Embed Size (px)
DESCRIPTION
Basics Of Network Security And Ethical Hacking
Citation preview
NETWORK SECURITY BY
SRIPATI MAHAPATRA
CHAPTER – 1
THREATS TO A COMPUTER NETWORK
SECURITY
CONFIDENTIALITY
INTEGRITY
Security can be defined as the process or procedure to ensure the integrity, availability, and confidentiality of data and resources against threats, viruses, bugs, and vulnerabilities.
Security can be of two types:Computer securityNetwork security
refers to preventing the disclosure of information to unauthorized individuals or systems
In information security, data integrity means maintaining and assuring the accuracy and consistency of data over its entire life-cycle. This means that data cannot be modified in an unauthorized or undetected manner.
For any information system to serve its purpose, the information must be available when it is needed. This means that the computing systems used to store and process the information, the security controls used to protect it, and the communication channels used to access it must be functioning correctly. High availability systems aim to remain available at all times, preventing service disruptions due to power outages, hardware failures, and system upgrades.
AVAILIBILITY
INFORMATION SECURITY MANAGEMENT SYSTEM (ISMS)
PHASES OF ISMS
An information security management system (ISMS) is a set of policies and procedures for systematically managing an organization's sensitive data. The goal of an ISMS is to minimize risk and ensure business continuity by pro-actively limiting the impact of a security breach.
PLAN : Is about designing the ISMS, assessing information security risks and selecting appropriate controls.
DO : phase involves implementing and operating the controls.
CHECK : objective is to review and evaluate the performance (efficiency and effectiveness) of the ISMS.
ACT : changes are made where necessary to bring the ISMS back to peak performance.
ISMS STANDARDS
ISO/IEC 27000
ISO/IEC 27001:2005
The ISO/IEC 27000-series (also known as the 'ISMS Family of Standards' or 'ISO27k' for short) comprises information security standards published jointly by the International Organization for Standardization (ISO) and the International Electro technical Commission (IEC). The standard explains the purpose of an Information Security Management System (ISMS), Management system and risk management and definition of information security.
is an information security management system (ISMS) standard published in October 2005 by the International Organization for Standardization (ISO) and the International Electro technical Commission (IEC).
The key benefits of 27001 are:o It can act as the extension of the current quality system to
include securityo It provides an opportunity to identify and manage risks to key
information and systems assetso Provides confidence and assurance to trading partners and
clients; acts as a marketing toolo Allows an independent review and assurance to you on
information security practices
ISO/IEC 27003
ISO/IEC 27004
ISO/IEC 27003 is part of a growing family of ISO/IEC ISMS standards, the 'ISO/IEC 27000 series. And the purpose of ISO/IEC 27003 is to provide help and guidance in implementing an ISMS (Information Security Management System).
Tasks To Maintain The Standards :-o Seeking management approval to start the project and to
implement ISMS.o Describing scope and boundary Of ISMS.o Conducting security risks assessment planning for risk treatments.o Designing ISMS and planning the implementation project.
The purpose of ISO/IEC 27004:2009 is to help organizations measure, report and hence systematically improve the effectiveness of their Information Security Management System(ISMS).The standard includes the following main sections:o Information security measurement overview.o Management responsibilities.o Measures and measurement development.o Measurement operation.o Data analysis and measurement results reporting.o Information Security Measurement Program evaluation and
improvement.
IDENTIFY THE TYPES OF ATTACKS
PASSIVE ATTACK
ACTIVE ATTACK
A "passive attack" attempts to learn or make use of information from the system but does not affect system resources.
TYPES : BRUTE FORCE ATTACK : Breaks the encrypted data by finding the appropriate key.ALGEBERIC ATTACK : In which you can write a cipher as a system equation. After writing a cipher you can read it by using appropriate key.CODE BOOK ATTACK : Refers to a technique for cryptanalysis. The attacker tries to build a code book in which an attacker describes the cipher text and its corresponding plain test.
An "active attack" attempts to alter system resources or affect their operation.
EXAMPLES : Denial-of-service attack Spoofing
ANTIVIRUS SOFTWARE
Virus
Types
Refers to a software that is designed for preventing, identifying and removing malware including malicious codes and computer system virus.
Is a sequence of code or instructions that inserted into other programs and executed when the program runs. And is harmful for pc.
Boot Sector Virus : - infects the MBR of hard disk and execute at the time of booting.File infector virus : - Attach itself to executable files and executed when the program runs.Macro Virus : - Attach itself to the documents and get executed when the file opens.Multipartite Virus : - Combines the boot sector virus with file infector virus.
ACCESS CONTROL
Polymorphic Virus : - Get replicated when they start replicating themselves over the network.Worm : - Refers to the virus they can auto replicate from one to many and can travel from one place another through network.Trojan Horse : - A program that appears safe but can harmful for the computer as it can steal password, delete data and create security hole or backdoor for hacker.Logic Bombs : - Embeds with some program and are designed to execute on a particular date or time.Bacteria/Rabbit : - The types of codes that do not damage the files but deny access to the resources by consuming all disk space or memory.
Mac (Mandatory Access Control) : - Stores highly secret or sensitive information. And mainly used in Govt. Department .Dac (Discretionary Access Control) : - It Use username and password to check weather or not the user is authorized.Authentication : - A method of verifying the users who want to access the network or computer system.
AUTHORIZATION
NETWORK SERVICES PROTOCOLS
TYPES OF AUTHENTICATION
SOMETHING THE USER KNOWS : -
SOMETHING THE USER HAS : -
SOMETHING THE USER IS : -
WEB
AUTHENTICATING SERVER
DIRECTORY SERVICES
DHCP
Method of specifying the access right to the information and resources .
PRINTING :-
NFS :-
TELNET
INSTANT MESSAGING (IM)
TCP/IP
UDP
SMTP
POP
FTP
HTTP
DNS
PORT IN PROTOCOL
THREE WAY HANDSHAKE Host A sends a TCP SYNchronize packet to Host B
Host B receives A's SYN
Host B sends a SYNchronize-ACKnowledgement
Host A receives B's SYN-ACK
Host A sends ACKnowledge
Host B receives ACK. TCP socket connection is ESTABLISHED.
CHAPTER – 2
THREATS TO A COMPUTER NETWORK II
ATTACK STRATEGIES
ACCESS ATTACK
MODIFICATION ATTACK
REPUDIATION ATTACK
DENIAL-OF-SERVICE ATTACK
Aims at gaining access to information that the attacker is not authorizes to have.
Refers to the attack in which an attacker can modify your computer information such as inserting or deleting the text, which appears as genuine to the user.
Makes the data or information to be useless.
Refers to a strategy of attack in which an outsider tries to disrupt your network and services.
METHODS OF ACCESSING INFORMATION ON THE NETWORK
SCOPING AN ATTACK
ENUMERATING NETWORK
Is a method or process which is used to violate the security of the network
The process of gathering information about a host or group of hosts . Information can be gathered in different ways like whois query, zone transfer, ping sweeps, and traceroute .
It provides the information, such as administrative contact, billing contact, and address of the target network.
A scanning technique used to determine the range of ip address that can be mapped to live hosts and also known as ICMP sweep. By which we can check whether a particular pc is live in a network or not.
WHOIS QUERY
THE PING SWEEP
QUERYING REGISTRAR
QUERYING ORGAIZATION INFORMATION
QUERING DOMAIN
QUERING NETWORK
The Zone Transfer
The Traceroute
Is performed with the help of nslookup command that is supported by both unix and windows platform. The various tools can be used for zone transfer such as ws pingpro, sam spade, and netscan.
A command line tool available on both windows and unix platform
Since domains can be registers via so many registrars you must first query the registrar to which the domain is registered. After that you can query the domain record from the associated registrar.
In which you need to query internet regional registries (RIRs) for network blocks and details. For example ARIN or APNIC whois query.
INTERROGATING DNS
TCP/IP VULNERABILITIES
Is a way of collecting information from the organizational DNS sever by zone transferring method. Where a hacker can collect information regarding any hosts inside the organization and their corresponding ip address known as HINFO record.
In this case the attacker sends a multiple SYN request to a host but never reply the request sent by the other host. In this way the listen queue is filled and does not accept new connections, till a partially opened connections is not completed.
In this case the attacker send ICMP packet instead of SYN packet for DOS attack.
TCP/IP hijacking is a clever technique that uses spoofed packets to take over a connection between a victim and a host machine. This technique is exceptionally useful when the victim uses a one-time password to connect to the host machine. A one-time password can be used to authenticate once and only once, which means that sniffing the authentication is useless for the attacker.
TCP SYN FLOOD ATTACK
ICMP ATTACKS
TCP/IP HIJACKING
IP SPOOFING
TCP SEQUENCE NUMBER ATTACK
The purpose of IP spoofing is to make the data look as if it came from an trusted host when in reality it did come from the attacker’s host. And the victim starts communicating with the attacker host as it is an authenticated server.
Lets see what the attacker does :
The attacker wants to attack Host A.
It floods Host B with new requests causing a Denial of service attack to stop Host B from communicating with A.Now, the attacker can predict the sequence number of the packet that A is expecting from B.Attacker prepares such kind of packet and sends it to Host A.Since its a faked packed so host A thinks its coming from B.Now, this host can terminate the connection or asking host A to run some malicious commands/scripts etc.
ROUTING ATTACKS
COMMON ATTACKS
SOCAIL ENGINEERING
MALICIOUS CODES
The primary purpose of a hacker is to trick people into retrieving password or other confidential information by pretending as a trustworthy person.Different ways of social engineering are :-
o FRIENDSHIPo E-MAILo DUMPSTER DRIVINGo OFFICE SNOOPINGo TRUST
VIRUSES
o BOOT VIRUS : - Affect boot sectoro RESIDENT VIRUS :- Resides in RAMo DIRECT ACTION VIRUS :- First replicate itself then take action
when it executed.o OVERWRITE VIRUS :-Delete the information contained a file.o POLYMORPHIC VIRUS :- Can change its own digital signature.
o MULTIPARTITE VIRUS :- Combination of boot sector virus and program virus.
o STEALTH VIRUS :- Has the ability to mask or disguise itself from antivirus.
o MACRO VIRUS :- Infects files and documents.o PROGRAM VIRUS : - Executed when the program executes with
whom it attached.
o REMOTE ACCESS TROJAN : - Provides remote access service to the victim’s pc.
o PASSWORD SENDING TROJAN :- Sends all your credentials to the person who installed it.
o KEY LOGGERS :- Track and log the keystrokes of the target computer.
o DESTRUCTIVE TROJANS :- Used to delete the information and database of PC.
o DOS ATTACK TROJANS :-Produce Lot of traffic on the target computer and create congestion on the internet connection.
o PROXY/WINGATE TROJANS :- Change the target computer into a proxy or wingate server.
o E-MAIL WORMS : -Spread through emails messages.o INSTANT MESSAGING WORMS :- Spread through IM applications.o INTERNET WORMS :- Attempt to access the vulnerable PCs in
internet.o INTERNET RELAY CHAT WORMS :- Spread through the chat channel
mainly.
TROJAN HORSE
WORMS
o FILE SHARING NETWORKS WORMS :- Spreads through shared folder affecting it.
o NUWAR OL WORMS :- Delivered to the users inbox with subjects like “you are in my dreams” , “I love you so much” , etc.. And when the user opens the message it infects the computer of that user as well as the all those users inside the contact list of the person by sending the message itself.
o VALENTINE E WORMS – Distribute through emails and equivalent to NUWAR OL WORMS.
Is a method of obtaining information from the internet conversation between two system.
Involves physical access to a part of the wire (that is access to a section of PBX)
Is a modification of the software that is used to run the phone system and also known as Remote Observation System (REMBOS), Direct Access Test Unit (DATU),Electronic switching System (ESS), and translation Tap.
WIRETAPS
HARDWIRED WIRETAP
SOFT WIRETAP
TRANSMIT WIRETAP
RECORDING WIRETAP
PASSIVE EAVESDROPPING
ACTIVE EAVESDROPPING
Refers to the Radio Frequency (RF) transmitter connected a wire. But it can be easily detectable by competent bug sweep specialist.
Is similar to a tape recorder wire into the phone line. And is similar to hardwire wiretap. Very difficult to detect as it requires a very high level technical expertise. Technical surveillance counter measures (TSCM) specialists are usually hired to detect such wiretap.
Is a process of listening partially of whole conversation between two parties. A attack on network layer used to capture packet using packet sniffer tools.
Refers to unauthorized, covert monitoring of data transmission.
Refers to probing, scanning to tampering with a transmission channel to access the transmitted data.
EAVESDROPPING
PORT SCAN
IP SCAN
PORT SCANNING TECHNIQUES
A method used by attacker to identifying the port that are open or in use by any pc. And can search port from 0 to 65535 used by TCP/IP suite.
A method used by attacker to identify live hosts or IPs those are actively used by pcs in a network. Exa- Lan Scanner
The scanning is provided by an operating system . It succeeded if the port is listening, otherwise the port is unreachable.
A narrower scan that used to check some specific port or services that the attacker know how to exploit.
Also known as half-open-scanning as it does not require a TCP connection to complete. If the target respond with a SYN+ACK packet to the attacker’s SYN packet then it can be considered as a open port and a reset(RST) response represent non-listener port.
TCP Connect
STROBE
SYN Scan
FRAGMENTED PACKET PORT SCAN
FIN SCAN
BOUNCE SCAN
FINGEREMAILHTTP Proxy
IRC BNC (Internet Relay Chat Bouncer)
Splits the TCP header into several IP fragments so that it can easily pass through a packet filter firewall as filter rule will not match with the fragmented packet.
1. Speed: TCP FIN scanning is fast compared to other types of scans2. Stealth: TCP FIN scanning is stealthy compared to other types of scans3. Open Port: Detects an open port via no response to the segment4. Closed Port: Detects that a closed via a RST received in response to the FIN
FTP bounce attack is an exploit of the FTP protocol whereby an attacker is able to use the PORT command to request access to ports indirectly through the use of the victim machine as a middle man for the request.
Refers to the spammers, which try to relay their spams through smtp servers. Refers to the web server support to use proxy so that all web traffic can be sent to a single server for filtering and caching to improve performance of network. Refers to the attackers who want to hide their IRC identities by bouncing their connection with the help of other machines. For this purpose a particular program known as BNC can be used on other pc.
SPOOFING
Man In The Middle Attack
a spoofing attack is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gaining an illegitimate advantage. IP spoofing and DNS spoofing are the most popular spoofing attacks.Different types of spoofing are :- o IP Spoofingo Content Spoofingo Caller ID Spoofingo E-Mail Spoofingo Phishing
A man-in-the-middle (MITM) attack is a form of eavesdropping where communication between two users is monitored and modified by an unauthorized party.
BLIND SPOOFING
Denial-Of –Service Attack
Replay Attack
Password-Guessing Attack
URL Spoofing and Phishing
In this method the hacker blindly send packets expecting by target host without reading or packets and TCP session. Because some operating systems now use random sequence numbers which is difficult to predict them accurately.
Refers to an attempt that restricts the access to the computer or network to its intended user or organization. And IP spoofing can be used to defend against D-O-S.
In this method the attacker can capture the information between a client and authenticated server and then replay it by submitting the security certificate, and if the attack becomes successful, the attacker will have the privileges that provided to the certificate holder.
A method of guessing password of any E-mail account or authenticate device repeatedly with the help of password cracker application.
In this method the attacker design a legitimate web page, such as bank’s site or any social network web page to misguide the user by making that believe that they are connected to a trusted web site.
IDENTITY, AUTHENTICATION AND VULNEREBILITY
MANAGEMENT
IDENTIFICATION AND AUTHENTICATION
PASSWORD
BIOMETRICS
PHYSIOLOGICAL
BEHAVIORAL
Identification refers to recognizing a user and authentication refers to the process of verifying whether the user is valid or not. It can be checked in two ways :- PASSWORD and BIOMETRICS
Is a code, number, word or string of character that must be kept secret from others. It used to authenticating user over network.
Is defined as the process of identifying or authenticating the identity of a user by using physiological and behavioral characteristics under the close observation. And is based on what a person is rather than what a person has. And can be divided into two classes.
Refers to the body characteristics such as fingerprints, face recognition, hand and palm geometry, iris scan etc..
Refers to the behavior of a person such as hand writing, voice, sound etc..
Method of biometric authentication also can be of two types..
Here user’s biometric is compared with stored original information to verify the user and it can be done in combination with smart card, username or ID number.
Here user’s biometric is compared with the biometrics available in a database to identify an unknown user.
A host can authenticate a user using the following mechanism :-
In SSO a user provides username (ID) and password to the network at the beginning of the authentication process to logon to the network.
Prompts a user for authentication and getting a Kerberos ticket to verify the user.
VERIFICATION
IDENTIFICATION
AUTHENTICATION OF HOST
o Single-Sign-Ono Kerberoso CryptographySINGLE-SIGN-ON
KERBEROS BASED
Smart Card Based
OTP Token
KERBEROS
Authentication Method
In the smart card based SSO , The user credential are stored in the smart card.
Refers to one time password token and the best way for SSO authentication.
Kerberos is a secure method for authenticating a request for a service in a computer network. Kerberos was developed in the Athena Project at the Massachusetts Institute of Technology (MIT).
o The user enters the username and password to request a service.o Information is passed to the Authentication server(AS) or Key
distribution center(KDC).o The KDC validates the username and password.o Then the AS creates a session key basing upon the user password
and a random value that represent the requested service. The session key is effectively a Ticket Granting Ticket (TGT)
o Then the TGT is sent to the TGS or the user requested server.o The service either rejects the ticket or accepts it and performs the
service
CRYPTOGRAPHY
Common Uses of CryptographyAccess ControlPassword AuthenticationE-Mail SecurityData Integrity SecurityDigital Signature
The art of protecting information by transforming it (encrypting it) into an unreadable format, called cipher text. Only those who possess a secret key can decipher (or decrypt) the message into plain text. Encrypted messages can sometimes be broken by cryptanalysis, also called code breaking, although modern cryptography techniques are virtually unbreakable.
is a mathematical scheme for demonstrating the authenticity of a message or document. A valid digital signature gives a recipient reason to believe that the message was created by a known sender. Digital signatures are commonly used for software distribution, financial transactions, and in other cases where it is important to detect forgery or tampering.
GOALS OF CRYPTOGRAPHY
Confidentiality:-Integrity :-Availability :-
Terms Used In Cryptography
Cipher text :-Plain text :-Encryption :-Decryption :-Key :-Substitution :-
BASIC PREMITIVE OF CRYPTOGRAPHYSymmetric Key -Symmetric-key cryptography refers to encryption methods in which both the sender and receiver share the same key. This means that the key must be transferred from sender to reciever.
Symmetric key ciphers are implemented as either ”block ciphers” or ”stream ciphers”.
a block cipher is a deterministic algorithm operating on fixed-length groups of bits, called BLOCK. The process is used when the size of the data is more than 128 bit. It takes the whole block of plain text and gives the whole in cipher text as output.
where plaintext digits are combined with a pseudorandom cipher digit stream (key stream). In a stream cipher each plaintext digit is encrypted one at a time with the corresponding digit of the key stream, to give a digit of the cipher text stream.
The method of encryption in which different keys are used to encrypt and decrypt data. The public key is used to encrypt the message, the private key is kept secret and used to decrypt the massage.
BLOCK CIPHER
STREAM CIPHER
ASYMMETRIC KEY OR PUBLIC KEY ENCRYPTION
Hash Function
Low Cost
Determinism
Uniformity
Variable range
Dynamic Hash Function
Continuity
Hashing is the transformation of a string of characters into a usually shorter fixed-length value or key that represents the original string. Hashing is used to index and retrieve items in a database because it is faster to find the item using the shorter hashed key than to find it using the original value. It is also used in many encryption algorithms.
Refers to the property that generates the same hash value for each given input.
Refers to the process of checking consistency of data. This implies that every input must have output in hash code according to the input.
Refers to the range variation of hash values according to the program run or data.
The hash table can automatically expand or shrink according to the size of the data. Increase or decrease the output value with increase or decrease in the input value.
RSA ALGORITHM
EXAMPLE
RSA is an Internet encryption and authentication system that uses an algorithm developed in 1977 by Ron Rivest, Adi Shamir, and Leonard Adleman. The RSA algorithm is the most commonly used encryption and authentication algorithm and is included as part of the Web browsers from Microsoft and Netscape.
Choose p = 3 and q = 11Compute n = p * q = 3 * 11 = 33Compute φ(n) = (p - 1) * (q - 1) = 2 * 10 = 20Choose e such that 1 < e < φ(n) and e and n are co-prime. Let e = 7Compute a value for d such that (d * e) % φ(n) = 1. One solution is d = 3 [(3 * 7) % 20 = 1]Public key is (e, n) => (7, 33)Private key is (d, n) => (3, 33)The encryption of m = 2 is c = 27 % 33 = 29The decryption of c = 29 is m = 293 % 33 = 2
Where n = modulus e = encryption exponent d = decryption exponent
vulnerability management
Stages
Vulnerability management is a pro-active approach to managing network security.
1.Discover: Inventory all assets across the network and identify host details including operating system and open services to identify vulnerabilities. Develop a network baseline. Identify security vulnerabilities on a regular automated schedule.
2.Prioritize Assets: Categorize assets into groups or business units, and assign a business value to asset groups based on their criticality to your business operation.
3.Assess: Determine a baseline risk profile so you can eliminate risks based on asset criticality, vulnerability threat, and asset classification.
4.Report: Measure the level of business risk associated with your assets according to your security policies. Document a security plan, monitor suspicious activity, and describe known vulnerabilities.
5.Remediate: Prioritize and fix vulnerabilities in order according to business risk. Establish controls and demonstrate progress.
6.Verify: Verify that threats have been eliminated through follow-up audits.
INTRUSION DETECTION
Introduction
Stages Of IDS
An intrusion detection system (IDS) is a device or software application that monitors network or system activities for malicious activities or policy violations and produces reports to a management station.
NETWORK-BASED IDS
Capture network traffic to perform intrusion detection operations. NIDS scans the network at the router or host-level, audits packet information, and log any suspicious packets into a special log file with extended information. And when it will find any severity in packets informs the security team with emails or pager calls.
THREATS AND ACTIVITIES THAT CAN BE CONTROLLED BY NIDS
CONTROL MECHANISM
Advantages of IDS
o IP Spoofingo Denial-Of-Service Attacko DNS name corruptiono Man-in-the-Middle attack
o Centralized :- The information present in the various IDSs is analyzed and processed by a central entity.
o Distributed :- The log information is distributed to every node present in the network.
o Low Cost Of Ownership :- Do not require any additional software to be loaded in the network. Low cost is due to the small number of detection in can make.
o Detects Attacks Missed by the HIDS:- examine all the packet header for signs of malicious and suspicious activities.
o Analyze the payload packet :- Examines the content of the payload, looking for command used in specific attacks.
o Real-time detection and response :- Allows rapid actions such as notification and responses. The response can ranges from allowing the penetration in surveillance mode to gather information or to immediate termination of the attack.
o More difficult for an attacker to remove evidence :- Does not allow an attacker to remove evidence because NIDS use live network traffic for attack detection.
o Active Response : - When a system is threatened by any potential attack it takes the immediate possible action required to decrease the impact of attack.
o Passive Response : - When a system is threatened by any potential attack it notifies the administrator about the threat.
o Logging :- Records an event and the circumstances of its occurrence. It can provide sufficient information about the nature of attack.
o Notification :- Communicates event-related information to the person when an event takes place.
o Shunning :- refers to the activity of avoiding attack.
o Terminating Process Or Sessions :- Terminate all the unauthorized process and sessions that are trying to gain access to the system by resetting the network.
o Network Configuration Changes :- Instructs the firewall or border router to reject any request or traffic coming from a particular socket or address that is being attacked.
o Deception :- Fools the attackers and redirects them to a system that is designed to be broken.
RESPONSES
Common Passive Response Strategies
Common Active Response Strategies
HOST-BASED INTRUSION DETECTION SYSTEM
Host Based IDS
Advantages Of HIDS
MechanismSignature-Based HIDS
Statistical Anomaly-based IDS
Designed to monitor, detect and respond to activities or attacks on a given host. And are run on individual hosts or devices in the network.
o Monitors user privileges o Verify success or failure of an attacko Monitors specific system activities o Detects attacks missed by the NIDSo Well-Suited for encrypted or switched environment .o Near-Real-Time detection and responseo Requires no additional hardware.
Also Known as the knowledge-based IDS, compares the packet against a database of signature or attributes from the known malicious threats.
Also Known as Behavior-based IDS and dynamically detects deviations arising from the behavior of the user and accordingly triggers alarm.
Issued Faced while using an IDS
Honeypots
Production honeypot
o Continuous increase in the network traffic.o Use of encrypted massage to transport malicious informationo Lack of widely accepted IDS terminology and conceptual structureso Inappropriate and automated response attacks are also inherited.o Lacks objectivity in evaluating and testing information.
A honeypot is a computer that has been designed as a target for computer attacks. It is a trap mechanism that is used to attract a hacker away from valuable network resources and provide an early indication of an attack. It is configured to interact with possible hackers and capture details of their attacks and are also known as sacrificial lambs or booby traps.
It records only limited information like organization of the attack and tools used in the process.
Identifying Operating system vulnerabilities
Issues
physical and local security management
Logon Security Management
Is a process of defining the main issues related to the security of an OS.
o Managing physical and local securityo Managing logon securityo Managing users and groupso Managing local and global groupso Managing user accountso Managing domains
o Password protect your basic input/output system.o Boot the computer from hard disk not by using floppy or compact
diskso Password protect your computer
o Password Protect your all user accountso Set LegalNoticeCaption in registry under the string
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\windowsNT\currentversion\winlogon
User and Group Management
Local And Global Group Management
User Account Management
Domain Management
o Need to create group for easy and reliable management of userso Access privilege should be given to each user or group according to
the responsibilities given to the user.
o Local groups refer to the computer itself.o Global groups can be belongs to a whole domain.
o Password complexity must be enabled for your PC.o Last logon user details can be disabled to make the user account
secure by editing the registry: - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon then select Edit-New-String Vlaue to create a new string value then rename the string as “DonotDisplayLastUserName” then doible click it and type 1 for value data.
o You must create BDC or ADC for PDC. in case PDC stops functioning BDC can work as PDC.
Hardening the Operating System
Layers Of Protection Analysis
Components of LOPA
o Refers to the process of protecting, securing or providing security to a computer or network by reducing vulnerabilities, such as weak password or threats from bugs.
o The OS must updated with service pack and hotfixes.
o LOPA is defined as a risk assessment method. It is used in many organizations to evaluate risks and compare it with risk tolerance criteria to determine if existing safeguards are adequate or if additional safeguards are required.
o Process Design : -Refers to the components that helps to reduce the probability of loss due to various events such as fire and explosions.
o Basic Control :- Refers to the components that can be used to responds to critical situations.
o Alarms, Manual, Intervention – IPLs Refers to devices, systems or actions that are capable of preventing a scenario from proceeding to undesired consequences. And can be organized as an Independent Protection Layer (IPL)
o SIS :- Stand for Safety Instrumented System which can handle emergency situations such as emergency shutdown.
o Physical Protection:-Refers to the process of protect our system from outside accident using any equipments.
o Plant and community response/emergency response :- Refers to the process or responses they are activated after initial release of critical situations .
:- Refers to the process of sending max to max DHCP requests with deceived MAC addresses to make the DHCP server out of IP address. And then the attacker uses a fake DHCP server to provide IP address to the clients and gain access to the whole network.
DHCP ATTACKAddress Starvation
Man-In –The-Middle-Attack
Rouge DHCP Server
Refers to a unauthorized DHCP server generally used by attacker for sniffing or reconnaissance purpose and to gain access to network traffic.
