2. SecurityTerminologies
DiD Security Model
Authentication systems
Cryptography
How Attackers Do It ..!!
Network & Host Security
Wireless Security
3.
4. Its an technique for ensuring that data stored in a
computer cannot be read or compromised by any
individuals without authorization.
5. CIA
Confidentiality
Integrity
Availability
Integrity
A
A
A AAA
Authorization
AccessControl
Authentication
6. Asset: is what we’re trying to protect.
Vulnerability: a weakness that may lead to
undesirable consequences.
Threat: anything that can exploit a vulnerability
Risk: a potential problem
Risk =Vulnerability *Threat
7.
8.
9. Physical access to the computer system and
networks is restricted to only authorized
users.
Access Controls,
Physical barriers, etc…
10. In network security, an emphasis is placed on:
Network segmentation between different
systems from different security level or
categories.
Controlling access to internal computers from
external entities.
This can be done by:
Firewalls between different zones.
Virtual LANs (Vlans)
AccessControls on network devices
Vulnerability Scanners
11. Host security takes a granular view of security by
focusing on protecting each computer and device
individually instead of addressing protection of the
network as a whole:
Authentication and Logging Mechanisms
Host based IDS
File Integrity Checkers
For Client Security:
NAC
Antivirus
12. AWeb application is an application,
generally comprised of a collection of
scripts, that reside on aWeb server and
interact with databases or other sources of
dynamic content.
Examples ofWeb applications include search
engines, Webmail, shopping carts and portal
systems
13. Application attacks are the latest trend when it comes
to hacking.
On average, 90% of all dynamic content sites have
vulnerabilities associated with them.
No single web server and
database server combination
has been found to be
immune!
“Today over 70% of attacks against a company’s network come
at the ‘Application Layer’ not the Network or System layer -
Gartner
14.
15. How to secure a resource?
Authentication
Authorization
Accounting
16. Something you know
Something you have
Something you are
18. Memorize password
Use different passwords
Use longer passwords
Use upper- and lower-case letters, numbers and
special characters
Change frequently
Avoid reusing passwords
19.
20. Encryption = convert to unreadable format
Decryption = convert back to readable format
Algorithm = procedure for encrypting or
decrypting
Cipher = encryption & decryption algorithm
pair
21. Hash (digest) = fixed-length derivation of a
plaintext
One-way operation
Unique value / significant change with even
single-bit changes in plaintext
28. Advantages ?
Key distribution
Disadvantages!!
Very slow
Key distribution
29. Provides an increased level of confidence for
exchanging information over an increasingly
insecure Internet.
By using a Certificate Authority..
34. Finding out as much as possible information
about the target.
This can be done by:
1. 'whois' look-up
2. ViewingVictim's current & old website
3. IP Addresses
4. Available e-mails on the internet
5. Metadata of All published documents
6. DNS Enumeration
35. • Registrar.
• Domain status.
• Expiration date, and name servers.
• Contact information for the owner of a domain
name or IP.
• IP and IP location information
• Web server information,
• Related domain availability, premium domain
listings, and more.
Using whois we can know:
36. • All available information of the target’s web
sites in the past..!!
Using archive.org we can know:
• All publicity available Info about target’s
infrastructure & personal including their
mails, phone numbers ..etc
Using Meltego we can Gather :
37. • More than you imagine !!
Using Google we can know:
• Analyze all targets Documents to know email
addresses, user names, software versions,
operating systems, internal server names,
mapped drive share information, etc.
Using FOCA we can :
38. In scanning phase, we’ll scan the entire
network and the publicity accessible systems
to gain more information about the target.
This phase includes:
1. Port scanning
2. Vulnerability scanning
3. Open shares
4. Firewall’s implemented rules
5. War driving
39. • Live hosts, the open ports, listening
applications and OS on the target system.
Using nmap we can know:
• Existing vulnerabilities associated with each
running services, missed configurations, and
default users & passwords.
Using Nessus we can know:
40. • The firewall implemented rules..
Using firewalk we can know:
• The existingWeb application vulnerabilities.
Using wa3f we can know:
• Open wireless access points, wardriving, also we can find
hidden AP and its associated SSID, channel #, signal power
Using Netstumpler kismt we can know:
41. Nmap supports:
Multi-Scanning types:
Full Scan
SYN Scan
XMAX Scan
Ideal Scan
UDP Scan
Ping Scan
OS fingerprinting
Application fingerprinting
42. Nessus provides a simple, yet powerful
interface for managing vulnerability-scanning
activity.
To use Nuesses:
1. Creating a Policy
I. Define scan type
II. Optional, add taget’s credentials
III. Chose the appropriate plug-ins
2. Creating and Launching a Scan
3. The output will be in the Reports tab
43. wa3f provides a flexible framework for finding and
exploiting web applicationVulnerabilities. It is easy
to use and extend and features dozens of web
assessment and exploitation plug-ins.
44. Gain access to the OS, applications on the
computer or victim’s network !!
45. This can be done by:
1. IP Address Spoofing
2. Password Cracking
3. MiTM Attack
4. Sniffing
5. DoS Attacks
6. Viruses &Worms
46. In addition, exploiting systems can be done
by:
1. Trojans & Backdoor
2. Social Engineering
3. DHCP & DNS Attacks
4. Web Hacking
5. Wireless Hacking
6. Buffer Overflow
47. How ?
Normal IP address configurations.
Packet crafting.
Using proxies.
When ?
Access based on IP address
Hide identity
48. Use it to recover passwords from computer
systems.
-- System Admins—
Use it to gain unauthorized access to vulnerable
system
--Hackers --
Password racking Methods :
▪ Dictionary Attack
▪ Brutforce Attack
▪ Hybrid Attack
▪ rainbow table attacks
49. Do you know ARP problem ?
Why ARP ?
When a machine needs to
talk to another, it should
know:
1. Destination IP
2. Destination MAC
51. Some Sniffers have add-on
features:
1. Analyzes network traffic
2. Decoding network protocols
A sniffer is a piece of software that grabs all of
the traffic flowing into and out of a computer
attached to a network.
52. Is an attempt to make a computer or network
resource unavailable to its intended users.
--Wikipedia --
53. What is a virus?
Malicious SW needs a carrier
Needs user Interaction
Needs a trigger
What is a worm ?
Don’t need a carrier
Self replicated
Used to conquer new targets
57. “All input is evil until proven otherwise!”
Due to bad filtration on user inputs, the web
application may be vulnerable to:
SQL Injection
XSS
DirectoryTraversal
Session Hijacking
Account Harvesting
58. Shared media
Broadcast
Vulnerable Encryption Algorithms
▪ To be continued ….
59. void foo (char *bar)
{
char c[12];
strcpy(c, bar); // no bounds checking...
}
int main (int argc, char **argv)
{
foo(argv[1]);
}
60. Trying to retain the ownership of the
compromised system.
This phase include:
1. Install Backdoors
2. Using RootKits
61.
62. In this phase, the attacker will try to hide his activities
on the system and on the network.
63.
64. Attacks !!
Mitigation:
Access control lists
▪ Essentially white or black list
▪ MAC or network address
▪ Layer 2 or layer 3
VLANs
▪ Virtual network segments
▪ “Distinct broadcast domain”
65. Attacks !!
Mitigations:
Use access controls.
Secure routing configuration.
Use any kind of prevention techniques
67. A firewall is a hardware or software system
that prevents unauthorized access to or from
a network.
Types of Firewall:
Network layer
▪ Packet filters
▪ Stateful Inspection
Application layer
Proxy
68. Device or software application that monitors
network and/or system activities for malicious
activities or policy violations and produces alerts
Terminologies:
Alert/Alarm
True Positive
False Positive
False Negative
True Negative
70. An Intrusion Prevention System works similar to an
IDS. In addition it can block, prevent or drop the
malicious or unwanted traffic in real-time.
Placed in-line
Modes
Learning mode
Active mode
71.
72. Network regions of similar level of trust
Trusted
Semi-trusted
Untrusted
Defense in depth,
Security is Layers …
73. Filter packets entering network
Turn off directed broadcasts
Block packets for any source address not
permitted on the Internet
Block ports or protocols not used on your
network for Internet access
Block packets with source addresses
originating from inside your network
Block counterfeit source addresses from
leaving your network
74. Command line terminal connection tool
Replacement for rsh, rcp, telnet, and others
All traffic encrypted
Both ends authenticate themselves to the other end
Ability to carry and encrypt non-terminal traffic
75.
76. Computers installed out of the box have
known vulnerabilities
Not just Windows computers
All services are vulnerable by default …
Hackers can take them over easily
They must be hardened—a complex process
that involves many actions
78. Secure installation and configuration
CIS benchmark
Vendor Documentations
SANS Reading Room
Turn off unnecessary services (applications)
Harden all remaining applications
79. Manage users and groups
Default accounts …!!
Manage access permissions
For individual files and directories, assign access
permissions specific users and groups
Back up the server regularly
80. KnownVulnerabilities
Most programs have known vulnerabilities
Exploits are programs that take advantage of
known vulnerabilities.
Regularly check missing patches
Using Nessus you can do this task easily
InstallAnti-Virus/Firewalls on all Servers
81. Reading Event Logs
The importance of logging to diagnose problems
▪ Failed logins, changing permissions, starting
programs, kernel messages, etc.
File Encryption
File Integrity Checker
Monitoring Running Services & Processes &
NetworkTraffic.
83. Work-around: A series of actions to be
taken; no new software
Patches: New software to be added to the
operating system
Upgrades: Newer versions of programs
usually fix older vulnerabilities.
84.
85. Wireless networking
2.4 – 2.5 GHz
Data Link layer specifications
Access Point
Family:
802.11a
802.11b
802.11g
802.11n
86. PhysicalAccess
Rouge access point
Firmware vulnerabilities
Protocol vulnerabilities
Default accounts
Some vendors hardcode admin accounts on AP
Asset – People, property, and information.
Threat – Anything that can exploit a vulnerability, intentionally or accidentally, and obtain, damage, or destroy an asset.
Vulnerability – Weaknesses or gaps in a security program that can be exploited by threats to gain unauthorized access to an asset.
Risk – The potential for loss, damage or destruction of an asset as a result of a threat exploiting a vulnerability.
Also, he may use some tricking techniques to communicate with the compromised system.
IDS:
Analyzes copies of the traffic stream
Does not slow network traffic
Allows some malicious traffic into the network
IPS:
Works inline in real time to monitor Layer 2 through Layer 7 traffic and content
Needs to be able to handle network traffic
Prevents malicious traffic from entering the network
http://www.ciscopress.com/articles/article.asp?p=1336425