1 / 80

About the Module

About the Module. The core book is: Computer Security: Principles and Practices International Edition, 2/E William Stallings and Lawrence Brown Pearson, ISBN: 9780273764496 Least important part is Section III. Content Covered in Class. Class Notes Book Chapter(s).

harva
Télécharger la présentation

About the Module

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. About the Module The core book is: • Computer Security: Principles and Practices International Edition, 2/E William Stallings and Lawrence BrownPearson, ISBN: 9780273764496 • Least important part is Section III

  2. Content Covered in Class Class Notes Book Chapter(s) 1. Overview & Crytographic Tools 1, 22. Database Security & Malicious Software 5, 63. DoS , Intrusion detection & Firewalls 7, 8, 94. Buffer overflow & Software Security 10, 115. Operating Systems Security 12, 25, 266. Symmetric Encryption & Message Confidentiality 207. Public Key Cryptography & Message Authentication 218. Internet Security Protocols & Standards 229. User Authentication, Access Control & Internet Apps 3, 4, 2310. Wireless Network Security 2411. Trusted Computing & Multilevel Security 1312. HR security, Security Auditing & Legal/Ethical 17, 18, 19

  3. Content Covered in labs Week 1 1. BackTrack Basics 1.1 Finding your way around BackTrack 1.2 BackTrack Services 1.2.1 SSHD 1.2.2 Apache 1.2.3 FTP 1.3 The Bash Environment 1.3.1 Linux basic commands 1.3.2 Gathering Server Names from a Site 1.3.3 Sample Solution 1.3.4 Additional Resources 1.4 Netcat 1.4.1 Connecting to a TCP/UDP port with Netcat 1.4.2 Listening on a TCP/UDP port with Netcat 1.4.3 Transferring files with Netcat 1.4.4 Remote Administration with Netcat – Bind Shell 1.5 Creating a Keylogger to Snoop 1.6 Wireshark for Sniffing Packets 1.6.1 Wireshark & Packet Sniffing Background 1.6.2 Wireshark Step by Step

  4. Content Covered in labs Week 2 2. Information Gathering Techniques 2.1 Open Web Information Gathering 2.1.1 Google Hacking 2.2. Miscellaneous Web Resources 2.2.1 Other search engines 2.2.2 Netcraft 2.2.3 Whois Reconnaissance 2.2.4 Searching for a Person's Profile 2.3 OWASP (Open Web Application Security Project) Joomla! Scanner 2.3.1 Joomla! Command Line Scan 2.3.2 Joomla Security Scanner CMS Vulnerabilities 2.3.3 WPScan-Wordpress Security Scanner 2.3.4 Plecost 2.3.5 WhatWeb 2.3.6 BlindElephant-Web Application Fingerprinter 2.3.7 Intrusion Detection Systems Detection 2.4 How to Change Your MAC Address 2.4.1 How to change your MAC address on Windows 2.4.2 How to change your MAC address on Linux 2.5 Documentation of Penetration Tests

  5. Content Covered in labs Week 3 3. Open Services Information Gathering 3.1 DNS Reconnaissance 3.1.1 Interacting with a DNS server 3.1.2 Automating lookups 3.1.3 Forward & reverse lookup brute force 3.1.4 DNS Zone Transfers 3.2 SNMP reconnaissance 3.2.1 Enumerating Windows Users: 3.2.2 Enumerating Running Services 3.2.3 Enumerating open TCP ports 3.2.4 Enumerating installed software 3.3 Microsoft Netbios Information Gathering 3.3.1 Null sessions 3.3.2 Scanning for the Netbios Service 3.3.3 Enumerating Usernames/ Password policies 3.4 Gathering Host Information with Dmitry 3.5 Load Balancing Detection 3.6 Maltego 3.6.1 Infrastructure Reconnaissance 3.6.2 Infrastructure Personal Reconnaissance 3.7 FOCA

  6. Content Covered in labs Week 4 4 Metasploit 4.1 Metasploit Fundamentals 4.1.1 Msfcli 4.1.2 Msfconsole 4.1.3 Exploits 4.1.4 Payloads 4.1.5 Databases 4.1.6 MetasploitMeterpreter 4.2 Information Gathering 4.2.1 Port Scanners 4.2.2 Service Identification 4.2.4 Password Sniffing 4.2.5 SNMP Sweeping 4.3 Vulnerability Scanning 4.3.1 VNC Authentication 4.3.2 WMAP Web Scanner 4.4 Hacking Apache Tomcat 4.5 Dictionary Attack on Metasplotable FTP & DVWA

  7. Content Covered in labs Week 5 5. Port Scanning 5.1 TCP Port Scanning Basics 5.2 UDP Port Scanning Basics 5.3 Port Scanning Pitfalls 5.4 Nmap 5.4.1 Network Sweeping 5.4.2 Fingerprinting 5.4.3 Banner Grabbing / Service Enumeration 5.4.4 Nmap Scripting Engine 5.5 PBNJ 5.6 Unicornscan 5.7 Root Kit Hunter 5.7.1 Root Kit Hunter 5.7.2 Check Rootkit 5.8 Shodan 5.8.1 The Basics 5.8.2 Filters

  8. Content Covered in labs Week 6 6. ARP Spoofing & Tunnelling 6.1 Ettercap on BackTrack Introduction 6.2 Ettercap Snooping on other traffic in Lab through ARP Poison Attack 6.3 Tunneling : I2P Anonymous Network 6.4 SSL Man in the Middle 6.5 Denial of Service Attacks

  9. Content Covered in labs Week 7 7. Web Application Attack vectors 7.1 Abusing File Upload on a Vulnerable Web Server 7.2 Cross-site Request Forgery 7.3 SQL & Cross-Site Scripting Vulnerabilities 7.3.1 SQL Injection Vulnerabilities

  10. Content Covered in labs Week 8 8. Web Application Testing 8.1 Web Application Testing with Burpsuite 8.1.2 Proxy 8.1.2 Spider 8.1.3 Intruder 8.1.4 Repeater 8.1.5 Sequencer 8.1.6 Comparer 8.1.7 Decoder 8.2 Cross Site Scripting (XSS) Reflected Attack 8.3 Generating a PHP Shell with Weevely

  11. Content Covered in labs Week 9 9. Password Attacks 9.1 Online Password Attacks 9.2 Hydra 9.2.1 FTP Brute force 9.2.2 POP3 Brute force 9.3 Password profiling 9.3.1 CeWL 9.4 GPU Password Cracking 9.4.1 Password Cracking with CPU 9.4.2 Password Cracking with GPU 9.5 Dictionary Attack with Burp Suite

  12. Content Covered in labs Week 10 10. Steganography 10.1 Hiding an image inside an image 10.2 Hiding information inside files 10.2.1 Encoding information inside a PDF file 10.2.2 Decoding the stego file 10.3 Breaking Steganography – Detecting hidden information 10.4 Network Steganography

  13. Content Covered in labs Week 11 11. Wireless 11.1 Cracking WEP with BackTrack 11.2 Cracking WPA with Reaver 11.3 WPA-PSK Encryption 11.4 NetStumbler 11.5 Tool: Kismet 11.6 Tool: Aircrack-ng Suite 11.7 Tool: Airodump-ng 11.8 DOS: Deauth/disassociate attack 11.9 RAPIDS Rogue AP Detection Module

  14. Content Covered in labs Week 12 12. Debugging and Exploit Development 12.1 Debugging Fundamentals 12.1.1 Opening and Attaching to the debugging target application 12.1.2 The OllyDbg CPU view 12.1.3 The 20 second guide to X86 assembly for exploit writers 12.2 Exploit Development with OllyDbg 12.2.1 Methods for directing code execution in the debugger 12.2.2 The SEH Chain 12.2.3 Searching for commands 12.2.4 Searching through memory 12.2.5 Working in the memory dump 12.2.6 Editing code, memory and registers 12.2.7 Help in calculating relative address differences

  15. Practicals and Slides COM353 Home page: http://www.scis.ulster.ac.uk/~kevin/com535/index.htm Course Notes: http://www.scis.ulster.ac.uk/~kevin/com535/notes.htm Please remember optional means optional. Practicals: Placed on Blackboard each week. Examination: Coursework 50% - Only examines what is in the notes each week – in two class tests. Exam 50% - 5 questions – choose 4 based entirely on book. Bonus Link: https://www.dropbox.com/s/dwbqi7uvfgim0zr/Book-OneWeekOnly.pdf

  16. Chapter 1 Overview

  17. Computer Security Overview The National Institute of Standards and technology (NIST) Computer Security Handbook defines the term Computer Security as: “The protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability and confidentiality of information system resources” (includes hardware, software, firmware, information/data, and telecommunications).

  18. The CIA Triad Confidentiality data confidentiality privacy Integrity - data integrity - system integrity • Availability

  19. Key Security Concepts

  20. Computer Security Challenges • computer security is not as simple as it might first appear to the novice • potential attacks on the security features must be considered • procedures used to provide particular services are often counterintuitive • physical and logical placement needs to be determined • additional algorithms or protocols may be involved • attackers only need to find a single weakness, the developer needs to find all weaknesses • users and system managers tend to not see the benefits of security until a failure occurs • security requires regular and constant monitoring • is often an afterthought to be incorporated into a system after the design is complete • thought of as an impediment to efficient and user-friendly operation

  21. Table 1.1Computer SecurityTerminologyRFC 2828, Internet Security Glossary, May 2000

  22. Figure 1.2Security Concepts and Relationships

  23. Vulnerabilities, Threats and Attacks • categories of vulnerabilities • corrupted (loss of integrity) • leaky (loss of confidentiality) • unavailable or very slow (loss of availability) • threats • capable of exploiting vulnerabilities • represent potential security harm to an asset • attacks (threats carried out) • passive – does not affect system resources • active – attempt to alter system resources or affect their operation • insider – initiated by an entity inside the security parameter • outsider – initiated from outside the perimeter

  24. Countermeasures

  25. Table 1.2Threat Consequences

  26. Figure 1.3Scope of Computer Security

  27. Table 1.3Computer and Network Assets Examples of Threats Table 1.3 Computer and Network Assets, with Examples of Threats.

  28. Passive and Active Attacks • Passive attacks attempt to learn or make use of information from the system but does not affect system resources • eavesdropping/monitoring transmissions • difficult to detect • emphasis is on prevention rather than detection • two types: • release of message contents • traffic analysis • Active attacks involve modification of the data stream • goal is to detect them and then recover • four categories: • masquerade • replay • modification of messages • denial of service

  29. Table 1.4 (FIPS PUB 200) Security Requirements

  30. Security Functional Requirements

  31. Security Architecture For Open Systems • ITU-T Recommendation X.800, Security Architecture for OSI • systematic way of defining the requirements for security and characterizing the approaches to satisfying them • was developed as an international standard • focuses on: • security attacks – action that compromises the security of information owned by an organization • security mechanism – designed to detect, prevent, or recover from a security attack • security service – intended to counter security attacks

  32. Security Services X.800 RFC 2828 defines a security service as a processing or communication service that is provided by a system to give a specific kind of protection to system resources; security services implement security policies and are implemented by security mechanisms • defines a security service as a service that is provided by a protocol layer of communicating open systems and ensures adequate security of the systems or of data transfers

  33. Table 1.5 Security Services Source: From X.800, Security Architecture for OSI

  34. Data Origin Authentication • provides for the corroboration of the source of a data unit • does not provide protection against the duplication or modification of data units • this type of service supports applications like email where there are no prior interactions between the communicating entities Authentication Service • concerned with assuring that a communication is from the source that it claims to be from • must assure that the connection is not interfered with by a third party masquerading as one of the two legitimate parties • Peer Entity Authentication • provides for the corroboration of the identity of a peer entity in an association • provided for use at the establishment of, or at times during the data transfer phase of, a connection • attempts to provide confidence that an entity is not performing either a masquerade or an unauthorized replay of a previous connection

  35. Access Control Service Nonrepudiation Service • the ability to limit and control the access to host systems and applications via communications links • each entity trying to gain access must first be identified, or authenticated, so that access rights can be tailored to the individual • prevents either sender or receiver from denying a transmitted message • receiver can prove that the alleged sender in fact sent the message • the sender can prove that the alleged receiver in fact received the message

  36. Data Confidentiality Service • protects the traffic flow from analysis • this requires that an attacker not be able to observe the source and destination, frequency, length, or other characteristics of the traffic on a communications facility • connectionless confidentiality • protection of all user data in a single data block • selective-field confidentiality • confidentiality of selected fields within the user data on a connection or a single data block • traffic-flow confidentiality • protection of the information that might be derived from observation of traffic flows • the protection of transmitted data from passive attacks • the broadest service protects all user data transmitted between two users over a period of time • connection confidentiality • the protection of all user data on a connection

  37. Data Integrity Service • a connection-oriented integrity service assures that messages are received as sent, with no duplication, insertion modification, reordering, or replays • destruction of data is also covered under this service • addresses both message stream modification and denial of service • need to make a distinction between the service with and without recovery • concerned with detection rather than prevention • the incorporation of automated recovery mechanisms is the more attractive alternative • can apply to a stream of messages, a single message, or selected fields within a message • a connectionless integrity service generally provides protection against message modification only

  38. Availability Service • a variety of attacks can result in the loss of or reduction in availability • some of these attacks are amenable to authentication and encryption • some attacks require a physical action to prevent or recover from loss of availability • X.800 treats availability as a property to be associated with various security services • addresses the security concerns raised by denial-of-service attacks • depends on proper management and control of system resources • a service that protects a system to ensure its availability • defined as the property of a system or a system resource being accessible and usable upon demand by an authorized system entity, according to performance specifications of the system

  39. X.800Security Mechanisms Table 1.6

  40. Figure 1.4Security Trends

  41. Figure 1.5Security TechnologiesUsed

  42. Computer Security Strategy

  43. Security Policy • formal statement of rules and practices that specify or regulate how a system or organization provides security services to protect sensitive and critical system resources • factors to consider: • value of the assets being protected • vulnerabilities of the system • potential threats and the likelihood of attacks • trade-offs to consider: • ease of use versus security • cost of security versus cost of failure and recovery

  44. Security Implementation involves four complementary courses of action:

  45. Assurance and Evaluation • assurance • the degree of confidence one has that the security measures work as intended to protect the system and the information it processes • encompasses both system design and system implementation • evaluation • process of examining a computer product or system with respect to certain criteria • involves testing and formal analytic or mathematical techniques

  46. Chapter 1 Summary • security concepts • CIA triad • confidentiality – preserving the disclosure of information • integrity – guarding against modification or destruction of information • availability – ensuring timely and reliable access to information • terminology – table 1.1 • threats – exploits vulnerabilities • attack – a threat carried out • countermeasure – means to deal with a security attack • assets – hardware, software, data, communication lines, networks • security architecture • security services – enhances the security of systems and information transfers, table 1.5 • security mechanisms – mechanisms designed to detect, prevent, or recover from a security attack, table 1.6 • security attack – any action that compromises the security of information owned by an organization • security trends • figure 1.4 • security strategy • policy, implementation, assurance and evaluation • functional requirements • table 1.4

  47. Chapter 2 Cryptographic Tools

  48. Symmetric Encryption • the universal technique for providing confidentiality for transmitted or stored data • also referred to as conventional encryption or single-key encryption • two requirements for secure use: • need a strong encryption algorithm • sender and receiver must have obtained copies of the secret key in a secure fashion and must keep the key secure

  49. Figure 2.1

  50. Attacking Symmetric Encryption Cryptanalytic Attacks Brute-Force Attack try all possible keys on some ciphertext until an intelligible translation into plaintext is obtained on average half of all possible keys must be tried to achieve success • rely on: • nature of the algorithm • some knowledge of the general characteristics of the plaintext • some sample plaintext-ciphertext pairs • exploits the characteristics of the algorithm to attempt to deduce a specific plaintext or the key being used • if successful all future and past messages encrypted with that key are compromised

More Related