Z. Villorente presents on the topic of web security. He discusses security levels including server, network, application, and user levels. Some common web application threats are also outlined such as cross-site scripting, SQL injection, and denial-of-service attacks. The presentation provides an overview of aspects of data security, principles of secure development, and best practices for web security.
You have spent a ton of money on your security infrastructure. But how do you string all those things together so you can achieve your goals of reducing time to response, detecting, preventing threats. And most importantly, having your security team serve your business and mission. Learn how to organize your security resources to get the best benefit. See a live demonstration of operationalizing those resources so your security teams can do more for your organization.
Ready to Unlock the Power of Blockchain!Toptal Tech
Imagine a world where data flows freely, yet remains secure. A world where trust is built into the fabric of every transaction. This is the promise of blockchain, a revolutionary technology poised to reshape our digital landscape.
Toptal Tech is at the forefront of this innovation, connecting you with the brightest minds in blockchain development. Together, we can unlock the potential of this transformative technology, building a future of transparency, security, and endless possibilities.
Discover the benefits of outsourcing SEO to Indiadavidjhones387
"Discover the benefits of outsourcing SEO to India! From cost-effective services and expert professionals to round-the-clock work advantages, learn how your business can achieve digital success with Indian SEO solutions.
HijackLoader Evolution: Interactive Process HollowingDonato Onofri
CrowdStrike researchers have identified a HijackLoader (aka IDAT Loader) sample that employs sophisticated evasion techniques to enhance the complexity of the threat. HijackLoader, an increasingly popular tool among adversaries for deploying additional payloads and tooling, continues to evolve as its developers experiment and enhance its capabilities.
In their analysis of a recent HijackLoader sample, CrowdStrike researchers discovered new techniques designed to increase the defense evasion capabilities of the loader. The malware developer used a standard process hollowing technique coupled with an additional trigger that was activated by the parent process writing to a pipe. This new approach, called "Interactive Process Hollowing", has the potential to make defense evasion stealthier.
3. Objectives
The student should be able to:
Define attacks: script kiddy, social engineering, logic bomb, Trojan horse,
phishing, pharming, war driving, war dialing, man-in-the-middle attack, SQL
injection, virus, worm, root kit, dictionary attack, brute force attack, DOS, DDOS,
botnet, spoofing, packet reply.
Describe defenses: defense in depth, bastion host, content filter, packet filter,
stateful inspection, circuit-level firewall, application-level firewall, de-militarized
zone, multi-homed firewall, IDS, IPS, NIDS, HIDS, signature-based IDS,
statistical-based IDS, neural network, VPN, network access server
(RADIUS/TACACS), honeypot, honeynet, hash, secret key encryption, public key
encryption, digital signature, PKI, vulnerability assessment
Identify techniques (what they do): SHA1/SHA2, MD2/MD4/MD5, DES, AES,
RSA, ECC.
Describe and define security goals: confidentiality, authenticity, integrity, non-
repudiation
Define service’s & server’s data in the correct sensitivity class and roles with
access
Define services that can enter and leave a network
Draw network Diagram with proper zones and security equipment
4. The Problem of Network Security
The Internet allows an
attacker to attack from
anywhere in the world
from their home desk.
They just need to find one
vulnerability: a security
analyst need to close
every vulnerability.
Solution: Layered defense
5. Stages of a
Cyber-Operation
Target Identification
Opportunistic Attack:
focuses on any easy-to-
break-into site
Targeted Attack: specific
victim in mind
Searches for a vulnerability
that will work.
6. Hacking Networks
Reconnaissance Stage
Physical Break-In
Dumpster Diving
Google, Newsgroups,
Web sites
Social Engineering
Phishing: fake email
Pharming: fake web pages
WhoIs Database &
arin.net
Domain Name Server
Interrogations
Registrant:
Microsoft Corporation
One Microsoft Way
Redmond, WA 98052
US
Domain name: MICROSOFT.COM
Administrative Contact:
Administrator, Domain domains@microsoft.com
One Microsoft Way
Redmond, WA 98052
US
+1.4258828080
Technical Contact:
Hostmaster, MSN msnhst@microsoft.com
One Microsoft Way
Redmond, WA 98052 US
+1.4258828080
Registration Service Provider:
DBMS VeriSign, dbms-support@verisign.com
800-579-2848 x4
Please contact DBMS VeriSign for domain updates,
DNS/Nameserver
changes, and general domain support questions.
Registrar of Record: TUCOWS, INC.
Record last updated on 27-Aug-2006.
Record expires on 03-May-2014.
Record created on 02-May-1991.
Domain servers in listed order:
NS3.MSFT.NET 213.199.144.151
NS1.MSFT.NET 207.68.160.190
NS4.MSFT.NET 207.46.66.126
NS2.MSFT.NET 65.54.240.126
NS5.MSFT.NET 65.55.238.126
7. Hacking Networks
Reconnaissance Stage
War Driving: Can I find a wireless network?
War Dialing: Can I find a modem to connect to?
Network Scanning: What IP addresses, open ports,
applications exist?
Protocol Sniffing: What is being sent over
communications lines?
8. Passive Attacks
Eavesdropping: Listen to
packets from other
parties = Sniffing
Traffic Analysis: Learn
about network from
observing traffic patterns
Footprinting: Test to
determine software
installed on system =
Network Mapping
B
PacketA
C
Bob
Jennie
Carl
Login: Ginger Password: Snap
9. Hacking Networks:
Gaining Access Stage
Network Attacks:
IP Address Spoofing
Man-in-the-Middle
System Attacks:
Buffer Overflow
Password Cracking
SQL Injection
Web Protocol Abuse
Watering Hole Attack
Trap Door
Virus, Worm, Trojan
horse
a
aa
ab
ac
…
ba
bb
…
aaa
aab
aac
…
10. Some Active Attacks
Denial of Service: Message
did not make it; or service
could not run
Masquerading or Spoofing:
The actual sender is not
the claimed sender
Message Modification: The
message was modified in
transmission
Packet Replay: A past packet
is transmitted again in
order to gain access or
otherwise cause damage
Denial of Service
Joe
Ann
Bill
Spoofing
Joe (Actually Bill)
Ann
Bill
Message
Modification
Joe
Ann
Packet Replay
Joe
Ann
Bill
Bill
12. SQL Injection
Java Original: “SELECT * FROM
users_table WHERE username=” + “’” +
username + “’” + “ AND password = “ + “’” +
password + “’”;
Inserted Password: Aa’ OR ‘’=’
Java Result: “SELECT * FROM
users_table WHERE username=’anyname’
AND password = ‘Aa’ OR ‘ ‘ = ‘ ‘;
Inserted Password: foo’;DELETE FROM
users_table WHERE username LIKE ‘%
Java Result: “SELECT * FROM
users_table WHERE username=’anyname’
AND password = ‘foo’; DELETE FROM
users_table WHERE username LIKE ‘%’
Inserted entry: ‘|shell(“cmd /c echo “ &
char(124) & “format c:”)|’
Login:
Password:
Welcome to My System
13. NIST SP 800-118 Draft
Password Cracking:
Dictionary Attack & Brute Force
Pattern Calculation Result Time to Guess
(2.6x1018
/month)
Personal Info: interests, relatives 20 Manual 5 minutes
Social Engineering 1 Manual 2 minutes
American Dictionary 80,000 < 1 second
4 chars: lower case alpha 264
5x105
8 chars: lower case alpha 268
2x1011
8 chars: alpha 528
5x1013
8 chars: alphanumeric 628
2x1014
3.4 min.
8 chars alphanumeric +10 728
7x1014
12 min.
8 chars: all keyboard 958
7x1015
2 hours
12 chars: alphanumeric 6212
3x1021
96 years
12 chars: alphanumeric + 10 7212
2x1022
500 years
12 chars: all keyboard 9512
5x1023
16 chars: alphanumeric 6216
5x1028
14. Hacking Networks:
Hiding Presence; Establishing Persistence
Backdoor
Trojan Horse
Spyware/Adware
Command & Control
User-Level Rootkit
Kernel-Level
Rootkit
Replaces system
executables: e.g.
Login, ls, du
Replaces OS kernel:
e.g. process or file
control to hide
Control system:
system commands,
log keystrokes, pswd
Useful utility actually
creates a backdoor.
Slave forwards/performs
commands;
Spyware: Keystroke logger
collects info: passwords,
collect credit card #s,
AdWare: insert ads,
filter search results
Spread & infect,
list email addrs,
DDOS attacks
Bot
15. Distributed Denial of Service
Zombies
VictimAttacker Handler
Can barrage a victim
server with requests,
causing the network
to fail to respond to anyone
Russia Bulgaria United
States
Zombies
16. Question
An attack where multiple computers send
connection packets to a server simultaneously
to slow the firewall is known as:
1. Spoofing
2. DDOS
3. Worm
4. Rootkit
17. Question
A man in the middle attack is
implementing which additional type of
attack:
1. Spoofing
2. DoS
3. Phishing
4. Pharming
21. Attacking the Network
What ways do you see of getting in?
The Internet
De-Militarized
Zone
Private Network
Border Router/Firewall
Commercial Network
Internal FirewallWLAN
22. Filters: Firewalls & Routers
Route Filter: Verifies source/destination IP addresses
Packet Filter: Scans headers of packets
Content Filter: Scans contents of packet (e.g., IPS)
Default Deny: Any packet not explicitly permitted is
rejected
Fail Safe or Fail Secure: If router fails, it fails shut
The good, the bad &
the ugly…
Filter
The bad &
the ugly
The Good
23. Packet Filter Firewall
Web Request
Ping Request
FTP request
Email Connect Request
Web Response
Telnet Request
Email Response
SSH Connect Request
DNS Request
Email Response
Web
Response
Illegal Source IP Address
Illegal Dest IP Address
Microsoft NetBIOS Name Service
25. Step 1: Determine Services:
Who, What, Where?
Workbook
Service
(e.g., web, sales
database)
Source
(e.g., home, world, local
computer)
Destination
(local server, home,
world, etc.)
Registration,
Desire2Learn
Students and Instructors:
Anywhere in the World
Computer Service
Servers
Registration Registrars and Advisers:
On campus
Computer Service
Servers
Library databases On campus students and
staff.
Off-campus requires login
Specific off-site
library facilities
Health Services On campus: nurses office Computer Service
Servers
External
(Internet) web
services
On campus: Campus labs,
dorms, faculty offices
Anywhere in the
world
26. Step 2: Determine
Sensitivity of Services
Workbook
Service Name
(E.g., web,
email)
Sensitivity Class
(E.g.,
Confidential)
Roles
(E.g., sales, engineering)
Server
(*=Virtual)
Desire2-
Learn
Private Current Students,
Instructors
Student_
Scholastic
Registration Confidential Current Students,
Registration, Accounting,
Advising, Instructors
Student_
Register
Health
Service
Confidential Nurses Health_Servi
ces
Web Pages:
activities,
news,
departments
, …
Public Students, Employees, Public Web_Services
*
27. Isolation &
Compartmentalization
Compartmentalize network
by Sensitivity Class & Role
Segment Network into Regions = Zones
E.g., DMZ, wireless, Payment Card
Isolate Apps on Servers:
physical vs. virtual (e.g. VMware)
Virtual Servers combine onto one Physical server.
has own OS and limited section of disk.
Hypervisor software is interface between virtual system’s
OS and real computer’s OS.
29. Step 3: Allocate Network Zones
Workbook
Zone Services
Zone Description
(You may delete or add rows as necessary)
Internet This zone is external to the organization.
De-Militar-
ized Zone
Web,
Email, DNS
This zone houses services the public are allowed to access in our
network.
Wireless
Network
Wireless local
employees
This zone connects wireless/laptop employees/students (and
crackers) to our internal network. They have wide access.
Private
Server Zone
Databases This zone hosts our student learning databases, faculty
servers, and student servers.
Confidential
Zone
Payment
card, health,
grades info
This highly-secure zone hosts databases with payment and
other confidential (protected by law) information.
Private user
Zone
Wired staff/
students
This zone hosts our wired/fixed employee/classroom computer
terminals. They have wide univ. & external access.
Student Lab
Zone
Student labs This zone hosts our student lab computers, which are highly
vulnerable to malware. They have wide access
30. Step 4: Define Controls
Workbook
Zone Server
(*=Virtual)
Service Required Controls
(Conf., Integrity, Auth., Nonrepud., with tools: e.g.,
Encryption/VPN, hashing, IPS)
De-
Militarized
Zone
Web_
Services*,
Email_Server
DNS_Server
Web,
Email,
DNS
Hacking: Intrusion Prevention System,
Monitor alarm logs, Anti-virus software within
Email package.
Wireless
Network
Wireless local
users
Confidentiality: WPA2 Encryption
Authentication: WPA2 Authentication
Private
Server Zone
StudentSch
olastic
Student_Fil
es
Faculty_File
s
Classroom
software,
Faculty &
student
storage.
Confidentiality: Secure Web (HTTPS), Secure
Protocols (SSH, SFTP).
Authentication: Single Sign-on through
TACACS
Hacking: Monitor logs
31. Data Privacy
Confidentiality: Unauthorized
parties cannot access
information (->Secret Key
Encryption
Authenticity: Ensuring that
the actual sender is the
claimed sender. (->Public Key
Encryption)
Integrity: Ensuring that the
message was not modified in
transmission. (->Hashing)
Nonrepudiation: Ensuring
that sender cannot deny
sending a message at a later
time. (->Digital Signature)
Confidentiality
Joe
Ann
Bill
Authenticity
Joe (Actually Bill)
Ann
Bill
Integrity
Joe
Ann
Non-Repudiation
Joe
Ann
Bill
34. Confidentiality:
Remote Access Security
Virtual Private Network (VPN) often implemented with
IPSec
Can authenticate and encrypt data through Internet (red line)
Easy to use and inexpensive
Difficult to troubleshoot
Susceptible to malicious software and unauthorized actions
Often router or firewall is the VPN endpoint
The Internet
Firewall
VPN
Concentrator
35. Integrity:
Secure Hash Functions
Examples: HMAC, SHA-2, SHA-3
Message
H
K Message H
MessageK H H
Compare
Secure Hash
Message
H
Message Message
H
H H H
H
Compare
HMAC
K K
Ensures the message was not modified during transmission
NIST Recommended: SHA-2, SHA-3
H
Transmitted Hash
37. Authentication:
Public Key Infrastructure (PKI)
Digital
Certificate
User: Sue
Public Key:
2456
1. Sue registers with
CA through RA
Certificate Authority
(CA)
Register(Owner, Public Key) 2. Registration Authority
(RA) verifies owners
3. Send approved
Digital Certificates
5. Tom requests Sue’s DC
6. CA sends Sue’s DC
Sue
Tom
4. Sue sends
Tom message
signed with
Digital Signature
7. Tom confirms
Sue’s DS
38. Hacking Defense:
Intrusion Detection/Prevention
Systems (IDS or IPS)
Network IDS=NIDS
Examines packets for attacks
Can find worms, viruses, or
defined attacks
Warns administrator of attack
IPS=Packets are routed
through IPS
Host IDS=HIDS
Examines actions or resources
for attacks
Recognize unusual or
inappropriate behavior
E.g., Detect modification or
deletion of special files
Router
Firewall
IDS
39. IDS/IPS Intelligence Systems
Signature-Based:
Specific patterns are recognized
as attacks
Statistical-Based:
The expected behavior of the
system is understood
If variations occur, they may be
attacks (or maybe not)
Neural Networks:
Statistical-Based with self-learning
(or artificial intelligence)
Recognizes patterns
Attacks:
NastyVirus
BlastWorm
NastyVirus
NIDS:
ALARM!!!
0
10
20
30
40
50
60
70
80
90
Mon. Tues. Wed. Thurs.
Sales
Personnel
Factory
Normal
40. Hacking Defense:
Evaluating Applications
Unified Threat Management =
SuperFirewall = firewall + IPS + anti-virus
+ VPN capabilities
Concerns are redundancy and bandwidth.
Blacklist= restrict access to particular
web sites, e.g., social and email sites
Whitelist= permit access to only a limited
set of web sites.
41. Hacking Defense:
Honeypot & Honeynet
Honeypot: A system with a special software application
which appears easy to break into
Honeynet: A network which appears easy to break into
Purpose: Catch attackers
All traffic going to honeypot/net is suspicious
If successfully penetrated, can launch further attacks
Must be carefully monitored
External
DNS
IDS Web
Server
E-Commerce VPN
Server
Firewall
Honey
Pot
42. Hacking Defense:
Vulnerability Assessment
Scan servers, work stations, and control
devices for vulnerabilities
Open services, patching, configuration
weaknesses
Testing controls for effectiveness
Adherence to policy & standards
Penetration testing
44. Path of Logical Access
How would access control be improved?
The Internet
De-Militarized
Zone
Private Network
Border Router/
Firewall
Router/Firewall
WLAN
45. Protecting the Network
The Internet
De-Militarized
Zone
Private Network
Border Router: Packet Filter
Bastion Hosts
Proxy server firewall
WLAN
47. Writing Rules
Policies Network Filter Capabilities
Write Rules
Protected Network
Audit Failures
Corrections
Fail-Safe: If the filter fails, it fails closed
Default Deny: If a specific rule does not apply,
The packet is dropped.
48. Firewall
Configurations
A A
terminal
firewall
host
Router Packet Filtering:
Packet header is inspected
Single packet attacks caught
Very little overhead in firewall: very quick
High volume filter
A A
terminal
firewall
host
A
Stateful Inspection
State retained in firewall memory
Most multi-packet attacks caught
More fields in packet header inspected
Little overhead in firewall: quick
49. Firewall
Configurations
A B
terminal
firewall
host
Circuit-Level Firewall:
Packet session terminated and recreated
via a Proxy Server
All multi-packet attacks caught
Packet header completely inspected
High overhead in firewall: slow
A B
terminal
firewall
host
A
Application-Level Firewall
Packet session terminated and recreated
via a Proxy Server
Packet header completely inspected
Most or all of application inspected
Highest overhead: slow & low volume
A B
B
50. Web Page Security
SQL Filtering: Filtering of web input for SQL
Injection
Encryption/Authentication: Ensuring
Confidentiality, Integrity, Authenticity, Non-
repudiation
Web Protocol Protection: Protection of
State
51. Summary of Controls
Conf-
ident.
Integ-
rity
Authen.
Non-
repud.
Anti-
Hack
Encryption Protocols: S-HTTP, HTTPS,
SSL, SSH2, PGP, S/MIME
x ? ?
Virtual Private Network (VPN): IPsec x x x
Wireless: WPA2, TKIP, IEEE 802.11i x x x
Hashing: HMAC, SHA, MD5 x
Digital Signature x x
Public Key Infrastructure x x x
Centralized Access Control: RADIUS,
TACACS
x
Kerberos x x
Authentication: biometric, flash drive, token x
52. Conf-
ident.
Integ-
rity
Authen.
Non-
repud.
Anti-
Hack
Firewall, App. or web firewall x
Mobile device mgmt x
Antivirus, Endpoint Security x
Event Logs/SIEM x
Intrusion Detection/Prevention Systems x
Unified Threat Mgmt x
Vulnerability Assessment x
Risk, Policy Mgmt x
Honeypot/Honeynet x
Email security mgmt x x
Bastion host x
53. Question
A map of the network that shows where service
requests enter and are processed
1. Is called the Path of Physical Access
2. Is primarily used in developing security policies
3. Can be used to determine whether sufficient
Defense in Depth is implemented
4. Helps to determine where antivirus software
should be installed
54. Question
The filter with the most extensive filtering
capability is the
1. Packet filter
2. Application-level firewall
3. Circuit-level firewall
4. State Inspection
55. Question
The technique which implements non-
repudiation is:
1. Hash
2. Secret Key Encryption
3. Digital Signature
4. IDS
56. Question
Anti-virus software typically implements
which type of defensive software:
1. Neural Network
2. Statistical-based
3. Signature-based
4. Packet filter
57. Question
MD5 is an example of what type of
software:
1. Public Key Encryption
2. Secret Key Encryption
3. Message Authentication
4. PKI
58. Question
A personal firewall implemented as part
of the OS or antivirus software qualifies
as a:
1. Dual-homed firewall
2. Packet filter
3. Screened host
4. Bastion host
59. HEALTH FIRST CASE STUDY
Designing Network Security
Jamie Ramon MD
Doctor
Chris Ramon RD
Dietician
Terry
Licensed
Practicing Nurse
Pat
Software Consultant
60. Defining Services which can
Enter and Leave the Network
Service Source
(e.g., home,
world, local
computer)
Destination
(local server,
home, world,
etc.)
61. Defining Services and Servers
Workbook
Service
(e.g., web, sales
database)
Source
(e.g., home, world, local
computer)
Destination
(local server, home,
world, etc.)
Registration,
Desire2Learn
Students and Instructors:
Anywhere in the World
Computer Service
Servers
Registration Registrars and Advisers:
On campus
Computer Service
Servers
Library databases On campus students and
staff.
Off-campus requires login
Specific off-site
library facilities
Health Services On campus: nurses office Computer Service
Servers
External
(Internet) web
services
On campus: Campus labs,
dorms, faculty offices
Anywhere in the
world
62. Define Services & Servers
Which data can be grouped together by
role and sensitivity/criticality?
Service
Name
Sensitivity
Class.
Roles with
Access
Server Name
Confidential –
Management
Public –
Web Pages
Privileged –
Contracts
63. Evaluating Service Classes & Roles
Workbook
Service Name
(E.g., web,
email)
Sensitivity Class
(E.g.,
Confidential)
Roles
(E.g., sales, engineering)
Server
(*=Virtual)
Desire2-
Learn
Private Current Students,
Instructors
Student_
Scholastic
Registration Confidential Current Students,
Registration, Accounting,
Advising, Instructors
Student_
Register
Health
Service
Confidential Nurses Health_Servi
ces
Web Pages:
activities,
news,
departments
, …
Public Students, Employees, Public Web_Services
*
64. Defining Zones and Controls
Compartmentalization:
Zone = Region (E.g., DMZ, wireless,
internet)
Servers can be physical or virtual
Zone Service Server Required Controls
(Conf., Integrity, Auth., Nonrepud.,
with tools: e.g., Encryption/VPN)
65. Defining Zones
Workbook
Zone Services
Zone Description
(You may delete or add rows as necessary)
Internet This zone is external to the organization.
De-Militar-
ized Zone
Web,
Email, DNS
This zone houses services the public are allowed to access in our
network.
Wireless
Network
Wireless local
employees
This zone connects wireless/laptop employees/students (and
crackers) to our internal network. They have wide access.
Private
Server Zone
Databases This zone hosts our student learning databases, faculty
servers, and student servers.
Confidential
Zone
Payment
card, health,
grades info
This highly-secure zone hosts databases with payment and
other confidential (protected by law) information.
Private user
Zone
Wired staff/
students
This zone hosts our wired/fixed employee/classroom computer
terminals. They have wide univ. & external access.
Student Lab
Zone
Student labs This zone hosts our student lab computers, which are highly
vulnerable to malware. They have wide access
66. Defining Controls for Services
Workbook
Zone Server
(*=Virtual)
Service Required Controls
(Conf., Integrity, Auth., Nonrepud., with tools: e.g.,
Encryption/VPN, hashing, IPS)
De-
Militarized
Zone
Web_
Services*,
Email_Server
DNS_Server
Web,
Email,
DNS
Hacking: Intrusion Prevention System,
Monitor alarm logs, Anti-virus software within
Email package.
Wireless
Network
Wireless local
users
Confidentiality: WPA2 Encryption
Authentication: WPA2 Authentication
Private
Server Zone
StudentSch
olastic
Student_Fil
es
Faculty_File
s
Classroom
software,
Faculty &
student
storage.
Confidentiality: Secure Web (HTTPS), Secure
Protocols (SSH, SFTP).
Authentication: Single Sign-on through
TACACS
Hacking: Monitor logs
Text on the right is an example of a ‘whois’ query. It is not a good idea to name the administrative contact.
News/web sites are useful for learning about different subsidiaries, staff names or positions, new merges (potentially with less security). Dumpster diving can sometimes produce internal documentation – use a shredder.
After the cracker knows something about the company, often the second stage would be to learn the network and computer configurations.
War Driving: Listening with a high-powered receiver for wireless LAN signals. Tools indicate the power level, encryption type, and protocol details.
War Dialing: Dials numbers within a range looking for a modem to answer.
Network Mapping: Polls computers for which services they support
Vulnerability Scanning Tools: Polls computers to learn services, service versions, configurations
Network Mapping = Footprinting, same as on previous page.
Traffic Analysis: Does a lot of traffic go between Point A and Point B, or Point C? Is it encrypted? This might be a concern if you are the military.
Once a cracker knows the configuration of the network, it is possible to launch an attack to get in.
The dog is ‘sniffing’ the login and password identification.
These attacks will be defined on further slides. Note that they are of two varieties: attacks to the network, and attacks to the system.
Denial of service (DOS): Prevent service. E.g. flood a network with traffic so legitimate traffic can’t get through
Spoofing: cracker alters the ‘from’ address in the packet header to look like a trusted entity
Packet replay: common method of gaining unauthorized access – e.g. sniffer observes a remote logon, repeats it
Message Modification: Bill changes Joe’s original message, which was intended for Ann.
10.1.1.1 (2/3) are IP addresses
The red computer here is pretending to be 10.1.1.1, and forward confidential information to 10.1.1.1.
This example shows that people can fool your generated programmed SQL statement by inserting unexpected logins and passwords. This may be done by adding conditions, additional SQL statements, or by accessing the OS command line.
Always sanitize your input.
Calculation = &lt;number of possible characters&gt; to the &lt;password length&gt; power
Result is maximum number of guesses needed to find the right password.
This is taken from NIST, and assumes many computers are used in parallel to crack a password. Think criminal effort potentially using bots.
Once the cracker has entered, they can expand their access and hide their break-in.
A RootKit hides itself in the OS. For example, when you list processes, the malware is not listed. The RootKit may delete specific logs, or open a backdoor, to enable the attacker to enter easily.
A Trojan Horse is software that is useful, but hides its malware intentions. For example, a game may be passed all around the internet, but may include spyware or adware (or other malware) within it.
Bots are computers that have been taken over, and are now being used by the attacker for whatever purpose they would like.
The terms ‘bot’ and ‘zombie’ are apparently interchangeable. A ‘botnet’ is a large number of bots (or zombies) used for DDOS attacks.
2 = Distributed Denial of Service
1
Defense in depth is like layers of an onion – to get in you must go through multiple defenses. Think of the effectiveness of multiple layers of defense years ago with the castle shown. Then consider the defenses shown for a computer on the right.
A bastion host is just a computer, server or system that is locked down against intruders. It is configured to have maximized security (strict firewall rules, well-patched) and minimized potential avenues of attack (minimal applications).
What is the easiest way to get into this network? It may not be through the firewalls. It may be through the dial-up access, CDs or DVD drives, or WLANs.
Also notice that a good network will be divided into sections. The De-Militarized Zone here is for public access. The Private Network is for internal access, and requires going through 2 firewalls, each with filtering.
(From CISM)
The Packet Filter may scan for source or destination IP addresses (computer IDs) and port addresses (service IDs).
A Packet Filter firewall looks at the incoming packets. Some of them may be requests for connections, or responses to our connections. Normally PCs only initiate connections, such as web or email. Therefore, web and email requests we would expect to travel in the other direction (from PC to Internet). Most of these requests are illegal. Most likely a cracker is attempting to break into a server, or a PC which is willing to act as one.
Other attacks include uses of invalid IP addresses, such as an IP address representing the internal network (pretending to originate from the inside of the network).
In this case, the only packets that should make it through are replies to our web requests and email requests to a mail server.
A screened host means a firewall with a border router that screens obvious attacks, such as network mapping.
Multi-homed means that it has multiple zones to filter for. In this case there are 3 zones: Internet, DMZ and internal network.
Notice the color scheme:
Black/Brown: network security servers
Green: Public services
Yellow/orange: More security
Red: Most secure – confidential information
The tools in parenthesis provide the features specified.
Symmetric encryption: each participant uses the same (shared secret) key.
In the equation, P=Plaintext, E=Encryption, D=Decryption
NIST = National Institute for Standards and Technology, an American department of recommendations.
Asymmetric encryption: each user has a public key and a private key. They are not easily mathematically related; that is, having the public key will not enable someone to calculate the private key. However a message encrypted with one can be decrypted with the other. The private key can also be used as a digital signature (next slide).
This encryption technique can be used to send encrypted information or to authenticate a packet as originating from the sender, as shown above in the top and bottom examples, respectively.
Public key encryption is a wonderful technique. However, it is processor-intensive, and not useful for longterm data communications sessions. Therefore, it is often used to provide a Secret key between two endpoints, and then the Secret key is used thereafter.
A VPN creates an encrypted point-to-point path between two computers. Here the line in red is encrypted.
Often it uses Public Key Encryption to communicate a Secret Key, then uses Secret Key encryption to encrypt the session data.
Hashes implement Integrity.
A message is hashed and the hash (H) is sent along with the message. When received, the message is hashed again and the two hashes are compared. Small changes to a message will result in large changes to the hash, so if the message was altered this method will detect it, although it won’t identify what those changes were.
In the first case (MAC), the Hash is calculated using an associated secret key (K). In the second case (One-way hash), a standard-calculated hash is encrypted (E) using a secret key (K)
Note that the message itself is not encrypted – it only gets a sophisticated checksum.
MD = Message Digest SHA = Secure Hash Algorithm
A Digital Signature is used for authentication, integrity, and non-repudiation.
It serves the same purpose as signing a contract with ink – but digitally.
The private key is used in creating a hash of the message, which provides both integrity and nonrepudiation.
3rd party authentication is used for authentication and non-repudiation.
Steps 1-3 establish the Digital Certificate (DC).
Steps 4-7 send a message which is verified using the Digital Certificate
CA=Certificate Authority
RA=Registration Authority
The difference between and IDS and IPS is that the IDS reports on something but does not filter it. The IPS filters and prevents attacks. An IDS may react to an attack by sending disconnect packets for a connection. While IPS definitely sounds better, the implementation may be difficult. Not all things that look like attacks are attacks – therefore, optimizing an IDS/IPS is necessary to get rid of false positives and false negatives – or normal events looking like attacks and vice versa.
A HIDS is always on one computer, scanning that one computer. The NIDS monitors traffic in a network.
Anti-virus software is an example of Signature-based Software.
Above you can see that for the graph, on Wed, we had some unusual traffic that needs looking into.
A Honeypot or Honeynet has no useful purpose other than to catch attackers. It may be used as a form of an IDS. While it sounds fun and interesting, they need to be maintained and monitored: if an attacker does gain entry, they now can attack from within the network.
Penetration testing can test from outside the network to determine what vulnerabilities remain.
Notice the color coding and the zones.:
Green: Public
Yellow: Some confidentiality concern. Often located on a separate server from other colors and other functions. Internal rating.
Orange: More security required. Private.
Red: Most security required. Confidential.
Sometimes two processes with different roles may have separate servers or VMwares, to minimize break-into both servers, if break-in into one occurs.
The Path of Logical Access shows where requests enter and are processed.
Two paths of logical access are shown, via brown arrows through WLAN and to server, and red arrows through laptop and server.
Visitors from the internet must get through a firewall, then either the logical access controls (LAC) in the database servers in the demilitarized zone (DMZ), or through a second firewall and the LAC in the internal network’s servers. Entering via the wireless LAN bypasses all that (except for the internal LAC), as does using a disk or flash drive. The latter (wireless/portable media access) shows that this organization depends on physical controls and internal access control mechanisms (including employee trustworthiness) to prevent unauthorized use by those means. This leaves the private network server and the printer vulnerable.
Here the WLAN and dial-up interface must go through a firewall before accessing the private network – good idea!!!
‘Rules’ means the settings on your defenses; what will the firewall allow past, what will cause the intrusion detection system (IDS) to react, etc. Rules are going to depend on the capabilities of your equipment and the goals and/or risk appetite of the organization, as reflected in policy.
Here the red is the packet header being inspected, and the green is the part of the packet which is not inspected.
When an A is displayed in the firewall, this means that the firewall has state information about each connection and can detect more anomalies. For example, connection-oriented protocols require you to connect before sending data. If data is received before the connection is established, then obviously the data is bad. In the Stateful Inspection, the state of Disconnected, Connected is maintained. In some cases, many states are possible.
Here the firewalls create separate connections with the two endpoints, thus maintaining extensive state information about each. Notice that the amount of the packet inspected (red) is a larger portion of the packet than with previous firewalls.
Obviously, the best firewall would inspect all of the packet. However, the more it inspects, the more processing power the filtering requires. Thus, very good firewalls handle smaller packet volumes.
HTML is stateless. That is, information about the connection and data transactions have to be held by the endpoint computers. This can be exploited by a skilled hacker. Cookies and client-side scripts are two examples.
In some cases, servers do not retain state but instead send information in a request which can be manipulated by the client before being returned. This is another form of attack.
3 is correct.
1: It is actually called the Path of Logical Access
2 – Application-level firewall
3 – Digital Signature
3 – Signature-based
3 - Messag
Bastion host would have other requirements: up-to-date patches, applications turned off.
A dual-homed firewall requires access to two networks.
A screened host refers to a firewall with an external router screening it.
The Firewall will let certain locations and services enter and leave the network
Notice the color coding and the zones.:
Green: Public
Yellow: Some confidentiality concern. Often located on a separate server from other colors and other functions. Internal rating.
Orange: More security required. Private.
Red: Most security required. Confidential.
Sometimes two processes with different roles may have separate servers or VMwares, to minimize break-into both servers, if break-in into one occurs.