GENI, Pen Testing, & other stories

Slides:

Advertisements

Similar presentations

Penetration Testing & Countermeasures Paul Fong & Cai Yu CS691 5 May 2003.

Advertisements

Cybersecurity Training in a Virtual Environment By Chinedum Irrechukwu.

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)

Hands-On Ethical Hacking and Network Defense

January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS © Abdou Illia.

Sam Cook April 18, Overview What is penetration testing? Performing a penetration test Styles of penetration testing Tools of the trade.

Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.

Securing Windows 7 Lesson 10. Objectives Understand authentication and authorization Configure password policies Secure Windows 7 using the Action Center.

SEC835 Database and Web application security Information Security Architecture.

Outline  Infections  1) r57 shell  2) rogue software  What Can We Do?  1) Seccheck  2) Virus total  3) Sandbox  Prevention  1) Personal Software.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

AIS, Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)

Information Systems Security Operations Security Domain #9.

Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.

Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them Computer Hardware and Software Maintenance.

Topic 5: Basic Security.

Advanced Persistent Threats (APT) Sasha Browning.

Chapter 12: How Private are Web Interactions?. Why we care? How much of your personal info was released to the Internet each time you view a Web page?

Polytechnic University Introduction1 CS 393/682: Network Security Professor Keith W. Ross.

Computer Security By Duncan Hall.

Cyber Security – The Changing Landscape Erick Weber Department of Public Works Khaled Tawfik Cyber Security.

Enterprise’ Ever-Evolving Challenge & Constraints Dealing with BYOD Challenges Enable Compliance to Regulations Stay Current with New Consumption Models.

Filip Chytrý Everyone of you in here can help us improve online security....

Principles of Information Security, Fourth Edition Chapter 1 Introduction to Information Security Part II.

General Information: This document was created for use in the "Bridges to Computing" project of Brooklyn College. You are invited and encouraged to use.

Vulnerability Analysis Dr. X. Computer system Design Implementation Maintenance Operation.

Department of Computer Science Introduction to Information Security Chapter 7 Activity Security Assessment Semester 1.

Lecture 19 Page 1 CS 236 Online 6. Application Software Security Why it’s important: –Security flaws in applications are increasingly the attacker’s entry.

Intro to Digital Technology Review for Final Introduction to Digital Technology Finals Seniors Monday, 5/16 – 2 nd Tuesday 5/17 – 1 st,3 rd Underclassmen.

HACKING Submitted By: Ch. Leela Sasi, I M.C.A, Y11MC29011, CJJC P.G College.

Internet Vulnerabilities & Criminal Activity Internet Forensics 12.1 April 26, 2010 Internet Forensics 12.1 April 26, 2010.

Common System Exploits Tom Chothia Computer Security, Lecture 17.

INF526: Secure Systems Administration Student Presentations And Review for Final Prof. Clifford Neuman Lecture July 2016 OHE100C.

Computer Maintenance Software Configuration: Evaluating Software Packages, Software Licensing, and Computer Protection through the Installation and Maintenance.

Defining your requirements for a successful security (and compliance

Penetration Testing Reconnaissance 2

Network security Vlasov Illia

Topic 5 Penetration Testing 滲透測試

Seminar On Ethical Hacking Submitted To: Submitted By:

Penetration Testing: Concepts,Attacks and Defence Stratagies

ETHICAL HACKING WHAT EXACTLY IS ETHICAL HACKING ? By : Bijay Acharya

Cyber Warfare and Importance of Cyber Awareness

Xenia Mountrouidou (Dr. X)

Penetration Testing Presented by: Elham Hojati

Footprinting and Scanning

Security Testing Methods

FYE Cybersecurity Chasing Ghosts in the Wires

Lesson Objectives Aims You should be able to:

Penetration Testing Presented by: Elham Hojati

INF 103 Education for Service-- snaptutorial.com.

CIS 333Competitive Success/tutorialrank.com

CIS 333 Education for Service-- tutorialrank.com.

INF 103 Teaching Effectively-- snaptutorial.com

Risk of the Internet At Home

Web Penetration Testing and Ethical Hacking Capture the Flag

Computer Maintenance Software Configuration: Evaluating Software Packages, Software Licensing, and Computer Protection through the Installation and Maintenance.

Topic 5: Communication and the Internet

Intro to Ethical Hacking

Network Security: DNS Spoofing, SQL Injection, ARP Poisoning

Computer Security.

Acknowledgement Content from the book:

Securing Windows 7 Lesson 10.

Intro Cyber Security Labs on GENI

Ethical Hacking ‘Ethical hacking’ is the branch of computer science that involves cybersecurity and preventing cyberattacks. Ethical hackers are not malicious.

WJEC GCSE Computer Science

Chapter 1 Key Security Terms.

6. Application Software Security

Intro Cyber Security Labs on GENI

Unit # 1: Overview of the Course Dr. Bhavani Thuraisingham

Bethesda Cybersecurity Club

Presentation transcript:

GENI, Pen Testing, & other stories Dr. X

Outline What is GENI… really? Pen testing & ethical hacking Logistics: Bring at least one computer per team for Tuesday!! Denial of Service lab will be completed in class Download and install Wireshark: URL Or use Kali VM

Global Environment for Network Innovations (GENI) Virtual laboratory for networking and distributed systems research and education. GENI allows experimenters to: Conduct research and create new internet protocols Experiment with cybersecurity concepts Conduct wireless research Educate! Use in classes and perform cool experiments

Global Environment for Network Innovation (GENI) Virtual Lab Obtain compute resources from locations around the United States; Connect compute resources using Layer 2 networks in topologies best suited to their experiments; Install custom software or even custom operating systems on these compute resources; Control how network switches in their experiment handle traffic flows; Run their own Layer 3 and above protocols by installing protocol software in their compute resources and by providing flow controllers for their switches.

GENI

Simulating Denial of Service Real machines Small network Attack traffic Regular internet traffic You control all these!

What is Denial of Service? A computer network attack that is designed to deplete resources and prevent legitimate users from accessing a site Can target small and large businesses Traffic flood, large payloads sent slowly, amplification attack Resources: Memory CPU Bandwidth

Computer Network Attacks Passive: Scanning, Reconnaissance Active: Distributed Denial of Service Spoofing Man in the middle

Let’s run an attack… next Tuesday! Observe how fast it is How detrimental it can be to a small network Remember: it is illegal to use any of the tools that create an attack on any machines except the lab machines!

Kahoot time!

Security as Art No hard and fast rules nor many universally accepted complete solutions No manual for implementing security through entire system Security as Art There are no hard and fast rules regulating the installation of various security mechanisms. Nor are there many universally accepted complete solutions. While there are many manuals to support individual systems, once these systems are interconnected, there is no magic user’s manual for the security of the entire system. This is especially true with the complex levels of interaction between users, policy, and technology controls.

Security as Science Dealing with technology designed to operate at high levels of performance Specific conditions cause virtually all actions that occur in computer systems Nearly every fault, security hole, and systems malfunction are a result of interaction of specific hardware and software If developers had sufficient time, they could resolve and eliminate faults Security as Science We are dealing with technology developed by computer scientists and engineers—technology designed to perform at rigorous levels of performance. Even with the complexity of the technology, most scientists would agree that specific scientific conditions cause virtually all actions that occur in computer systems. Almost every fault, security hole, and systems malfunction is a result of the interaction of specific hardware and software. If the developers had sufficient time, they could resolve and eliminate these faults.

Security as a Social Science Social science examines the behavior of individuals interacting with systems Security begins and ends with the people that interact with the system Security administrators can greatly reduce levels of risk caused by end users, and create more acceptable and supportable security profiles Security as a Social Science There is a third view: security as a social science. Social science examines the behavior of individuals as they interact with systems, whether societal systems or in our case information systems. Security begins and ends with the people inside the organization and the people that interact with the system planned or otherwise. End users that need the very information the security personnel are trying to protect may be the weakest link in the security chain. By understanding some of the behavioral aspects of organizational science and change management, security administrators can greatly reduce the levels of risk caused by end users and create more acceptable and supportable security profiles.

Penetration Testing Legal and authorized attempt to locate and successfully exploit computer systems for the purpose of making those systems more secure

Differences Between attacks and vulnerabilities? Between pen testing and vulnerability assessment? Attacks are the techniques that attackers use to exploit the vulnerabilities in applications. Attacks are often confused with vulnerabilities, so please try to be sure that the attack you are describing is something that an attacker would do, rather than a weakness in an application.

Black vs white hat

Black vs white hat Authorization Motivation Intent

The cycle of Pen Testing Reconnaissance Scanning Exploitation Back doors Cover tracks… rinse, repeat

Reconnaissance Open Source Intelligence (OS Int) Google is your friend – more elaborate searches than you have ever thought! Site: Filetype: Boolean logic Google hacking DB Whois Social Networks Job Ads

Reconnaissance exercise Find a company you have never heard before: Charleston local startups Read the news Use the OS Int website and google to gather as much info as possible: What software or Operating System do they use? Who are the administration people: CEO, CFO, CIO etc. Where do the administration people live, what are their interests? What email do they use? Who is their Internet Service provider, Domain Name Server (DNS)? Do they have any files online that they should not have?? Any other information about the technical infrastructure of the company?

Scanning Open ports Open services Intrusive Informative!

Scanning Demo By Dr. X

Exploitation Tools Exploits Metasploit Nessus Custom programs Reverse Shell Elevation of privileges Password file Secret/important information Keylogger Malware: ransomware, virus, spyware

Tools of the trade

Tools Kali Programming Your brain!

Backdoors Vulnerable accounts Open ports & services

Covering your tracks Delete any files, history Command line rocks!

Summary GENI is awesome Pen testing is not rocket science Learn how to exploit… in order to know how to defend!

Capture the Flag (CTF) Competition: to train future defenders Topics Cryptography Steganography OS Int Network forensics Web app exploits … and more! Find information, steal password, solve a riddle Wanna play?