This document provides an overview of an Ethical Hacking course. It discusses the first lecture which introduces ethical hacking and penetration testing. Key points covered include defining ethical hacking, the role of an ethical hacker, and some common hacking techniques like spoofing, denial of service attacks, and gaining unauthorized access. The document also discusses legal and illegal hacking activities.
The document discusses Internet technology and security. It provides an overview of the layered architecture of the Internet including the physical, link, network, transport, and application layers. It describes key protocols like IP, TCP, DHCP, and DNS that operate at each layer and enable communication and addressing across the global network. The document also discusses routing, packet switching, and how tools like traceroute allow users to examine the path that data takes across the Internet.
Routers play an important role in cyber forensics investigations. During an investigation, an analyst should gather evidence from routers to help determine the source of an attack. This includes examining router logs, configurations, and volatile memory to find artifacts left by attackers. Log files may contain source IP addresses and protocols used. Configurations should be collected but not reset to avoid destroying evidence. Commands like "show access list" and "show users" can provide clues about hacker activity on the router. Properly documenting the chain of custody of all router evidence is crucial for the investigation.
This document provides an overview of a distributed sniffing and scanning project. It discusses:
1) Collecting network information from multiple points using sniffers and scanners placed on different machines.
2) Analyzing the collected information both centrally on a server and distributed across communicating machines.
3) Using the information to detect irregular network activity and vulnerabilities, and inform network administrators.
The document considers advantages and disadvantages of centralized and distributed approaches. It also outlines the general architecture of the project, which involves Java clients and servers to distribute commands to sniffing and scanning tools, and analysis of the collected data.
Normalizing Empire's Traffic to Evade Anomaly-Based IDSUtku Sen
This document discusses techniques for normalizing Empire's traffic to evade anomaly-based intrusion detection systems (IDS). It begins with an overview of signature-based and anomaly-based IDS. While signature-based IDS can be evaded, anomaly-based IDS aim to detect new attacks but require a training period. The document then discusses how Empire communicates over HTTP and key traits that could be changed to blend in with normal traffic. It proposes a polymorphic blending attack where the attacker captures normal network traffic, learns the profile, and adjusts Empire's traits like request URI, user agent and server header to match. It also discusses adjusting the connection interval and using Markov encoding and a tool called firstorder to automatically
This document appears to be from a CISSP mentor program session discussing communication and network security topics. It includes a quiz on network protocols and technologies like UDP, TCP ports, OSI layers, and IPv6 tunneling. It also summarizes wired WAN protocols like T1/E1 lines, Frame Relay, X.25, ATM, MPLS, and storage protocols like FCoE, FCIP and iSCSI. The session aims to help students studying for the CISSP exam.
This document provides a summary of a lecture on the data link layer. It discusses how shared broadcast mediums require protocols for nodes to share the channel to avoid collisions. It introduces the CSMA/CD protocol used in early Ethernet networks, which uses carrier sensing and collision detection to allow multiple nodes to transmit over a shared broadcast medium in a distributed manner. It also discusses limitations of CSMA/CD and how modern Ethernet networks evolved to use switching to create point-to-point links between nodes rather than a shared broadcast medium.
Where firewalls fit in the corporate landscape discusses various firewall topics such as why firewalls are needed, the risks without firewalls, what needs to be secured, firewall components, types of firewalls including packet filters, proxy firewalls, and network address translation. It also covers deploying and configuring firewalls properly, auditing firewalls, and trends in firewall technologies. The document provides an overview of firewall concepts and best practices for implementation in a corporate environment.
This document provides an overview of firewall concepts including:
- Learning objectives around firewall types, functions, and deployment of policies.
- The basic types of firewalls: packet filtering, stateful packet inspection, application proxies, and hybrids.
- Details on packet filtering firewalls including pros, cons, and how they examine packets.
- Pros and cons of application proxies.
- Background on OSI and TCP/IP models, the three-way TCP handshake, common ports/services, and the STRIDE threat model.
- How to respond to threats and build a firewall port matrix.
- An introduction to iptables and examples of basic packet filtering rules.
- An overview of the network scanning
The document discusses Internet technology and security. It provides an overview of the layered architecture of the Internet including the physical, link, network, transport, and application layers. It describes key protocols like IP, TCP, DHCP, and DNS that operate at each layer and enable communication and addressing across the global network. The document also discusses routing, packet switching, and how tools like traceroute allow users to examine the path that data takes across the Internet.
Routers play an important role in cyber forensics investigations. During an investigation, an analyst should gather evidence from routers to help determine the source of an attack. This includes examining router logs, configurations, and volatile memory to find artifacts left by attackers. Log files may contain source IP addresses and protocols used. Configurations should be collected but not reset to avoid destroying evidence. Commands like "show access list" and "show users" can provide clues about hacker activity on the router. Properly documenting the chain of custody of all router evidence is crucial for the investigation.
This document provides an overview of a distributed sniffing and scanning project. It discusses:
1) Collecting network information from multiple points using sniffers and scanners placed on different machines.
2) Analyzing the collected information both centrally on a server and distributed across communicating machines.
3) Using the information to detect irregular network activity and vulnerabilities, and inform network administrators.
The document considers advantages and disadvantages of centralized and distributed approaches. It also outlines the general architecture of the project, which involves Java clients and servers to distribute commands to sniffing and scanning tools, and analysis of the collected data.
Normalizing Empire's Traffic to Evade Anomaly-Based IDSUtku Sen
This document discusses techniques for normalizing Empire's traffic to evade anomaly-based intrusion detection systems (IDS). It begins with an overview of signature-based and anomaly-based IDS. While signature-based IDS can be evaded, anomaly-based IDS aim to detect new attacks but require a training period. The document then discusses how Empire communicates over HTTP and key traits that could be changed to blend in with normal traffic. It proposes a polymorphic blending attack where the attacker captures normal network traffic, learns the profile, and adjusts Empire's traits like request URI, user agent and server header to match. It also discusses adjusting the connection interval and using Markov encoding and a tool called firstorder to automatically
This document appears to be from a CISSP mentor program session discussing communication and network security topics. It includes a quiz on network protocols and technologies like UDP, TCP ports, OSI layers, and IPv6 tunneling. It also summarizes wired WAN protocols like T1/E1 lines, Frame Relay, X.25, ATM, MPLS, and storage protocols like FCoE, FCIP and iSCSI. The session aims to help students studying for the CISSP exam.
This document provides a summary of a lecture on the data link layer. It discusses how shared broadcast mediums require protocols for nodes to share the channel to avoid collisions. It introduces the CSMA/CD protocol used in early Ethernet networks, which uses carrier sensing and collision detection to allow multiple nodes to transmit over a shared broadcast medium in a distributed manner. It also discusses limitations of CSMA/CD and how modern Ethernet networks evolved to use switching to create point-to-point links between nodes rather than a shared broadcast medium.
Where firewalls fit in the corporate landscape discusses various firewall topics such as why firewalls are needed, the risks without firewalls, what needs to be secured, firewall components, types of firewalls including packet filters, proxy firewalls, and network address translation. It also covers deploying and configuring firewalls properly, auditing firewalls, and trends in firewall technologies. The document provides an overview of firewall concepts and best practices for implementation in a corporate environment.
This document provides an overview of firewall concepts including:
- Learning objectives around firewall types, functions, and deployment of policies.
- The basic types of firewalls: packet filtering, stateful packet inspection, application proxies, and hybrids.
- Details on packet filtering firewalls including pros, cons, and how they examine packets.
- Pros and cons of application proxies.
- Background on OSI and TCP/IP models, the three-way TCP handshake, common ports/services, and the STRIDE threat model.
- How to respond to threats and build a firewall port matrix.
- An introduction to iptables and examples of basic packet filtering rules.
- An overview of the network scanning
Ntc 362 forecasting and strategic planning -uopstudy.comULLPTT
The document provides information about the NTC 362 Fundamentals of Networking course, including a study guide link, assignments for weeks 1 through 4, and quizzes covering various topics. Key topics covered include networking models, infrastructure, addressing, protocols, routing, subnets, VLANs, and performance/recovery. The document contains links to additional online course materials.
Ntc 362 effective communication uopstudy.comULLPTT
This document provides information about an online course on networking fundamentals (NTC 362) including:
- A link to the course homepage with information on accessing assignments and quizzes.
- Sample questions from Week 1 and Week 2 quizzes covering topics like the OSI model, network devices, protocols, topologies and more.
- Additional links to resources and information on accessing other parts of the course.
This document provides an overview of basic network security concepts. It discusses what security is, why we need it, who is vulnerable, and common security attacks like denial of service attacks, TCP attacks, packet sniffing, and their countermeasures. It also covers firewalls and intrusion detection systems, explaining what they are used for and how they help address security issues. The document uses examples to illustrate concepts like how firewall rules work and how packet sniffing, man-in-the-middle attacks, and dictionary attacks exploit vulnerabilities.
Computer Networks for placements. It will help you for placementSagarGhosh48
The document discusses the layers of the OSI model. It describes the functions of each layer including physical, data link, network, and transport layers. The physical layer deals with physical transmission of data. The data link layer handles framing, addressing, and error control. The network layer focuses on logical addressing and routing between networks. The transport layer provides process addressing, segmentation/reassembly, and connection control.
This document discusses firewalls and network security. It begins by outlining common firewall topics and risks to networks like data theft and denial of service attacks. It then examines why firewalls are needed to secure networks and assets. The document outlines different types of firewalls like packet filters, proxy firewalls, and network address translation. It discusses strengths and weaknesses of each approach. Finally, it covers best practices for firewall deployment, configuration, auditing and trends in firewall technologies.
How we breach small and medium enterprises (SMEs)NCC Group
This document summarizes common techniques used to breach small and medium enterprises. It discusses how networks are typically assessed through discovery, vulnerability assessment, exploitation, and post-exploitation. It then outlines several weaknesses that are commonly leveraged, including lack of security patches, default credentials, excessive network footprint, lack of network segregation, exceptions in configurations, and failure to implement whitelisting over blacklisting. Specific scenarios are provided for each to illustrate how access can be gained and privilege escalated within a network. The document stresses the importance of security fundamentals like patching, access control, and network segmentation.
Introduction, Virtual and Datagram networks, study of router, IP protocol and addressing in the Internet, Routing algorithms, Broadcast and Multicast routing
There is no doubt that Intrusion Detection Systems should be incorporated into any security infrastructure, however today’s IDS implementations are far from perfect. Security Managers should continue to add layers to their defense strategy and not place too much reliance on this technology, as it’s not easy to create a system that can effectively flag an attack without crashing under the weight of its own logs, operate relatively maintenance free and respond appropriately to benign anomalous events without raising too many false alarms.
This session discusses some of the most common techniques aimed at evading IDS detection order to easily attack the infrastructure sitting behind those systems.
THREATS are possible attacks.
It includes
The spread of computer viruses
Infiltration and theft of data from external hackers
Engineered network overloads triggered by malicious mass e-mailing
Misuse of computer resources and confidential information by employees
Unauthorized financial transactions and other kinds of computer fraud conducted in the company's name
Electronic inspection of corporate computer data by outside parties
Damage from failure, fire, or natural disasters
This document discusses congestion control and internetworking at the network layer. It begins by defining congestion and the factors that can cause it. It then covers general principles of congestion control such as increasing resources or decreasing traffic. The document discusses congestion control techniques for virtual circuit and datagram subnets, including admission control and choke packets. It also covers internetworking concepts like concatenated virtual circuits, connectionless internetworking, tunneling, and fragmentation.
The document discusses the OSI Reference Model, which divides networking functions into 7 layers - physical, data link, network, transport, session, presentation, and application layer. Each layer has distinct responsibilities and provides services to the layer above it. The model was developed by ISO to standardize network communication and ensure compatibility between different systems.
This document discusses techniques used to evade detection from enterprise security systems. It covers common security technologies like firewalls, IDS, IPS and how attackers can bypass them. Specific evasion techniques discussed include modifying packet headers, fragmentation, source routing and using tunnels through other compromised systems. The goal is to introduce common concepts but the document is not intended to be comprehensive.
The document discusses several key concepts in computer network architecture and philosophy:
1. Abstraction and layering are mechanisms used to break down complex computer systems and networks into modular layers with well-defined interfaces. This allows independent development and flexibility.
2. In computer networks, layers interact only with adjacent layers and higher layers are built upon the services of lower layers. Entities within layers communicate with peer entities through supported communications.
3. The end-to-end principle argues for placing most network functionality, like reliability, at the endpoints rather than within the network itself, as this reduces complexity and overhead. There are some exceptions where in-network functionality can improve performance.
This document provides information on network security fundamentals including cryptography and firewalls. It defines cryptography as a method of protecting information using codes that only intended recipients can read. It describes symmetric and asymmetric encryption techniques. Symmetric encryption requires secure key distribution while asymmetric encryption uses public/private key pairs to securely exchange messages. The document also defines firewalls as devices that control network traffic flow according to security policies, and describes common firewall types including packet filters, stateful filters, and application gateways.
Tech 2 tech low latency networking on Janet presentationJisc
This event took place on 27 October 2021.
In this Tech 2 Tech session, we considered questions such as:
- Which types of applications need low latency, and what are their specific requirements for both latency and jitter?
- What levels of latency might you expect across Janet?
- What can you do to optimise latency for your networked applications?
- How can we measure latency and jitter?
This presentation provides an overview of firewalls and their limitations. It discusses how firewalls are designed to control data flows but have hardware, memory, time, and logic constraints. The presentation then demonstrates common attack techniques like impersonation and session hijacking that can bypass firewalls. It shows how easily available hacking tools allow attacks to be performed with little skill or effort. The key point is that while firewalls provide some security, a holistic security program is needed to fully prevent, detect, and respond to threats.
This presentation provides an overview of firewalls and their limitations. It discusses how firewalls are designed to control data flows but have hardware, memory, time, and logic constraints. The presentation then demonstrates common attack techniques like impersonation and session hijacking that can bypass firewalls. It shows how easily available hacking tools allow attacks to be performed with little skill or effort. The key point is that while firewalls provide some security, a holistic security program is needed to fully prevent, detect, and respond to threats.
Level 3 NCEA - NZ: A Nation In the Making 1872 - 1900 SML.pptHenry Hollis
The History of NZ 1870-1900.
Making of a Nation.
From the NZ Wars to Liberals,
Richard Seddon, George Grey,
Social Laboratory, New Zealand,
Confiscations, Kotahitanga, Kingitanga, Parliament, Suffrage, Repudiation, Economic Change, Agriculture, Gold Mining, Timber, Flax, Sheep, Dairying,
Ntc 362 forecasting and strategic planning -uopstudy.comULLPTT
The document provides information about the NTC 362 Fundamentals of Networking course, including a study guide link, assignments for weeks 1 through 4, and quizzes covering various topics. Key topics covered include networking models, infrastructure, addressing, protocols, routing, subnets, VLANs, and performance/recovery. The document contains links to additional online course materials.
Ntc 362 effective communication uopstudy.comULLPTT
This document provides information about an online course on networking fundamentals (NTC 362) including:
- A link to the course homepage with information on accessing assignments and quizzes.
- Sample questions from Week 1 and Week 2 quizzes covering topics like the OSI model, network devices, protocols, topologies and more.
- Additional links to resources and information on accessing other parts of the course.
This document provides an overview of basic network security concepts. It discusses what security is, why we need it, who is vulnerable, and common security attacks like denial of service attacks, TCP attacks, packet sniffing, and their countermeasures. It also covers firewalls and intrusion detection systems, explaining what they are used for and how they help address security issues. The document uses examples to illustrate concepts like how firewall rules work and how packet sniffing, man-in-the-middle attacks, and dictionary attacks exploit vulnerabilities.
Computer Networks for placements. It will help you for placementSagarGhosh48
The document discusses the layers of the OSI model. It describes the functions of each layer including physical, data link, network, and transport layers. The physical layer deals with physical transmission of data. The data link layer handles framing, addressing, and error control. The network layer focuses on logical addressing and routing between networks. The transport layer provides process addressing, segmentation/reassembly, and connection control.
This document discusses firewalls and network security. It begins by outlining common firewall topics and risks to networks like data theft and denial of service attacks. It then examines why firewalls are needed to secure networks and assets. The document outlines different types of firewalls like packet filters, proxy firewalls, and network address translation. It discusses strengths and weaknesses of each approach. Finally, it covers best practices for firewall deployment, configuration, auditing and trends in firewall technologies.
How we breach small and medium enterprises (SMEs)NCC Group
This document summarizes common techniques used to breach small and medium enterprises. It discusses how networks are typically assessed through discovery, vulnerability assessment, exploitation, and post-exploitation. It then outlines several weaknesses that are commonly leveraged, including lack of security patches, default credentials, excessive network footprint, lack of network segregation, exceptions in configurations, and failure to implement whitelisting over blacklisting. Specific scenarios are provided for each to illustrate how access can be gained and privilege escalated within a network. The document stresses the importance of security fundamentals like patching, access control, and network segmentation.
Introduction, Virtual and Datagram networks, study of router, IP protocol and addressing in the Internet, Routing algorithms, Broadcast and Multicast routing
There is no doubt that Intrusion Detection Systems should be incorporated into any security infrastructure, however today’s IDS implementations are far from perfect. Security Managers should continue to add layers to their defense strategy and not place too much reliance on this technology, as it’s not easy to create a system that can effectively flag an attack without crashing under the weight of its own logs, operate relatively maintenance free and respond appropriately to benign anomalous events without raising too many false alarms.
This session discusses some of the most common techniques aimed at evading IDS detection order to easily attack the infrastructure sitting behind those systems.
THREATS are possible attacks.
It includes
The spread of computer viruses
Infiltration and theft of data from external hackers
Engineered network overloads triggered by malicious mass e-mailing
Misuse of computer resources and confidential information by employees
Unauthorized financial transactions and other kinds of computer fraud conducted in the company's name
Electronic inspection of corporate computer data by outside parties
Damage from failure, fire, or natural disasters
This document discusses congestion control and internetworking at the network layer. It begins by defining congestion and the factors that can cause it. It then covers general principles of congestion control such as increasing resources or decreasing traffic. The document discusses congestion control techniques for virtual circuit and datagram subnets, including admission control and choke packets. It also covers internetworking concepts like concatenated virtual circuits, connectionless internetworking, tunneling, and fragmentation.
The document discusses the OSI Reference Model, which divides networking functions into 7 layers - physical, data link, network, transport, session, presentation, and application layer. Each layer has distinct responsibilities and provides services to the layer above it. The model was developed by ISO to standardize network communication and ensure compatibility between different systems.
This document discusses techniques used to evade detection from enterprise security systems. It covers common security technologies like firewalls, IDS, IPS and how attackers can bypass them. Specific evasion techniques discussed include modifying packet headers, fragmentation, source routing and using tunnels through other compromised systems. The goal is to introduce common concepts but the document is not intended to be comprehensive.
The document discusses several key concepts in computer network architecture and philosophy:
1. Abstraction and layering are mechanisms used to break down complex computer systems and networks into modular layers with well-defined interfaces. This allows independent development and flexibility.
2. In computer networks, layers interact only with adjacent layers and higher layers are built upon the services of lower layers. Entities within layers communicate with peer entities through supported communications.
3. The end-to-end principle argues for placing most network functionality, like reliability, at the endpoints rather than within the network itself, as this reduces complexity and overhead. There are some exceptions where in-network functionality can improve performance.
This document provides information on network security fundamentals including cryptography and firewalls. It defines cryptography as a method of protecting information using codes that only intended recipients can read. It describes symmetric and asymmetric encryption techniques. Symmetric encryption requires secure key distribution while asymmetric encryption uses public/private key pairs to securely exchange messages. The document also defines firewalls as devices that control network traffic flow according to security policies, and describes common firewall types including packet filters, stateful filters, and application gateways.
Tech 2 tech low latency networking on Janet presentationJisc
This event took place on 27 October 2021.
In this Tech 2 Tech session, we considered questions such as:
- Which types of applications need low latency, and what are their specific requirements for both latency and jitter?
- What levels of latency might you expect across Janet?
- What can you do to optimise latency for your networked applications?
- How can we measure latency and jitter?
This presentation provides an overview of firewalls and their limitations. It discusses how firewalls are designed to control data flows but have hardware, memory, time, and logic constraints. The presentation then demonstrates common attack techniques like impersonation and session hijacking that can bypass firewalls. It shows how easily available hacking tools allow attacks to be performed with little skill or effort. The key point is that while firewalls provide some security, a holistic security program is needed to fully prevent, detect, and respond to threats.
This presentation provides an overview of firewalls and their limitations. It discusses how firewalls are designed to control data flows but have hardware, memory, time, and logic constraints. The presentation then demonstrates common attack techniques like impersonation and session hijacking that can bypass firewalls. It shows how easily available hacking tools allow attacks to be performed with little skill or effort. The key point is that while firewalls provide some security, a holistic security program is needed to fully prevent, detect, and respond to threats.
Level 3 NCEA - NZ: A Nation In the Making 1872 - 1900 SML.pptHenry Hollis
The History of NZ 1870-1900.
Making of a Nation.
From the NZ Wars to Liberals,
Richard Seddon, George Grey,
Social Laboratory, New Zealand,
Confiscations, Kotahitanga, Kingitanga, Parliament, Suffrage, Repudiation, Economic Change, Agriculture, Gold Mining, Timber, Flax, Sheep, Dairying,
This presentation was provided by Rebecca Benner, Ph.D., of the American Society of Anesthesiologists, for the second session of NISO's 2024 Training Series "DEIA in the Scholarly Landscape." Session Two: 'Expanding Pathways to Publishing Careers,' was held June 13, 2024.
Elevate Your Nonprofit's Online Presence_ A Guide to Effective SEO Strategies...TechSoup
Whether you're new to SEO or looking to refine your existing strategies, this webinar will provide you with actionable insights and practical tips to elevate your nonprofit's online presence.
Temple of Asclepius in Thrace. Excavation resultsKrassimira Luka
The temple and the sanctuary around were dedicated to Asklepios Zmidrenus. This name has been known since 1875 when an inscription dedicated to him was discovered in Rome. The inscription is dated in 227 AD and was left by soldiers originating from the city of Philippopolis (modern Plovdiv).
Leveraging Generative AI to Drive Nonprofit InnovationTechSoup
In this webinar, participants learned how to utilize Generative AI to streamline operations and elevate member engagement. Amazon Web Service experts provided a customer specific use cases and dived into low/no-code tools that are quick and easy to deploy through Amazon Web Service (AWS.)
🔥🔥🔥🔥🔥🔥🔥🔥🔥
إضغ بين إيديكم من أقوى الملازم التي صممتها
ملزمة تشريح الجهاز الهيكلي (نظري 3)
💀💀💀💀💀💀💀💀💀💀
تتميز هذهِ الملزمة بعِدة مُميزات :
1- مُترجمة ترجمة تُناسب جميع المستويات
2- تحتوي على 78 رسم توضيحي لكل كلمة موجودة بالملزمة (لكل كلمة !!!!)
#فهم_ماكو_درخ
3- دقة الكتابة والصور عالية جداً جداً جداً
4- هُنالك بعض المعلومات تم توضيحها بشكل تفصيلي جداً (تُعتبر لدى الطالب أو الطالبة بإنها معلومات مُبهمة ومع ذلك تم توضيح هذهِ المعلومات المُبهمة بشكل تفصيلي جداً
5- الملزمة تشرح نفسها ب نفسها بس تكلك تعال اقراني
6- تحتوي الملزمة في اول سلايد على خارطة تتضمن جميع تفرُعات معلومات الجهاز الهيكلي المذكورة في هذهِ الملزمة
واخيراً هذهِ الملزمة حلالٌ عليكم وإتمنى منكم إن تدعولي بالخير والصحة والعافية فقط
كل التوفيق زملائي وزميلاتي ، زميلكم محمد الذهبي 💊💊
🔥🔥🔥🔥🔥🔥🔥🔥🔥
A Free 200-Page eBook ~ Brain and Mind Exercise.pptxOH TEIK BIN
(A Free eBook comprising 3 Sets of Presentation of a selection of Puzzles, Brain Teasers and Thinking Problems to exercise both the mind and the Right and Left Brain. To help keep the mind and brain fit and healthy. Good for both the young and old alike.
Answers are given for all the puzzles and problems.)
With Metta,
Bro. Oh Teik Bin 🙏🤓🤔🥰
CapTechTalks Webinar Slides June 2024 Donovan Wright.pptxCapitolTechU
Slides from a Capitol Technology University webinar held June 20, 2024. The webinar featured Dr. Donovan Wright, presenting on the Department of Defense Digital Transformation.
How to Manage Reception Report in Odoo 17Celine George
A business may deal with both sales and purchases occasionally. They buy things from vendors and then sell them to their customers. Such dealings can be confusing at times. Because multiple clients may inquire about the same product at the same time, after purchasing those products, customers must be assigned to them. Odoo has a tool called Reception Report that can be used to complete this assignment. By enabling this, a reception report comes automatically after confirming a receipt, from which we can assign products to orders.
A Visual Guide to 1 Samuel | A Tale of Two HeartsSteve Thomason
These slides walk through the story of 1 Samuel. Samuel is the last judge of Israel. The people reject God and want a king. Saul is anointed as the first king, but he is not a good king. David, the shepherd boy is anointed and Saul is envious of him. David shows honor while Saul continues to self destruct.
How to Download & Install Module From the Odoo App Store in Odoo 17Celine George
Custom modules offer the flexibility to extend Odoo's capabilities, address unique requirements, and optimize workflows to align seamlessly with your organization's processes. By leveraging custom modules, businesses can unlock greater efficiency, productivity, and innovation, empowering them to stay competitive in today's dynamic market landscape. In this tutorial, we'll guide you step by step on how to easily download and install modules from the Odoo App Store.
Geography as a Discipline Chapter 1 __ Class 11 Geography NCERT _ Class Notes...
WEEK-01.pdf
1. Course Name: Ethical Hacking
Faculty Name: Prof. Indranil Sen Gupta
Department : Computer Science and Engineering
Topic
Lecture 1: IntroducDon to Ethical Hacking
2. q What is ethical hacking?
q Penetra1on tes1ng
q Role of the ethical hacker
3. What is Ethical Hacking?
• It refers to the act of loca1ng weaknesses and vulnerabili1es of computer and
informa1on systems by replica1ng the intent and ac1ons of malicious hackers.
• It is also known as penetra'on tes'ng, intrusion tes'ng or red teaming.
3
4. IntroducDon to Ethical Hacking
• Ethical Hackers
• Employed by companies to perform penetra1on test.
• PenetraDon Test
• Legal aCempt to break into the company’s network to find the weak links.
• Tester only report findings, does not provide solu1ons.
• Security Test
• Also includes analyzing company’s security policy and procedures.
• Tester offers solu1ons to secure or protect the network.
4
5. Some Terminologies
• Hacking - showing computer exper1se.
• Cracking - breaching security on soMware or systems.
• Spoofing - faking the origina1ng IP address in a datagram.
• Denial of Service (DoS) - flooding a host with sufficient network traffic so that
it cannot respond anymore.
• Port Scanning - searching for vulnerabili1es.
5
6. Gaining access
• Front door
• Password guessing
• Password/key stealing
• Back doors
• OMen leM by original developers as debug
and/or diagnos1c tools.
• Trojan Horses
• Usually hidden inside of soMware that we
download and install from the net.
• Many install backdoors.
• SoMware vulnerability exploitaDon
• OMen adver1sed on the OEMs web site
along with security patches.
• Fer1le ground for script kiddies looking for
something to do.
6
7. Once inside, the hacker can...
• Modify logs
• To cover their tracks.
• Steal files
• Some1mes destroy aMer stealing.
• An expert hacker would steal and cover their tracks to remain undetected.
• Modify files
• To let you know they were there.
• To cause mischief.
• Install back doors
• So they can get in again.
• ACack other systems
7
8. The Role of Security and PenetraDon Testers
• Script kiddies or packet monkeys
• Young or inexperienced hackers.
• Copy codes and techniques from knowledgeable hackers.
• Experienced penetra1on testers write programs or scripts using
• Perl, C, C++, Python, JavaScript, Visual Basic, SQL, and many others.
8
9. PenetraDon-TesDng Methodologies
• Tiger box
• Collec1on of OSs and hacking tools.
• Usually on a laptop.
• Helps penetra1on testers and security testers conduct vulnerabili1es assessments and
aCacks.
• White box model
• Tester is told everything about the network topology and technology.
• Tester is authorized to interview IT personnel and company employees.
• Makes tester’s job a liCle easier.
9
10. • Black box model
• Tester is not given details about the network.
• Burden is on the tester to find the details.
• Gray box model
• Hybrid of the white and black box models.
• Company gives tester par1al informa1on.
10
11. What You Can Do Legally
• Laws involving technology change as rapidly as technology itself.
• Find what is legal for you locally.
• Laws change from place to place.
• Be aware of what is allowed and what is not allowed.
11
12. Laws of the Land
• Tools on your computer might be illegal to possess.
• Contact local law enforcement agencies before installing hacking tools.
• WriCen words are open to interpreta1on.
• Governments are gehng more serious about punishment for cybercrimes.
12
13. What You Cannot Do Legally
• Accessing a computer without permission is illegal.
• Other illegal ac1ons:
• Installing worms or viruses
• Denial of Service aCacks
• Denying users access to network resources
• Be careful your ac1ons do not prevent customers from doing their jobs.
13
14. Ethical Hacking in a Nutshell
• What it takes to be a security tester?
• Knowledge of network and computer technology.
• Ability to communicate with management and IT personnel.
• Understanding of the laws.
• Ability to use necessary tools.
14
15. In this course, we shall cover:
• Relevant networking technologies
• Basic cryptographic concepts
• Case studies of secure applica1ons
• Unconven1onal aCacks
• Tools demonstra1on
15
17. Course Name: Ethical Hacking
Faculty Name: Prof. Indranil Sen Gupta
Department : Computer Science and Engineering
Topic
Lecture 2: Basic Concepts of Networking (Part I)
18. q Types of computer networks
q Circuit switching and packet switching
q Virtual circuits
19. Networking: Basic Concepts
• Computer Network
• A communica;on system for connec;ng computers / hosts
• Why?
• Be@er connec;vity
• Be@er communica;on
• Be@er sharing of resources
• Bring people together
3
20. Types of Computer Networks
• Local Area Network (LAN)
• Connects hosts within a rela;vely small geographical area
vSame room
vSame building
vSame campus
• Wide Area Network (WAN)
• Hosts may be widely dispersed
vAcross campuses
vAcross ci;es / countries/ con;nents
4
Faster
Cheaper
Slower
Expensive
21. Data CommunicaLon over a Network
• Broadly two approaches:
a) Circuit switching
b) Packet switching
5
A
B
C
D
E
F
G H
22. Circuit Switching
• A dedicated communica;on path is established between two sta;ons.
• The path follows a fixed sequence of intermediate links.
• A logical channel gets defined on each physical link.
vDedicated to the connec;on.
A
B
C
D
E
F
G H
6
23. Circuit Switching (contd.)
• Three steps are required for communica;on:
a) ConnecLon establishment
• Required before data transmission.
b) Data transfer
• Can proceed at maximum speed.
c) ConnecLon terminaLon
• Required aUer data transmission is over.
• For dealloca;on of network resources.
7
24. Circuit Switching (contd.)
• Drawbacks:
• Channel capacity is dedicated during the en;re dura;on of communica;on.
vAcceptable for voice communica;on.
vVery inefficient for bursty traffic like data.
• There is an ini;al delay.
vFor connec;on establishment.
8
25. Packet Switching
• Modern form of long-distance data communica;on.
• Network resources are not dedicated.
• A link can be shared.
• The basic technology has evolved over ;me.
• Basic concept has remained the same.
9
26. Packet Switching (contd.)
• Data are transmi@ed in short packets (~ Kbytes).
• A longer message is broken up into smaller chunks.
• The chunks are called packets.
• Every packet contains a header.
vRelevant informa;on for rou;ng, etc.
10
Message
H H H
PACKETS
27. Packet Switching (contd.)
• Packet switching is based on store-and-forward concept.
• Each intermediate network node receives a whole packet.
• Decides the route.
• Forwards the packet along the selected route.
• Each intermediate node (router) maintains a rou.ng table.
11
28. Packet Switching (contd.)
• Advantages:
• Links can be shared; so link u;liza;on is be@er.
• Suitable for computer-generated (bursty) traffic.
• Buffering and data rate conversion can be performed easily.
• Some packets may be given priority over others, if desired.
12
29. Packet Switching (contd.)
• How are packets transmi@ed?
• Two alterna;ve approaches:
a) Virtual Circuits
b) Datagram
• The abstract network model:
A
B
C
D
E
F
G H
13
30. (a) Virtual Circuit Approach
• Similar in concept to circuit switching.
• A route is established before packet transmission starts.
• All packets follow the same path.
• The links comprising the path are not dedicated.
vDifferent from circuit switching in this respect.
• Analogy:
• Telephone system.
14
31. (a) Virtual Circuit Approach (contd.)
• How it works?
• Route is established a priori.
• Packet forwarded from one node to the next using store-and-forward scheme.
• Only the virtual circuit number need to be carried by a packet.
vEach intermediate node maintains a table.
vCreated during route establishment.
vUsed for packet forwarding.
• No dynamic rou;ng decision is taken by the intermediate nodes.
15
35. (b) Datagram Approach
• Basic concept:
• No route is established beforehand.
• Each packet is transmi>ed as an independent en?ty.
• Does not maintain any history.
• Analogy:
• Postal system.
3
36. Datagram Approach (contd.)
• Every intermediate node has to take rou?ng decisions dynamically.
• Makes use of a rou$ng table.
• Every packet must contain source and des$na$on addresses.
• Problems:
• Packets may be delivered out of order.
• If a node crashes momentarily, all of its queued packets are lost.
• Duplicate packets may also be generated.
4
37. Datagram Approach (contd.)
• Advantages:
• Faster than virtual circuit for smaller number of packets.
vNo route establishment and termina?on.
• More flexible.
• Packets between two hosts may follow different paths.
vCan handle conges?on/failed link.
5
A
B
C
D
E
F
G H
38. ComparaJve Study
• Three types of delays must be considered:
a) Propaga?on Delay
• Time taken by a data signal to propagate from one node to the next.
b) Transmission Time
• Time taken to send out a packet by the transmi>er.
c) Processing Delay
• Time taken by a node to process a packet.
6
39. Circuit Switching
• AUer ini?al circuit establishment, data bits sent con?nuously without any delay.
7
40. Virtual Circuit Packet Switching
• The Call Request packet sent from source to des?na?on.
• The Call Accept packet returns back.
• Packets sent sequen?ally in a pipelined fashion.
• Store-and-forward approach.
8
41. Datagram Packet Switching
• No ini?al delay.
• The packets are sent out independently.
• May follow different paths.
• Also follows store-and-forward approach.
9
42. Layered Network Architecture
• Open systems interconnec?on (OSI) reference model.
• Seven layer model.
• Communica?on func?ons are par??oned into a hierarchical set of layers.
• Objec?ve:
• Systema?c approach to design.
• Changes in one layer should not require changes in other layers.
10
43. The 7-layer OSI Model
ApplicaJon
PresentaJon
Session
Transport
Network
Datalink
Physical
Host-to-host
Point-to-point
11
44. Layer FuncJons
• Physical
• Transmit raw bit stream over a physical medium.
• Data Link
• Reliable transfer of frames over a point-to-point link (flow control, error
control).
• Network
• Establishing, maintaining and termina?ng connec?ons.
• Routes packets through point-to-point links.
12
ApplicaJon
PresentaJon
Session
Transport
Network
Datalink
Physical
45. Layer FuncJons (contd.)
• Transport
• End-to-end reliable data transfer, with error recovery and flow
control.
• Session
• Manages sessions.
• PresentaJon
• Provides data independence.
• ApplicaJon
• Interface point for user applica?ons.
13
ApplicaJon
PresentaJon
Session
Transport
Network
Datalink
Physical
47. Internetworking Devices
• Hub
• Extends the span of a single LAN.
• Bridge / Layer-2 Switch
• Connects two or more LANs together.
• Works at data link layer level.
• Router / Layer-3 Switch
• Connects any combina?on of LANs and WANs.
• Works at network layer level.
15
50. Course Name: Ethical Hacking
Faculty Name: Prof. Indranil Sen Gupta
Department : Computer Science and Engineering
Topic
Lecture 4: TCP/IP Protocol Stack (Part I)
51. q TCP/IP protocol stack
q Basic func5ons of TCP, UDP and IP
q Data encapsula5on
52. IntroducGon
• TCP/IP is the most fundamental protocol used in the Internet.
• Allows computers to communicate / share resources.
• Used as a standard.
• To bridge the gap between non-compa5ble plaCorms.
• Work on TCP/IP started in the 1970s.
• Funded by US Military.
• Advanced Research Project Agency (ARPA).
3
53. Network Layering in TCP/IP
• In 1978, Interna5onal Standards Organiza5on (ISO) proposed the 7-layer OSI
reference model for network services and protocols.
• TCP/IP does not strictly follow the OSI model.
• It follows a simplified 4-layer model.
4
54. The 7-layer OSI Model
ApplicaGon
PresentaGon
Session
Transport
Network
Datalink
Physical
Host-to-host
Point-to-point
5
ApplicaGon
Transport
Network
Datalink Frame transmission over link
Packet delivery across Internet
End-to-end message
transfer
Runs on top of layers 1,2,3
The 4-layer TCP/IP Model
55. Data Flow in 4-layer Model
A B C
ApplicaGon
Transport
Network
Datalink
ApplicaGon
Transport
Network
Datalink
Network
Datalink
6
56. TCP/IP Protocol Suite
• Refers to a family of protocols.
• The protocols are built on top of connec5onless technology (datagrams).
• Data sent from one node to another as a sequence of datagrams.
• Each datagram is sent independently.
• The datagrams corresponding to the same message may follow different routes.
vVariable delay, arrival order at des5na5on.
7
57. TCP/IP Family Members (ParGal List)
Datalink and Hardware Layer (e.g., Ethernet)
Internet Protocol (IP) ICMP IGMP ARP RARP
Transmission Control Protocol (TCP) User Datagram Protocol (UDP)
FTP TFTP SMTP SNMP DNS
User
Process
8
58. • Address ResoluGon Protocol (ARP)
• Map IP addresses to hardware (MAC) addresses.
• Reverse Address ResoluGon Protocol (RARP)
• Map hardware addresses to IP addresses.
• Internet Control Message Protocol (ICMP)
• A network device can send error messages and other informa5on.
• Internet Group Management Protocol (IGMP)
• A node can send its mul5cast group membership to adjacent routers.
9
60. What does IP do?
• IP transports datagrams (packets) from a source node to a des5na5on node.
• Responsible for rou5ng the packets.
• Breaks a packet into smaller packets, if required.
• Unreliable service.
vA packet may be lost in transit.
vPackets may arrive out of order.
vDuplicate packets may be generated.
11
61. What does TCP do?
• TCP provides a connec5on-oriented, reliable service for sending messages.
• Split a message into packets.
• Reassemble packets at des5na5on.
• Resend packets that were lost in transit.
• Interface with IP:
• Each packet forwarded to IP for delivery.
• Error control is done by TCP.
12
62. What does UDP do?
• UDP provides a connec5onless, unreliable service for sending datagrams (packets).
• Messages small enough to fit in a packet (e.g., DNS query).
• Simpler (and faster) than TCP.
• Never split data into mul5ple packets.
• Does not care about error control.
• Interface with IP:
• Each UDP packet sent to IP for delivery.
13
63. Addresses in TCP/IP
Datalink and Hardware Layer (e.g., Ethernet)
IP
TCP UDP
User Process User Process
Port Address
(16 bits)
IP Address
(32 bits)
Physical Address
(48 bits)
14
64. EncapsulaGon
• Basic concept:
• As data flows down the protocol hierarchy, headers (and trailers) get appended to it.
• As data moves up the hierarchy, headers (and trailers) get stripped off.
• An example to illustrate:
• Trivial file transfer protocol (TFTP).
• TFTP client transfers 200 bytes of data.
• 4 bytes of TFTP header gets added.
15
TFTP client
UDP
IP
Ethernet
TFTP server
UDP
IP
Ethernet
70. The IP Layer
• IP layer provides a connec7onless, unreliable delivery system for packets.
• Each packet is independent of one another.
• IP layer need not maintain any history.
• Each IP packet must contain the source and des7na7on addresses.
• IP layer does not guarantee delivery of packets.
• IP layer encapsula7on
• Receives a data chunk from the higher layer (TCP or UDP).
• Prepends a header of minimum 20 bytes.
vContaining relevant informa7on for handling rou7ng and flow control.
4
72. Format of IP Datagram
Total Length
IdenGficaGon
Service type
VER HLEN
Fragment Offset
Time to Live Protocol
Flags
Header Checksum
Source IP Address
DesGnaGon IP Address
OpGons
DATA
---------
HEADER
--------
0 4 8 15 16 31
6
73. IP Header Fields
• VER (4 bits)
• Version of the IP protocol in use (typically 4).
• HLEN (4 bits)
• Length of the header, expressed as the number of 32-bit words.
• Minimum size is 5, and maximum 15.
• Total Length (16 bits)
• Length in bytes of the datagram, including headers.
• Maximum datagram size :: 216 = 65536 bytes.
7
74. IP Header Fields (contd.)
• Service Type (8 bits)
• Allows packet to be assigned a priority.
• Router can use this field to route packets.
• Time to Live (8 bits)
• Prevents a packet from traveling in a loop.
• Senders sets a value, that is decremented at each hop. If it reaches zero, packet is
discarded.
• Protocol (8 bits)
• Iden7fies the higher layer protocol being used.
8
75. IP Header Fields (contd.)
• Source IP address (32 bits)
• Internet address of the sender.
• DesGnaGon IP address (32 bits)
• Internet address of the des7na7on.
• IdenGficaGon, Flags, Fragment Offset
• Used for handling fragmenta7on.
• OpGons (variable width)
• Can be given provided router supports.
• Source rou7ng, for example.
9
76. IP Header Fields (contd.)
• Header Checksum (16 bits)
• Covers only the IP header.
• How computed?
vHeader treated as a sequence of 16-bit integers.
vThe integers are all added using ones complement arithme7c.
vOnes complement of the final sum is taken as the checksum.
• A mismatch in checksum causes the datagram to be discarded.
10
77. Viewing IP Packets
• We can use packet sniffers to view IP packets.
• Some popular packet sniffers:
• Wireshark
• Windump
• tcpdump
• Tshark
• SolarWinds
• …. and many more
11